Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Lots of malwares installed at once all of sudden.

This is a discussion on Lots of malwares installed at once all of sudden. within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi there, Sorry, i tried some removal process before asking here. Its my 11 yr old Daughter's computer, My 6


 
 
Thread Tools Search this Thread
Old 09-16-2015, 07:56 PM   #1
Registered Member
 
Join Date: Nov 2006
Location: Canberra
Posts: 348
OS: Windows 8 Pro

My System


Hi there,

Sorry, i tried some removal process before asking here.
Its my 11 yr old Daughter's computer, My 6 yr old was doing some google search and she noticed a spinning wheel and out of curiosity clicked on it. Then something downloaded and asked permission to install. I clicked skip and skip and again skip but still i noticed a message on taskbar saying some programs been installed. I went to check on programs been installed there were 5-6 of them.
I immediately tried to uninstall them but some of them were uninstalled but next one get installed, it went like this and i guess about a dozen of them got installed.
I started to run MalwareBytes antimalware which detected quite a lot (in hundreds) and computer restarted. Apparently it was not cleaned (i might have had done some mistake here as i was doing in hast)
I ran it again and this time cleaned it thoroughly. Then restarted in safe mode and scaned with MBAM, nothing found this time.
Still my apps list has programs like MaxDriverUpdater Services by CSDI, DesktopSearch by Unique Solutions, Note-UP by QUAHOG LIMITED, Search module by Goodzo and space bar use by space bar use. when i click on them it gives uninstall option but clicking uninstall does nothing.
Then I ran AdwCleaner downloaded from bleeping computers which i think deleted quite a few of them, but i still have some left. which can not be uninstalled.
DDS logs are included and AdwCleaner log is also included. NOTE: AdwCleaner was run before DDS. sorry.

Edit: Browser home pages were all changed which i changed back and uninstalled the extensions. Some search bars were added which were uninstalled through control panel or by MBAM.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10240.16412
Run by P at 12:49:58 on 2015-09-17
Microsoft Windows 10 Pro 10.0.10240.0.1252.1.2057.18.4095.2249 [GMT 10:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\atieclxx.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\sihost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Users\P\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = Google
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [OneDrive] "C:\Users\P\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
StartupFolder: C:\Users\P\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0ceec13f-8aee-485f-8962-e532f6151bfd} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\P\AppData\Roaming\Mozilla\Firefox\Profiles\4e2aqbwn.default\
FF - prefs.js: browser.startup.homepage - Google
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll
.
============= SERVICES / DRIVERS ===============
.
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-7-10 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-7-10 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-8-15 200528]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-7-10 215552]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-7-10 83968]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-7-10 8192]
R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2015-7-16 256992]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2015-7-15 344064]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-7-10 39856]
R2 DiagTrack;Diagnostics Tracking Service;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-7-10 39856]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-8-17 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-8-17 1133880]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-7-10 61952]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
R2 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-7-10 119648]
R3 amdkmafd;AMD Audio Bus Lower Filter;C:\WINDOWS\System32\drivers\amdkmafd.sys [2012-9-23 21160]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\WINDOWS\System32\drivers\AtihdWT6.sys [2015-5-28 102912]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\WINDOWS\System32\drivers\LEqdUsb.sys [2014-3-19 77592]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\WINDOWS\System32\drivers\LHidEqd.sys [2014-3-19 13080]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
R3 LVRS64;Logitech RightSound Filter Driver;C:\WINDOWS\System32\drivers\lvrs64.sys [2015-8-20 351520]
R3 LVUVC64;@oem30.inf,%PID_0825_DD%(UVC);Logitech HD Webcam C270(UVC);C:\WINDOWS\System32\drivers\lvuvc64.sys [2015-8-20 4758176]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\drivers\mbam.sys [2015-8-17 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2015-8-17 113880]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\drivers\mwac.sys [2015-8-17 64216]
R3 MBfilt;MBfilt;C:\WINDOWS\System32\drivers\MBfilt64.sys [2015-2-12 32344]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-7-10 20992]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2015-7-10 587264]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-7-10 362928]
R3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2015-7-10 24576]
S2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
S2 dbupdate;Dropbox Update Service (dbupdate);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-7-20 134512]
S2 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-7-10 39856]
S2 NvVCagdefcZ;NvVCagdefcZ;"C:\ProgramData\eAEyagDyd\NvVCagdefcZ.exe" --> C:\ProgramData\eAEyagDyd\NvVCagdefcZ.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-7-9 327296]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-7-10 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-7-10 39856]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-7-10 17624]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-7-10 39856]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-7-10 32256]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2015-7-10 116736]
S3 CDPSvc;CDPSvc;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 dbupdatem;Dropbox Update Service (dbupdatem);C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-7-20 134512]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-7-10 27136]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 fcvsc;fcvsc;C:\WINDOWS\System32\drivers\fcvsc.sys [2015-7-10 31232]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-7-10 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-7-10 50016]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-7-10 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-7-10 122608]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-7-10 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-7-10 424800]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-7-10 115200]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-7-10 43872]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-7-10 26624]
S3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-7-10 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-7-10 99168]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-7-10 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-7-10 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2015-7-10 94720]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\lsass.exe [2015-7-10 56344]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-7-10 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-7-10 58720]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-8-15 934752]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-8-15 1031680]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-7-10 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-7-10 39856]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-8-19 80720]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-7-10 40288]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-7-10 61952]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-8-15 46080]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-7-10 44032]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-7-10 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2015-7-10 245088]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-7-10 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-7-10 127840]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-7-10 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-7-10 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-7-10 27488]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-7-10 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2015-8-15 685568]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-7-10 39856]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-7-10 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-7-10 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-7-10 39856]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2015-7-10 222720]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2015-7-10 25600]
.
=============== Created Last 30 ================
.
2015-09-17 02:24:14 16148 ----a-w- C:\WINDOWS\System32\PRAMOD_P_HistoryPrediction.bin
2015-09-17 02:21:24 -------- d-----w- C:\AdwCleaner
2015-09-16 23:55:54 -------- d-----w- C:\Program Files (x86)\e37e9aee-d8fe-4bd9-a4f8-da390760871d
2015-09-16 23:52:24 -------- d-----w- C:\WINDOWS\System32\tafi
2015-09-16 23:52:21 -------- d-----w- C:\Users\P\AppData\Local\Tempfolder
2015-09-16 23:52:06 -------- d-----w- C:\Users\P\AppData\Local\Installer
2015-09-16 23:42:23 -------- d-----w- C:\Users\P\AppData\Local\Opera Software
2015-09-16 23:42:22 -------- d-----w- C:\Users\P\AppData\Roaming\Opera Software
2015-09-16 23:37:01 11062400 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{84FD077C-67A8-496E-B6FF-AF99506EE0E7}\mpengine.dll
2015-09-15 07:48:34 11745192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2015-09-14 05:47:20 -------- d-----w- C:\Users\P\AppData\Roaming\Anvsoft
2015-09-14 05:47:12 -------- d-----w- C:\Program Files (x86)\Anvsoft
2015-09-09 08:33:22 -------- d-----w- C:\WINDOWS\PCHEALTH
2015-09-04 00:19:36 1190000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{12CCC164-86D5-4B2E-A076-A0276829540E}\gapaengine.dll
2015-08-30 23:26:22 113880 ----a-w- C:\WINDOWS\System32\drivers\3DA32461.sys
2015-08-23 04:17:02 -------- d-----w- C:\Program Files\CPUID
2015-08-22 05:20:59 89520 ----a-w- C:\WINDOWS\System32\atimpc64.dll
2015-08-20 03:04:41 -------- d-----w- C:\Users\P\Tracing
2015-08-20 03:04:02 -------- d-----w- C:\Users\P\AppData\Local\Logitech® Webcam Software
2015-08-20 02:59:59 40398 ----a-w- C:\WINDOWS\System32\Repository.reg
2015-08-20 02:59:58 351520 ----a-w- C:\WINDOWS\System32\drivers\lvrs64.sys
2015-08-20 02:59:58 262432 ----a-w- C:\WINDOWS\System32\lvco1380853.dll
2015-08-20 02:58:28 -------- d-----w- C:\Users\P\AppData\Local\Skype
2015-08-20 02:57:54 -------- d-----r- C:\Program Files (x86)\Skype
2015-08-19 11:52:12 26851520 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2015-08-19 11:45:32 654520 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOSQM.EXE
2015-08-19 11:45:32 37402720 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2015-08-19 07:49:59 5454848 ----a-w- C:\WINDOWS\SysWow64\Chakra.dll
.
==================== Find3M ====================
.
2015-09-17 02:24:17 113880 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2015-09-02 01:20:52 77400 ----a-w- C:\WINDOWS\System32\acmigration.dll
2015-09-02 00:25:58 3586560 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2015-09-02 00:25:34 1382912 ----a-w- C:\WINDOWS\System32\win32kbase.sys
2015-08-27 06:32:24 608936 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2015-08-27 06:04:18 21874688 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2015-08-27 05:54:40 365568 ----a-w- C:\WINDOWS\System32\atmfd.dll
2015-08-27 05:54:26 541248 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2015-08-27 05:51:48 1774592 ----a-w- C:\WINDOWS\System32\Windows.UI.Immersive.dll
2015-08-27 05:51:42 2350592 ----a-w- C:\WINDOWS\System32\authui.dll
2015-08-27 05:49:28 1008640 ----a-w- C:\WINDOWS\System32\schedsvc.dll
2015-08-27 05:43:31 576000 ----a-w- C:\WINDOWS\System32\vbscript.dll
2015-08-27 05:42:52 187904 ----a-w- C:\WINDOWS\System32\Windows.UI.PicturePassword.dll
2015-08-27 05:42:46 596480 ----a-w- C:\WINDOWS\System32\SettingSync.dll
2015-08-27 05:42:36 184320 ----a-w- C:\WINDOWS\System32\shacct.dll
2015-08-27 05:42:25 578560 ----a-w- C:\WINDOWS\System32\winlogon.exe
2015-08-27 05:39:42 45568 ----a-w- C:\WINDOWS\System32\atmlib.dll
2015-08-27 05:23:43 303104 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll
2015-08-27 05:16:41 1612288 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Immersive.dll
2015-08-27 05:16:38 2153472 ----a-w- C:\WINDOWS\SysWow64\authui.dll
2015-08-27 05:16:03 18806272 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2015-08-27 05:12:35 504320 ----a-w- C:\WINDOWS\SysWow64\vbscript.dll
2015-08-27 05:11:54 484352 ----a-w- C:\WINDOWS\SysWow64\SettingSync.dll
2015-08-27 05:11:39 139776 ----a-w- C:\WINDOWS\SysWow64\shacct.dll
2015-08-27 05:08:18 37376 ----a-w- C:\WINDOWS\SysWow64\atmlib.dll
2015-08-22 05:20:59 85472 ----a-w- C:\WINDOWS\System32\atig6pxx.dll
2015-08-20 06:07:55 8019296 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2015-08-20 0653 609592 ----a-w- C:\WINDOWS\System32\ci.dll
2015-08-20 05:26:23 168960 ----a-w- C:\WINDOWS\System32\InstallAgent.exe
2015-08-20 05:21:13 193024 ----a-w- C:\WINDOWS\System32\EnterpriseModernAppMgmtCSP.dll
2015-08-18 07:56:25 2498808 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll
2015-08-18 07:55:45 373072 ----a-w- C:\WINDOWS\System32\drivers\USBXHCI.SYS
2015-08-18 07:54:30 1396064 ----a-w- C:\WINDOWS\System32\LicenseManager.dll
2015-08-18 07:27:23 1771592 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
2015-08-18 07:24:35 963920 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2015-08-18 07:13:10 497664 ----a-w- C:\WINDOWS\System32\WlanMediaManager.dll
2015-08-18 07:13:06 387584 ----a-w- C:\WINDOWS\System32\NetSetupShim.dll
2015-08-18 07:12:20 692224 ----a-w- C:\WINDOWS\System32\drivers\UMDF\NfcCx.dll
2015-08-18 07:12:18 2225664 ----a-w- C:\WINDOWS\System32\NetworkMobileSettings.dll
2015-08-18 07:07:34 2226688 ----a-w- C:\WINDOWS\System32\wlansvc.dll
2015-08-18 07:04:20 859136 ----a-w- C:\WINDOWS\System32\modernexecserver.dll
2015-08-18 07:04:14 1234944 ----a-w- C:\WINDOWS\System32\aitstatic.exe
2015-08-18 06:59:35 1294336 ----a-w- C:\WINDOWS\System32\wcnwiz.dll
2015-08-18 06:59:02 140288 ----a-w- C:\WINDOWS\System32\WcnApi.dll
2015-08-18 06:58:46 50176 ----a-w- C:\WINDOWS\System32\WcnNetsh.dll
2015-08-18 06:58:34 112640 ----a-w- C:\WINDOWS\System32\fdWCN.dll
2015-08-18 06:58:31 117760 ----a-w- C:\WINDOWS\System32\dafWCN.dll
2015-08-18 06:58:25 187392 ----a-w- C:\WINDOWS\System32\NetSetupSvc.dll
2015-08-18 06:57:54 45568 ----a-w- C:\WINDOWS\System32\wfdprov.dll
2015-08-18 06:56:48 79872 ----a-w- C:\WINDOWS\System32\BthRadioMedia.dll
2015-08-18 06:55:01 2178560 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2015-08-18 06:54:11 247296 ----a-w- C:\WINDOWS\System32\facecredentialprovider.dll
2015-08-18 06:54:03 322048 ----a-w- C:\WINDOWS\System32\vaultsvc.dll
2015-08-18 06:52:26 1888768 ----a-w- C:\WINDOWS\System32\dwmcore.dll
2015-08-18 06:50:04 1795072 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.dll
2015-08-18 06:49:52 1061888 ----a-w- C:\WINDOWS\System32\reseteng.dll
2015-08-18 06:49:20 246272 ----a-w- C:\WINDOWS\System32\PackageStateRoaming.dll
2015-08-18 06:49:03 274432 ----a-w- C:\WINDOWS\SysWow64\NetSetupShim.dll
2015-08-18 06:36:08 1226752 ----a-w- C:\WINDOWS\SysWow64\wcnwiz.dll
2015-08-18 06:35:49 100352 ----a-w- C:\WINDOWS\SysWow64\WcnApi.dll
2015-08-18 06:35:18 95744 ----a-w- C:\WINDOWS\SysWow64\fdWCN.dll
2015-08-18 06:34:44 37376 ----a-w- C:\WINDOWS\SysWow64\wfdprov.dll
2015-08-18 06:29:11 1593344 ----a-w- C:\WINDOWS\SysWow64\dwmcore.dll
2015-08-18 06:26:08 195584 ----a-w- C:\WINDOWS\SysWow64\PackageStateRoaming.dll
2015-08-17 02:27:15 113880 ----a-w- C:\WINDOWS\System32\drivers\0B1C68F6.sys
2015-08-14 14:43:59 911360 ----a-w- C:\WINDOWS\System32\SharedStartModel.dll
2015-08-14 04:51:31 18960 ----a-w- C:\WINDOWS\System32\drivers\LNonPnP.sys
2015-08-14 04:51:06 0 ----a-w- C:\WINDOWS\ativpsrm.bin
2015-08-13 04:22:26 2093056 ----a-w- C:\WINDOWS\System32\wlidsvc.dll
2015-08-13 04:20:39 414208 ----a-w- C:\WINDOWS\System32\AppXDeploymentClient.dll
2015-08-13 03:53:21 311808 ----a-w- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
2015-08-12 16:03:57 733696 ----a-w- C:\WINDOWS\System32\SkyDriveTelemetry.dll
2015-08-12 15:58:57 15360 ----a-w- C:\WINDOWS\System32\wu.upgrade.ps.dll
2015-08-12 07:18:36 9284296 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerInstaller.exe
2015-08-11 10:04:24 2462648 ----a-w- C:\WINDOWS\System32\mfcore.dll
2015-08-11 10:04:23 4532304 ----a-w- C:\WINDOWS\explorer.exe
2015-08-11 10:04:15 1087296 ----a-w- C:\WINDOWS\System32\mfplat.dll
2015-08-11 10:03:09 442208 ----a-w- C:\WINDOWS\System32\drivers\storport.sys
2015-08-11 10:02:57 554744 ----a-w- C:\WINDOWS\System32\directmanipulation.dll
2015-08-11 10:02:56 80720 ----a-w- C:\WINDOWS\System32\drivers\stornvme.sys
2015-08-11 10:02:49 292856 ----a-w- C:\WINDOWS\System32\LockAppHost.exe
2015-08-11 09:52:49 993104 ----a-w- C:\WINDOWS\System32\ReAgent.dll
2015-08-11 09:50:47 1643872 ----a-w- C:\WINDOWS\System32\diagtrack.dll
2015-08-11 09:40:22 4048808 ----a-w- C:\WINDOWS\SysWow64\explorer.exe
2015-08-11 09:40:12 918320 ----a-w- C:\WINDOWS\SysWow64\mfplat.dll
2015-08-11 09:40:08 2151208 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
2015-08-11 09:38:22 454000 ----a-w- C:\WINDOWS\SysWow64\directmanipulation.dll
2015-08-11 09:37:48 243800 ----a-w- C:\WINDOWS\SysWow64\LockAppHost.exe
2015-08-11 09:26:03 845664 ----a-w- C:\WINDOWS\SysWow64\ReAgent.dll
2015-08-11 09:23:59 16706560 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2015-08-11 09:21:13 148992 ----a-w- C:\WINDOWS\System32\tetheringservice.dll
2015-08-11 09:21:04 52224 ----a-w- C:\WINDOWS\System32\tetheringclient.dll
2015-08-11 09:20:02 483328 ----a-w- C:\WINDOWS\System32\OneDriveSettingSyncProvider.dll
2015-08-11 09:19:45 235520 ----a-w- C:\WINDOWS\System32\SettingsHandlers_Notifications.dll
2015-08-11 09:18:44 235008 ----a-w- C:\WINDOWS\System32\UserMgrProxy.dll
2015-08-11 09:16:32 2416640 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll
2015-08-11 09:14:02 404480 ----a-w- C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-08-11 09:13:42 413184 ----a-w- C:\WINDOWS\System32\diagtrack_win.dll
2015-08-11 09:11:40 2446336 ----a-w- C:\WINDOWS\System32\InputService.dll
2015-08-11 09:11:18 553472 ----a-w- C:\WINDOWS\System32\GamePanel.exe
.
============= FINISH: 12:51:19.27 ===============
Attached Files
File Type: txt attach.txt (21.8 KB, 80 views)
File Type: txt AdwCleaner[C1].txt (7.9 KB, 34 views)
drosera01 is offline  
Sponsored Links
Advertisement
 
Old 09-21-2015, 05:40 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please go to: VirusTotal
  • Click the Choose File button.
  • Please copy/paste the following bolded text into the 'File name:' box:

    C:\ProgramData\eAEyagDyd\NvVCagdefcZ.exe

  • Click Open then click the Scan it! button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File already analysed: click Reanalyse
  • Once scanned, copy and paste the URL from your browser address bar in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-21-2015, 10:13 PM   #3
Registered Member
 
Join Date: Nov 2006
Location: Canberra
Posts: 348
OS: Windows 8 Pro

My System


Thank you Chemist,

VirusTotal choose file says could not find the path. I did tick "show hidden files" on explorer and still same. when i manually check i can not find that folder and file on computer.
Here is the log from FRST and Addition.txt is attached.

Thank you

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by P (administrator) on PRAMOD (22-09-2015 1550)
Running from C:\Users\P\Desktop
Loaded Profiles: P (Available Profiles: P)
Platform: Windows 10 Pro (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1509.14010.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13197456 2012-09-28] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-20] (Logitech, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [815512 2012-01-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [39175960 2015-08-14] (Dropbox, Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3656213323-4014080569-879439833-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53729824 2015-08-07] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
Startup: C:\Users\P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-02-16]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0ceec13f-8aee-485f-8962-e532f6151bfd}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3656213323-4014080569-879439833-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-au/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-08-12] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-20] (Logitech, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-08-12] (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-20] (Logitech, Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3656213323-4014080569-879439833-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-01-21] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\P\AppData\Roaming\Mozilla\Firefox\Profiles\4e2aqbwn.default
FF Homepage: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Extension: Adblock Plus - C:\Users\P\AppData\Roaming\Mozilla\Firefox\Profiles\4e2aqbwn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-17]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-02-16]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-04-14]
FF Extension: No Name - C:\Users\P\AppData\Roaming\Mozilla\Firefox\Profiles\4e2aqbwn.default\extensions\[email protected] [not found]
FF Extension: No Name - C:\Users\P\AppData\Roaming\Mozilla\Firefox\Profiles\4e2aqbwn.default\extensions\[email protected] [not found]
FF Extension: No Name - C:\Users\P\AppData\Roaming\Mozilla\Firefox\Profiles\4e2aqbwn.default\extensions\[email protected] [not found]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\P\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\P\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-16]
CHR Extension: (Google Docs) - C:\Users\P\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-16]
CHR Extension: (Google Drive) - C:\Users\P\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-16]
CHR Extension: (YouTube) - C:\Users\P\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-16]
CHR Extension: (Google Search) - C:\Users\P\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-16]
CHR Extension: (Google Sheets) - C:\Users\P\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-16]
CHR Extension: (Google Docs Offline) - C:\Users\P\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\P\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\P\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-16]
CHR Extension: (Gmail) - C:\Users\P\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-16]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-15] (Advanced Micro Devices, Inc.) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-20] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-20] (Dropbox, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S2 NvVCagdefcZ; "C:\ProgramData\eAEyagDyd\NvVCagdefcZ.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-22 15:06 - 2015-09-22 15:07 - 00017342 _____ C:\Users\P\Desktop\FRST.txt
2015-09-22 15:06 - 2015-09-22 15:06 - 00000000 ____D C:\FRST
2015-09-22 15:04 - 2015-09-22 15:05 - 02191360 _____ (Farbar) C:\Users\P\Desktop\FRST64.exe
2015-09-22 14:58 - 2015-09-22 14:58 - 00016148 _____ C:\WINDOWS\system32\PRAMOD_P_HistoryPrediction.bin
2015-09-17 12:51 - 2015-09-17 12:51 - 00032248 _____ C:\Users\P\Desktop\dds.txt
2015-09-17 12:51 - 2015-09-17 12:51 - 00022282 _____ C:\Users\P\Desktop\attach.txt
2015-09-17 12:21 - 2015-09-17 12:22 - 00000000 ____D C:\AdwCleaner
2015-09-17 12:15 - 2015-09-17 12:18 - 01660416 _____ C:\Users\P\Downloads\AdwCleaner.exe
2015-09-17 12:08 - 2015-09-17 12:09 - 00688992 ____R (Swearware) C:\Users\P\Desktop\dds.scr
2015-09-17 10:35 - 2015-09-17 10:35 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2015-09-17 10:29 - 2015-09-17 10:29 - 00000262 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{385A8E17-06D8-438C-902E-92F7CE19A455}.job
2015-09-17 09:58 - 2015-09-17 09:58 - 00003544 _____ C:\WINDOWS\System32\Tasks\Amtleaxofnoor
2015-09-17 09:56 - 2015-09-21 19:48 - 00000992 _____ C:\WINDOWS\Tasks\fHkc9oIaDul.job
2015-09-17 09:56 - 2015-09-21 11:20 - 00001024 _____ C:\WINDOWS\Tasks\VTjJO7Tf8raFPoGVb8a7TIP9WkC.job
2015-09-17 09:56 - 2015-09-17 09:56 - 00004184 _____ C:\WINDOWS\System32\Tasks\VTjJO7Tf8raFPoGVb8a7TIP9WkC
2015-09-17 09:56 - 2015-09-17 09:56 - 00004118 _____ C:\WINDOWS\System32\Tasks\fHkc9oIaDul
2015-09-17 09:55 - 2015-09-17 10:24 - 00000000 ____D C:\Program Files (x86)\e37e9aee-d8fe-4bd9-a4f8-da390760871d
2015-09-17 09:55 - 2015-09-17 09:55 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-09-17 09:52 - 2015-09-17 10:03 - 00000000 ____D C:\Users\P\AppData\Local\Tempfolder
2015-09-17 09:52 - 2015-09-17 09:52 - 00000000 ____D C:\WINDOWS\system32\tafi
2015-09-17 09:42 - 2015-09-17 10:29 - 00000000 ____D C:\Users\P\AppData\Roaming\Opera Software
2015-09-17 09:42 - 2015-09-17 10:29 - 00000000 ____D C:\Users\P\AppData\Local\Opera Software
2015-09-17 09:42 - 2015-09-17 09:42 - 00003918 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1442446938
2015-09-17 09:41 - 2015-09-17 10:29 - 00000000 ____D C:\Program Files (x86)\Opera
2015-09-17 09:41 - 2015-02-16 19:25 - 00001805 ____R C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-09-17 09:39 - 2015-09-17 09:39 - 00000102 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-09-17 09:36 - 2015-09-17 09:36 - 00000000 ____D C:\Users\P\Downloads\Malwarebytes+Anti+Malware
2015-09-14 15:47 - 2015-09-17 10:24 - 00001272 _____ C:\Users\P\Desktop\Any Video Converter.lnk
2015-09-14 15:47 - 2015-09-14 19:13 - 00000000 ____D C:\Users\P\AppData\Roaming\Anvsoft
2015-09-14 15:47 - 2015-09-14 15:47 - 00000000 ____D C:\Users\P\Documents\Any Video Converter
2015-09-14 15:47 - 2015-09-14 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvsoft
2015-09-14 15:47 - 2015-09-14 15:47 - 00000000 ____D C:\Program Files (x86)\Anvsoft
2015-09-14 14:52 - 2015-09-14 15:46 - 37939336 _____ (Any-Video-Converter.com ) C:\Users\P\Downloads\avc-free.exe
2015-09-14 14:42 - 2015-09-14 14:42 - 00000000 ____D C:\Users\P\Downloads\Camera
2015-09-14 13:46 - 2015-09-14 14:33 - 3938280036 _____ C:\Users\P\Downloads\Camera.zip
2015-09-14 10:48 - 2015-09-14 10:48 - 00000000 ____D C:\Users\P\Downloads\Mohalla Assi (2015) x264 DesiSCR Rip [DDR]
2015-09-14 10:47 - 2015-09-14 10:47 - 00010718 _____ C:\Users\P\Downloads\Mohalla Assi (2015) x264 DesiSCR Rip [DDR].torrent
2015-09-09 18:33 - 2015-09-09 18:33 - 00000000 ____D C:\WINDOWS\PCHEALTH
2015-09-09 16:48 - 2015-09-02 11:20 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-09-09 16:48 - 2015-09-02 10:25 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-09-09 16:48 - 2015-09-02 10:25 - 01382912 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-09-09 16:48 - 2015-08-27 16:36 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-09 16:48 - 2015-08-27 16:32 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-09-09 16:48 - 2015-08-27 16:04 - 21874688 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-09-09 16:48 - 2015-08-27 15:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-09 16:48 - 2015-08-27 15:55 - 24594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-09 16:48 - 2015-08-27 15:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-09-09 16:48 - 2015-08-27 15:54 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-09 16:48 - 2015-08-27 15:51 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-09 16:48 - 2015-08-27 15:51 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-09 16:48 - 2015-08-27 15:49 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-09 16:48 - 2015-08-27 15:47 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-09 16:48 - 2015-08-27 15:43 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-09 16:48 - 2015-08-27 15:43 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-09 16:48 - 2015-08-27 15:42 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-09 16:48 - 2015-08-27 15:42 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-09-09 16:48 - 2015-08-27 15:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2015-09-09 16:48 - 2015-08-27 15:42 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-09 16:48 - 2015-08-27 15:39 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-09 16:48 - 2015-08-27 15:23 - 19324416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-09 16:48 - 2015-08-27 15:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-09 16:48 - 2015-08-27 15:16 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-09-09 16:48 - 2015-08-27 15:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-09 16:48 - 2015-08-27 15:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 16:48 - 2015-08-27 15:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-09 16:48 - 2015-08-27 15:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-09 16:48 - 2015-08-27 15:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-09 16:48 - 2015-08-27 15:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-09 16:48 - 2015-08-27 15:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-09 16:48 - 2015-08-27 15:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-09 10:59 - 2015-09-09 11:00 - 00279768 _____ C:\WINDOWS\Minidump\090915-16515-01.dmp
2015-09-08 16:54 - 2015-09-08 16:54 - 00000000 ____D C:\Users\P\Desktop\DocuPrint_M225_dw_M225_z_M265_z_ASA_HYBRID_A013_004_BIL
2015-09-06 16:51 - 2015-09-06 16:51 - 00279768 _____ C:\WINDOWS\Minidump\090615-12234-01.dmp
2015-09-06 16:38 - 2015-09-06 16:38 - 00279768 _____ C:\WINDOWS\Minidump\090615-16906-01.dmp
2015-09-06 16:36 - 2015-09-06 16:36 - 00279768 _____ C:\WINDOWS\Minidump\090615-12546-01.dmp
2015-09-04 16:42 - 2015-09-04 16:43 - 00279768 _____ C:\WINDOWS\Minidump\090415-15140-01.dmp
2015-09-04 13:11 - 2015-09-04 13:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-31 15:57 - 2015-09-04 10:11 - 00000000 ____D C:\Users\P\Desktop\ANMAC
2015-08-31 09:26 - 2015-08-31 09:26 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\3DA32461.sys
2015-08-29 04:00 - 2015-08-20 16:07 - 08019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-29 04:00 - 2015-08-20 16:06 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-08-29 04:00 - 2015-08-20 16:02 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-08-29 04:00 - 2015-08-20 15:26 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-08-29 04:00 - 2015-08-20 15:21 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-08-29 04:00 - 2015-08-20 15:16 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-08-29 04:00 - 2015-08-20 15:13 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-29 04:00 - 2015-08-18 17:56 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-29 04:00 - 2015-08-18 17:55 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-08-29 04:00 - 2015-08-18 17:54 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-08-29 04:00 - 2015-08-18 17:27 - 01771592 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-08-29 04:00 - 2015-08-18 17:24 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-08-29 04:00 - 2015-08-18 17:13 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-08-29 04:00 - 2015-08-18 17:13 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-08-29 04:00 - 2015-08-18 17:12 - 02225664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-08-29 04:00 - 2015-08-18 17:07 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-08-29 04:00 - 2015-08-18 17:04 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-08-29 04:00 - 2015-08-18 17:04 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-08-29 04:00 - 2015-08-18 16:59 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-08-29 04:00 - 2015-08-18 16:59 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-08-29 04:00 - 2015-08-18 16:58 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-08-29 04:00 - 2015-08-18 16:58 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-08-29 04:00 - 2015-08-18 16:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-08-29 04:00 - 2015-08-18 16:58 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-08-29 04:00 - 2015-08-18 16:57 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-08-29 04:00 - 2015-08-18 16:56 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-08-29 04:00 - 2015-08-18 16:55 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-08-29 04:00 - 2015-08-18 16:54 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-08-29 04:00 - 2015-08-18 16:54 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-08-29 04:00 - 2015-08-18 16:52 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-08-29 04:00 - 2015-08-18 16:50 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-08-29 04:00 - 2015-08-18 16:49 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-08-29 04:00 - 2015-08-18 16:49 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2015-08-29 04:00 - 2015-08-18 16:49 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-08-29 04:00 - 2015-08-18 16:36 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2015-08-29 04:00 - 2015-08-18 16:35 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2015-08-29 04:00 - 2015-08-18 16:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2015-08-29 04:00 - 2015-08-18 16:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2015-08-29 04:00 - 2015-08-18 16:29 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-08-29 04:00 - 2015-08-18 16:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2015-08-29 04:00 - 2015-08-18 14:44 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList
2015-08-28 17:16 - 2015-08-28 17:17 - 00279768 _____ C:\WINDOWS\Minidump\082815-17687-01.dmp
2015-08-25 18:58 - 2015-09-09 10:59 - 00000000 ____D C:\WINDOWS\Minidump
2015-08-25 18:58 - 2015-08-25 18:58 - 01017400 _____ C:\WINDOWS\Minidump\082515-13203-01.dmp
2015-08-23 15:19 - 2015-09-17 10:25 - 00001013 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2015-08-23 15:19 - 2015-08-23 15:19 - 01199856 _____ ( ) C:\Users\P\Downloads\hwmonitor_1.28.exe
2015-08-23 15:18 - 2015-08-23 15:24 - 00000000 ____D C:\Users\P\Desktop\p95v285.win64
2015-08-23 14:17 - 2015-09-17 10:25 - 00000952 _____ C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2015-08-23 14:17 - 2015-08-23 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-08-23 14:17 - 2015-08-23 15:19 - 00000000 ____D C:\Program Files\CPUID
2015-08-23 14:16 - 2015-08-23 14:16 - 01629552 _____ ( ) C:\Users\P\Downloads\cpu-z_1.73-en.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-22 15:03 - 2015-07-10 20:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-22 15:02 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-22 15:01 - 2015-08-20 13:00 - 00039523 _____ C:\WINDOWS\system32\lvcoinst.log
2015-09-22 15:00 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-22 14:58 - 2015-07-10 22:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-21 19:43 - 2015-07-20 17:32 - 00000912 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2015-09-21 19:36 - 2015-02-16 19:07 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-21 19:18 - 2015-04-10 10:59 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-21 18:35 - 2015-02-16 19:07 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-21 11:24 - 2015-08-14 15:07 - 00830266 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-21 11:21 - 2015-08-20 12:58 - 00000000 ____D C:\Users\P\AppData\Roaming\Skype
2015-09-21 11:21 - 2015-07-20 17:36 - 00000000 ___RD C:\Users\P\Dropbox
2015-09-21 11:21 - 2015-07-20 17:32 - 00000000 ____D C:\Users\P\AppData\Local\Dropbox
2015-09-21 11:20 - 2015-08-14 14:53 - 00000000 ____D C:\Users\P
2015-09-21 11:20 - 2015-08-14 14:48 - 00348678 _____ C:\WINDOWS\PFRO.log
2015-09-21 11:20 - 2015-07-20 17:32 - 00000908 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2015-09-21 11:20 - 2015-07-10 22:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-21 11:20 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\Help
2015-09-21 10:50 - 2015-08-17 15:01 - 00000000 ____D C:\Users\P\AppData\Local\MicrosoftEdge
2015-09-18 19:11 - 2015-08-17 11:11 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-17 18:31 - 2015-02-16 19:07 - 00003978 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-17 18:31 - 2015-02-16 19:07 - 00003746 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-17 12:23 - 2015-07-10 19:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-09-17 11:29 - 2015-02-12 14:51 - 00000000 ____D C:\Users\P\AppData\Local\Packages
2015-09-17 11:28 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-09-17 10:25 - 2015-08-20 12:59 - 00001707 _____ C:\Users\Public\Desktop\Logitech Webcam Software .lnk
2015-09-17 10:25 - 2015-08-20 12:57 - 00002634 _____ C:\Users\Public\Desktop\Skype.lnk
2015-09-17 10:25 - 2015-08-17 11:11 - 00001165 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-17 10:25 - 2015-08-14 15:02 - 00002254 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-17 10:25 - 2015-08-14 14:57 - 00001540 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-09-17 10:25 - 2015-08-12 13:25 - 00001076 _____ C:\Users\Public\Desktop\KeyFinder.lnk
2015-09-17 10:25 - 2015-05-07 11:56 - 00001083 _____ C:\Users\Public\Desktop\Foxit PhantomPDF.lnk
2015-09-17 10:25 - 2015-03-17 10:22 - 00001147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-17 10:25 - 2015-03-17 10:22 - 00001141 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-09-17 10:25 - 2015-03-04 12:03 - 00001865 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2015-09-17 10:25 - 2015-03-04 12:03 - 00001859 _____ C:\Users\Public\Desktop\ImgBurn.lnk
2015-09-17 10:25 - 2015-02-16 19:36 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2015-09-17 10:25 - 2015-02-16 19:36 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2015-09-17 10:25 - 2015-02-16 19:36 - 00002020 _____ C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2015-09-17 10:24 - 2015-08-17 13:15 - 00001415 _____ C:\Users\P\AppData\Roaming\Microsoft\Windows\Start Menu\Install Windows.lnk
2015-09-17 10:24 - 2015-08-17 13:15 - 00001413 _____ C:\Users\P\Desktop\Install Windows.lnk
2015-09-17 10:24 - 2015-08-14 15:39 - 00001047 _____ C:\Users\P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2015-09-17 10:24 - 2015-08-14 15:33 - 00002358 _____ C:\Users\P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-09-17 10:24 - 2015-07-20 17:36 - 00001214 _____ C:\Users\P\Desktop\Dropbox.lnk
2015-09-17 10:24 - 2015-07-10 11:34 - 00001984 _____ C:\Users\P\Desktop\e-tax 2015.lnk
2015-09-17 10:24 - 2015-02-16 19:34 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-09-17 10:05 - 2015-08-14 14:53 - 00000000 ___RD C:\Users\P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-17 09:52 - 2015-07-10 21:00 - 00680256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2015-09-17 09:52 - 2015-07-10 21:00 - 00534064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2015-09-17 09:41 - 2015-02-16 19:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-17 09:32 - 2015-02-16 19:07 - 00000000 ____D C:\Users\P\AppData\Local\Google
2015-09-15 17:42 - 2015-08-14 15:33 - 00000000 ___RD C:\Users\P\OneDrive
2015-09-11 03:43 - 2015-07-10 22:20 - 00368496 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-11 03:41 - 2015-07-11 02:29 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-11 03:41 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-09 18:39 - 2015-02-11 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-09-09 18:38 - 2015-02-11 22:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-09 18:37 - 2012-07-26 15:26 - 00000167 _____ C:\WINDOWS\win.ini
2015-09-09 18:32 - 2015-02-16 21:13 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-09 10:59 - 2015-02-13 00:48 - 513211992 _____ C:\WINDOWS\MEMORY.DMP
2015-09-08 17:40 - 2015-07-16 15:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fuji Xerox
2015-09-08 17:40 - 2015-07-16 15:49 - 00000000 ____D C:\Program Files (x86)\Fuji Xerox
2015-09-08 17:40 - 2015-02-12 15:39 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-04 13:11 - 2015-07-20 17:32 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-09-03 18:12 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\rescache
2015-09-01 07:36 - 2015-08-12 18:10 - 00000000 ____D C:\Users\P\Desktop\2015 Tax Docs
2015-09-01 03:41 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-08-31 21:51 - 2015-08-12 18:21 - 00077888 _____ C:\Users\P\Documents\PRAMOD2015.TAX
2015-08-31 21:47 - 2015-08-12 18:21 - 00076896 _____ C:\Users\P\Documents\PRAMOD2015.BAK
2015-08-31 21:39 - 2015-08-13 21:10 - 00112448 _____ C:\Users\P\Documents\LAXMI2015.TAX
2015-08-31 21:32 - 2015-08-13 21:10 - 00111328 _____ C:\Users\P\Documents\LAXMI2015.BAK
2015-08-31 20:15 - 2015-07-25 22:11 - 00000000 ____D C:\Users\P\Desktop\Medicare entitlement
2015-08-31 15:12 - 2015-02-16 19:21 - 00000000 ____D C:\WINDOWS\AutoKMS
2015-08-31 13:35 - 2015-07-10 11:34 - 00000000 ____D C:\Users\P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\e-tax 2015
2015-08-31 13:35 - 2015-07-10 11:33 - 00000000 ____D C:\Program Files (x86)\etax2015
2015-08-26 18:37 - 2015-02-16 21:13 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-24 15:12 - 2015-02-16 19:22 - 00003808 _____ C:\WINDOWS\System32\Tasks\AutoKMS

==================== Files in the root of some directories =======

2015-04-15 02:28 - 2015-04-15 02:28 - 0004387 _____ () C:\Users\P\AppData\Roaming\fHkc9oIaDul
2015-04-19 22:20 - 2015-04-19 22:20 - 0005872 _____ () C:\Users\P\AppData\Roaming\VTjJO7Tf8raFPoGVb8a7TIP9WkC
2015-04-16 10:32 - 2015-05-30 21:04 - 0007627 _____ () C:\Users\P\AppData\Local\Resmon.ResmonCfg
2015-09-17 09:39 - 2015-09-17 09:39 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Files to move or delete:
====================
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat


Some files in TEMP:
====================
C:\Users\P\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsbgzad.dll
C:\Users\P\AppData\Local\Temp\Malwarebytes Anti Malware__10924_i1654461365_il1718231.exe
C:\Users\P\AppData\Local\Temp\Opera_NI_stable.exe
C:\Users\P\AppData\Local\Temp\SpOrder.dll
C:\Users\P\AppData\Local\Temp\sqlite3.dll
C:\Users\P\AppData\Local\Temp\Uninstall.exe
C:\Users\P\AppData\Local\Temp\_is3FD3.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll
[2015-07-10 21:00] - [2015-09-17 09:52] - 0680256 ____A (Microsoft Corporation) 3B01D5C5A760820C494D0A2C4F2F0AA5

C:\WINDOWS\SysWOW64\dnsapi.dll
[2015-07-10 21:00] - [2015-09-17 09:52] - 0534064 ____A (Microsoft Corporation) 37CFAF78C2CA7575029789705367EA93

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-14 10:16

==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition.txt (39.6 KB, 32 views)
drosera01 is offline  
Sponsored Links
Advertisement
 
Old 09-22-2015, 06:44 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



What pirated Adobe product are you using, along with your pirated Office?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-23-2015, 04:38 AM   #5
Registered Member
 
Join Date: Nov 2006
Location: Canberra
Posts: 348
OS: Windows 8 Pro

My System


Quote:
Originally Posted by chemist View Post
What pirated Adobe product are you using, along with your pirated Office?

------------------------------------------------------
I don't know,
My Brother in Law had installed office and Acrobat on this machine. I initially used Foxit for acrobat and open office for office. But Brother in law installed office and acrobat as girls asked for it saying that's what they use at school.
I had assumed that he got licence for it and are legit.
If you think those are not legit, i can uninstall and go back to what i had before.
Wife use this computer every now and then but 11 yr old is the one who is this computer for.
I have noticed utorrent on this computer and i am pretty sure that was installed by my another brother in law(teenage and very smart guy) who is excessively obsessed with movies and was here for about a week few months back.

Thanks
drosera01 is offline  
Old 09-23-2015, 08:50 AM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, drosera01. OK. Please uninstall Adobe Acrobat X Pro and Microsoft Office Professional Plus 2013 via Programs and Features in your Control Panel, then reboot your machine.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

What happened to Backup and Restore? - Windows Help

------------------------------------------------------

Also, if you haven't done so already, you might want to create a USB recovery drive. It's really easy and quick.

Create a USB recovery drive - Windows Help

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->(Programs)->Programs and Features if they still exist:

MaxDriverUpdater Service<<Please read this

Please delete the following Folder if it still exists:

C:\Program Files (x86)\max driver updater

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
    Task: {09DF2BF4-E6CC-407C-9564-1D1393A38327} - \0863d34c-91c0-4a5f-a98e-0f55a76fa7c0-11 -> No File <==== ATTENTION
    Task: {0BBCEAA5-C9EB-4AAA-96B0-DE911480821E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {0DB2BB8D-F4AA-4A1B-B1A3-E2083FF659A2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {0DDC9156-C813-4144-8DCE-9BD43B5DD88C} - \APSnotifierPP3 -> No File <==== ATTENTION
    Task: {0E8A22A5-A8DE-43A6-A68E-1BD7C80C540C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {14F950E2-0C27-48D5-B046-2A4BB4AF3962} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
    Task: {1C5D78D8-A52D-41F8-A9F5-291DE0450BAF} - \0863d34c-91c0-4a5f-a98e-0f55a76fa7c0-1-7 -> No File <==== ATTENTION
    Task: {25F8B560-0396-4753-A2C8-FF6A4D9F02B7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {26771208-D3E8-4879-B484-28D403F8FADB} - \PhraseProfessor Auto Updater 1.10.0.21 Pending Update -> No File <==== ATTENTION
    Task: {2B321A15-608C-422D-8336-E543DB42A4D4} - \0863d34c-91c0-4a5f-a98e-0f55a76fa7c0-1-6 -> No File <==== ATTENTION
    Task: {2BEA4C9E-EC96-4B1E-93AC-C173FEF3DF44} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
    Task: {2D056199-1780-4476-B798-88AC1A37F4FA} - \0863d34c-91c0-4a5f-a98e-0f55a76fa7c0-5_user -> No File <==== ATTENTION
    Task: {359CDBEE-C9FC-4877-BB71-1E68F1F67016} - \SMW_UpdateTask_Time_323139303938303530372d50372d5a456c37325a347841 -> No File <==== ATTENTION
    Task: {359FAE3E-A791-4D64-AC19-D6625A9BA7EC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {3B3E4881-6C86-447A-AA52-AF057543BFAA} - \APSnotifierPP1 -> No File <==== ATTENTION
    Task: {3D3FCFD5-B998-4F69-9325-8D64CAD3B335} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION
    Task: {3E772851-2E4E-44BB-B7E7-FDF9E6F8C116} - \0863d34c-91c0-4a5f-a98e-0f55a76fa7c0-4 -> No File <==== ATTENTION
    Task: {3EB56801-C99C-408A-9B5C-F5B4A5D41A00} - \amiupdaterExd -> No File <==== ATTENTION
    Task: {4DD97293-F96D-4B8C-A0C5-01638EC4D799} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
    Task: {534A10F6-D40E-4747-AF09-E60B55912E09} - System32\Tasks\Amtleaxofnoor => C:\ProgramData\Amtleaxofnoor\1.0.5.1\lnoosrea.exe
    Task: {5D6D02D5-E6D5-4B2E-BA09-54CDDF9B9543} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {5F8E71BD-C36F-4767-8B9A-31871B3E7046} - \0863d34c-91c0-4a5f-a98e-0f55a76fa7c0-3 -> No File <==== ATTENTION
    Task: {694C8AA2-C9E9-4BCC-B3FE-690BA18B18E6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {699C301A-6C64-4F39-9318-74A90C7AB5FE} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
    Task: {6DAF3CE9-B2C2-4563-98CE-B96543F63BE9} - \0863d34c-91c0-4a5f-a98e-0f55a76fa7c0-13 -> No File <==== ATTENTION
    Task: {75ED31A5-5F68-4A96-A09E-B0E4914E6117} - \amiupdaterExi -> No File <==== ATTENTION
    Task: {76A88A2E-C5DE-4A3E-8166-6529CD571AC1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {7A81533A-D7FE-4348-8068-AF4C27C27FDF} - System32\Tasks\VTjJO7Tf8raFPoGVb8a7TIP9WkC => C:\Users\P\AppData\Roaming\VTjJO7Tf8raFPoGVb8a7TIP9WkC.exe <==== ATTENTION
    Task: {84910CDE-FB5A-442C-835A-9CA8FF54901B} - \0863d34c-91c0-4a5f-a98e-0f55a76fa7c0-10_user -> No File <==== ATTENTION
    Task: {8AA88B57-C4B8-4ADF-B593-FA046BFAAADB} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
    Task: {9468445E-64F0-4E4F-A3FF-4909428A1060} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {94B54DAB-7CFA-4656-98B8-4B0EF7A6F049} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {9DC4B52B-5EE4-4DA8-8A9B-E2DB5DA55A83} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION
    Task: {A98B5463-61BA-4062-B35F-DC2CB3A2BCBC} - \0863d34c-91c0-4a5f-a98e-0f55a76fa7c0-14 -> No File <==== ATTENTION
    Task: {AA6BE9A3-051F-4C23-A318-537F037560EE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {B2AB3FF8-D119-47A3-BD8C-D51E324E4E69} - \Smp -> No File <==== ATTENTION
    Task: {C4FF22B7-F5B0-4E14-91CC-918286765E94} - \Crossbrowse -> No File <==== ATTENTION
    Task: {CAC4839E-B1BF-409C-8217-77D6BC59D864} - \PhraseProfessor Auto Updater 1.10.0.21 Core -> No File <==== ATTENTION
    Task: {D7BF9BCB-34B2-47DA-B216-956C8E544F32} - \0863d34c-91c0-4a5f-a98e-0f55a76fa7c0-6 -> No File <==== ATTENTION
    Task: {DA03B2B0-96F0-49BB-BF39-91831896E943} - \0863d34c-91c0-4a5f-a98e-0f55a76fa7c0-5 -> No File <==== ATTENTION
    Task: {DDF4CFB8-E034-48DB-8E70-E43121F0D9F6} - \APSnotifierPP2 -> No File <==== ATTENTION
    Task: {E4AE47DB-81EC-42C5-BA24-5616E0ECB61A} - \SMWUpd -> No File <==== ATTENTION
    Task: {F04418BD-4ACA-4C93-9B81-1411E576D0B4} - \0863d34c-91c0-4a5f-a98e-0f55a76fa7c0-7 -> No File <==== ATTENTION
    Task: {F87A1CC0-A617-458C-AC80-3D1125FA94B1} - System32\Tasks\fHkc9oIaDul => C:\Users\P\AppData\Roaming\fHkc9oIaDul.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\fHkc9oIaDul.job => C:\Users\P\AppData\Roaming\fHkc9oIaDul.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\VTjJO7Tf8raFPoGVb8a7TIP9WkC.job => C:\Users\P\AppData\Roaming\VTjJO7Tf8raFPoGVb8a7TIP9WkC.exe <==== ATTENTION
    FirewallRules: [{0A76334E-06E5-416E-BFD0-AA5C4C776F43}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{B1ECA6AF-A947-40D8-8F07-9A6910E39109}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{C06BBCD8-51EB-4881-A855-BA0D76544C07}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{3BC788D4-A95B-4DA7-9644-FDAE6AD59E1E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{32704CDA-F733-46C2-8633-1E731F38F181}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{D495A1F1-014B-41DA-A301-0F73C2EFF7FF}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{A1D39B81-AE5D-4822-8BAF-A73016B901A5}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{2E1C2023-1460-41ED-B379-150A1DABBAE4}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{1E3781A4-09E5-4D0D-9BBA-02A3F42AF5AA}] => (Allow) C:\Users\P\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{B91396A4-3F17-44FB-AF0A-73E6A2522281}] => (Allow) C:\Users\P\AppData\Roaming\uTorrent\uTorrent.exe
    C:\Users\P\AppData\Roaming\uTorrent
    FirewallRules: [{24B0529B-1A3A-4782-A02A-7BAAFB5E611D}] => (Allow) C:\Program Files (x86)\Max Driver Updater\maxdu.exe
    C:\Program Files (x86)\Max Driver Updater
    FirewallRules: [{32905ECE-DEA4-48B1-9476-8CA2A7DF1584}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
    C:\Program Files (x86)\Crossbrowse
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
    C:\Program Files\Microsoft Office
    (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\Adobe\Acrobat 10.0
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2012-01-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [815512 2012-01-03] (Adobe Systems Inc.)
    Startup: C:\Users\P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-02-16]
    C:\Users\P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-08-12] (Microsoft Corporation)
    BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
    BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
    C:\Program Files (x86)\Common Files\Adobe\Acrobat
    Toolbar: HKU\S-1-5-21-3656213323-4014080569-879439833-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-01-21] (Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-02-16]
    FF Extension: No Name - C:\Users\P\AppData\Roaming\Mozilla\Firefox\Profiles\4e2aqbwn.default\extensions\[email protected] [not found]
    FF Extension: No Name - C:\Users\P\AppData\Roaming\Mozilla\Firefox\Profiles\4e2aqbwn.default\extensions\[email protected] [not found]
    FF Extension: No Name - C:\Users\P\AppData\Roaming\Mozilla\Firefox\Profiles\4e2aqbwn.default\extensions\[email protected] [not found]
    S2 NvVCagdefcZ; "C:\ProgramData\eAEyagDyd\NvVCagdefcZ.exe" [X]
    2015-09-17 09:58 - 2015-09-17 09:58 - 00003544 _____ C:\WINDOWS\System32\Tasks\Amtleaxofnoor
    2015-09-17 09:56 - 2015-09-21 19:48 - 00000992 _____ C:\WINDOWS\Tasks\fHkc9oIaDul.job
    2015-09-17 09:56 - 2015-09-21 11:20 - 00001024 _____ C:\WINDOWS\Tasks\VTjJO7Tf8raFPoGVb8a7TIP9WkC.job
    2015-09-17 09:56 - 2015-09-17 09:56 - 00004184 _____ C:\WINDOWS\System32\Tasks\VTjJO7Tf8raFPoGVb8a7TIP9WkC
    2015-09-17 09:56 - 2015-09-17 09:56 - 00004118 _____ C:\WINDOWS\System32\Tasks\fHkc9oIaDul
    2015-09-17 09:55 - 2015-09-17 10:24 - 00000000 ____D C:\Program Files (x86)\e37e9aee-d8fe-4bd9-a4f8-da390760871d
    2015-09-17 09:55 - 2015-09-17 09:55 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
    2015-09-17 09:52 - 2015-09-17 10:03 - 00000000 ____D C:\Users\P\AppData\Local\Tempfolder
    2015-09-17 09:52 - 2015-09-17 09:52 - 00000000 ____D C:\WINDOWS\system32\tafi
    2015-09-14 10:48 - 2015-09-14 10:48 - 00000000 ____D C:\Users\P\Downloads\Mohalla Assi (2015) x264 DesiSCR Rip [DDR]
    2015-09-14 10:47 - 2015-09-14 10:47 - 00010718 _____ C:\Users\P\Downloads\Mohalla Assi (2015) x264 DesiSCR Rip [DDR].torrent
    2015-09-17 10:25 - 2015-02-16 19:36 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
    2015-09-17 10:25 - 2015-02-16 19:36 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
    2015-09-17 10:25 - 2015-02-16 19:36 - 00002020 _____ C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
    2015-09-09 18:39 - 2015-02-11 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2015-09-09 18:38 - 2015-02-11 22:30 - 00000000 ____D C:\ProgramData\Microsoft Help
    2015-08-31 15:12 - 2015-02-16 19:21 - 00000000 ____D C:\WINDOWS\AutoKMS
    2015-08-24 15:12 - 2015-02-16 19:22 - 00003808 _____ C:\WINDOWS\System32\Tasks\AutoKMS
    C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    Hosts:
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-24-2015, 03:13 AM   #7
Registered Member
 
Join Date: Nov 2006
Location: Canberra
Posts: 348
OS: Windows 8 Pro

My System


Hi Chemist,

Acrobat and Office is gone.
MaxDriverUpdater Service could not be uninstalled from control panel, clicking uninstall does nothing.
C:\Program Files (x86)\max driver updater >>> Could not be found.

Here is the fixlog.txt after running FRST64.exe with fixlist.txt.

Thank you

Fix result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
Ran by P (2015-09-24 19:58:22) Run:1
Running from C:\Users\P\Desktop
Loaded Profiles: P (Available Profiles: P)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Task: {09DF2BF4-E6CC-407C-9564-1D1393A38327} - \0863d34c-91c0-4a5f-a98e-0f55a76fa7c0-11 -> No File <==== ATTENTION
Task: {0BBCEAA5-C9EB-4AAA-96B0-DE911480821E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {0DB2BB8D-F4AA-4A1B-B1A3-E2083FF659A2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {0DDC9156-C813-4144-8DCE-9BD43B5DD88C} - \APSnotifierPP3 -> No File <==== ATTENTION
Task: {0E8A22A5-A8DE-43A6-A68E-1BD7C80C540C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {14F950E2-0C27-48D5-B046-2A4BB4AF3962} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {1C5D78D8-A52D-41F8-A9F5-291DE0450BAF} - \0863d34c-91c0-4a5f-a98e-0f55a76fa7c0-1-7 -> No File <==== ATTENTION
Task: {25F8B560-0396-4753-A2C8-FF6A4D9F02B7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {26771208-D3E8-4879-B484-28D403F8FADB} - \PhraseProfessor Auto Updater 1.10.0.21 Pending Update -> No File <==== ATTENTION
Task: {2B321A15-608C-422D-8336-E543DB42A4D4} - \0863d34c-91c0-4a5f-a98e-0f55a76fa7c0-1-6 -> No File <==== ATTENTION
Task: {2BEA4C9E-EC96-4B1E-93AC-C173FEF3DF44} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {2D056199-1780-4476-B798-88AC1A37F4FA} - \0863d34c-91c0-4a5f-a98e-0f55a76fa7c0-5_user -> No File <==== ATTENTION
Task: {359CDBEE-C9FC-4877-BB71-1E68F1F67016} - \SMW_UpdateTask_Time_323139303938303530372d50372d5a456c37325a347841 -> No File <==== ATTENTION
Task: {359FAE3E-A791-4D64-AC19-D6625A9BA7EC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3B3E4881-6C86-447A-AA52-AF057543BFAA} - \APSnotifierPP1 -> No File <==== ATTENTION
Task: {3D3FCFD5-B998-4F69-9325-8D64CAD3B335} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {3E772851-2E4E-44BB-B7E7-FDF9E6F8C116} - \0863d34c-91c0-4a5f-a98e-0f55a76fa7c0-4 -> No File <==== ATTENTION
Task: {3EB56801-C99C-408A-9B5C-F5B4A5D41A00} - \amiupdaterExd -> No File <==== ATTENTION
Task: {4DD97293-F96D-4B8C-A0C5-01638EC4D799} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
Task: {534A10F6-D40E-4747-AF09-E60B55912E09} - System32\Tasks\Amtleaxofnoor => C:\ProgramData\Amtleaxofnoor\1.0.5.1\lnoosrea.exe
Task: {5D6D02D5-E6D5-4B2E-BA09-54CDDF9B9543} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {5F8E71BD-C36F-4767-8B9A-31871B3E7046} - \0863d34c-91c0-4a5f-a98e-0f55a76fa7c0-3 -> No File <==== ATTENTION
Task: {694C8AA2-C9E9-4BCC-B3FE-690BA18B18E6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {699C301A-6C64-4F39-9318-74A90C7AB5FE} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {6DAF3CE9-B2C2-4563-98CE-B96543F63BE9} - \0863d34c-91c0-4a5f-a98e-0f55a76fa7c0-13 -> No File <==== ATTENTION
Task: {75ED31A5-5F68-4A96-A09E-B0E4914E6117} - \amiupdaterExi -> No File <==== ATTENTION
Task: {76A88A2E-C5DE-4A3E-8166-6529CD571AC1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {7A81533A-D7FE-4348-8068-AF4C27C27FDF} - System32\Tasks\VTjJO7Tf8raFPoGVb8a7TIP9WkC => C:\Users\P\AppData\Roaming\VTjJO7Tf8raFPoGVb8a7TIP9WkC.exe <==== ATTENTION
Task: {84910CDE-FB5A-442C-835A-9CA8FF54901B} - \0863d34c-91c0-4a5f-a98e-0f55a76fa7c0-10_user -> No File <==== ATTENTION
Task: {8AA88B57-C4B8-4ADF-B593-FA046BFAAADB} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {9468445E-64F0-4E4F-A3FF-4909428A1060} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {94B54DAB-7CFA-4656-98B8-4B0EF7A6F049} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {9DC4B52B-5EE4-4DA8-8A9B-E2DB5DA55A83} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {A98B5463-61BA-4062-B35F-DC2CB3A2BCBC} - \0863d34c-91c0-4a5f-a98e-0f55a76fa7c0-14 -> No File <==== ATTENTION
Task: {AA6BE9A3-051F-4C23-A318-537F037560EE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B2AB3FF8-D119-47A3-BD8C-D51E324E4E69} - \Smp -> No File <==== ATTENTION
Task: {C4FF22B7-F5B0-4E14-91CC-918286765E94} - \Crossbrowse -> No File <==== ATTENTION
Task: {CAC4839E-B1BF-409C-8217-77D6BC59D864} - \PhraseProfessor Auto Updater 1.10.0.21 Core -> No File <==== ATTENTION
Task: {D7BF9BCB-34B2-47DA-B216-956C8E544F32} - \0863d34c-91c0-4a5f-a98e-0f55a76fa7c0-6 -> No File <==== ATTENTION
Task: {DA03B2B0-96F0-49BB-BF39-91831896E943} - \0863d34c-91c0-4a5f-a98e-0f55a76fa7c0-5 -> No File <==== ATTENTION
Task: {DDF4CFB8-E034-48DB-8E70-E43121F0D9F6} - \APSnotifierPP2 -> No File <==== ATTENTION
Task: {E4AE47DB-81EC-42C5-BA24-5616E0ECB61A} - \SMWUpd -> No File <==== ATTENTION
Task: {F04418BD-4ACA-4C93-9B81-1411E576D0B4} - \0863d34c-91c0-4a5f-a98e-0f55a76fa7c0-7 -> No File <==== ATTENTION
Task: {F87A1CC0-A617-458C-AC80-3D1125FA94B1} - System32\Tasks\fHkc9oIaDul => C:\Users\P\AppData\Roaming\fHkc9oIaDul.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\fHkc9oIaDul.job => C:\Users\P\AppData\Roaming\fHkc9oIaDul.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\VTjJO7Tf8raFPoGVb8a7TIP9WkC.job => C:\Users\P\AppData\Roaming\VTjJO7Tf8raFPoGVb8a7TIP9WkC.exe <==== ATTENTION
FirewallRules: [{0A76334E-06E5-416E-BFD0-AA5C4C776F43}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{B1ECA6AF-A947-40D8-8F07-9A6910E39109}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{C06BBCD8-51EB-4881-A855-BA0D76544C07}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{3BC788D4-A95B-4DA7-9644-FDAE6AD59E1E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{32704CDA-F733-46C2-8633-1E731F38F181}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{D495A1F1-014B-41DA-A301-0F73C2EFF7FF}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{A1D39B81-AE5D-4822-8BAF-A73016B901A5}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2E1C2023-1460-41ED-B379-150A1DABBAE4}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{1E3781A4-09E5-4D0D-9BBA-02A3F42AF5AA}] => (Allow) C:\Users\P\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B91396A4-3F17-44FB-AF0A-73E6A2522281}] => (Allow) C:\Users\P\AppData\Roaming\uTorrent\uTorrent.exe
C:\Users\P\AppData\Roaming\uTorrent
FirewallRules: [{24B0529B-1A3A-4782-A02A-7BAAFB5E611D}] => (Allow) C:\Program Files (x86)\Max Driver Updater\maxdu.exe
C:\Program Files (x86)\Max Driver Updater
FirewallRules: [{32905ECE-DEA4-48B1-9476-8CA2A7DF1584}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
C:\Program Files (x86)\Crossbrowse
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
C:\Program Files\Microsoft Office
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [815512 2012-01-03] (Adobe Systems Inc.)
Startup: C:\Users\P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-02-16]
C:\Users\P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-08-12] (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)
C:\Program Files (x86)\Common Files\Adobe\Acrobat
Toolbar: HKU\S-1-5-21-3656213323-4014080569-879439833-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-01-21] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-02-16]
FF Extension: No Name - C:\Users\P\AppData\Roaming\Mozilla\Firefox\Profiles\4e2aqbwn.default\extensions\[email protected] [not found]
FF Extension: No Name - C:\Users\P\AppData\Roaming\Mozilla\Firefox\Profiles\4e2aqbwn.default\extensions\[email protected] [not found]
FF Extension: No Name - C:\Users\P\AppData\Roaming\Mozilla\Firefox\Profiles\4e2aqbwn.default\extensions\[email protected] [not found]
S2 NvVCagdefcZ; "C:\ProgramData\eAEyagDyd\NvVCagdefcZ.exe" [X]
2015-09-17 09:58 - 2015-09-17 09:58 - 00003544 _____ C:\WINDOWS\System32\Tasks\Amtleaxofnoor
2015-09-17 09:56 - 2015-09-21 19:48 - 00000992 _____ C:\WINDOWS\Tasks\fHkc9oIaDul.job
2015-09-17 09:56 - 2015-09-21 11:20 - 00001024 _____ C:\WINDOWS\Tasks\VTjJO7Tf8raFPoGVb8a7TIP9WkC.job
2015-09-17 09:56 - 2015-09-17 09:56 - 00004184 _____ C:\WINDOWS\System32\Tasks\VTjJO7Tf8raFPoGVb8a7TIP9WkC
2015-09-17 09:56 - 2015-09-17 09:56 - 00004118 _____ C:\WINDOWS\System32\Tasks\fHkc9oIaDul
2015-09-17 09:55 - 2015-09-17 10:24 - 00000000 ____D C:\Program Files (x86)\e37e9aee-d8fe-4bd9-a4f8-da390760871d
2015-09-17 09:55 - 2015-09-17 09:55 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-09-17 09:52 - 2015-09-17 10:03 - 00000000 ____D C:\Users\P\AppData\Local\Tempfolder
2015-09-17 09:52 - 2015-09-17 09:52 - 00000000 ____D C:\WINDOWS\system32\tafi
2015-09-14 10:48 - 2015-09-14 10:48 - 00000000 ____D C:\Users\P\Downloads\Mohalla Assi (2015) x264 DesiSCR Rip [DDR]
2015-09-14 10:47 - 2015-09-14 10:47 - 00010718 _____ C:\Users\P\Downloads\Mohalla Assi (2015) x264 DesiSCR Rip [DDR].torrent
2015-09-17 10:25 - 2015-02-16 19:36 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2015-09-17 10:25 - 2015-02-16 19:36 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2015-09-17 10:25 - 2015-02-16 19:36 - 00002020 _____ C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2015-09-09 18:39 - 2015-02-11 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-09-09 18:38 - 2015-02-11 22:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-31 15:12 - 2015-02-16 19:21 - 00000000 ____D C:\WINDOWS\AutoKMS
2015-08-24 15:12 - 2015-02-16 19:22 - 00003808 _____ C:\WINDOWS\System32\Tasks\AutoKMS
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Hosts:
EmptyTemp:
end
*****************

Restore point was successfully created.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}\\SystemComponent => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{09DF2BF4-E6CC-407C-9564-1D1393A38327}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09DF2BF4-E6CC-407C-9564-1D1393A38327}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0863d34c-91c0-4a5f-a98e-0f55a76fa7c0-11 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0BBCEAA5-C9EB-4AAA-96B0-DE911480821E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BBCEAA5-C9EB-4AAA-96B0-DE911480821E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0DB2BB8D-F4AA-4A1B-B1A3-E2083FF659A2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DB2BB8D-F4AA-4A1B-B1A3-E2083FF659A2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0DDC9156-C813-4144-8DCE-9BD43B5DD88C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DDC9156-C813-4144-8DCE-9BD43B5DD88C}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E8A22A5-A8DE-43A6-A68E-1BD7C80C540C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E8A22A5-A8DE-43A6-A68E-1BD7C80C540C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14F950E2-0C27-48D5-B046-2A4BB4AF3962} => key not found.
C:\WINDOWS\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\OfficeTelemetryAgentLogOn => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1C5D78D8-A52D-41F8-A9F5-291DE0450BAF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C5D78D8-A52D-41F8-A9F5-291DE0450BAF}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0863d34c-91c0-4a5f-a98e-0f55a76fa7c0-1-7 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{25F8B560-0396-4753-A2C8-FF6A4D9F02B7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25F8B560-0396-4753-A2C8-FF6A4D9F02B7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{26771208-D3E8-4879-B484-28D403F8FADB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26771208-D3E8-4879-B484-28D403F8FADB}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PhraseProfessor Auto Updater 1.10.0.21 Pending Update => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2B321A15-608C-422D-8336-E543DB42A4D4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B321A15-608C-422D-8336-E543DB42A4D4}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0863d34c-91c0-4a5f-a98e-0f55a76fa7c0-1-6 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BEA4C9E-EC96-4B1E-93AC-C173FEF3DF44} => key not found.
C:\WINDOWS\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\OfficeTelemetryAgentFallBack => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2D056199-1780-4476-B798-88AC1A37F4FA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D056199-1780-4476-B798-88AC1A37F4FA}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0863d34c-91c0-4a5f-a98e-0f55a76fa7c0-5_user => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{359CDBEE-C9FC-4877-BB71-1E68F1F67016}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{359CDBEE-C9FC-4877-BB71-1E68F1F67016}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_323139303938303530372d50372d5a456c37325a347841 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{359FAE3E-A791-4D64-AC19-D6625A9BA7EC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{359FAE3E-A791-4D64-AC19-D6625A9BA7EC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B3E4881-6C86-447A-AA52-AF057543BFAA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B3E4881-6C86-447A-AA52-AF057543BFAA}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D3FCFD5-B998-4F69-9325-8D64CAD3B335}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D3FCFD5-B998-4F69-9325-8D64CAD3B335}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3E772851-2E4E-44BB-B7E7-FDF9E6F8C116}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E772851-2E4E-44BB-B7E7-FDF9E6F8C116}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0863d34c-91c0-4a5f-a98e-0f55a76fa7c0-4 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3EB56801-C99C-408A-9B5C-F5B4A5D41A00}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EB56801-C99C-408A-9B5C-F5B4A5D41A00}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\amiupdaterExd => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4DD97293-F96D-4B8C-A0C5-01638EC4D799}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DD97293-F96D-4B8C-A0C5-01638EC4D799}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{534A10F6-D40E-4747-AF09-E60B55912E09}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{534A10F6-D40E-4747-AF09-E60B55912E09}" => key removed successfully
C:\WINDOWS\System32\Tasks\Amtleaxofnoor => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Amtleaxofnoor" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D6D02D5-E6D5-4B2E-BA09-54CDDF9B9543}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D6D02D5-E6D5-4B2E-BA09-54CDDF9B9543}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5F8E71BD-C36F-4767-8B9A-31871B3E7046}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F8E71BD-C36F-4767-8B9A-31871B3E7046}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0863d34c-91c0-4a5f-a98e-0f55a76fa7c0-3 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{694C8AA2-C9E9-4BCC-B3FE-690BA18B18E6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{694C8AA2-C9E9-4BCC-B3FE-690BA18B18E6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{699C301A-6C64-4F39-9318-74A90C7AB5FE} => key not found.
C:\WINDOWS\System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office 15 Subscription Heartbeat => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6DAF3CE9-B2C2-4563-98CE-B96543F63BE9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DAF3CE9-B2C2-4563-98CE-B96543F63BE9}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0863d34c-91c0-4a5f-a98e-0f55a76fa7c0-13 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{75ED31A5-5F68-4A96-A09E-B0E4914E6117}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75ED31A5-5F68-4A96-A09E-B0E4914E6117}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\amiupdaterExi => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{76A88A2E-C5DE-4A3E-8166-6529CD571AC1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76A88A2E-C5DE-4A3E-8166-6529CD571AC1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7A81533A-D7FE-4348-8068-AF4C27C27FDF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A81533A-D7FE-4348-8068-AF4C27C27FDF}" => key removed successfully
C:\WINDOWS\System32\Tasks\VTjJO7Tf8raFPoGVb8a7TIP9WkC => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VTjJO7Tf8raFPoGVb8a7TIP9WkC" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{84910CDE-FB5A-442C-835A-9CA8FF54901B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84910CDE-FB5A-442C-835A-9CA8FF54901B}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0863d34c-91c0-4a5f-a98e-0f55a76fa7c0-10_user => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{8AA88B57-C4B8-4ADF-B593-FA046BFAAADB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8AA88B57-C4B8-4ADF-B593-FA046BFAAADB}" => key removed successfully
C:\WINDOWS\System32\Tasks\AutoKMS => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9468445E-64F0-4E4F-A3FF-4909428A1060}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9468445E-64F0-4E4F-A3FF-4909428A1060}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{94B54DAB-7CFA-4656-98B8-4B0EF7A6F049}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94B54DAB-7CFA-4656-98B8-4B0EF7A6F049}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9DC4B52B-5EE4-4DA8-8A9B-E2DB5DA55A83}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DC4B52B-5EE4-4DA8-8A9B-E2DB5DA55A83}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A98B5463-61BA-4062-B35F-DC2CB3A2BCBC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A98B5463-61BA-4062-B35F-DC2CB3A2BCBC}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0863d34c-91c0-4a5f-a98e-0f55a76fa7c0-14 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AA6BE9A3-051F-4C23-A318-537F037560EE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA6BE9A3-051F-4C23-A318-537F037560EE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B2AB3FF8-D119-47A3-BD8C-D51E324E4E69}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2AB3FF8-D119-47A3-BD8C-D51E324E4E69}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Smp => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C4FF22B7-F5B0-4E14-91CC-918286765E94}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4FF22B7-F5B0-4E14-91CC-918286765E94}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Crossbrowse => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CAC4839E-B1BF-409C-8217-77D6BC59D864}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CAC4839E-B1BF-409C-8217-77D6BC59D864}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PhraseProfessor Auto Updater 1.10.0.21 Core => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D7BF9BCB-34B2-47DA-B216-956C8E544F32}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7BF9BCB-34B2-47DA-B216-956C8E544F32}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0863d34c-91c0-4a5f-a98e-0f55a76fa7c0-6 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DA03B2B0-96F0-49BB-BF39-91831896E943}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA03B2B0-96F0-49BB-BF39-91831896E943}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0863d34c-91c0-4a5f-a98e-0f55a76fa7c0-5 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DDF4CFB8-E034-48DB-8E70-E43121F0D9F6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDF4CFB8-E034-48DB-8E70-E43121F0D9F6}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E4AE47DB-81EC-42C5-BA24-5616E0ECB61A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4AE47DB-81EC-42C5-BA24-5616E0ECB61A}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMWUpd => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F04418BD-4ACA-4C93-9B81-1411E576D0B4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F04418BD-4ACA-4C93-9B81-1411E576D0B4}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0863d34c-91c0-4a5f-a98e-0f55a76fa7c0-7 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F87A1CC0-A617-458C-AC80-3D1125FA94B1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F87A1CC0-A617-458C-AC80-3D1125FA94B1}" => key removed successfully
C:\WINDOWS\System32\Tasks\fHkc9oIaDul => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\fHkc9oIaDul" => key removed successfully
C:\WINDOWS\Tasks\fHkc9oIaDul.job => moved successfully
C:\WINDOWS\Tasks\VTjJO7Tf8raFPoGVb8a7TIP9WkC.job => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0A76334E-06E5-416E-BFD0-AA5C4C776F43} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B1ECA6AF-A947-40D8-8F07-9A6910E39109} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C06BBCD8-51EB-4881-A855-BA0D76544C07} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3BC788D4-A95B-4DA7-9644-FDAE6AD59E1E} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{32704CDA-F733-46C2-8633-1E731F38F181} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D495A1F1-014B-41DA-A301-0F73C2EFF7FF} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A1D39B81-AE5D-4822-8BAF-A73016B901A5} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2E1C2023-1460-41ED-B379-150A1DABBAE4} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1E3781A4-09E5-4D0D-9BBA-02A3F42AF5AA} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B91396A4-3F17-44FB-AF0A-73E6A2522281} => value removed successfully
"C:\Users\P\AppData\Roaming\uTorrent" => File/Folder not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{24B0529B-1A3A-4782-A02A-7BAAFB5E611D} => value removed successfully
"C:\Program Files (x86)\Max Driver Updater" => File/Folder not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{32905ECE-DEA4-48B1-9476-8CA2A7DF1584} => value removed successfully
"C:\Program Files (x86)\Crossbrowse" => File/Folder not found.
C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE => No running process found
C:\Program Files\Microsoft Office => moved successfully
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe => No running process found
C:\Program Files (x86)\Adobe\Acrobat 10.0 => moved successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe Acrobat Speed Launcher => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Acrobat Assistant 8.0 => value not found.
C:\Users\P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk not found.
"C:\Users\P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk" => File/Folder not found.
C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE => not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} => key not found.
HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} => key not found.
HKCR\Wow6432Node\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} => key not found.
"HKCR\Wow6432Node\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910} => key not found.
HKCR\Wow6432Node\CLSID\{AE7CD045-E861-484f-8273-0445EE161910} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} => key not found.
HKCR\Wow6432Node\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077} => key not found.
HKCR\Wow6432Node\CLSID\{F4971EE7-DAA0-4053-9964-665D8EE6A077} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value not found.
HKCR\Wow6432Node\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
"C:\Program Files (x86)\Common Files\Adobe\Acrobat" => File/Folder not found.
HKU\S-1-5-21-3656213323-4014080569-879439833-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
HKCR\PROTOCOLS\Handler\osf => key not found.
HKCR\CLSID\{D924BDC6-C83A-4BD5-90D0-095128A113D1} => key not found.
HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0 => key not found.
"FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)" => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0 => key not found.
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation) => not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected] => value not found.
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn => not found.
C:\Users\P\AppData\Roaming\Mozilla\Firefox\Profiles\4e2aqbwn.default\extensions\[email protected] => not found.
C:\Users\P\AppData\Roaming\Mozilla\Firefox\Profiles\4e2aqbwn.default\extensions\[email protected] => not found.
C:\Users\P\AppData\Roaming\Mozilla\Firefox\Profiles\4e2aqbwn.default\extensions\[email protected] => not found.
NvVCagdefcZ => service removed successfully
"C:\WINDOWS\System32\Tasks\Amtleaxofnoor" => File/Folder not found.
"C:\WINDOWS\Tasks\fHkc9oIaDul.job" => File/Folder not found.
"C:\WINDOWS\Tasks\VTjJO7Tf8raFPoGVb8a7TIP9WkC.job" => File/Folder not found.
"C:\WINDOWS\System32\Tasks\VTjJO7Tf8raFPoGVb8a7TIP9WkC" => File/Folder not found.
"C:\WINDOWS\System32\Tasks\fHkc9oIaDul" => File/Folder not found.
C:\Program Files (x86)\e37e9aee-d8fe-4bd9-a4f8-da390760871d => moved successfully
C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => moved successfully
C:\Users\P\AppData\Local\Tempfolder => moved successfully
C:\WINDOWS\system32\tafi => moved successfully
C:\Users\P\Downloads\Mohalla Assi (2015) x264 DesiSCR Rip [DDR] => moved successfully
C:\Users\P\Downloads\Mohalla Assi (2015) x264 DesiSCR Rip [DDR].torrent => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk" => File/Folder not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk" => File/Folder not found.
"C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk" => File/Folder not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013" => File/Folder not found.
C:\ProgramData\Microsoft Help => moved successfully
C:\WINDOWS\AutoKMS => moved successfully
"C:\WINDOWS\System32\Tasks\AutoKMS" => File/Folder not found.
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 1.1 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 20:00:27 ====
drosera01 is offline  
Old 09-24-2015, 01:52 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, drosera01. How is the machine behaving? Any improvement?

------------------------------------------------------

Please uninstall the following via Start->(or Computer)->Control Panel->(Programs)->Programs and Features if they still exist:

globalupdate Helper<<Please read this

-----------------------------------------------------

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook_x64.exe to run it. (Vista/Win7/Win8 users, right-click > Run as administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
    Code:
    :regfind
    zz.2275.mdu
    maxdriver*
    :folderfind
    maxdriver*
  • Click the Look button to start the scan.
  • Please be patient, as it may take a while.
  • When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-25-2015, 01:19 AM   #9
Registered Member
 
Join Date: Nov 2006
Location: Canberra
Posts: 348
OS: Windows 8 Pro

My System


Hi Chemist,

Machine is working fine i believe. Only the problem that i noticed now is start menu is not working. This is windows 10 Pro, and when i click on Start Menu button, nothing happens. I restarted and checked it back again, problem still exist.
IN fact, machine was working alright before as well, only the problem was all of sudden quite a lot of malwares/ rogue programs were installed and i was unable to uninstall them.

globalupdate Helper is uninstalled from program and features. MaxDriver updater and Note-up is deleted as it says program might have already been uninstalled.
SystemLook log is included.

Thank you

SystemLook 30.07.11 by jpshortstuff
Log created at 18:10 on 25/09/2015 by P
Administrator - Elevation successful

========== regfind ==========

Searching for "zz.2275.mdu"
No data found.

Searching for "maxdriver*"
No data found.

========== folderfind ==========

Searching for "maxdriver*"
No folders found.

-= EOF =-
drosera01 is offline  
Old 09-26-2015, 12:58 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, drosera01. You're very welcome. Sorry for the delay.

We haven't touched your Start Menu. You may have to seek help in our Win10 forums once we are done here.

You can try killing explorer.exe in Task Manager then restarting it.

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
  • After the update check completes, a Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7/Win8, you must open the Web browser via a right-click using the Run as administrator command.

Go here and click 'Run ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan. Here's how
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Once the components have downloaded, tick the option Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-26-2015, 10:19 PM   #11
Registered Member
 
Join Date: Nov 2006
Location: Canberra
Posts: 348
OS: Windows 8 Pro

My System


Hi Chemist,

Thank you again. Yes, already tried killing explorer.exe and restarting it, did not help. will seek help on windows 10 forum later.

Here is the requested MBAM and ESET online scan logs.

Thank you agian.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 27-Sep-15
Scan Time: 9:51 AM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.26.05
Rootkit Database: v2015.09.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: P

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 365131
Time Elapsed: 11 min, 6 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.DeskBar, HKLM\SOFTWARE\MICROSOFT\TRACING\DeskBar_RASAPI32, Quarantined, [1c61c66e602bb383b0fce3f53dc7ca36],
PUP.Optional.DeskBar, HKLM\SOFTWARE\MICROSOFT\TRACING\DeskBar_RASMANCS, Quarantined, [55284be90b80e94df8b4ecec4cb83ec2],
PUP.Optional.MyTubeTheater, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{C42C5197-0EE9-4940-893B-F4EF047DFF0F}, Quarantined, [5b227aba0a8145f169fbd20654b06799],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


ESET log:

C:\Users\P\AppData\Local\Installer\Install_15203\DCbrakietut_tutbl_setup.exe a variant of Win32/SpeedBit.C potentially unwanted application
C:\Users\P\AppData\Local\Installer\Install_17645\DCbrakietut_tutbl_setup.exe a variant of Win32/SpeedBit.C potentially unwanted application
C:\Users\P\AppData\Local\Microsoft\Windows\INetCache\IE\B0WX4F2S\FinalInstaller_dotnet4[1].exe a variant of MSIL/Adware.Imali.C application
C:\Users\P\AppData\Local\Microsoft\Windows\INetCache\IE\B0WX4F2S\installer[1].exe a variant of Win32/Packed.ScrambleWrapper.O potentially unwanted application
C:\Users\P\AppData\Local\Microsoft\Windows\INetCache\IE\B0WX4F2S\policyname[1].exe a variant of Win32/Adware.ConvertAd.YM.gen application
C:\Users\P\AppData\Local\Microsoft\Windows\INetCache\IE\B0WX4F2S\setup_362[1].exe a variant of Win32/Adware.Imali.E application
C:\Users\P\AppData\Local\Microsoft\Windows\INetCache\IE\FZN5SEB2\VuuPC_VO2_8907[1].exe Win32/InstallMonetizer.AW potentially unwanted application
C:\Users\P\AppData\Local\Microsoft\Windows\INetCache\IE\G6KDH2HQ\AnyProtectSetup[1].exe Win32/AnyProtect.G potentially unwanted application
C:\Users\P\AppData\Local\Microsoft\Windows\INetCache\IE\G6KDH2HQ\AnyProtect[1].exe Win32/AnyProtect.H potentially unwanted application
C:\Users\P\AppData\Local\Microsoft\Windows\INetCache\IE\G6KDH2HQ\setup_gmsd_au[1].exe a variant of Win32/Adware.EoRezo.AZ application
C:\Users\P\AppData\Roaming\fHkc9oIaDul JS/Toolbar.Crossrider.C potentially unwanted application
C:\Users\P\AppData\Roaming\VTjJO7Tf8raFPoGVb8a7TIP9WkC JS/Toolbar.Crossrider.I potentially unwanted application
C:\Users\P\Downloads\avc-free.exe a variant of Win32/OpenCandy.C potentially unsafe application
C:\Users\P\Downloads\KeyFinderInstaller.exe a variant of Win32/OpenCandy.C potentially unsafe application
C:\Users\P\Downloads\Malwarebytes+Anti+Malware\Malwarebytes Anti Malware_10924_i60081952_il345.exe a variant of Win32/Amonetize.HZ potentially unwanted application
drosera01 is offline  
Old 09-27-2015, 01:05 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, drosera01.

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Users\P\AppData\Local\Installer\Install_15203\DCbrakietut_tutbl_setup.exe"
"C:\Users\P\AppData\Local\Installer\Install_17645\DCbrakietut_tutbl_setup.exe"
"C:\Users\P\AppData\Local\Microsoft\Windows\INetCache\IE\B0WX4F2S\FinalInstaller_dotnet4[1].exe"
"C:\Users\P\AppData\Local\Microsoft\Windows\INetCache\IE\B0WX4F2S\installer[1].exe"
"C:\Users\P\AppData\Local\Microsoft\Windows\INetCache\IE\B0WX4F2S\policyname[1].exe"
"C:\Users\P\AppData\Local\Microsoft\Windows\INetCache\IE\B0WX4F2S\setup_362[1].exe"
"C:\Users\P\AppData\Local\Microsoft\Windows\INetCache\IE\FZN5SEB2\VuuPC_VO2_8907[1].exe"
"C:\Users\P\AppData\Local\Microsoft\Windows\INetCache\IE\G6KDH2HQ\AnyProtectSetup[1].exe"
"C:\Users\P\AppData\Local\Microsoft\Windows\INetCache\IE\G6KDH2HQ\AnyProtect[1].exe"
"C:\Users\P\AppData\Local\Microsoft\Windows\INetCache\IE\G6KDH2HQ\setup_gmsd_au[1].exe"
"C:\Users\P\AppData\Roaming\fHkc9oIaDul"
"C:\Users\P\AppData\Roaming\VTjJO7Tf8raFPoGVb8a7TIP9WkC"
"C:\Users\P\Downloads\avc-free.exe"
"C:\Users\P\Downloads\KeyFinderInstaller.exe"
"C:\Users\P\Downloads\Malwarebytes+Anti+Malware\Malwarebytes Anti Malware_10924_i60081952_il345.exe"


) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)


if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0
Save this Notepad file as fix.bat and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Right-click on fix.bat and choose 'Run as administrator' to allow it to run.

Tell me what it says in your next reply. Press any key to continue.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-27-2015, 05:04 PM   #13
Registered Member
 
Join Date: Nov 2006
Location: Canberra
Posts: 348
OS: Windows 8 Pro

My System


Hi Chemist,
Thanks a lot staying with me.
Done all you said. It ran as cmd.exe.
and it says "Deleted successfully !! Press any key to continue..."
drosera01 is offline  
Old 09-27-2015, 05:07 PM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Congratulations. Well done! Your logs appear clean. You should be good to go.

------------------------------------------------------
  • Press the Windows "logo" key and "R" key then type cleanmgr into the Run box and click OK.
  • Select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot for a few seconds.
  • Click 'Clean up system files'
  • If prompted by UAC, then click 'Yes'.
  • Select your hard drive(usually C:\) then click 'OK'.
  • Click on the 'More Options' tab, and click on the 'Clean up' button under the 'System Restore and Shadow Copies' section.
  • Click/tap on the Delete button in the confirm deletion window.
This will remove all but the most recent Restore Point.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Quick Scan weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

What happened to Backup and Restore? - Windows Help

Backup and Recovery of Windows 8 & Windows 8.1 - Tip-of-the-Day - KeithMayer.com - Site Home - TechNet Blogs

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide for Windows 8 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-27-2015, 09:53 PM   #15
Registered Member
 
Join Date: Nov 2006
Location: Canberra
Posts: 348
OS: Windows 8 Pro

My System


Thanks Chemist,

Done as you instructed. Only the issue i have now is start menu not working, i will creat new thread on win 10 section.

Thank you
drosera01 is offline  
Old 09-28-2015, 03:26 AM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome, drosera01! Glad to have helped.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
adapter problem driver is not installed
Hi all I recently installed windows XP on my Dell Latitude D400 but when I run the following network driver : Drivers and Downloads I get the message after it installs: adapter problem driver is not installed If I go to Accessories>>System Information and to Adapters here is the...
MicroNewbie Networking Support 3 04-10-2011 05:02 AM
[SOLVED] Installed Win 7 - Case become loud
Hi all. I know that im profoundly deaf but im really not happy with my PC as i installed Win 7 and the noise started to raise since extracting windows installion and thought it will be gone as when Win7 loads but since win7 start. the case begin to get loud and loud. I can feel the heavy...
CrazyComputerMan Windows 7 , Windows Vista Support 9 02-24-2011 01:52 PM
error from upgradation to oel 6 from oel5_6
--> Missing Dependency: libiso9660.so.5()(64bit) is needed by package xine-lib-1.1.19-2.el5.rf.x86_64 (installed) java-1.4.2-gcj-compat-devel-1.4.2.0-40jpp.115.i386 from installed has depsolving problems --> Missing Dependency: python(abi) = 2.4 is needed by package...
csayantan Linux Support 1 02-20-2011 09:04 PM
DirectX Error [moved from Vista/7]
I've been told to run dxdiag, but when I do it says Error: Could not load dxdiagn.dll I've also downloaded DirectX End-User Runtime Web Installer. However, when I attempt to install direct x, this appears: An internal system error occured. Please refer to DXerror.log and DirectX.log in...
eiliant BSOD, App Crashes And Hangs 1 02-07-2011 01:29 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 11:24 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts