Jump to content

potential threats detected by Malwarebytes Anti-Malware and AdwCleaner tool

cooperator

By cooperator
in Resolved Malware Removal Logs

 Share

Recommended Posts

cooperator

cooperator

Posted
Posted

Hi,
I am now writing you to inform that I'm still having a problem with detecting some things maybe not good, but they Malware suggested that these threats should be guarantied.  According to my thread here https://forums.malwa...te-deleting-it/, which was closed due to inactivity from me.

I sent private messages for that moderator closed my thread asking if you could open the mentioned thread again for further replies.
However, I didn't receive any reply. Thus, I decided to open a new thread:

 

 Could anyone please at this splendid forum take  some of their precious time out to go through my points below, and address these points to me?

First of all:

Two Registry Keys are only detected by Malwarebytes Anti-Malware. However,  far too many other things were detected by  AdwCleaner

 

 

 

Thanks for MrCharlie who suggested those steps for me:

Please download AdwCleaner by Xplode and save to your Desktop.•Double click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As Administrator•Click on the Scan button.•AdwCleaner will begin...be patient as the scan may take some time to complete.•When it's done you'll see: Pending: Please uncheck elements you don't want removed.•Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.•Look over the log especially under Files/Folders for any program you want to save.•If there's a program you may want to save, just unchecked it from AdwCleaner.•If you're not sure, post the log for review. (all items found are adware/spyware/foistware)•If you're ready to clean it all up.....click the Clean button.•After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.•Copy and paste the contents of that logfile in your next reply.•A copy of that logfile will also be saved in the C:\AdwCleaner folder.•Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine•To restore an item that has been deleted:•Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.Then.................. Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal. Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.Make sure that everything is checked, and click Remove Selected.

These are my details::

 

I followed these steps:

Firstly: I downloaded the AdwCleaner v4.105, scanned my computer with adwcleaner. When it's done I saw : 'Pending: Please uncheck elements you don't want removed, and this the report of its results below:
 

# AdwCleaner v4.105 - Report created 23/12/2014 at 21:52:29# Updated 08/12/2014 by Xplode# Database : 2014-12-08.2 [Local]# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Mohammad - MOHAMMAD-PC# Running from : D:\Users\Mohammad\Desktop\System Software\System Software\Utility software(Utilities & Operating Systems)\antivirus software\AdwCleaner\AdwCleaner.exe# Option : Scan***** [ Services ] *****Service Found : c2cautoupdatesvcService Found : c2cpnrsvc***** [ Files / Folders ] *****File Found : D:\Users\Aeidh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QQPlayer.lnkFile Found : D:\Users\Aeidh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\QQPlayer.lnkFile Found : D:\Users\Aeidh\Desktop\QQPlayer.lnkFile Found : D:\Users\Lardhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\QQPlayer.lnkFile Found : D:\Users\Lardhi\Desktop\QQPlayer.lnkFile Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorageFile Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journalFile Found : D:\Users\Mohammad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QQPlayer.lnkFile Found : D:\Users\Mohammad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\QQPlayer.lnkFile Found : D:\Users\Mohammad\AppData\Roaming\Mozilla\Firefox\Profiles\01u1a6kg.default\searchplugins\bingp.xmlFile Found : D:\Users\Mohammad\Desktop\QQPlayer.lnkFolder Found : D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflFolder Found : D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeobFolder Found : D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflFolder Found : D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeobFolder Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflFolder Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfcegFolder Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob***** [ Scheduled Tasks ] *****Task Found : LaunchApp***** [ Shortcuts ] ********** [ Registry ] *****Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKCU\Software\Myfree CodecKey Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : [x64] HKCU\Software\Myfree CodecKey Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}Key Found : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\BackgroundHost.EXEKey Found : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\secman.DLLKey Found : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Found : HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Key Found : HKLM\SOFTWARE\Classes\Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}Key Found : HKLM\SOFTWARE\Classes\Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}Key Found : HKLM\SOFTWARE\Classes\Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}Key Found : HKLM\SOFTWARE\Classes\Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManagerKey Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\gjajpkikblccgefaibcafkfbanllpefiKey Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflKey Found : HKLM\SOFTWARE\Google\Chrome\Extensions\nppllibpnmahfaklnpggkibhkapjkeobKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKLM\SOFTWARE\Myfree CodecKey Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\nppllibpnmahfaklnpggkibhkapjkeobKey Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}***** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.17496-\\ Mozilla Firefox v34.0.5 (x86 en-US)-\\ Google Chrome v39.0.2171.95[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=US&ver=18[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : nppllibpnmahfaklnpggkibhkapjkeob[D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl[D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : nppllibpnmahfaklnpggkibhkapjkeob*************************AdwCleaner[R0].txt - [7824 octets] - [23/12/2014 21:52:29]########## EOF - D:\AdwCleaner\AdwCleaner[R0].txt - [7884 octets] ##########

NB: I didn't take any actions, and I closed the tool of Adwcleaner.

 

Secondly: I have run my Windows 7 in Safe mode with enabling Network.

 

Thirdly: I scanned my computer with Malwarebytes Anti-Malware with a custom scan(full scanning with enabling the 'scan Rootkit').(It lasted about 3 hours). Then, it showed me only these two registry keys below::

 

Hc6Ugi.jpg

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 12/23/14Scan Time: 10:47:45 PMLogfile: After full scanning with enabling the Rekit.txtAdministrator: YesVersion: 2.00.4.1028Malware Database: v2014.12.23.07Rootkit Database: v2014.12.23.02License: PremiumMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: MohammadScan Type: Custom ScanResult: CompletedObjects Scanned: 627506Time Elapsed: 3 hr, 0 min, 31 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 2PUP.Optional.7Go.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\gjajpkikblccgefaibcafkfbanllpefi, , [1a2a1056d3a9e353f8cca7b34eb528d8], PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DefaultTab, , [54f0a8be2b51be7842ef085592718e72], Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 0(No malicious items detected)Physical Sectors: 0(No malicious items detected)(end)

Fourthly: I have taken taken the action of quarantining all potential threats detected, although MlawarBytes informed me that there were Non Malware. And restarted my PC.

 

 

 

Fifthly: While in the safe mode, I have also run the Microsoft security Essential simultaneously with Malware in Safe mode, however, it didn't detect anything.

 

 

n1kMvm.jpg

 

Sixthly:  When I restarted my computer to complete quarantining the threats, the file of taken actions was saved somewhere, but I didn't find it on Desktop.

 

Finally: When I got to Windows, I decided to scan the computer again with Adwcleaner, however, I was promoted there was a new version of Adwcleaner, I downloaded the latest version of Adwcleaner_4.106 , and I scanned my computer with it again. When it's done I saw : 'Pending: Please uncheck elements you don't want removed, and this the report of its results below. However, this time, AdwCleaner didn't find any Services, and these are results::

# AdwCleaner v4.106 - Report created 24/12/2014 at 04:20:44# Updated 21/12/2014 by Xplode# Database : 2014-12-21.4 [Live]# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Mohammad - MOHAMMAD-PC# Running from : D:\Users\Mohammad\Desktop\System Software\System Software\Utility software(Utilities & Operating Systems)\Antivirus software\AdwCleaner\adwcleaner_4.106.exe# Option : Scan***** [ Services ] ********** [ Files / Folders ] *****File Found : D:\Users\Aeidh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QQPlayer.lnkFile Found : D:\Users\Aeidh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\QQPlayer.lnkFile Found : D:\Users\Aeidh\Desktop\QQPlayer.lnkFile Found : D:\Users\Lardhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\QQPlayer.lnkFile Found : D:\Users\Lardhi\Desktop\QQPlayer.lnkFile Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorageFile Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journalFile Found : D:\Users\Mohammad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QQPlayer.lnkFile Found : D:\Users\Mohammad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\QQPlayer.lnkFile Found : D:\Users\Mohammad\AppData\Roaming\Mozilla\Firefox\Profiles\01u1a6kg.default\searchplugins\bingp.xmlFile Found : D:\Users\Mohammad\Desktop\QQPlayer.lnkFolder Found : D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflFolder Found : D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeobFolder Found : D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflFolder Found : D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeobFolder Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflFolder Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfcegFolder Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob***** [ Scheduled Tasks ] *****Task Found : LaunchApp***** [ Shortcuts ] ********** [ Registry ] *****Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKCU\Software\Myfree CodecKey Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : [x64] HKCU\Software\Myfree CodecKey Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}Key Found : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\BackgroundHost.EXEKey Found : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\secman.DLLKey Found : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Key Found : HKLM\SOFTWARE\Classes\Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}Key Found : HKLM\SOFTWARE\Classes\Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}Key Found : HKLM\SOFTWARE\Classes\Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}Key Found : HKLM\SOFTWARE\Classes\Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManagerKey Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflKey Found : HKLM\SOFTWARE\Google\Chrome\Extensions\nppllibpnmahfaklnpggkibhkapjkeobKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKLM\SOFTWARE\Myfree CodecKey Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\nppllibpnmahfaklnpggkibhkapjkeobKey Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}***** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.17496-\\ Mozilla Firefox v34.0.5 (x86 en-US)-\\ Google Chrome v39.0.2171.95[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=US&ver=18[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : nppllibpnmahfaklnpggkibhkapjkeob[D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl[D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : nppllibpnmahfaklnpggkibhkapjkeob*************************AdwCleaner[R0].txt - [8028 octets] - [23/12/2014 21:52:29]AdwCleaner[R1].txt - [7386 octets] - [24/12/2014 04:20:44]########## EOF - D:\AdwCleaner\AdwCleaner[R1].txt - [7446 octets] ##########

Moreover, only one time and before scanning my computer  nor with Malwarebytes Anti-Malware, or AdwCleaner,   this error faced me once my Windows got started.

SnE59j.jpg

 

 

 

 

 

My questions are:

 

firstly: Where was the file of taken actions by MalwareAnti Bytes saved?

 

 

Secondly: According to the results above, Why did Malwarebytes Anti-Malware only detect 'two registry keys', however, Adwcleaner_4.105 and  even Adwcleaner_4.106 still detected  more other files maybe infected even after all threats detected by Malwarebytes Anti-Malware were qurantined? Does this mean that I should rely on Malwarebytes Anti-Malware 

 

Thirdly: Why did Adwcleaner_4.106.105 find services infected in the first time, however, it didn't find them in the next time, although I didn't take any action with Adwcleaner_4.106 ?

 

Fourthly: Could you please let if I can delete all qurantined threats, although that Malware informed that there were not threates when qurantined?

 

vT2DBh.jpg

 

 

Sixthly: Although there are no  infected services found by Adwcleaner_4.106, however, there are still more other threats detected. So, What should I do with the other results detected by Adwcleaner_4.106 ?

 

Finally: For my cousity only: I was having the standalone file of adwcleaner_4.105, however, when I run it again I was promoted that this is out of date, and I directed to download adwcleaner_4.106. However, once the adwcleaner_4.106 was downloaded and run, I found the adwcleaner_4.105 was removed, although it was saved in antoher location other the location where adwcleaner_4.106 was saved. Why? Then, I would not be able to save the stanalone program of adwcleaner at all?????

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

First off if you're going to be scanning on your own and looking for help then you'll need to find another forum that allows that. None of the support sites that I'm aware of either allow or reply to users that are self medicating their computers.

 

1. Never use Safe Mode for scanning unless the computer cannot or will not start in Normal Mode. The files and registry are not accessed or viewed the same way by the OS or by scanners.

 

2. MBAM will never detect all the same threats that AdwCleaner or JRT detect. These are tools built by individuals that do not necessarily share the same legal concerns that we as a business do. As such they can and do target items they feel are PUPs.

 

Please click on the Uninstall for AdwCleaner and let it remove itself. Then restart the computer 2 times and run the following FRST scan. Make sure you place a check mark in the Additions.txt check box and post back both logs when ready.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply as well.


 

Link to post
Share on other sites
cooperator

cooperator

Posted
  • Author
Posted

 

 

1. Never use Safe Mode for scanning unless the computer cannot or will not start in Normal Mode. The files and registry are not accessed or viewed the same way by the OS or by scanners.

 

2. MBAM will never detect all the same threats that AdwCleaner or JRT detect. These are tools built by individuals that do not necessarily share the same legal concerns that we as a business do. As such they can and do target items they feel are PUPs.

 

Please click on the Uninstall for AdwCleaner and let it remove itself. Then restart the computer 2 times and run the following FRST scan. Make sure you place a check mark in the Additions.txt check box and post back both logs when ready.

 

 

 

 

Thanks a lot,

First: I didn't scan my computer with AdwCleaner while on Safe mode, however, while on normal mode.

I only sacnned my computer with MBAM  and Microsoft Essential Secuirty while on safe mode since I was advised to do that by a friend at an An arabic forum.

Second: when Uninstalling the AdwCleaner and let it remove itself. Then restart the computer 2 times and run the following FRST scan.? What you mean with Run First scan. With what I scan? IF you meant with AdwCleaner, then I would be saying I did that before.

 

 

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.

You can check here if you're not sure if your computer is 32-bit or 64-bit

 

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply as well.

What you mean with this Farbar Recovery Scan Tool? Is it another tool other than AdwCleaner? Must I scan my computer with Farbar Recovery Scan Tool or AdWCleaner?

 

Finally: No need to scan the computer with MBAM?

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

FRST is Farbar Recovery Scan Tool and yes please scan you computer with that tool as requested and post back both logs. No we don't need to scan with MBAM yet at this time.

 

Make sure you temporarily disable your antivirus while running FRST and then re-enable your antivirus after the scan has been completed.

 

Thanks

Link to post
Share on other sites
cooperator

cooperator

Posted
  • Author
Posted

FRST is Farbar Recovery Scan Tool and yes please scan you computer with that tool as requested and post back both logs. No we don't need to scan with MBAM yet at this time.

 

Make sure you temporarily disable your antivirus while running FRST and then re-enable your antivirus after the scan has been completed.

 

Thanks

 

Thanks a lot, I disabled my Microsoft Security Essential . And  I first run 'Farbar Recovery Scan Tool', and this is its 'First' file. However, there are no results  showing me if there are some files infected. Also, I didn't see any options to delete elements while scannin with ''Farbar Recovery Scan Tool'

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014Ran by Mohammad (administrator) on MOHAMMAD-PC on 30-12-2014 15:50:06Running from D:\Users\Mohammad\Desktop\System Software\System Software\Utility software(Utilities & Operating Systems)\Antivirus softwareLoaded Profile: Mohammad (Available profiles: Lardhi & Aeidh & Mohammad)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe(HP) C:\Windows\System32\HPSIsvc.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Symantec Corporation) C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe(Symantec Corporation) C:\Program Files (x86)\Norton Zone\Engine\2.0.97.14\nz.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Symantec Corporation) C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe(Symantec Corporation) C:\Program Files (x86)\Norton Zone\Engine\2.0.97.14\nz.exe(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Microsoft Corporation) D:\Users\Mohammad\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe(Microsoft Corporation) C:\Windows\System32\StikyNot.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe(Dropbox, Inc.) D:\Users\Mohammad\AppData\Roaming\Dropbox\bin\Dropbox.exe(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe(Western Digital) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe(http://getfireshot.com) D:\Users\Mohammad\AppData\Roaming\FireShot\fireshot-chrome-plugin.exe(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coNatHst.exe(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe(Farbar) D:\Users\Mohammad\Desktop\System Software\System Software\Utility software(Utilities & Operating Systems)\Antivirus software\Farbar Recovery Scan Tool (FRST64).exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2014-11-04] (IDT, Inc.)HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5545328 2014-02-28] (Western Digital Technologies, Inc.)HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-09-06] (Western Digital)HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2000896 2014-04-04] (iSkySoft)HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2014-11-03] (Renesas Electronics Corporation)HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-02] (Hewlett-Packard)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-21-3353856634-2765868531-2667151896-1038\...\Run: [SkyDrive] => D:\Users\Mohammad\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-10-11] (Microsoft Corporation)HKU\S-1-5-21-3353856634-2765868531-2667151896-1038\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3491264 2012-06-10] (Tonec Inc.)HKU\S-1-5-21-3353856634-2765868531-2667151896-1038\...\Run: [Facebook Update] => D:\Users\Mohammad\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-02-11] (Facebook Inc.)HKU\S-1-5-21-3353856634-2765868531-2667151896-1038\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30879328 2014-12-11] (Skype Technologies S.A.)HKU\S-1-5-21-3353856634-2765868531-2667151896-1038\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)HKU\S-1-5-21-3353856634-2765868531-2667151896-1038\...\Run: [GoogleChromeAutoLaunch_30531D3AC6252412E560A942A1E06104] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)HKU\S-1-5-21-3353856634-2765868531-2667151896-1038\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2011-03-04] (Hewlett-Packard Company)HKU\S-1-5-21-3353856634-2765868531-2667151896-1038\...\RunOnce: [Uninstall D:\Users\Mohammad\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "D:\Users\Mohammad\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"HKU\S-1-5-21-3353856634-2765868531-2667151896-1038\...\RunOnce: [Uninstall D:\Users\Mohammad\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "D:\Users\Mohammad\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"HKU\S-1-5-21-3353856634-2765868531-2667151896-1038\...\RunOnce: [Uninstall D:\Users\Mohammad\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "D:\Users\Mohammad\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"HKU\S-1-5-21-3353856634-2765868531-2667151896-1038\...\RunOnce: [Uninstall D:\Users\Mohammad\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "D:\Users\Mohammad\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"HKU\S-1-5-21-3353856634-2765868531-2667151896-1038\...\RunOnce: [Uninstall D:\Users\Mohammad\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "D:\Users\Mohammad\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"HKU\S-1-5-21-3353856634-2765868531-2667151896-1038\...\RunOnce: [Uninstall D:\Users\Mohammad\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "D:\Users\Mohammad\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64"HKU\S-1-5-21-3353856634-2765868531-2667151896-1038\...\RunOnce: [Uninstall D:\Users\Mohammad\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "D:\Users\Mohammad\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618\amd64"HKU\S-1-5-21-3353856634-2765868531-2667151896-1038\...\RunOnce: [Uninstall D:\Users\Mohammad\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "D:\Users\Mohammad\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"HKU\S-1-5-21-3353856634-2765868531-2667151896-1038\...\MountPoints2: {21cde78c-bf4f-11e2-ab09-e02a82d4d697} - F:\SETUP.EXEHKU\S-1-5-21-3353856634-2765868531-2667151896-1038\...\MountPoints2: {585d11ff-cfae-11e3-9ba3-e02a82d4d697} - H:\SISetup.exeHKU\S-1-5-21-3353856634-2765868531-2667151896-1038\...\MountPoints2: {6a7e3af9-e17f-11e3-bcc1-e02a82d4d697} - H:\SISetup.exeHKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION Startup: D:\Users\Aeidh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> D:\Users\Mohammad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: D:\Users\Lardhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> D:\Users\Mohammad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: D:\Users\Mohammad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> D:\Users\Mohammad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: D:\Users\Mohammad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)ShellIconOverlayIdentifiers: [1NZOverlayExcluded] -> {32427327-aea5-4bef-811a-b1bd00daf4b4} => C:\Program Files (x86)\Norton Zone\Engine64\2.0.97.14\NZOvrlay.dll (Symantec Corporation)ShellIconOverlayIdentifiers: [1NZOverlayPending] -> {2cfec48b-08ec-4361-8575-7c0da17ab7a5} => C:\Program Files (x86)\Norton Zone\Engine64\2.0.97.14\NZOvrlay.dll (Symantec Corporation)ShellIconOverlayIdentifiers: [1NZOverlaySynced] -> {a9e700bc-92b0-403e-96b3-b87b06ff9d3a} => C:\Program Files (x86)\Norton Zone\Engine64\2.0.97.14\NZOvrlay.dll (Symantec Corporation)ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSEHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fwww.symantec.com%2Fredirects%2Fsecurity%5Fresponse%2Ffix%5Fhomepage%2Findex.jsp%3Flg%3Den%26pid%3DNIS%26pvid%3D20.4.0.40&OSP=HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSEHKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fwww.symantec.com%2Fredirects%2Fsecurity%5Fresponse%2Ffix%5Fhomepage%2Findex.jsp%3Flg%3Den%26pid%3DNIS%26pvid%3D20.4.0.40&OSP=HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSEHKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fwww.symantec.com%2Fredirects%2Fsecurity%5Fresponse%2Ffix%5Fhomepage%2Findex.jsp%3Flg%3Den%26pid%3DNIS%26pvid%3D20.4.0.40&OSP=HKU\S-1-5-21-3353856634-2765868531-2667151896-1038\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/SearchScopes: HKU\S-1-5-21-3353856634-2765868531-2667151896-1038 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=IDSS&chn=retail&geo=US&ver=2014&locale=en_US&gct=kwd&qsrc=2869BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll (IDM)BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)Toolbar: HKLM - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Program Files (x86)\FireShot for Internet Explorer\fsaddin64-0.98.59.dll (getfireshot.com)Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)Toolbar: HKLM-x32 - FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Program Files (x86)\FireShot for Internet Explorer\fsaddin-0.98.59.dll (getfireshot.com)Toolbar: HKU\S-1-5-21-3353856634-2765868531-2667151896-1038 -> Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll (Symantec Corporation)DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)FireFox:========FF ProfilePath: D:\Users\Mohammad\AppData\Roaming\Mozilla\Firefox\Profiles\01u1a6kg.defaultFF SearchEngineOrder.3: Bing FF Homepage: about:homeFF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin64.dll (Skype)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin.dll (Skype)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-3353856634-2765868531-2667151896-1038: @Skype Limited.com/Facebook Video Calling Plugin -> D:\Users\Mohammad\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)FF SearchPlugin: D:\Users\Mohammad\AppData\Roaming\Mozilla\Firefox\Profiles\01u1a6kg.default\searchplugins\bingp.xmlFF Extension: IDM CC - D:\Users\Mohammad\AppData\Roaming\Mozilla\Firefox\Profiles\01u1a6kg.default\Extensions\mozilla_cc@internetdownloadmanager.com [2014-12-08]FF Extension: FireShot - D:\Users\Mohammad\AppData\Roaming\Mozilla\Firefox\Profiles\01u1a6kg.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-12-10]FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-05-13]FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-08-25]FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2014-03-29]FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgnFF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn [2014-12-30]FF HKU\S-1-5-21-3353856634-2765868531-2667151896-1038\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - D:\Users\Mohammad\AppData\Roaming\IDM\idmmzcc5FF Extension: IDM CC - D:\Users\Mohammad\AppData\Roaming\IDM\idmmzcc5 [2013-12-31]FF HKU\S-1-5-21-3353856634-2765868531-2667151896-1038\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - D:\Users\Mohammad\AppData\Roaming\IDM\idmmzcc5Chrome: =======CHR HomePage: Default -> CHR DefaultSuggestURL: Default -> http://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ffCHR Profile: D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Drive) - D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-08]CHR Extension: (Google Voice Search Hotword (Beta)) - D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]CHR Extension: (YouTube) - D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-08]CHR Extension: (Google Search) - D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-08]CHR Extension: (Google Calendar) - D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-12-08]CHR Extension: (Web page captures from browser) - D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fomlbefjpamblimccfdomfgpgokdljcg [2014-11-04]CHR Extension: (Norton Identity Safe) - D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-11-03]CHR Extension: (Website Logon) - D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanflfepiobnpjbljmngfgegijhdpljm [2014-06-25]CHR Extension: (Hangouts) - D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2014-12-08]CHR Extension: (Skype Click to Call) - D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-09-16]CHR Extension: (Capture Webpage Screenshot - FireShot) - D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2014-11-04]CHR Extension: (Norton Safe) - D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2014-11-01]CHR Extension: (Google Wallet) - D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-16]CHR Extension: (Norton Security Toolbar) - D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2014-11-03]CHR Extension: (Gmail) - D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-08]CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No PathCHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-11-03]CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No PathCHR HKLM-x32\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [kanflfepiobnpjbljmngfgegijhdpljm] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\Exts\Chrome.crx [2014-11-03]==================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [93184 2014-08-21] (Hewlett-Packard Company) [File not signed]S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)R2 MCLIENT; C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe [143928 2012-12-05] (Symantec Corporation)R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [130104 2014-09-20] (Symantec Corporation)S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)R2 NZ; C:\Program Files (x86)\Norton Zone\Engine\2.0.97.14\NZ.exe [521504 2014-06-20] (Symantec Corporation)S4 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [292736 2013-01-18] (Puran Software) [File not signed]R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-02-28] (Western Digital Technologies, Inc.)R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [271728 2014-02-28] (Western Digital Technologies, Inc.)==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)R1 ccSet_MCLIENT; C:\Windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [168096 2012-10-03] (Symantec Corporation)R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07080.017\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)R1 ccSet_NZ; C:\Windows\system32\drivers\NZx64\0200610.00E\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () [File not signed]S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] () [File not signed]S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () [File not signed]S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () [File not signed]S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [36944 2014-03-04] (IObit)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-30] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [166384 2014-09-09] (Windows (R) Win 7 DDK provider)S3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [12760 2014-07-21] (Paramount Software UK Ltd)S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19936 2010-08-17] ()S3 pwdspio; C:\Windows\system32\pwdspio.sys [13280 2010-08-17] ()S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [113952 2014-02-25] (Oracle Corporation)S3 ALSysIO; \??\D:\Users\Mohammad\AppData\Local\Temp\ALSysIO64.sys [X]==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2014-12-30 15:42 - 2014-12-30 15:45 - 00000112 _____ () C:\Windows\setupact.log2014-12-30 15:42 - 2014-12-30 15:42 - 00000000 _____ () C:\Windows\setuperr.log2014-12-30 13:45 - 2014-12-30 13:45 - 00001249 _____ () D:\Users\Mohammad\Desktop\AdwCleaner.txt2014-12-30 13:04 - 2014-12-30 15:50 - 00000000 ____D () C:\FRST2014-12-30 03:33 - 2014-12-30 03:33 - 00000000 ____D () D:\Users\Mohammad\Downloads\Welcome to EaseUS LiveChat_files2014-12-29 01:52 - 2014-12-29 01:52 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task2014-12-27 01:46 - 2014-12-27 01:46 - 00001911 _____ () D:\Users\Public\Desktop\LightScribe.lnk2014-12-26 14:10 - 2014-12-26 19:11 - 00000000 ____D () D:\Users\Mohammad\Desktop\Connecting between two Wireless laptops connected wirelessly to the same Wireless Router2014-12-26 13:34 - 2014-12-26 13:34 - 00001176 _____ () D:\Users\Public\Desktop\EaseUS Todo PCTrans 6.5.lnk2014-12-26 04:10 - 2014-12-26 04:13 - 00000000 ____D () D:\Users\Mohammad\Desktop\Playing Media Streaming2014-12-26 02:19 - 2014-12-26 02:19 - 00000000 ____D () D:\Users\Mohammad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices2014-12-25 07:17 - 2014-12-25 07:26 - 00000000 ____D () C:\Program Files (x86)\Picture Merge Genius2014-12-25 07:17 - 2014-12-25 07:17 - 00000872 _____ () D:\Users\Mohammad\Desktop\Picture Merge Genius.lnk2014-12-25 07:12 - 2014-12-25 07:14 - 00231808 _____ () D:\Users\Mohammad\Downloads\PictureMergeGeniusEn.exe2014-12-25 02:22 - 2014-12-27 01:09 - 00000000 ____D () D:\Users\Mohammad\Desktop\Problem with reading CDs,DVDs2014-12-24 22:21 - 2014-12-26 20:57 - 00000175 _____ () C:\rescuepe.log2014-12-24 03:43 - 2014-12-24 04:43 - 00000000 ____D () D:\Users\Mohammad\Desktop\Scanning2014-12-24 03:00 - 2014-12-24 03:00 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\5BD9715C.sys2014-12-21 07:35 - 2014-12-21 07:35 - 00051849 _____ () D:\Users\Mohammad\Downloads\70F3.tmp2014-12-21 07:35 - 2014-12-21 07:35 - 00000000 ____D () D:\Users\Mohammad\Desktop\Arvixe Web Hosting - Powered by Kayako Help Desk Software_files2014-12-18 23:37 - 2014-12-18 23:37 - 00000000 ____D () D:\Users\Mohammad\Desktop\My ISP's IP address2014-12-18 01:33 - 2014-12-13 08:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-12-18 01:33 - 2014-12-13 06:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-12-17 06:49 - 2014-12-17 06:58 - 00000910 _____ () D:\Users\Mohammad\Desktop\Core Temp.lnk2014-12-17 06:49 - 2014-12-17 06:49 - 00000000 ____D () C:\Program Files\Core Temp2014-12-16 06:08 - 2014-12-16 06:08 - 00000000 ____D () D:\Users\Mohammad\Desktop\Printing a scanned image page as a selectable text with printer driver software2014-12-14 07:51 - 2014-12-14 07:51 - 00000000 ____D () C:\Windows\system32\appraiser2014-12-14 01:19 - 2014-12-04 05:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll2014-12-14 01:19 - 2014-12-04 05:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll2014-12-14 01:19 - 2014-12-04 05:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2014-12-14 01:19 - 2014-12-04 05:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll2014-12-14 01:19 - 2014-12-04 05:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-12-14 01:19 - 2014-12-04 05:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll2014-12-14 01:19 - 2014-12-04 05:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-12-14 01:19 - 2014-12-02 02:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe2014-12-13 05:41 - 2014-11-27 04:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-12-13 05:41 - 2014-11-27 04:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-12-13 05:41 - 2014-11-22 06:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-12-13 05:41 - 2014-11-22 06:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-12-13 05:41 - 2014-11-22 06:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-12-13 05:41 - 2014-11-22 05:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-12-13 05:41 - 2014-11-22 05:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-12-13 05:41 - 2014-11-22 05:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-12-13 05:41 - 2014-11-22 05:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-12-13 05:41 - 2014-11-22 05:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-12-13 05:41 - 2014-11-22 05:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-12-13 05:41 - 2014-11-22 05:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-12-13 05:41 - 2014-11-22 05:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-12-13 05:41 - 2014-11-22 05:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-12-13 05:41 - 2014-11-22 05:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-12-13 05:41 - 2014-11-22 05:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-12-13 05:41 - 2014-11-22 05:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-12-13 05:41 - 2014-11-22 05:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-12-13 05:41 - 2014-11-22 05:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-12-13 05:41 - 2014-11-22 05:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-12-13 05:41 - 2014-11-22 05:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-12-13 05:41 - 2014-11-22 05:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-12-13 05:41 - 2014-11-22 05:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-12-13 05:41 - 2014-11-22 05:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-12-13 05:41 - 2014-11-22 05:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-12-13 05:41 - 2014-11-22 05:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-12-13 05:41 - 2014-11-22 05:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-12-13 05:41 - 2014-11-22 05:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-12-13 05:41 - 2014-11-22 05:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-12-13 05:41 - 2014-11-22 04:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-12-13 05:41 - 2014-11-22 04:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-12-13 05:41 - 2014-11-22 04:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-12-13 05:41 - 2014-11-22 04:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-12-13 05:41 - 2014-11-22 04:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-12-13 05:41 - 2014-11-22 04:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-12-13 05:41 - 2014-11-22 04:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-12-13 05:41 - 2014-11-22 04:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-12-13 05:41 - 2014-11-22 04:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-12-13 05:41 - 2014-11-22 04:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-12-13 05:41 - 2014-11-22 04:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-12-13 05:41 - 2014-11-22 04:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-12-13 05:41 - 2014-11-22 04:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-12-13 05:41 - 2014-11-22 04:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-12-13 05:41 - 2014-11-22 04:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-12-13 05:41 - 2014-11-22 04:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-12-13 05:41 - 2014-11-22 04:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-12-13 05:41 - 2014-11-22 04:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-12-13 05:41 - 2014-11-22 04:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-12-13 05:41 - 2014-11-22 04:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-12-13 05:41 - 2014-11-22 04:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-12-13 05:41 - 2014-11-22 04:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-12-13 05:41 - 2014-11-22 04:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-12-13 05:41 - 2014-11-22 03:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-12-13 05:41 - 2014-11-22 03:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-12-12 06:06 - 2014-10-18 05:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll2014-12-12 06:06 - 2014-10-18 04:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll2014-12-12 06:06 - 2014-07-07 05:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll2014-12-12 06:06 - 2014-07-07 05:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe2014-12-12 06:06 - 2014-07-07 05:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe2014-12-12 06:06 - 2014-07-07 05:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll2014-12-12 06:06 - 2014-07-07 04:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll2014-12-12 06:06 - 2014-07-07 04:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe2014-12-12 06:06 - 2014-07-07 04:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe2014-12-12 06:06 - 2014-07-07 04:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll2014-12-12 00:47 - 2014-11-08 06:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2014-12-12 00:47 - 2014-11-08 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll2014-12-12 00:31 - 2014-11-11 06:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll2014-12-12 00:31 - 2014-11-11 05:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll2014-12-12 00:26 - 2014-11-11 04:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys2014-12-11 23:50 - 2014-10-03 05:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll2014-12-11 23:50 - 2014-10-03 05:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll2014-12-11 23:50 - 2014-10-03 05:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll2014-12-11 23:50 - 2014-10-03 05:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll2014-12-11 23:50 - 2014-10-03 05:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe2014-12-11 23:50 - 2014-10-03 04:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll2014-12-11 23:50 - 2014-10-03 04:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll2014-12-11 23:50 - 2014-10-03 04:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll2014-12-11 23:50 - 2014-10-03 04:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll2014-12-11 23:50 - 2014-10-03 04:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe2014-12-11 07:07 - 2014-12-11 07:11 - 00002438 _____ () D:\Users\Mohammad\Desktop\How do individuals running forums offset the costing of renting services.txt2014-12-11 06:54 - 2014-10-30 05:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe2014-12-11 06:54 - 2014-10-30 04:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe2014-12-08 00:50 - 2014-12-08 00:50 - 00000000 ____D () D:\Users\Mohammad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome2014-12-07 01:53 - 2014-12-30 03:44 - 00000000 ____D () D:\Users\Mohammad\Desktop\Contacting Norton Support about NIS2014-12-06 23:31 - 2014-12-26 05:49 - 00000000 ____D () D:\Users\Mohammad\Desktop\Internet Subscription2014-12-06 02:54 - 2014-12-06 02:58 - 02321819 _____ () D:\Users\Mohammad\Documents\Sound Recorded while talking to HP Customer Care.wma2014-12-02 04:18 - 2014-12-02 04:18 - 00000000 ____D () D:\Users\Mohammad\AppData\Roaming\corz2014-12-02 04:15 - 2014-12-02 04:15 - 00476461 _____ () D:\Users\Mohammad\Downloads\Long Path Fixer for Windows x64.zip2014-12-02 04:14 - 2014-12-02 04:14 - 00782117 _____ () D:\Users\Mohammad\Downloads\long_path_tool.zip2014-12-02 04:11 - 2014-12-02 04:12 - 00230656 _____ () D:\Users\Mohammad\Downloads\long_path_tool.exe2014-12-02 01:04 - 2014-12-02 01:04 - 00000000 ____D () C:\k2014-12-01 15:02 - 2014-12-01 15:02 - 00000000 ____D () D:\Users\Lardhi\AppData\Local\Hewlett-Packard2014-12-01 15:01 - 2014-12-01 15:01 - 00000000 ____D () D:\Users\Lardhi\AppData\Roaming\Intel Corporation2014-12-01 15:00 - 2014-12-01 15:00 - 00000000 ____D () D:\Users\Aeidh\AppData\Roaming\Hewlett-Packard2014-12-01 14:53 - 2014-12-01 14:53 - 00000000 ____D () D:\Users\Aeidh\AppData\Roaming\Intel Corporation2014-12-01 14:53 - 2014-12-01 14:53 - 00000000 ____D () D:\Users\Aeidh\AppData\Local\Hewlett-Packard==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2014-12-30 15:49 - 2014-05-09 19:19 - 01973709 _____ () C:\Windows\WindowsUpdate.log2014-12-30 15:47 - 2014-04-15 01:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-12-30 15:46 - 2014-10-31 11:12 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat2014-12-30 15:46 - 2013-06-17 00:54 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-12-30 15:45 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-12-30 15:44 - 2013-12-31 23:15 - 00000000 ____D () D:\Users\Mohammad\AppData\Roaming\DMCache2014-12-30 15:41 - 2014-01-01 04:32 - 00000000 ___RD () D:\Users\Mohammad\SkyDrive2014-12-30 15:38 - 2013-12-31 23:05 - 00000000 ____D () D:\Users\Mohammad\AppData\Roaming\Skype2014-12-30 15:36 - 2013-12-31 23:15 - 00000000 ____D () D:\Users\Mohammad\AppData\Roaming\IDM2014-12-30 15:27 - 2013-06-17 00:54 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-12-30 15:25 - 2013-05-08 14:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-12-30 14:03 - 2014-02-11 19:58 - 00000940 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3353856634-2765868531-2667151896-1038UA.job2014-12-30 13:08 - 2014-01-01 00:21 - 00000000 ____D () D:\Users\Mohammad\AppData\Roaming\Dropbox2014-12-30 13:08 - 2013-05-27 06:10 - 00000000 ___RD () D:\Users\Mohammad\Dropbox2014-12-30 13:06 - 2009-07-14 07:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-12-30 13:06 - 2009-07-14 07:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-12-30 03:28 - 2014-02-10 16:45 - 00000000 ____D () D:\Users\Mohammad\AppData\Roaming\PrimoPDF2014-12-30 02:21 - 2014-11-01 14:21 - 00003204 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMohammad2014-12-30 02:21 - 2014-11-01 14:21 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForMohammad.job2014-12-29 05:54 - 2014-01-01 23:18 - 00000000 ____D () D:\Users\Mohammad\AppData\Local\CrashDumps2014-12-29 05:54 - 2013-05-22 17:40 - 00000000 ____D () D:\Users\Mohammad\Tracing2014-12-29 05:54 - 2001-12-18 11:10 - 00000635 _____ () C:\Windows\wafi2000.ini2014-12-29 05:51 - 2014-10-01 21:13 - 00000000 ____D () D:\Users\Mohammad\Desktop\English2014-12-29 05:49 - 2013-05-18 03:12 - 00001687 _____ () C:\Windows\ata live update.ini2014-12-29 05:36 - 2014-09-22 04:33 - 00000000 ____D () D:\Users\Mohammad\Desktop\Temp things2014-12-29 05:28 - 2013-11-19 06:41 - 00000000 ____D () C:\Program Files (x86)\Golden Al-Wafi Translator2014-12-29 01:54 - 2014-11-03 00:53 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2014-12-29 01:54 - 2014-11-02 00:05 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log2014-12-27 01:35 - 2014-11-01 14:13 - 00000000 ____D () C:\swsetup2014-12-27 01:21 - 2009-07-14 08:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD2014-12-27 00:54 - 2009-07-14 08:13 - 00785874 _____ () C:\Windows\system32\PerfStringBackup.INI2014-12-26 22:33 - 2013-05-22 17:44 - 00000000 ____D () D:\Users\Public\CyberLink2014-12-26 20:03 - 2014-02-11 19:58 - 00000918 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3353856634-2765868531-2667151896-1038Core.job2014-12-26 15:06 - 2013-12-31 23:11 - 00000000 ____D () D:\Users\Aeidh\AppData\Roaming\DMCache2014-12-26 14:37 - 2014-01-01 04:49 - 00000000 ____D () D:\Users\Aeidh\AppData\Roaming\Dropbox2014-12-26 13:34 - 2013-12-21 16:41 - 00000000 ____D () C:\Program Files (x86)\EaseUS2014-12-26 12:57 - 2014-11-09 12:47 - 00000236 _____ () D:\Users\Mohammad\Desktop\Installing programs.txt2014-12-26 07:21 - 2013-05-27 06:00 - 00000000 ___RD () D:\Users\Aeidh\Dropbox2014-12-25 23:38 - 2009-07-14 08:08 - 00032594 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-12-24 22:40 - 2014-11-22 04:58 - 00000000 ____D () D:\Users\Mohammad\Desktop\Service, Compnies2014-12-24 04:52 - 2013-11-03 16:25 - 00000000 ____D () D:\Users\Mohammad\Documents\Outlook Files2014-12-24 04:12 - 2014-11-01 11:56 - 00000000 ____D () D:\Users\Mohammad\Desktop\Laptop Brands2014-12-24 02:58 - 2014-11-01 12:48 - 00000000 ____D () C:\Windows\Hewlett-Packard2014-12-20 23:12 - 2014-10-27 15:34 - 00000000 ____D () D:\Users\Mohammad\Desktop\System Software2014-12-19 01:43 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\rescache2014-12-19 00:09 - 2014-01-01 00:24 - 00001011 _____ () D:\Users\Mohammad\Desktop\Dropbox.lnk2014-12-19 00:09 - 2014-01-01 00:21 - 00000000 ____D () D:\Users\Mohammad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2014-12-18 00:06 - 2013-05-13 03:22 - 00000000 ___RD () C:\Program Files (x86)\Skype2014-12-17 07:12 - 2014-05-09 00:44 - 00000000 ____D () C:\Windows\AutoKMS2014-12-17 01:55 - 2014-11-07 14:13 - 00000000 ____D () D:\Users\Mohammad\AppData\Roaming\Screenshot Studio2014-12-14 07:51 - 2014-05-04 21:09 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-12-14 07:51 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\AppCompat2014-12-14 00:09 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\PolicyDefinitions2014-12-13 08:21 - 2013-08-25 01:44 - 00000000 ____D () C:\Windows\system32\MRT2014-12-13 08:15 - 2013-05-23 23:57 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-12-13 05:47 - 2013-08-23 08:32 - 00002063 _____ () D:\Users\Public\Desktop\Google Chrome.lnk2014-12-11 05:46 - 2014-11-08 16:08 - 00000000 ____D () D:\Users\Mohammad\Desktop\Application Software2014-12-11 02:01 - 2014-04-12 17:44 - 00000424 _____ () D:\Users\Mohammad\Desktop\notes1.txt2014-12-10 12:51 - 2013-05-03 19:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2014-12-10 00:07 - 2013-05-03 19:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-12-08 13:33 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\registration2014-12-07 02:08 - 2014-06-07 00:24 - 00372736 _____ () D:\Users\Mohammad\Documents\Database1.accdb2014-12-07 01:50 - 2014-11-04 02:53 - 00000000 ____D () D:\Users\Mohammad\Desktop\HP Software2014-12-07 01:35 - 2013-05-22 17:40 - 00000000 ____D () D:\Users\Mohammad\Downloads\Compressed2014-12-07 00:20 - 2013-05-22 17:40 - 00000000 ____D () D:\Users\Mohammad\Downloads\Video2014-12-04 03:21 - 2014-04-15 01:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-12-04 03:21 - 2013-05-22 17:44 - 00000990 _____ () D:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-12-01 16:09 - 2013-05-10 02:01 - 00000000 ____D () C:\Windows\pss2014-12-01 15:05 - 2013-05-27 06:22 - 00000000 ___RD () D:\Users\Lardhi\Dropbox2014-12-01 15:04 - 2014-05-27 01:02 - 00000000 ____D () D:\Users\Lardhi\AppData\Roaming\DropboxMaster2014-12-01 15:04 - 2013-05-27 06:18 - 00000000 ____D () D:\Users\Lardhi\AppData\Roaming\Dropbox2014-12-01 15:01 - 2014-03-07 05:46 - 00000000 ___RD () D:\Users\Lardhi\Virtual Machines2014-12-01 15:01 - 2013-05-23 01:59 - 00119104 _____ () D:\Users\Lardhi\AppData\Local\GDIPFONTCACHEV1.DAT2014-12-01 14:53 - 2014-03-07 05:47 - 00000000 ___RD () D:\Users\Aeidh\Virtual Machines2014-12-01 14:52 - 2013-12-31 22:04 - 00119104 _____ () D:\Users\Aeidh\AppData\Local\GDIPFONTCACHEV1.DAT2014-12-01 14:52 - 2013-12-31 22:04 - 00000258 __RSH () D:\Users\Aeidh\ntuser.pol2014-12-01 14:52 - 2013-12-31 22:04 - 00000000 ____D () D:\Users\AeidhSome content of TEMP:====================D:\Users\Lardhi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdhtfwv.dllD:\Users\Mohammad\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdnespa.dll==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2014-12-26 00:52==================== End Of Log ============================

I also scan my computer with that tool 'AdwCleaner, this is its log: (Yes, here are some elements can be chosen ot be deleted)

 

 

# AdwCleaner v4.105 - Report created 23/12/2014 at 21:52:29# Updated 08/12/2014 by Xplode# Database : 2014-12-08.2 [Local]# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Mohammad - MOHAMMAD-PC# Running from : D:\Users\Mohammad\Desktop\System Software\System Software\Utility software(Utilities & Operating Systems)\antivirus software\AdwCleaner\AdwCleaner.exe# Option : Scan***** [ Services ] *****Service Found : c2cautoupdatesvcService Found : c2cpnrsvc***** [ Files / Folders ] *****File Found : D:\Users\Aeidh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QQPlayer.lnkFile Found : D:\Users\Aeidh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\QQPlayer.lnkFile Found : D:\Users\Aeidh\Desktop\QQPlayer.lnkFile Found : D:\Users\Lardhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\QQPlayer.lnkFile Found : D:\Users\Lardhi\Desktop\QQPlayer.lnkFile Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorageFile Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journalFile Found : D:\Users\Mohammad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QQPlayer.lnkFile Found : D:\Users\Mohammad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\QQPlayer.lnkFile Found : D:\Users\Mohammad\AppData\Roaming\Mozilla\Firefox\Profiles\01u1a6kg.default\searchplugins\bingp.xmlFile Found : D:\Users\Mohammad\Desktop\QQPlayer.lnkFolder Found : D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflFolder Found : D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeobFolder Found : D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflFolder Found : D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeobFolder Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflFolder Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfcegFolder Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob***** [ Scheduled Tasks ] *****Task Found : LaunchApp***** [ Shortcuts ] ********** [ Registry ] *****Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKCU\Software\Myfree CodecKey Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : [x64] HKCU\Software\Myfree CodecKey Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}Key Found : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\BackgroundHost.EXEKey Found : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\secman.DLLKey Found : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Found : HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Key Found : HKLM\SOFTWARE\Classes\Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}Key Found : HKLM\SOFTWARE\Classes\Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}Key Found : HKLM\SOFTWARE\Classes\Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}Key Found : HKLM\SOFTWARE\Classes\Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManagerKey Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\gjajpkikblccgefaibcafkfbanllpefiKey Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflKey Found : HKLM\SOFTWARE\Google\Chrome\Extensions\nppllibpnmahfaklnpggkibhkapjkeobKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKLM\SOFTWARE\Myfree CodecKey Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\nppllibpnmahfaklnpggkibhkapjkeobKey Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}***** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.17496-\\ Mozilla Firefox v34.0.5 (x86 en-US)-\\ Google Chrome v39.0.2171.95[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=US&ver=18[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : nppllibpnmahfaklnpggkibhkapjkeob[D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl[D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : nppllibpnmahfaklnpggkibhkapjkeob*************************AdwCleaner[R0].txt - [7824 octets] - [23/12/2014 21:52:29]########## EOF - D:\AdwCleaner\AdwCleaner[R0].txt - [7884 octets] ########### AdwCleaner v4.106 - Report created 30/12/2014 at 16:02:26# Updated 21/12/2014 by Xplode# Database : 2014-12-21.4 [Local]# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Mohammad - MOHAMMAD-PC# Running from : D:\Users\Mohammad\Desktop\System Software\System Software\Utility software(Utilities & Operating Systems)\Antivirus software\AdwCleaner\adwcleaner_4.106.exe# Option : Scan***** [ Services ] ********** [ Files / Folders ] *****File Found : D:\Users\Aeidh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QQPlayer.lnkFile Found : D:\Users\Aeidh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\QQPlayer.lnkFile Found : D:\Users\Aeidh\Desktop\QQPlayer.lnkFile Found : D:\Users\Lardhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\QQPlayer.lnkFile Found : D:\Users\Lardhi\Desktop\QQPlayer.lnkFile Found : D:\Users\Mohammad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QQPlayer.lnkFile Found : D:\Users\Mohammad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\QQPlayer.lnkFile Found : D:\Users\Mohammad\AppData\Roaming\Mozilla\Firefox\Profiles\01u1a6kg.default\searchplugins\bingp.xmlFile Found : D:\Users\Mohammad\Desktop\QQPlayer.lnkFolder Found : D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflFolder Found : D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeobFolder Found : D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflFolder Found : D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeobFolder Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflFolder Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfcegFolder Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob***** [ Scheduled Tasks ] *****Task Found : LaunchApp***** [ Shortcuts ] ********** [ Registry ] *****Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKCU\Software\Myfree CodecKey Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : [x64] HKCU\Software\Myfree CodecKey Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}Key Found : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\BackgroundHost.EXEKey Found : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\secman.DLLKey Found : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Key Found : HKLM\SOFTWARE\Classes\Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}Key Found : HKLM\SOFTWARE\Classes\Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}Key Found : HKLM\SOFTWARE\Classes\Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}Key Found : HKLM\SOFTWARE\Classes\Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManagerKey Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflKey Found : HKLM\SOFTWARE\Google\Chrome\Extensions\nppllibpnmahfaklnpggkibhkapjkeobKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKLM\SOFTWARE\Myfree CodecKey Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\nppllibpnmahfaklnpggkibhkapjkeobKey Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}***** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.17496-\\ Mozilla Firefox v34.0.5 (x86 en-US)-\\ Google Chrome v39.0.2171.95[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=US&ver=18[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : nppllibpnmahfaklnpggkibhkapjkeob[D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl[D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : nppllibpnmahfaklnpggkibhkapjkeob*************************AdwCleaner[R0].txt - [15067 octets] - [23/12/2014 21:52:29]AdwCleaner[R1].txt - [7582 octets] - [24/12/2014 04:20:44]########## EOF - D:\AdwCleaner\AdwCleaner[R0].txt - [15188 octets] ##########

 

 

What next step should I proceed with?

Link to post
Share on other sites
cooperator

cooperator

Posted
  • Author
Posted

You need to delete this folder

C:\Windows\AutoKMS

Then run AdwCleaner again and tell it to remove what it found. Pretty much all looks like junk to me. If there is something there specific you want to keep let me know otherwise I say remove it all.

Link to post
Share on other sites
cooperator

cooperator

Posted
  • Author
Posted

 

You need to delete this folder

C:\Windows\AutoKMS

Then run AdwCleaner again and tell it to remove what it found. Pretty much all looks like junk to me. If there is something there specific you want to keep let me know otherwise I say remove it all.

 

Thanks a lot, What benefit is there from running with 'Farbar Recovery Scan Tool',  as long as I didn't use it to remove anything, although it didn't detect anything to let it delete.  I will only use AdwCleaner to delete anything it found.

That folder seems to be a Attempting To Activate Office 2010 KMS Products. If it was a threat, then why wouldn't we let the AdwCleaner remove it? Also, I think I will need to reactive Office 2010 if I deteted that folder.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Yes, that is piracy and you were told to remove this before and again now. If you do not wish to disable and remove the piracy then I will close the topic and disable your account here as we will not continue to assist you in pirating software.

Open Office is free if you don't have license for Microsoft Office. Limited funds does not justify piracy.

Link to post
Share on other sites
cooperator

cooperator

Posted
  • Author
Posted

Yes, that is piracy and you were told to remove this before and again now. If you do not wish to disable and remove the piracy then I will close the topic and disable your account here as we will not continue to assist you in pirating software.

Open Office is free if you don't have license for Microsoft Office. Limited funds does not justify piracy.

Thanks a lot,

I know that pirating software can be harmful and useless for a user's OSs since everything pirated will result in getting problems in a system over time. I really removed that folder in the first time you told me, but I would like to be familar to what I did in order to help others in the feature with what is benefit and harful for their systems.

 

I was honest with you, and told you that that was piracy, or otherwise I wouldn't post the the results of the scanning porgrams if I didn't want to be honest.

Moreover,  MrCharlie who suggested those steps for me, and he said When it's done you'd see: Pending: Please uncheck elements you don't want removed. •Look over the log especially under Files/Folders for any program you want to save.

 

However, you only brought your attention to that only folder, and you ignored replying on  'What benefit is there from running with 'Farrar Recovery Scan Tool',  as long as I didn't use it to remove anything, although it didn't detect anything to let it delete.  I will only use AdwCleaner to delete anything it found.

 

This is the log file after deleting the potential threats::

# AdwCleaner v4.106 - Report created 31/12/2014 at 14:01:52# Updated 21/12/2014 by Xplode# Database : 2014-12-21.4 [Local]# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Mohammad - MOHAMMAD-PC# Running from : D:\Users\Mohammad\Downloads\Programs\AdwCleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflFolder Deleted : D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflFolder Deleted : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflFolder Deleted : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfcegFolder Deleted : D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeobFolder Deleted : D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeobFolder Deleted : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeobFile Deleted : D:\Users\Aeidh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QQPlayer.lnkFile Deleted : D:\Users\Aeidh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\QQPlayer.lnkFile Deleted : D:\Users\Aeidh\Desktop\QQPlayer.lnkFile Deleted : D:\Users\Lardhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\QQPlayer.lnkFile Deleted : D:\Users\Lardhi\Desktop\QQPlayer.lnkFile Deleted : D:\Users\Mohammad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QQPlayer.lnkFile Deleted : D:\Users\Mohammad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\QQPlayer.lnkFile Deleted : D:\Users\Mohammad\Desktop\QQPlayer.lnkFile Deleted : D:\Users\Mohammad\AppData\Roaming\Mozilla\Firefox\Profiles\01u1a6kg.default\searchplugins\bingp.xml***** [ Scheduled Tasks ] *****Task Deleted : LaunchApp***** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nppllibpnmahfaklnpggkibhkapjkeobKey Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\nppllibpnmahfaklnpggkibhkapjkeobKey Deleted : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLLKey Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManagerKey Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1Key Deleted : HKLM\SOFTWARE\Classes\AppID\BackgroundHost.EXEKey Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Deleted : HKCU\Software\Myfree CodecKey Deleted : HKLM\SOFTWARE\Myfree Codec***** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.17496-\\ Mozilla Firefox v34.0.5 (x86 en-US)-\\ Google Chrome v39.0.2171.95[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=US&ver=18[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : nppllibpnmahfaklnpggkibhkapjkeob[D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl[D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : nppllibpnmahfaklnpggkibhkapjkeob*************************AdwCleaner[R0].txt - [15648 octets] - [23/12/2014 21:52:29]AdwCleaner[R1].txt - [15328 octets] - [24/12/2014 04:20:44]AdwCleaner[R2].txt - [7355 octets] - [31/12/2014 13:26:15]AdwCleaner[S0].txt - [6987 octets] - [31/12/2014 14:01:52]########## EOF - D:\AdwCleaner\AdwCleaner[S0].txt - [7047 octets] ##########

This is the log file after restarting the computer to delete the threats::

# AdwCleaner v4.106 - Report created 31/12/2014 at 13:26:15# Updated 21/12/2014 by Xplode# Database : 2014-12-30.1 [Live]# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Mohammad - MOHAMMAD-PC# Running from : D:\Users\Mohammad\Desktop\System Software\System Software\Utility software(Utilities & Operating Systems)\Antivirus software\AdwCleaner\adwcleaner_4.106.exe# Option : Scan***** [ Services ] ********** [ Files / Folders ] *****File Found : D:\Users\Aeidh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QQPlayer.lnkFile Found : D:\Users\Aeidh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\QQPlayer.lnkFile Found : D:\Users\Aeidh\Desktop\QQPlayer.lnkFile Found : D:\Users\Lardhi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\QQPlayer.lnkFile Found : D:\Users\Lardhi\Desktop\QQPlayer.lnkFile Found : D:\Users\Mohammad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QQPlayer.lnkFile Found : D:\Users\Mohammad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\QQPlayer.lnkFile Found : D:\Users\Mohammad\AppData\Roaming\Mozilla\Firefox\Profiles\01u1a6kg.default\searchplugins\bingp.xmlFile Found : D:\Users\Mohammad\Desktop\QQPlayer.lnkFolder Found : D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflFolder Found : D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeobFolder Found : D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflFolder Found : D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeobFolder Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflFolder Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfcegFolder Found : D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob***** [ Scheduled Tasks ] *****Task Found : LaunchApp***** [ Shortcuts ] ********** [ Registry ] *****Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKCU\Software\Myfree CodecKey Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}Key Found : [x64] HKCU\Software\Myfree CodecKey Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}Key Found : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\BackgroundHost.EXEKey Found : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\secman.DLLKey Found : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Key Found : HKLM\SOFTWARE\Classes\Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}Key Found : HKLM\SOFTWARE\Classes\Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}Key Found : HKLM\SOFTWARE\Classes\Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}Key Found : HKLM\SOFTWARE\Classes\Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManagerKey Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldflKey Found : HKLM\SOFTWARE\Google\Chrome\Extensions\nppllibpnmahfaklnpggkibhkapjkeobKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKLM\SOFTWARE\Myfree CodecKey Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\nppllibpnmahfaklnpggkibhkapjkeobKey Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}***** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.17496-\\ Mozilla Firefox v34.0.5 (x86 en-US)-\\ Google Chrome v39.0.2171.95[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=US&ver=18[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : nppllibpnmahfaklnpggkibhkapjkeob[D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl[D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : nppllibpnmahfaklnpggkibhkapjkeob*************************AdwCleaner[R0].txt - [15325 octets] - [23/12/2014 21:52:29]AdwCleaner[R1].txt - [8075 octets] - [24/12/2014 04:20:44]AdwCleaner[R2].txt - [7159 octets] - [31/12/2014 13:26:15]########## EOF - D:\AdwCleaner\AdwCleaner[R2].txt - [7219 octets] ########### AdwCleaner v4.106 - Report created 31/12/2014 at 14:16:37# Updated 21/12/2014 by Xplode# Database : 2014-12-30.1 [Live]# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Mohammad - MOHAMMAD-PC# Running from : D:\Users\Mohammad\Downloads\Programs\AdwCleaner.exe# Option : Scan***** [ Services ] ********** [ Files / Folders ] ********** [ Scheduled Tasks ] ********** [ Shortcuts ] ********** [ Registry ] ********** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.17496-\\ Mozilla Firefox v34.0.5 (x86 en-US)-\\ Google Chrome v39.0.2171.95*************************AdwCleaner[R0].txt - [15648 octets] - [23/12/2014 21:52:29]AdwCleaner[R1].txt - [15328 octets] - [24/12/2014 04:20:44]AdwCleaner[R2].txt - [8148 octets] - [31/12/2014 13:26:15]AdwCleaner[S0].txt - [7175 octets] - [31/12/2014 14:01:52]########## EOF - D:\AdwCleaner\AdwCleaner[R2].txt - [8268 octets] ##########
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

No problem. I bypassed answering your question about FRST while I awaited your reply and re-running of the AdwCleaner.

 

Normally you as the end-user do not choose what to remove with FRST. You post back your logs as requested and then one of the trained helpers reviews your logs and they provide you with information on what to remove. It is only a logging tool without creating a special script to remove items. You can certainly read about how to use the tool from their documentation but knowing what to remove and use the tool well takes training that without attending a malware removal school is difficult to attain that sort of knowledge on your own. It can be done but takes a lot of time and experience.

 

Since you've now removed the requested items and the AdwCleaner removals it's really best to run a new FRST scan along with the Additions.txt log and post back new logs so that we don't try to fix things that have already possibly been fixed. Please note though that as it's the New Year holiday a follow up reply from me can be delayed by a couple of days possibly.

 

Please restart the computer and run FRST again and place a check mark in the Additions.txt check box and post back the new logs and I'll review them and provide you with a follow-up script on what to remove.

 

Also let me know if there is any other specific issue you're having so that it can be addressed at that time as well.

 

Thanks

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply as well.
Link to post
Share on other sites
  • 4 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Well that's up to you. There were some items that may not necessarily be malware but possibly might not want running that I was going to look at.

If the computer is running well for you and you're not experiencing any issues then we can go ahead and close up the topic

 

Let me know

 

Cheers

Link to post
Share on other sites
  • 3 months later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
  • 9 months later...
cooperator

cooperator

Posted
  • Author
Posted

First of all: Thank you so much indeed for accepting my request with respect to reopening this related topic.

 

Secondly: since I have been faced with the same issues discussed here, and when trying downloading 'FRST', and While  the real protection of  'Microsoft Security Essentials' and 'Malwarebytes Anti-Malware' is disabled, When I run 'FIRST', it only took about 2 minutes, and then saved  'addition', and 'FRST' files . However, there are no entries which can be removed in the fixlist. There is no fixlist at all saved.

So, what benefit is there from running FIRST as long as there are no entities shown to be fixed ????
 
NOTE::: I have removed the FRST.txt and Addition.txt files contents since whenever posting the post, I found 'error 'post too long' What should I do to fix this? So, Since there is no option to attach files in 'basic reply', I had to edit my post in full editor to find a chance to attach the files to this post?
 
 
 
 
 
 
 
Thirdly:  What difference is there between 'FRST' and 'AdwCleaner'?
 
Fourthly: Should I be going ahead to be running the AdwCleaner tool after FRST didn't find anything?
 
Fifthly:  I tried running the AdwCleanr. Now, whenever running the  AdwCleaner 5.0.3.6 as admin, then I see 'Database corrupted. Please uninstalled AdwCleaner and download it again', although when I clicked on 'scan' button in that AdwCleaner, then I found "loading database' is in progress so far. But  I don't know why I have been faced with that error 'Database corrupted. Please uninstalled AdwCleaner and download it again'
 
"AdvancedSetup" told me that  "Basically ignore it, go find the download and run it.",  and he sent me a link below, but that link is not dedicated only for the error "Database corrupted. Please uninstalled AdwCleaner and download it again''. So, I have not found any troubleshooting for this error in this link below
 
 
 
I really uninstalled the AdwCleaner, and downloaded another download, but the same error appeared again. Although I run AdwarCleaner, and exited the error popup(window), and then clicked on 'Scan', however, found 'loading database' has been in progress, but it wasn't progressing quickly. So, I had to close the AdwCleanr since I thought due to that error ' "Database corrupted', the loading database didn't finish.AdvancedSetup, on 27 Feb 2016 - 02:49 AM, said:

 


 

Addition.txt

FRST.txt

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Not sure if the fixlist.txt file was removed or never uploaded but since that was back in 2014 is has no bearing to anything that would be going on today with your computer if anything.

FRST is a diagnostic tool
AdwCleaner is a tool designed to remove specific threats in a semi automated fashion

One should not be trying to comparing FRST and AdwCleaner as they are different tools with different goals.

The corruption error is only because of how Microsoft has changed the trusting of downloaded files based on certificates.

Effective January 1, 2016, Windows (version 7 and higher) and Windows Server will no longer trust new code that is signed with a SHA-1 code signing certificate for Mark-of-the-Web

http://blogs.msdn.com/b/ieinternals/archive/2011/03/23/understanding-local-machine-zone-lockdown-restricted-this-webpage-from-running-scripts-or-activex-controls.aspx



You could have a slow connection or something else going on preventing updates for AdwCleaner but if the program opened then it's fine. If it was corrupted it would not open.

Basically probably very slow due to the region of the World you're in and it having to go out to another region of the World for updates. If using a VPN it too could be slowing it or your ISP could be throttling bandwidth for certain sites.


Please describe what issues you're computer is currently having as the original request for help is now very old.


Please enable show hidden files and then using Windows Explorer go into the following folder.

C:\Program Files (x86)\Malwarebytes Anti-Malware\Plugins

You should find a file named fixdamage.exe  Please right click over it and choose "Run as administrator"
Then restart the computer and attempt to run the following again.


Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.


  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07
button_eos.gif

Please go here to run the online antivirus scannner from ESET.


  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit


  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

 

 

Link to post
Share on other sites
cooperator

cooperator

Posted
  • Author
Posted (edited)

Thanks a lot,

Could you please go through my four points below, and reply to them?

 

My problem with my computer and systme  is that my computer system is very slow in response, and even when loading, it takes a long time to be settled , and even webpages sometiem get unrespoinnding, and sometimes takes a long time to be shown/ opened (in MS IE, FireFox, Google Chrome) while connected to internt to a braondband connection with a speed of 512Kbps.

 

1- I have not Yet proceeded with running fixdamage.exe since I noticed "Some user settings may be lost after applying this procedure. If you are not experiencing any broken or corrupt service issues with your system then please don't continue"

 

2- After I run the FRST(FRST and Addition files are attached) in your STEP 08, and I didn't find anything, then I run the AdwCleaner by following your STEP 05?

 

3- However, how to know FRST detected bad files and must be removed as long as there is no fixlist shown after finishing the FRST?

 

4- I have tried run AdCleaner as your STEP 05, This is the logfile of AdwCleaner.exe, however, there are no results in the 'service'

 
Since I you am not sure to what I keep and what I remove, I post the log for review. (Are all items found  adware/spyware/foistware?)
 
# AdwCleaner v5.036 - Logfile created 27/02/2016 at 13:35:48
# Updated 22/02/2016 by Xplode
# Database : 2016-02-27.1 [server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Mohammad - MOHAMMAD-PC
# Running from : D:\Users\Mohammad\Downloads\Programs\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files (x86)\eSupport.com
Folder Found : C:\Program Files (x86)\myfree codec
Folder Found : C:\Program Files (x86)\tencent
Folder Found : C:\Program Files (x86)\Common Files\Innovative Solutions
Folder Found : C:\ProgramData\Innovative Solutions
Folder Found : C:\ProgramData\tencent
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Folder Found : D:\Users\Aeidh\AppData\Local\Innovative Solutions
Folder Found : D:\Users\Aeidh\AppData\Roaming\tencent
Folder Found : D:\Users\Aeidh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tencent
Folder Found : D:\Users\Lardhi\AppData\Roaming\tencent
Folder Found : D:\Users\Mohammad\AppData\Local\DriverToolkit
Folder Found : D:\Users\Mohammad\AppData\Local\eSupport.com
Folder Found : D:\Users\Mohammad\AppData\Local\Innovative Solutions
Folder Found : D:\Users\Mohammad\AppData\Roaming\tencent
Folder Found : D:\Users\Mohammad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tencent
 
***** [ Files ] *****
 
File Found : D:\Users\Aeidh\AppData\Roaming\Mozilla\Firefox\Profiles\2wb7y8w7.default\searchplugins\safesearch.xml
File Found : D:\Users\Lardhi\AppData\Roaming\Mozilla\Firefox\Profiles\9ex2dkrv.default\searchplugins\safesearch.xml
File Found : D:\Users\Mohammad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QQPlayer.lnk
File Found : D:\Users\Mohammad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\QQPlayer.lnk
File Found : D:\Users\Mohammad\AppData\Roaming\Mozilla\Firefox\Profiles\04uig4hm.default\searchplugins\safesearch.xml
File Found : D:\Users\Mohammad\Desktop\QQPlayer.lnk
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
Task Found : update-S-1-5-21-3353856634-2765868531-2667151896-1044
Task Found : update-sys
Task Found : update-S-1-5-21-3353856634-2765868531-2667151896-1044
Task Found : update-sys
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\Record\{37AC0F3B-749F-3B22-811B-5A019EED2E85}
Key Found : HKLM\SOFTWARE\Classes\Record\{66DF7821-ED6D-3534-893C-0E89E74B0F91}
Key Found : HKLM\SOFTWARE\Classes\Record\{755CAFCC-F016-3B06-8F22-945EAA3AD10D}
Key Found : HKLM\SOFTWARE\Classes\Record\{903F9872-E87F-3B74-83B0-DBE10073B29D}
Key Found : HKLM\SOFTWARE\Classes\Record\{4392A6CC-7940-310E-8E16-799A8D93A438}
Key Found : HKLM\SOFTWARE\Classes\Record\{05660A04-00F1-3A04-AB3B-BC1074B84D67}
Key Found : HKLM\SOFTWARE\Classes\Record\{9558EEB4-CDA6-3778-B53B-98076F0A1E90}
Key Found : HKLM\SOFTWARE\Classes\Record\{76552F88-640C-314D-82B6-0D8A740907F7}
Key Found : HKLM\SOFTWARE\Classes\Record\{B25AA9BA-FD52-3E5E-BFE3-9B106779DA6E}
Key Found : HKLM\SOFTWARE\Classes\Record\{C852CF9F-37DC-35AC-926A-7E6CFFF7C501}
Key Found : HKLM\SOFTWARE\Classes\Record\{C9777796-4378-3C90-B52D-7238FFFC2A5C}
Key Found : HKLM\SOFTWARE\Classes\Record\{DB1BC8B2-FDBF-30E7-BE1C-AFF9160059E6}
Key Found : HKLM\SOFTWARE\Classes\Record\{F3D5729C-7DEB-3850-A026-D0E323ECFEF5}
Key Found : HKLM\SOFTWARE\Classes\Record\{FEC70973-CB8B-351C-8047-CAE1274CE249}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\QQPlayer
 
***** [ Web browsers ] *****
 
[D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Found : nortonsafe.search.ask.com
[D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Found : aol.com
[D:\Users\Mohammad\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Found : ask.com
[D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Found : aol.com
[D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Found : ask.com
[D:\Users\Lardhi\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Found : nortonsafe.search.ask.com
[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Found : aol.com
[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Found : ask.com
[D:\Users\Aeidh\AppData\Local\Google\Chrome\User Data\Default\Web data] [search Provider] Found : ask
 
*************************
 
D:\AdwCleaner\AdwCleaner[s3].txt - [5001 bytes] - [27/02/2016 13:35:48]
 
########## EOF - D:\AdwCleaner\AdwCleaner[s3].txt - [5074 bytes] ##########
 

5- you don't think I can also follow the other steps (Run  fixdamage.exe , STEP 04, STEP 06, STEP 07),  you mentioned.

FRST.txt

Addition.txt

Edited by cooperator
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

My suggestion is to run the tools in the order I've suggested. Then reboot. Then remove what AdwCleaner finds. Rarely is it wrong 99.99% of the time if it finds it then it is a threat or potential threat.

 

After you've removed the junk and restarted then run a new FRST and attach both new logs again.

 

Thank you

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.