every click a new window opens

Soudager · #1 April 20th, 2018, 04:16 PM

With every click a new window opens to an ad or a website.

Help me

olgun52 · #2 April 20th, 2018, 07:16 PM

Hello Soudager and Welcome to the CyberTechHelp Forums.

.
I will be helping you fixing your problems.

Please take note of some guidelines for this fix:

1- My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Keep your sentences short. Thanks for your understanding.
2- Perform everything in the correct order. Sometimes one step requires the previous one.
3- Please open as administrator the computer. How is open as administrator the computer?
4- Disable your AntiVirus and AntiSpyware applications, as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to get help here
How to disable your security applications.
5- To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"
6- Back up all your private data / important files on another (external) drive before using our tools (if possible).
7- Please subscribe to this thread if you have not done so already, and please don't do any other scans on your own and don't install or remove software.
8- Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal.

Thanks

************************************************** *******************************************
Let's check.

I would like you to do the following

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Have a nice day.

Soudager · #3 April 26th, 2018, 03:12 AM

Bleeping computers link is not working.

olgun52 · #4 April 26th, 2018, 08:08 PM

I checked it and it working. Probably about the problems in your system.

Please try from this link again.
https://support.malwarebytes.com/docs/DOC-1318

______________________________________________

If you still fail, run Malwarebytes Chameleon. And please post the log.
https://www.malwarebytes.com/chameleon/

Good day.

Soudager · #5 April 27th, 2018, 03:43 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25.04.2018
Ran by Soudager (27-04-2018 08:10:48)
Running from C:\Users\Soudager\Desktop
Windows 7 Ultimate (X64) (2012-08-10 02:17:08)
Boot Mode: Normal
================================================== ========

==================== Accounts: =============================

Administrator (S-1-5-21-2206348904-1594328239-1632451933-500 - Administrator - Disabled)
Guest (S-1-5-21-2206348904-1594328239-1632451933-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2206348904-1594328239-1632451933-1006 - Limited - Enabled)
Soudager (S-1-5-21-2206348904-1594328239-1632451933-1001 - Administrator - Enabled) => C:\Users\Soudager

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Flash Player 29 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 29.0.0.140 - Adobe Systems Incorporated)
AlMisbah (HKLM-x32\...\ST6UNST #1) (Version: - )
Avant Browser (remove only) (HKLM-x32\...\AvantBrowser) (Version: 12.5.0.0 - Avant Force)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.77.3 - Broadcom Corporation)
Chromium (HKU\S-1-5-21-2206348904-1594328239-1632451933-1001\...\Chromium) (Version: 63.0.3215.0 - Chromium)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
DefaultTab (HKLM-x32\...\DefaultTab) (Version: 2.2.3.0 - Search Results, LLC) <==== ATTENTION
Flash Movie Player 1.5 (HKLM-x32\...\Flash Movie Player) (Version: 1.5 - Eolsoft)
Google Chrome (HKU\S-1-5-21-2206348904-1594328239-1632451933-1001\...\Google Chrome) (Version: 66.0.3359.117 - Google Inc.)
HP LaserJet 1020 Series (HKLM\...\HP LaserJet 1020 Series) (Version: - )
I Love Science! (HKLM-x32\...\{081AE8FA-BCCE-466A-AFBE-7C6DA5D2546D}) (Version: 1.2.1.0 - )
K-Lite Codec Pack 9.2.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.2.0 - )
LightScribe System Software (HKLM-x32\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.717.1 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVC80_x64_v2 (HKLM\...\{4D668D4F-FAA2-4726-834C-31F4614F312E}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (HKLM-x32\...\{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (HKLM\...\{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}) (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (HKLM-x32\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Orbit Downloader (HKLM-x32\...\Orbit_is1) (Version: - www.orbitdownloader.com)
PDF Reader for Windows 7 (HKLM\...\PDF Reader for Windows_is1) (Version: - PDFLogic Corporation)
PlurPush (HKLM\...\PlurPush) (Version: 2014.04.04.232421 - PlurPush) <==== ATTENTION
Power Audio Cutter 3.5 (HKLM-x32\...\{405101E1-CE25-42C7-BA40-9CF831839125}_is1) (Version: - AML SOFT, Inc.)
RealDownloader (HKLM-x32\...\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}) (Version: 1.3.1 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
REALTEK Wireless LAN Software (HKLM-x32\...\{901F0D4C-009D-1112-8DE4-03599E7B0C5C}) (Version: 1.00.10.0329 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Search the Web (Yahoo) (HKU\S-1-5-21-2206348904-1594328239-1632451933-1001\...\{AD6A45AA-FDEA-942A-4C6A-E4AA9CEA372A}) (Version: - ) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype version 8.19 (HKLM-x32\...\Skype_is1) (Version: 8.19 - Skype Technologies S.A.)
Unity Web Player (HKU\S-1-5-21-2206348904-1594328239-1632451933-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
VLC media player 1.1.10 (HKLM-x32\...\VLC media player) (Version: 1.1.10 - VideoLAN)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 6.38 - NCH Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2206348904-1594328239-1632451933-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Soudager\AppData\Local\Google\Update\1.3. 33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2206348904-1594328239-1632451933-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Soudager\AppData\Local\Google\Update\1.3. 23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2206348904-1594328239-1632451933-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Soudager\AppData\Local\Google\Update\1.3. 30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2206348904-1594328239-1632451933-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Soudager\AppData\Local\Google\Update\1.3. 31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2206348904-1594328239-1632451933-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Soudager\AppData\Local\Google\Update\1.3. 29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2206348904-1594328239-1632451933-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Soudager\AppData\Local\Google\Update\1.3. 33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2206348904-1594328239-1632451933-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Soudager\AppData\Local\Google\Update\1.3. 32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2206348904-1594328239-1632451933-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Soudager\AppData\Local\Google\Update\1.3. 33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2206348904-1594328239-1632451933-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Soudager\AppData\Local\Google\Update\1.3. 24.7\psuser_64.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {197FEB8D-430B-47A1-97DA-12C55287EA2F} - System32\Tasks\{63FB3DC1-CC40-4256-9CC7-1C7BA46658F7} => "c:\users\soudager\appdata\local\google\chrome\app lication\chrome.exe" hxxp://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {2ADB6796-2C0C-4FB7-97D1-FE6EC206DABD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2206348904-1594328239-1632451933-1001UA => C:\Users\Soudager\AppData\Local\Google\Update\Goog leUpdate.exe [2016-02-22] (Google Inc.)
Task: {30308459-51B3-46EC-BB1D-CD473632F32E} - System32\Tasks\DefaultReg => c:\Users\All Users\dtdata\R001.exe [2016-02-25] () <==== ATTENTION
Task: {3A3471E2-624A-4DF1-AAFC-898BFBF568D3} - System32\Tasks\DefaultCheck => c:\Users\All Users\dtdata\R002.exe [2016-02-25] () <==== ATTENTION
Task: {419F8384-80EC-4BAB-98AE-2DDA0D90E1DB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {551C463B-2234-40D8-9AF8-BAA904333C95} - System32\Tasks\{7BB93B60-FADC-4EDC-8E0A-C926E9E84C76} => C:\Windows\system32\pcalua.exe -a E:\AlMisbahSetup.exe -d E:\
Task: {65B521D4-2351-4FE8-9849-E33E596ED105} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2206348904-1594328239-1632451933-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {66DBD802-06FE-4A98-8468-034D148DE4CC} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {68E9F5D3-1800-49D8-BE07-ED5496AA1EE5} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2206348904-1594328239-1632451933-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {8C45F914-2F22-43F0-BB3A-E637E1B28A61} - System32\Tasks\RealDownloaderDownloaderScheduledTa skS-1-5-21-2206348904-1594328239-1632451933-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager .exe [2013-03-06] (RealNetworks, Inc.)
Task: {92574F42-6F98-4D1E-AED8-CD19A4416C45} - System32\Tasks\{4BD051DB-C998-450B-A3AB-D283CD746ABB} => C:\Windows\system32\pcalua.exe -a "F:\Support Setup\setup.exe" -d "F:\Support Setup"
Task: {AE72175B-C545-4E5A-A54A-04E08FCB0EF9} - System32\Tasks\RealDownloaderRealUpgradeScheduledT askS-1-5-21-2206348904-1594328239-1632451933-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {B017621B-8683-4054-9ACE-7D8CA14D68F7} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2206348904-1594328239-1632451933-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {C770CEBB-921B-4203-93B8-6FDE716A9885} - System32\Tasks\{41DE393B-197C-B50E-1B58-72359101EBC9} => C:\Users\Soudager\AppData\Local\{E080D~1\UNINST~1. EXE [2013-04-22] () <==== ATTENTION
Task: {D1952021-CF53-406B-9266-BD9466D78CFD} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2206348904-1594328239-1632451933-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {D3D95137-40A0-44B1-B5BE-B23528368D2C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2206348904-1594328239-1632451933-1001Core => C:\Users\Soudager\AppData\Local\Google\Update\Goog leUpdate.exe [2016-02-22] (Google Inc.)
Task: {E428FF64-8BC7-44EA-B6BA-A69FC865551A} - System32\Tasks\{F1A74C92-ACC5-424F-87AF-F2B83BCD0107} => C:\Windows\system32\pcalua.exe -a C:\Users\Soudager\Downloads\sp51604.exe -d C:\Users\Soudager\Desktop
Task: {EBE3230E-CFF6-4EB3-B59B-D5B39922D032} - System32\Tasks\{4D71AD05-713E-250A-0318-221077F30F98}\synhelper => C:\Users\Soudager\AppData\Local\hodor\SYNHEL~1.EXE [2013-05-04] ()
Task: {FB73A0F8-E2A9-4EDA-84A8-EADB9524DA1A} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2206348904-1594328239-1632451933-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\{41DE393B-197C-B50E-1B58-72359101EBC9}.job => C:\Users\Soudager\AppData\Local\{E080D~1\UNINST~1. EXE <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Soudager\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm

ShortcutWithArgument: C:\Users\Soudager\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Chromium Apps\Polycraft.lnk -> C:\Users\Soudager\AppData\Local\Chromium\Applicati on\chrome.exe (The Chromium Authors) -> --profile-directory=Default --app-id=eopfmbpfhhfnklgmjpoehcjaajhpbhbl
ShortcutWithArgument: C:\Users\Soudager\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Chromium Apps\WeatherBug.lnk -> C:\Users\Soudager\AppData\Local\Chromium\Applicati on\chrome.exe (The Chromium Authors) -> --profile-directory=Default --app-id=njkkjobcechefaoknodniidfjapgfoco
ShortcutWithArgument: C:\Users\Soudager\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Chromium Apps\WorkFlowy.lnk -> C:\Users\Soudager\AppData\Local\Chromium\Applicati on\chrome.exe (The Chromium Authors) -> --profile-directory=Default --app-id=koegeopamaoljbmhnfjbclbocehhgmkm

==================== Loaded Modules (Whitelisted) ==============

2012-10-28 13:37 - 2010-05-13 23:48 - 000192512 _____ () C:\Windows\System32\zlhp1020.dll
2012-10-28 14:02 - 2010-05-13 23:48 - 000065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\pphp1020.dl l
2014-04-07 18:24 - 2014-04-07 18:24 - 000107520 _____ () C:\Users\Soudager\AppData\Roaming\DefaultTab\Defau ltTab\DTUpdate.exe
2013-03-06 02:21 - 2013-03-06 02:21 - 000039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc. exe
2011-03-04 12:02 - 2011-03-04 12:02 - 002121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2011-03-04 12:02 - 2011-03-04 12:02 - 007745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2011-03-04 12:02 - 2011-03-04 12:02 - 000135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2018-04-07 15:05 - 2018-04-09 16:30 - 001782904 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
2018-04-14 16:10 - 2018-04-09 16:30 - 000097224 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\k eytar\build\Release\keytar.node
2018-04-14 16:10 - 2018-04-09 16:30 - 000216520 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\e lectron-ssid\build\Release\electron-ssid.node
2018-04-14 16:10 - 2018-04-09 16:30 - 000409544 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\@ paulcbetts\spellchecker\build\Release\spellchecker .node
2018-04-14 16:10 - 2018-04-09 16:30 - 000138688 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\k eyboard-layout\build\Release\keyboard-layout-manager.node
2018-04-14 16:10 - 2018-04-09 16:30 - 002230720 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\s limcore\bin\skypert.dll
2018-04-09 11:31 - 2017-09-14 05:26 - 002012672 _____ () C:\Users\Soudager\AppData\Local\Chromium\Applicati on\63.0.3215.0\swiftshader\libglesv2.dll
2018-04-09 11:31 - 2017-09-14 05:26 - 000107520 _____ () C:\Users\Soudager\AppData\Local\Chromium\Applicati on\63.0.3215.0\swiftshader\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 08:04 - 2018-04-01 11:38 - 000000855 ____N C:\Windows\system32\Drivers\etc\hosts

0.0.0.1 mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2206348904-1594328239-1632451933-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Soudager\AppData\Roaming\Microsoft\Window s\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{F2B2F79D-2DEE-4CEE-989B-15603C9526FB}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [UDP Query User{4BFDF966-E0C6-44C1-B816-B05037647F70}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [TCP Query User{984511F5-B3D7-430E-B41E-0E319A020D10}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{0CBFB6BC-B162-4C13-96FD-4BF8CBDF715D}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{7428BF5A-E6C5-4D75-9190-8CB98E0552C3}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [UDP Query User{ADCCC170-D552-4604-BA01-90726CBEC015}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [TCP Query User{A1492B7D-84DE-479B-97CB-E4D14DDB0B51}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{A01FEE62-5B0B-41B5-B8C1-3854C9EE0840}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{CB789270-0C96-48C7-8AAF-1D7ECEDB961B}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{40B5F6ED-00B0-4A55-BA4B-CE63B74B21AC}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [{80B432C0-EA96-4D11-89AC-D1739DA8F6BD}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{04A5EB7F-9916-4EB2-8DBC-5BDF702A0597}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Orbitdownloader\orbitdm.exe] => Enabled:Orbit
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Orbitdownloader\orbitnet.exe] => Enabled:Orbit

==================== Restore Points =========================

26-04-2018 17:37:35 Removed PC Connectivity Solution

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/27/2018 08:03:36 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (04/27/2018 08:03:36 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (04/27/2018 07:59:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x52b3b87c
Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x52b3b87c
Exception code: 0xc0000005
Fault offset: 0x00002c80
Faulting process id: 0x4f8
Faulting application start time: 0x01d3ddcf906a734e
Faulting application path: C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
Faulting module path: C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
Report Id: cf507ba6-49c2-11e8-b636-70f395583f2d

Error: (04/26/2018 05:37:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Symantec Eraser Control driver.

System Error:
The system cannot find the file specified.
.

Error: (04/26/2018 05:03:17 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Soudager-PC)
Description: Application or service 'Internet Pass-Through Service' could not be restarted.

Error: (04/26/2018 04:49:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: _is9B47.exe, version: 12.0.0.58849, time stamp: 0x45b1a378
Faulting module name: ISSetup.dll, version: 12.0.0.58849, time stamp: 0x45b1a314
Exception code: 0xc0000005
Fault offset: 0x0009522f
Faulting process id: 0x1470
Faulting application start time: 0x01d3dd5076d870dc
Faulting application path: C:\Users\Soudager\AppData\Local\Temp\_is9B47.exe
Faulting module path: C:\Users\Soudager\AppData\Local\Temp\{235279F0-8125-4527-943A-4F5A063AF5B9}\ISSetup.dll
Report Id: b96262b2-4943-11e8-b651-70f395583f2d

Error: (04/26/2018 03:17:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: R002.exe, version: 0.0.0.0, time stamp: 0x2a425e19
Faulting module name: KERNELBASE.dll, version: 6.1.7600.17206, time stamp: 0x50e6605e
Exception code: 0x0eedfade
Fault offset: 0x0000c41f
Faulting process id: 0x12a4
Faulting application start time: 0x01d3dd4386c25520
Faulting application path: c:\Users\All Users\dtdata\R002.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: c722810a-4936-11e8-b651-70f395583f2d

Error: (04/26/2018 02:40:43 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

System errors:
=============
Error: (04/27/2018 08:07:06 AM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: The DHCP allocator has disabled itself on IP address 192.168.43.218, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.

Error: (04/27/2018 07:59:34 AM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: The DHCP allocator has disabled itself on IP address 192.168.43.218, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.

Error: (04/27/2018 07:59:34 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.

Error: (04/27/2018 07:59:34 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Error: (04/27/2018 07:59:31 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Error: (04/27/2018 07:59:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s).

Error: (04/26/2018 06:05:13 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: The DHCP allocator has disabled itself on IP address 192.168.43.150, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.

Error: (04/26/2018 06:05:11 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T6570 @ 2.10GHz
Percentage of memory in use: 73%
Total physical RAM: 1976.27 MB
Available physical RAM: 531.84 MB
Total Virtual: 3952.53 MB
Available Virtual: 2504.44 MB

==================== Drives ================================

Drive c: (F) (Fixed) (Total:58.59 GB) (Free:7.42 GB) NTFS
Drive e: () (Fixed) (Total:58.59 GB) (Free:10.79 GB) NTFS
Drive g: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.02 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 02DAA665)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=58.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=58.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=58.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Soudager · #6 April 27th, 2018, 03:44 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25.04.2018
Ran by Soudager (administrator) on SOUDAGER-PC (27-04-2018 08:08:53)
Running from C:\Users\Soudager\Desktop
Loaded Profiles: Soudager (Available Profiles: Soudager & Guest)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Users\Soudager\AppData\Roaming\DefaultTab\Defau ltTab\DTUpdate.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc. exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(The Chromium Authors) C:\Users\Soudager\AppData\Local\Chromium\Applicati on\chrome.exe
(The Chromium Authors) C:\Users\Soudager\AppData\Local\Chromium\Applicati on\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(The Chromium Authors) C:\Users\Soudager\AppData\Local\Chromium\Applicati on\chrome.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(The Chromium Authors) C:\Users\Soudager\AppData\Local\Chromium\Applicati on\chrome.exe
(The Chromium Authors) C:\Users\Soudager\AppData\Local\Chromium\Applicati on\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(The Chromium Authors) C:\Users\Soudager\AppData\Local\Chromium\Applicati on\chrome.exe
(The Chromium Authors) C:\Users\Soudager\AppData\Local\Chromium\Applicati on\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-05-19] (RealNetworks, Inc.)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe***************** ************************************************** ************
HKU\S-1-5-21-2206348904-1594328239-1632451933-1001\...\Run: [Google Update] => C:\Users\Soudager\AppData\Local\Google\Update\1.3. 33.7\GoogleUpdateCore.exe [601680 2018-01-18] (Google Inc.)
HKU\S-1-5-21-2206348904-1594328239-1632451933-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
HKU\S-1-5-21-2206348904-1594328239-1632451933-1001\...\Run: [GoogleChromeAutoLaunch_432966B364D9CDF7B766E4328C1 F0DA6] => C:\Users\Soudager\AppData\Local\Chromium\Applicati on\chrome.exe [3874304 2017-09-14] (The Chromium Authors)
HKU\S-1-5-21-2206348904-1594328239-1632451933-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [50097088 2018-04-09] (Skype Technologies S.A.)
HKU\S-1-5-21-2206348904-1594328239-1632451933-1001\...\RunOnce: [Fefad] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Soudager\AppData\Local\hodor\Supaca. dat"
HKU\S-1-5-21-2206348904-1594328239-1632451933-1001\...\MountPoints2: {40d39454-0476-11e2-b686-70f395583f2d} - H:\Setup.exe /Auto
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\Users\Soudager\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2018-04-12]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{320D0C63-2A6A-45BA-B259-A6165598D4A2}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{3C33AF02-93AD-47CF-AE2B-44654FD6C722}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{642D3A2F-FBE8-43B1-AC10-8045A042ED79}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{915F876E-C0B4-4151-9BD9-57BF24E8AB63}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{C5E3EAA4-55F2-4043-AC1E-CDD722DAEA2D}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1Qzuy BtD0FtAzyyDyDzztA0FtB0DyDyEyDyEtN0D0Tzu0CtBzyyCtN1 L2XzutBtFtBtFtDtFtAyEyE&cr=2136011712
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1Qzuy BtD0FtAzyyDyDzztA0FtB0DyDyEyDyEtN0D0Tzu0CtBzyyCtN1 L2XzutBtFtBtFtDtFtAyEyE&cr=2136011712
HKU\S-1-5-21-2206348904-1594328239-1632451933-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://in.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_21_orgnl&param1=1&param2=f%3D1%2 6b%3DIE%26cc%3Din%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L 1QzuyBtD0FtAzyyDyDzztA0FtB0DyDyEyDyEtN0D0Tzu0StCyC tDyCtN1L2XzutAtFtBtCtFtCtFtDtN1L1Czu1M1Q1CtByEtFtC tFtDtN1L1G1B1V1N2Y1L1Qzu2StD0D0AtAtC0AyDzztGtD0Azy yDtG0A0D0AtBtGtCyC0FtAtGtDtAzy0AtAtCyC0E0B0CtDyE2Q tN1M1F1B2Z1V1N2Y1L1Qzu2StB0F0BtC0C0BzyyCtG0AzztB0E tGyEyCtB0CtGzzyCyDyDtGyEzyyC0B0A0FzyyCtByDtBzz2QtN 0A0LzuyE%26cr%3D938657691%26a%3Dhdr_s_16_21_orgnl% 26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKU\S-1-5-21-2206348904-1594328239-1632451933-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://in.msn.com/?rd=1&ucc=IN&dcc=IN&opt=0&ocid=iehp&tc=2
SearchScopes: HKLM -> DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&chnl=do wnload&cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDzztA0FtB0D yDyEyDyEtN0D0Tzu0CtBzyyCtN1L2XzutBtFtBtFtDtFtAyEyE &cr=2136011712
SearchScopes: HKLM -> {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&chnl=do wnload&cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDzztA0FtB0D yDyEyDyEtN0D0Tzu0CtBzyyCtN1L2XzutBtFtBtFtDtFtAyEyE &cr=2136011712
SearchScopes: HKLM-x32 -> DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&chnl=do wnload&cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDzztA0FtB0D yDyEyDyEtN0D0Tzu0CtBzyyCtN1L2XzutBtFtBtFtDtFtAyEyE &cr=2136011712
SearchScopes: HKLM-x32 -> {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&chnl=do wnload&cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDzztA0FtB0D yDyEyDyEtN0D0Tzu0CtBzyyCtN1L2XzutBtFtBtFtDtFtAyEyE &cr=2136011712
SearchScopes: HKU\S-1-5-21-2206348904-1594328239-1632451933-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_21_orgnl&param1=1&param2=f%3D4%2 6b%3DIE%26cc%3Din%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L 1QzuyBtD0FtAzyyDyDzztA0FtB0DyDyEyDyEtN0D0Tzu0StCyC tDyCtN1L2XzutAtFtBtCtFtCtFtDtN1L1Czu1M1Q1CtByEtFtC tFtDtN1L1G1B1V1N2Y1L1Qzu2StD0D0AtAtC0AyDzztGtD0Azy yDtG0A0D0AtBtGtCyC0FtAtGtDtAzy0AtAtCyC0E0B0CtDyE2Q tN1M1F1B2Z1V1N2Y1L1Qzu2StB0F0BtC0C0BzyyCtG0AzztB0E tGyEyCtB0CtGzzyCyDyDtGyEzyyC0B0A0FzyyCtByDtBzz2QtN 0A0LzuyE%26cr%3D938657691%26a%3Dhdr_s_16_21_orgnl% 26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={se archTerms}
SearchScopes: HKU\S-1-5-21-2206348904-1594328239-1632451933-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-2206348904-1594328239-1632451933-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_21_orgnl&param1=1&param2=f%3D4%2 6b%3DIE%26cc%3Din%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L 1QzuyBtD0FtAzyyDyDzztA0FtB0DyDyEyDyEtN0D0Tzu0StCyC tDyCtN1L2XzutAtFtBtCtFtCtFtDtN1L1Czu1M1Q1CtByEtFtC tFtDtN1L1G1B1V1N2Y1L1Qzu2StD0D0AtAtC0AyDzztGtD0Azy yDtG0A0D0AtBtGtCyC0FtAtGtDtAzy0AtAtCyC0E0B0CtDyE2Q tN1M1F1B2Z1V1N2Y1L1Qzu2StB0F0BtC0C0BzyyCtG0AzztB0E tGyEyCtB0CtGzzyCyDyDtGyEzyyC0B0A0FzyyCtByDtBzz2QtN 0A0LzuyE%26cr%3D938657691%26a%3Dhdr_s_16_21_orgnl% 26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={se archTerms}
SearchScopes: HKU\S-1-5-21-2206348904-1594328239-1632451933-1001 -> {0BC1E2BB-709B-49F0-8E3D-299FDF3906F7} URL = hxxp://www.mysearchresults.com/search?c=8004&t=11&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2206348904-1594328239-1632451933-1001 -> {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&chnl=do wnload&cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDzztA0FtB0D yDyEyDyEtN0D0Tzu0CtBzyyCtN1L2XzutBtFtBtFtDtFtAyEyE &cr=2136011712
BHO-x32: Octh Class -> {000123B4-9B42-4900-B3F7-F4B073EFC214} -> C:\Program Files (x86)\Orbitdownloader\orbitcth.dll [2012-09-14] (Orbitdownloader.com)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\IE\rndlbrowserrecordplugin.dll [2013-03-06] (RealDownloader)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: DefaultTab Browser Helper -> {7F6AFBF1-E065-4627-A2FD-810366367D01} -> C:\Users\Soudager\AppData\Roaming\DefaultTab\Defau ltTab\DefaultTabBHO.dll => No File
BHO-x32: PlurPush -> {82249076-d5c8-431d-982b-023779779587} -> C:\Program Files (x86)\PlurPush\PlurPushbho.dll => No File
Toolbar: HKLM-x32 - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll [2012-09-14] ()
Toolbar: HKU\S-1-5-21-2206348904-1594328239-1632451933-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-2206348904-1594328239-1632451933-1001 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File

FireFox:
========
FF ProfilePath: C:\Users\Soudager\AppData\Roaming\Mozilla\Firefox\ Profiles\nawte7v5.default [2018-04-26]
FF user.js: detected! => C:\Users\Soudager\AppData\Roaming\Mozilla\Firefox\ Profiles\nawte7v5.default\user.js [2016-02-22]
FF Homepage: Mozilla\Firefox\Profiles\nawte7v5.default -> hxxps://in.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_21_orgnl&param1=1&param2=f%3D1%2 6b%3DFirefox%26cc%3Din%26pa%3DHodor%26cd%3D2XzuyEt N2Y1L1QzuyBtD0FtAzyyDyDzztA0FtB0DyDyEyDyEtN0D0Tzu0 StCyCtDyCtN1L2XzutAtFtBtCtFtCtFtDtN1L1Czu1M1Q1CtBy EtFtCtFtDtN1L1G1B1V1N2Y1L1Qzu2StD0D0AtAtC0AyDzztGt D0AzyyDtG0A0D0AtBtGtCyC0FtAtGtDtAzy0AtAtCyC0E0B0Ct DyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0F0BtC0C0BzyyCtG0Az ztB0EtGyEyCtB0CtGzzyCyDyDtGyEzyyC0B0A0FzyyCtByDtBz z2QtN0A0LzuyE%26cr%3D938657691%26a%3Dhdr_s_16_21_o rgnl%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
FF Extension: (PlurPush 1.0.1) - C:\Users\Soudager\AppData\Roaming\Mozilla\Firefox\ Profiles\nawte7v5.default\Extensions\{9423905d-837c-4154-83f1-09bc74b40af1}.xpi [2016-02-22] [Legacy] [not signed]
FF SearchPlugin: C:\Users\Soudager\AppData\Roaming\Mozilla\Firefox\ Profiles\nawte7v5.default\searchplugins\Search Provided by Yahoo.xml [2016-05-25]
FF HKLM-x32\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\Firefox\Ext [2013-05-19] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\Firefox\Ext
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @real.com/nppl3260;version=16.0.1.18 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2013-05-19] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\MozillaPlugins\nprndlchromebrowserrecordex t.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\MozillaPlugins\nprndlpepperflashvideoshim. dll [2013-03-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.1.18 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2013-05-19] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\npdlplugin.dll [2013-03-06] (RealDownloader)
FF Plugin HKU\S-1-5-21-2206348904-1594328239-1632451933-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Soudager\AppData\Local\Google\Update\1.3. 33.7\npGoogleUpdate3.dll [2018-01-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-2206348904-1594328239-1632451933-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Soudager\AppData\Local\Google\Update\1.3. 33.7\npGoogleUpdate3.dll [2018-01-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-2206348904-1594328239-1632451933-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Soudager\AppData\LocalLow\Unity\WebPlayer \loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1Qzuy BtD0FtAzyyDyDzztA0FtB0DyDyEyDyEtN0D0Tzu0CtBzyyCtN1 L2XzutBtFtBtFtDtFtAyEyE&cr=2136011712
CHR StartupUrls: Default -> "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1Qzuy BtD0FtAzyyDyDzztA0FtB0DyDyEyDyEtN0D0Tzu0CtBzyyCtN1 L2XzutBtFtBtFtDtFtAyEyE&cr=2136011712"
CHR NewTab: Default -> Not-active:"chrome-extension://jifpmgjhiagbmhjdefllbmdjcaidnlpd/productnewtab.html"
CHR Profile: C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default [2018-04-26]
CHR Extension: (Hermes Tab) - C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehlceeijggpdgfcefmipcmdeli ckjgfg [2018-04-15]
CHR Extension: (RealDownloader) - C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjb npdiji [2013-05-19]
CHR Extension: (Seen On Screen) - C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd [2018-04-20]
CHR Extension: (Skype) - C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfg npldfl [2018-01-17]
CHR Extension: (PlurPush) - C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhjhhhoiplfiaklkaemnabohib heahhb [2016-02-24] [UpdateUrl: hxxp://wwwplurpushnet-a.akamaihd.net/update/chrome] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2018-04-07]
CHR Extension: (Chrome Media Router) - C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2018-04-26]
CHR Extension: (Extutil) - C:\Users\Soudager\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-04-08]
CHR Extension: (Managera) - C:\Users\Soudager\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-04-08]
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Soudager\AppData\Local\funmoods.crx [2012-10-22]
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Soudager\AppData\Local\funmoods-speeddial_sf.crx [2012-10-22]
CHR HKU\S-1-5-21-2206348904-1594328239-1632451933-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\ Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Soudager\AppData\Local\funmoods.crx [2012-10-22]
CHR HKU\S-1-5-21-2206348904-1594328239-1632451933-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\ Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Soudager\AppData\Local\funmoods-speeddial_sf.crx [2012-10-22]
CHR HKU\S-1-5-21-2206348904-1594328239-1632451933-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\ Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2206348904-1594328239-1632451933-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\ Extension: [kofkpgiaknijknhajbhnghkodiccblkg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Soudager\AppData\Local\funmoods.crx [2012-10-22]
CHR HKLM-x32\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Soudager\AppData\Local\funmoods-speeddial_sf.crx [2012-10-22]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\Chrome\Ext\realdownloader.crx [2013-03-06]
CHR HKLM-x32\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files (x86)\DefaultTab\DefaultTab.crx [2013-02-12]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_ extension.crx [2014-04-11]
StartMenuInternet: Google Chrome.JSZ574JC4YWDHUMOIZD2Y42T44 - C:\Users\Soudager\AppData\Local\Google\Chrome\Appl ication\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 DefaultTabSearch; C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [574464 2013-12-20] () [File not signed]
R2 DefaultTabUpdate; C:\Users\Soudager\AppData\Roaming\DefaultTab\Defau ltTab\DTUpdate.exe [107520 2014-04-07] ()
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.717\McCHSvc.exe [405392 2018-03-27] (McAfee, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc. exe [39056 2013-03-06] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 EraserUtilDrv11520; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11520.sys [X]
S3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.6.0.142\Definitions\VirusDe fs\20160422.033\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.6.0.142\Definitions\VirusDe fs\20160422.033\EX64.SYS [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-27 08:08 - 2018-04-27 08:10 - 000020337 _____ C:\Users\Soudager\Desktop\FRST.txt
2018-04-27 08:07 - 2018-04-27 08:08 - 000000000 ____D C:\FRST
2018-04-27 08:07 - 2018-04-27 08:07 - 002405888 _____ (Farbar) C:\Users\Soudager\Desktop\FRST64.exe
2018-04-27 08:00 - 2018-04-27 08:00 - 000003374 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgrad eScheduledTaskS-1-5-21-2206348904-1594328239-1632451933-1001
2018-04-27 08:00 - 2018-04-27 08:00 - 000003246 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgrad eLogonTaskS-1-5-21-2206348904-1594328239-1632451933-1001
2018-04-25 07:23 - 2018-04-26 07:02 - 000000000 ____D C:\Windows\System32\Tasks\Remediation
2018-04-24 07:22 - 2018-04-24 07:26 - 000000000 ____D C:\Users\Soudager\AppData\Local\Cobaro
2018-04-22 06:29 - 2018-04-26 06:38 - 000003352 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeSch eduledTaskS-1-5-21-2206348904-1594328239-1632451933-1001
2018-04-22 06:29 - 2018-04-26 06:38 - 000003224 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLog onTaskS-1-5-21-2206348904-1594328239-1632451933-1001
2018-04-20 17:43 - 2018-04-20 17:43 - 001498382 _____ C:\Users\Soudager\Desktop\Soudager MR - T05302 - Student Jayaraman Sivakumar Hindi Lessons Sign-in Sheet Mar-Apr 2018.pdf
2018-04-15 12:11 - 2018-04-24 07:25 - 000000000 ____D C:\Users\Soudager\AppData\Local\hodor
2018-04-15 12:11 - 2018-04-15 12:11 - 000000000 ____D C:\Windows\System32\Tasks\{4D71AD05-713E-250A-0318-221077F30F98}
2018-04-15 12:10 - 2018-04-24 07:26 - 000000000 ____D C:\Users\Soudager\AppData\Local\{743D4261-5095-2ED9-3D0D-0B311965F7A9}
2018-04-15 11:22 - 2018-04-15 12:11 - 000000000 ____D C:\Users\Soudager\AppData\Local\Nilorer
2018-04-14 16:10 - 2018-04-14 16:10 - 000001311 _____ C:\Users\Public\Desktop\Skype.lnk
2018-04-12 15:33 - 2018-04-12 15:36 - 000000000 ____D C:\Users\Soudager\Documents\OneNote Notebooks
2018-04-11 08:44 - 2018-04-11 08:44 - 000000000 ____D C:\Users\Soudager\New folder
2018-04-11 08:29 - 2018-04-11 08:59 - 000000000 ____D C:\Users\Soudager\Desktop\Movies
2018-04-11 06:13 - 2018-04-11 06:13 - 000610638 _____ C:\Users\Soudager\Desktop\EOCQ_ans_7.pdf
2018-04-11 06:13 - 2018-04-11 06:13 - 000553428 _____ C:\Users\Soudager\Desktop\EOCQ_ans_9.pdf
2018-04-11 06:13 - 2018-04-11 06:13 - 000460048 _____ C:\Users\Soudager\Desktop\EOCQ_ans_8.pdf
2018-04-09 13:26 - 2018-04-09 13:26 - 000000000 ____D C:\Users\Soudager\AppData\Roaming\Chromium
2018-04-09 11:07 - 2018-04-09 11:07 - 000060664 _____ C:\Users\Soudager\Downloads\Organized To do 2018 (1).xlsx
2018-04-08 10:56 - 2018-04-08 10:56 - 005348352 _____ C:\Users\Soudager\Desktop\Hajj-part 01.ppt
2018-04-07 15:05 - 2018-04-14 16:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-04-07 15:01 - 2018-04-07 15:04 - 060462288 _____ (Skype Technologies S.A.) C:\Users\Soudager\Downloads\Skype-8.18.0.6.exe
2018-04-01 11:38 - 2018-04-01 11:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2018-04-01 11:37 - 2018-04-01 11:37 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2018-03-29 19:27 - 2018-03-29 20:03 - 000000000 ____D C:\Users\Soudager\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Chromium Apps

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-04-27 08:07 - 2012-11-12 12:54 - 000000438 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2018-04-27 08:06 - 2009-07-14 10:15 - 000017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-27 08:06 - 2009-07-14 10:15 - 000017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-27 08:03 - 2009-07-14 10:43 - 000005168 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-27 07:59 - 2009-07-14 10:38 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-26 17:38 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\inf
2018-04-26 17:37 - 2013-06-23 01:59 - 000000000 ____D C:\ProgramData\Norton
2018-04-26 17:23 - 2016-05-25 19:23 - 000000282 _____ C:\Windows\Tasks\{41DE393B-197C-B50E-1B58-72359101EBC9}.job
2018-04-26 17:11 - 2012-08-18 12:02 - 000000000 ____D C:\Program Files (x86)\Nokia
2018-04-26 17:10 - 2012-08-18 12:07 - 000000000 ____D C:\Users\Soudager\AppData\Local\NokiaAccount
2018-04-26 17:04 - 2012-08-28 15:36 - 000000000 ____D C:\Users\Soudager\AppData\Local\Downloaded Installations
2018-04-26 17:04 - 2012-08-28 15:35 - 000000000 ____D C:\Program Files (x86)\HTC
2018-04-26 17:01 - 2012-10-11 15:57 - 000000000 ____D C:\Users\Soudager\AppData\Roaming\Google
2018-04-26 16:51 - 2016-04-02 16:47 - 000000161 _____ C:\Windows\disney.ini
2018-04-26 16:51 - 2012-08-28 13:22 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-04-26 16:49 - 2016-04-02 16:47 - 000000000 ____D C:\Users\Soudager\AppData\Local\CrashDumps
2018-04-26 14:39 - 2014-05-06 13:39 - 000003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronizatio n-{9A76732E-B9D7-4CFC-9333-09E6946CF179}
2018-04-26 07:00 - 2013-06-23 01:59 - 000000000 ____D C:\ProgramData\NortonInstaller
2018-04-26 06:40 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\system32\NDF
2018-04-25 07:23 - 2014-01-17 22:21 - 000000639 _____ C:\Users\Soudager\AppData\Roaming\WB.CFG
2018-04-24 07:23 - 2016-05-25 19:23 - 000001460 _____ C:\Users\Soudager\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\HowToRemove.html.lnk
2018-04-19 06:05 - 2012-08-10 08:31 - 000002423 _____ C:\Users\Soudager\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Google Chrome.lnk
2018-04-14 20:20 - 2016-02-24 15:39 - 000000000 ____D C:\Program Files\Common Files\AV
2018-04-11 08:44 - 2012-08-10 07:48 - 000000000 ____D C:\Users\Soudager
2018-04-10 17:44 - 2012-10-17 01:26 - 000804864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-04-10 17:44 - 2012-10-17 01:26 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-04-10 17:44 - 2012-10-17 01:26 - 000000000 ____D C:\Windows\system32\Macromed
2018-04-10 17:44 - 2012-08-28 19:59 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-04-10 17:44 - 2012-08-28 19:59 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-04-09 13:42 - 2013-01-27 17:39 - 000000000 ____D C:\Users\Soudager\AppData\Local\ElevatedDiagnostic s
2018-04-09 13:26 - 2016-04-16 14:05 - 000000000 ____D C:\Users\Soudager\AppData\Local\Chromium
2018-04-09 11:31 - 2016-05-25 19:25 - 000002279 _____ C:\Users\Soudager\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Chromium.lnk
2018-04-07 15:05 - 2012-09-03 19:01 - 000000000 ____D C:\Users\Soudager\AppData\Roaming\Skype
2018-04-07 14:59 - 2012-09-03 19:01 - 000000000 ___RD C:\Program Files (x86)\Skype
2018-04-07 14:59 - 2012-09-03 19:01 - 000000000 ____D C:\ProgramData\Skype
2018-04-01 17:04 - 2012-08-31 20:11 - 000000000 ____D C:\Users\Soudager\AppData\Roaming\dvdcss
2018-04-01 11:48 - 2012-11-01 18:45 - 000000000 ____D C:\Program Files (x86)\Athan
2018-04-01 11:37 - 2018-01-22 18:21 - 000000000 ____D C:\Program Files\McAfee Security Scan
2018-03-29 15:38 - 2014-06-04 22:15 - 000000000 ____D C:\Windows\system32\Drivers\NISx64

==================== Files in the root of some directories =======

2012-08-23 12:13 - 2010-12-28 17:36 - 001331200 _____ (iSoft Solutions) C:\Users\Soudager\AlMisbahSetup.exe
2012-10-11 15:55 - 2012-10-11 15:56 - 001606064 _____ () C:\Users\Soudager\googletalk-setup.exe
2012-08-28 16:47 - 2012-08-28 16:47 - 000000000 _____ () C:\Users\Soudager\AppData\Roaming\.NANotifyHere
2016-05-13 17:24 - 2016-05-13 17:24 - 003033108 _____ () C:\Users\Soudager\AppData\Roaming\sb203.dat
2016-06-23 16:24 - 2016-06-23 16:24 - 000343040 _____ () C:\Users\Soudager\AppData\Roaming\Setup59150.exe
2016-05-13 17:23 - 2016-05-13 17:23 - 000385024 _____ () C:\Users\Soudager\AppData\Roaming\Setup62715.exe
2014-01-17 22:21 - 2018-04-25 07:23 - 000000639 _____ () C:\Users\Soudager\AppData\Roaming\WB.CFG
2018-01-22 16:23 - 2018-01-22 16:23 - 000000068 _____ () C:\Users\Soudager\AppData\Local\eb82wtqnkh
2012-10-22 13:56 - 2012-10-22 13:55 - 000290500 _____ () C:\Users\Soudager\AppData\Local\funmoods-speeddial_sf.crx
2012-10-22 13:56 - 2012-10-22 13:55 - 000031465 _____ () C:\Users\Soudager\AppData\Local\funmoods.crx
2014-04-07 18:34 - 2014-04-07 18:34 - 000000218 _____ () C:\Users\Soudager\AppData\Local\recently-used.xbel

Files to move or delete:
====================
C:\Windows\Tasks\{41DE393B-197C-B50E-1B58-72359101EBC9}.job

Some files in TEMP:
====================
2016-07-11 22:43 - 2018-04-05 15:26 - 091075072 _____ (Avant Force) C:\Users\Soudager\AppData\Local\Temp\$avantbrowser $.update.exe
2016-04-23 14:29 - 2016-04-23 01:39 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\08830a75-8e25-4035-8d94-baa03301770d.dll
2016-03-31 16:27 - 2016-03-30 23:52 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\0bce9734-18f6-4707-9dbd-f04c09d4e904.dll
2016-04-16 13:40 - 2016-04-15 20:11 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\0fb495e7-0136-47a2-93f7-00646e1b6abf.dll
2016-04-16 13:39 - 2016-04-15 08:12 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\15b50000-431d-40b8-a985-af07b2eb8317.dll
2016-04-12 20:36 - 2016-04-01 23:50 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\15ff85e4-b487-4666-88f1-e1a89f7c12d6.dll
2016-04-15 16:25 - 2016-04-15 02:11 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\1b13ef06-c9bc-4c5e-89ab-50e80d703aea.dll
2016-04-21 14:06 - 2016-04-20 19:38 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\1bd7e2b7-bc23-4e6e-9aed-20d6ca2a4383.dll
2016-04-02 16:45 - 2016-04-01 23:50 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\2556c918-27bc-47a9-b20f-a58d75c0f1e4.dll
2013-08-09 13:33 - 2012-10-22 13:55 - 000397312 _____ (Setup © ) C:\Users\Soudager\AppData\Local\Temp\26761uninstal l.exe
2016-03-28 21:29 - 2016-03-28 07:00 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\279e05b9-0a8c-41a4-b476-ecd920a72669.dll
2016-04-17 20:02 - 2016-04-17 02:11 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\29bc401f-8d1e-443a-9700-de3a5234ac40.dll
2016-04-12 20:58 - 2016-04-11 23:53 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\2a652ee4-3b78-4a8c-b112-c20b8f8374bd.dll
2016-04-20 19:23 - 2016-04-20 02:12 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\2b1e08d3-52e8-49d8-9644-d1ebd5ba4746.dll
2016-04-23 12:29 - 2016-04-22 19:39 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\328c38cc-bc61-4a24-b89b-5139596539dc.dll
2016-04-15 14:56 - 2016-04-15 02:11 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\3a6ac989-1426-45ef-ad36-e0319909f6fc.dll
2016-04-16 13:38 - 2016-04-15 08:12 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\4e69cb17-5d02-4071-9148-49a84bf94f1b.dll
2016-04-15 19:14 - 2016-04-15 02:11 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\55db0035-0177-4bc0-aad2-f622cc2cbe34.dll
2016-03-28 20:25 - 2016-03-28 00:58 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\5bb1b015-ce5e-42f9-b9aa-9a8ed469ab8c.dll
2014-04-07 18:25 - 2014-04-07 18:28 - 012998543 _____ () C:\Users\Soudager\AppData\Local\Temp\6_Offer_6.exe
2016-04-20 20:36 - 2016-04-20 02:12 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\710fcf48-de71-4cc7-8183-4da327936112.dll
2016-04-19 21:19 - 2016-04-19 08:12 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\74f08d79-4308-4a49-8862-463a4891f174.dll
2016-04-17 21:07 - 2016-04-17 08:14 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\752258ce-ca3e-4a16-bd40-ac9b7343585a.dll
2016-03-28 14:13 - 2016-03-28 00:58 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\78e9929f-c9ac-4e71-9324-1d88789beb4b.dll
2016-04-20 21:37 - 2016-04-20 08:13 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\79d8c449-b4e3-49f5-a203-5964b5bb523d.dll
2016-04-18 08:42 - 2016-04-17 14:12 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\7e3a25e1-ee5e-494d-9d95-5eddf0d35d34.dll
2016-04-12 20:37 - 2016-04-11 23:53 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\84773470-2875-4bba-8839-8752a8306548.dll
2016-03-31 16:20 - 2016-03-30 23:52 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\98ca4acf-c26f-4234-a3e9-69984d66ba40.dll
2016-03-28 12:11 - 2016-03-27 18:59 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\9cb2170d-e45f-42dc-b434-bcd4cc2229fe.dll
2016-03-28 21:28 - 2016-03-28 00:58 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\a57e5b87-31b3-4635-a068-d08c63f2503b.dll
2016-04-15 21:15 - 2016-04-15 08:12 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\ace923ac-2c51-4cc8-959e-c2653653137d.dll
2016-04-24 21:23 - 2016-04-24 07:39 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\b60d8dc7-79c1-49d5-89a2-9809137c0376.dll
2016-04-19 20:18 - 2016-04-17 14:12 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\bc563a73-6821-49c8-b8e9-5e1903fc6405.dll
2016-04-19 20:19 - 2016-04-19 02:12 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\c9fbd1e9-f600-429a-a845-ba12c14d958a.dll
2016-04-17 20:05 - 2016-04-17 02:11 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\cb4c2640-588a-4f76-9832-784dcda7ccb5.dll
2016-04-02 16:49 - 2016-04-01 23:50 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\d1f1a4c7-1c50-408a-81d3-13f19f47f4e5.dll
2016-04-17 20:01 - 2016-04-15 20:11 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\d47e59f3-0073-452f-847a-dd005924ccb9.dll
2016-03-28 11:07 - 2016-03-27 18:59 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\d49317c8-23e1-4275-84e3-7a10941672f4.dll
2016-03-31 18:28 - 2016-03-31 05:51 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\d6bac729-9faf-4c83-a8a6-6b7c4cd8726e.dll
2014-03-20 14:44 - 2014-03-20 14:44 - 000026936 _____ (TuneUp Software) C:\Users\Soudager\AppData\Local\Temp\DseShExt-x64.dll
2014-03-20 14:44 - 2014-03-20 14:44 - 000028984 _____ (TuneUp Software) C:\Users\Soudager\AppData\Local\Temp\DseShExt-x86.dll
2016-04-23 12:28 - 2016-04-20 19:38 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\e174969a-f7b6-4e6f-9b54-684e4f18a1a6.dll
2016-04-12 20:41 - 2016-04-11 23:53 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\ef6822ff-b9b8-4251-8fff-7a5e5568b93c.dll
2007-01-02 02:52 - 2007-01-02 02:52 - 000069632 _____ () C:\Users\Soudager\AppData\Local\Temp\gtalkwmp1.dll
2014-04-07 18:23 - 2016-05-26 13:42 - 001383536 _____ (@@@) C:\Users\Soudager\AppData\Local\Temp\instructions. exe
2013-05-19 15:05 - 2017-12-01 13:37 - 000186736 _____ (RealNetworks, Inc.) C:\Users\Soudager\AppData\Local\Temp\lowproc.exe
2018-04-26 17:10 - 2018-04-26 17:10 - 000001536 _____ () C:\Users\Soudager\AppData\Local\Temp\NEventMessage s.dll
2012-09-11 13:51 - 2012-09-11 13:51 - 000001536 _____ () C:\Users\Soudager\AppData\Local\Temp\NOSEventMessa ges.dll
2013-09-22 17:03 - 2013-09-22 17:03 - 000110936 _____ (Conduit) C:\Users\Soudager\AppData\Local\Temp\nsjA053.exe
2013-09-22 17:03 - 2013-09-22 17:03 - 000110936 _____ (Conduit) C:\Users\Soudager\AppData\Local\Temp\nso3E53.exe
2014-03-20 14:44 - 2014-03-20 14:44 - 000032568 _____ (TuneUp Software) C:\Users\Soudager\AppData\Local\Temp\SDShelEx-win32.dll
2014-03-20 14:44 - 2014-03-20 14:44 - 000032056 _____ (TuneUp Software) C:\Users\Soudager\AppData\Local\Temp\SDShelEx-x64.dll
2014-04-07 18:23 - 2014-04-07 18:23 - 000066368 _____ (Conduit) C:\Users\Soudager\AppData\Local\Temp\SearchProtect INT.exe
2013-08-11 10:45 - 2017-03-05 15:38 - 000967680 _____ () C:\Users\Soudager\AppData\Local\Temp\SkypeSetup.ex e
2014-05-23 10:31 - 2014-05-23 10:31 - 006335544 _____ (Client Connect LTD) C:\Users\Soudager\AppData\Local\Temp\SPSetup.exe
2013-05-19 15:05 - 2016-11-13 08:57 - 000096496 _____ (RealNetworks, Inc.) C:\Users\Soudager\AppData\Local\Temp\stubhelper.dl l
2012-09-28 12:15 - 2012-09-28 12:15 - 000000000 _____ () C:\Users\Soudager\AppData\Local\Temp\szcldc0n.dll
2007-01-20 17:16 - 2007-01-20 17:16 - 000455600 ____R (Macrovision Corporation) C:\Users\Soudager\AppData\Local\Temp\_is3268.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-04-12 20:28

==================== End of FRST.txt ============================

olgun52 · #7 April 27th, 2018, 11:25 PM

Hi Soudager, thanks for the logs.

---------------------------------

Do you use Norton Internet Security software?

----------------------------------------------

Uninstall some programs

NOTE: Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove
- DefaultTab
  PlurPush
  Search the Web (Yahoo)
  Mobogenie
  searchfunmoods.com
  search.yahoo.com
  mysearchresults.com
  PlurPush
  Chromium
  McAfee Security Scan Plus

Please download and install Revo Uninstaller Free
Double click Revo Uninstaller to run it.
From the list of programs double click on The Program to remove
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish.
And PC restart.

==================================

Please download AdwCleaner by Xplode onto your desktop.

Double click on AdwCleaner.exe to run the tool.
Click on Scan, then Clean.
A logfile will automatically open after the scan has finished.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Regards.

Soudager · #8 May 2nd, 2018, 03:34 PM

1.
Yes Norton was installed on the pc. I then uninstalled it.

2.

When i tried installing revo installer from Chrome, I was unable to do it.
I did it from Chromium.

3.
I uninstalled Chromium as per your instructions.

4.
I faced the same problem while installing Adwcleaner. I installed using Avant.

5. I have posted the log file.

what next?

Soudager · #9 May 2nd, 2018, 03:35 PM

# -------------------------------
# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build: 04-27-2018
# Database: 2018-05-02.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-02-2018
# Duration: 00:00:13
# OS: Windows 7 Ultimate
# Cleaned: 118
# Failed: 9

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Windows\SysWOW64\SearchProtect
Deleted C:\Users\Guest\AppData\LocalLow\AskToolbar
Deleted C:\Users\Soudager\AppData\Roaming\Funmoods
Deleted C:\Users\Soudager\AppData\Local\Temp\APNLogs
Deleted C:\Program Files (x86)\orbitdownloader
Deleted C:\Users\Soudager\AppData\Roaming\GrabPro
Deleted C:\Users\Soudager\AppData\Roaming\defaulttab
Deleted C:\Users\Soudager\AppData\Local\Temp\AskSearch
Deleted C:\Users\Soudager\AppData\Roaming\ProgSense
Deleted C:\ProgramData\dtdata
Deleted C:\Users\Soudager\AppData\Local\Mobogenie
Deleted C:\Users\Soudager\Documents\Mobogenie
Deleted C:\Users\Soudager\AppData\Roaming\OpenCandy
Deleted C:\Program Files (x86)\PlurPush

***** [ Files ] *****

Deleted C:\Users\Soudager\AppData\LocalLow\Microsoft\Inter net Explorer\Services\Search_ask.com.xml
Deleted C:\Users\Soudager\AppData\Roaming\Mozilla\Firefox\ Profiles\nawte7v5.default\searchplugins\Search Provided by Yahoo.xml
Deleted C:\Users\Soudager\AppData\Local\funmoods-speeddial_sf.crx
Deleted C:\Users\Soudager\AppData\Local\funmoods.crx
Deleted C:\Users\Soudager\daemonprocess.txt
Deleted C:\Users\Soudager\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\HowToRemove.html.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\DefaultReg
Deleted C:\Windows\System32\Tasks\DefaultCheck

***** [ Registry ] *****

Deleted HKLM\Software\Wow6432Node\Classes\Interface\{FC073 BDA-C115-4A1D-9DF9-9B5C461482E5}
Deleted HKLM\Software\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{4E635 4DE-9115-4AEE-BD21-C46C3E8A49DB}
Deleted HKLM\Software\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{A2D733A 7-73B0-4C6B-B0C7-06A432950B66}
Deleted HKLM\Software\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Deleted HKLM\Software\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{303084 59-51B3-46EC-BB1D-CD473632F32E}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{303084 59-51B3-46EC-BB1D-CD473632F32E}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DefaultR eg
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A3471 E2-624A-4DF1-AAFC-898BFBF568D3}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A3471 E2-624A-4DF1-AAFC-898BFBF568D3}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DefaultC heck
Deleted HKCU\Software\Funmoods
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\Curren tVersion\Run|mobilegeni daemon
Deleted HKCU\Software\OB
Deleted HKCU\Software\SearchProtectINT
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\Orbit_is1
Deleted HKCU\Software\Orbit
Deleted HKLM\Software\Wow6432Node\Orbit
Deleted HKCU\Software\APN PIP
Deleted HKCU\Software\ProgSense
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\Curren tVersion\App Paths\MobogenieAdd
Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Deleted HKLM\Software\Wow6432Node\Classes\AppID\esrv.EXE
Deleted HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Deleted HKLM\Software\Wow6432Node\Classes\AppID\DefaultTab BHO.DLL
Deleted HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Deleted HKCU\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit
Deleted HKCU\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit
Deleted HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit
Deleted HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\Activities\Search\ask.com
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{BE89F FB3-7F9C-4A16-B475-98B195A06628}
Deleted HKLM\Software\Classes\Interface\{BE89FFB3-7F9C-4A16-B475-98B195A06628}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{82249076-D5C8-431D-982B-023779779587}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{82249076-D5C8-431D-982B-023779779587}
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects\{82249076-D5C8-431D-982B-023779779587}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{82249076-D5C8-431D-982B-023779779587}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{FEB62B1 5-CC00-4736-AAEC-BA046C9DFF73}
Deleted HKLM\Software\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}
Deleted HKLM\Software\Wow6432Node\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Deleted HKLM\Software\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Deleted HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Not Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar|{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{BCDDE14 3-FAE3-4C57-B22B-C4E8678CFDC0}
Deleted HKLM\Software\Classes\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\Curren tVersion\Ext\Preapproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{A088052 7-DC28-4EBB-BA27-D22102F22A9F}
Deleted HKLM\Software\Classes\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{960DF77 1-CFCB-4E53-A5B5-6EF2BBE6E706}
Deleted HKLM\Software\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Deleted HKLM\Software\Wow6432Node\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Deleted HKLM\Software\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Deleted HKLM\Software\Wow6432Node\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Deleted HKLM\Software\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}
Deleted HKLM\Software\Wow6432Node\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Deleted HKLM\Software\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{1F8ED E97-36D5-422A-B8F0-9406E2D87C60}
Deleted HKLM\Software\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Deleted HKLM\Software\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Deleted HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main|Start Page
Deleted HKLM\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\AboutUrls|Tabs
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearchresults.co m
Deleted HKCU\Software\Softonic
Deleted HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2206348904-1594328239-1632451933-1001\Software\PlurPush
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uni nstall\PlurPush
Deleted HKCU\Software\PlurPush
Deleted HKLM\Software\Wow6432Node\PlurPush

***** [ Chromium (and derivatives) ] *****

Not Deleted DefaultTab
Not Deleted Funmoods
Not Deleted Funmoods
Not Deleted Home Tab
Not Deleted Managera
Not Deleted Extutil

***** [ Chromium URLs ] *****

Not Deleted http://searchfunmoods.com/?f=1&a=dow...&cr=2136011712
Not Deleted http://searchfunmoods.com/?f=1&a=dow...&cr=2136011712
Deleted sr.searchfunmoods.com
Deleted searchfunmoods.com
Deleted Ask
Deleted pdfsearchengine.org
Deleted AOL
Deleted Softonic EN

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

olgun52 · #10 May 2nd, 2018, 11:17 PM

Thanks Soudager;

Please do this following;

Step 1:

FRST Script:
Please download this attached Fixlist.txt (23.7 KB, 0 views) download and Save it to the Desktop, and name it: fixlist.txt

Start FRST with Administrator privileges.
Press the Fix button.
When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.

Step 2:
Please download Malwarebytes Anti-Malware from here

Right-click on the MBAM icon and select Run as administrator to run the tool.
Click Yes to accept any security warnings that may appear.
Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
On the left menu pane click the Settings tab, and then select the Protection tab on the top.
Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
Note: The scan may take some time to finish, so please be patient.
If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
The log can also be viewed by clicking the log to select it, then clicking the View Report button.

Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.

Regards

Soudager · #11 May 6th, 2018, 02:45 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 03.05.2018
Ran by Soudager (06-05-2018 07:07:29) Run:1
Running from C:\Users\Soudager\Desktop
Loaded Profiles: Soudager (Available Profiles: Soudager & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-2206348904-1594328239-1632451933-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Soudager\AppData\Local\Google\Update\1.3. 33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2206348904-1594328239-1632451933-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Soudager\AppData\Local\Google\Update\1.3. 23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2206348904-1594328239-1632451933-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Soudager\AppData\Local\Google\Update\1.3. 30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2206348904-1594328239-1632451933-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Soudager\AppData\Local\Google\Update\1.3. 31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2206348904-1594328239-1632451933-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Soudager\AppData\Local\Google\Update\1.3. 29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2206348904-1594328239-1632451933-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Soudager\AppData\Local\Google\Update\1.3. 32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2206348904-1594328239-1632451933-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Soudager\AppData\Local\Google\Update\1.3. 24.7\psuser_64.dll => No File
Task: {30308459-51B3-46EC-BB1D-CD473632F32E} - System32\Tasks\DefaultReg => c:\Users\All Users\dtdata\R001.exe [2016-02-25] () <==== ATTENTION
Task: {3A3471E2-624A-4DF1-AAFC-898BFBF568D3} - System32\Tasks\DefaultCheck => c:\Users\All Users\dtdata\R002.exe [2016-02-25] () <==== ATTENTION
Task: {C770CEBB-921B-4203-93B8-6FDE716A9885} - System32\Tasks\{41DE393B-197C-B50E-1B58-72359101EBC9} => C:\Users\Soudager\AppData\Local\{E080D~1\UNINST~1. EXE [2013-04-22] () <==== ATTENTION
Task: C:\Windows\Tasks\{41DE393B-197C-B50E-1B58-72359101EBC9}.job => C:\Users\Soudager\AppData\Local\{E080D~1\UNINST~1. EXE <==== ATTENTION
ShortcutWithArgument: C:\Users\Soudager\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Chromium Apps\Polycraft.lnk -> C:\Users\Soudager\AppData\Local\Chromium\Applicati on\chrome.exe (The Chromium Authors) -> --profile-directory=Default --app-id=eopfmbpfhhfnklgmjpoehcjaajhpbhbl
ShortcutWithArgument: C:\Users\Soudager\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Chromium Apps\WeatherBug.lnk -> C:\Users\Soudager\AppData\Local\Chromium\Applicati on\chrome.exe (The Chromium Authors) -> --profile-directory=Default --app-id=njkkjobcechefaoknodniidfjapgfoco
ShortcutWithArgument: C:\Users\Soudager\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Chromium Apps\WorkFlowy.lnk -> C:\Users\Soudager\AppData\Local\Chromium\Applicati on\chrome.exe (The Chromium Authors) -> --profile-directory=Default --app-id=koegeopamaoljbmhnfjbclbocehhgmkm
C:\Users\Soudager\AppData\Roaming\DefaultTab\Defau ltTab\DTUpdate.exe
2018-04-09 11:31 - 2017-09-14 05:26 - 002012672 _____ () C:\Users\Soudager\AppData\Local\Chromium\Applicati on\63.0.3215.0\swiftshader\libglesv2.dll
2018-04-09 11:31 - 2017-09-14 05:26 - 000107520 _____ () C:\Users\Soudager\AppData\Local\Chromium\Applicati on\63.0.3215.0\swiftshader\libegl.dll
C:\Users\Soudager\AppData\Roaming\DefaultTab\Defau ltTab\DTUpdate.exe
(The Chromium Authors) C:\Users\Soudager\AppData\Local\Chromium\Applicati on\chrome.exe
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKU\S-1-5-21-2206348904-1594328239-1632451933-1001\...\Run: [GoogleChromeAutoLaunch_432966B364D9CDF7B766E4328C1 F0DA6] => C:\Users\Soudager\AppData\Local\Chromium\Applicati on\chrome.exe [3874304 2017-09-14] (The Chromium Authors)
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1Qzuy BtD0FtAzyyDyDzztA0FtB0DyDyEyDyEtN0D0Tzu0CtBzyyCtN1 L2XzutBtFtBtFtDtFtAyEyE&cr=2136011712
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1Qzuy BtD0FtAzyyDyDzztA0FtB0DyDyEyDyEtN0D0Tzu0CtBzyyCtN1 L2XzutBtFtBtFtDtFtAyEyE&cr=2136011712
HKU\S-1-5-21-2206348904-1594328239-1632451933-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://in.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_21_orgnl&param1=1&param2=f%3D1%2 6b%3DIE%26cc%3Din%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L 1QzuyBtD0FtAzyyDyDzztA0FtB0DyDyEyDyEtN0D0Tzu0StCyC tDyCtN1L2XzutAtFtBtCtFtCtFtDtN1L1Czu1M1Q1CtByEtFtC tFtDtN1L1G1B1V1N2Y1L1Qzu2StD0D0AtAtC0AyDzztGtD0Azy yDtG0A0D0AtBtGtCyC0FtAtGtDtAzy0AtAtCyC0E0B0CtDyE2Q tN1M1F1B2Z1V1N2Y1L1Qzu2StB0F0BtC0C0BzyyCtG0AzztB0E tGyEyCtB0CtGzzyCyDyDtGyEzyyC0B0A0FzyyCtByDtBzz2QtN 0A0LzuyE%26cr%3D938657691%26a%3Dhdr_s_16_21_orgnl% 26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
SearchScopes: HKLM -> DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&chnl=do wnload&cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDzztA0FtB0D yDyEyDyEtN0D0Tzu0CtBzyyCtN1L2XzutBtFtBtFtDtFtAyEyE &cr=2136011712
SearchScopes: HKLM -> {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&chnl=do wnload&cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDzztA0FtB0D yDyEyDyEtN0D0Tzu0CtBzyyCtN1L2XzutBtFtBtFtDtFtAyEyE &cr=2136011712
SearchScopes: HKLM-x32 -> DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&chnl=do wnload&cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDzztA0FtB0D yDyEyDyEtN0D0Tzu0CtBzyyCtN1L2XzutBtFtBtFtDtFtAyEyE &cr=2136011712
SearchScopes: HKLM-x32 -> {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&chnl=do wnload&cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDzztA0FtB0D yDyEyDyEtN0D0Tzu0CtBzyyCtN1L2XzutBtFtBtFtDtFtAyEyE &cr=2136011712
SearchScopes: HKU\S-1-5-21-2206348904-1594328239-1632451933-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_21_orgnl&param1=1&param2=f%3D4%2 6b%3DIE%26cc%3Din%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L 1QzuyBtD0FtAzyyDyDzztA0FtB0DyDyEyDyEtN0D0Tzu0StCyC tDyCtN1L2XzutAtFtBtCtFtCtFtDtN1L1Czu1M1Q1CtByEtFtC tFtDtN1L1G1B1V1N2Y1L1Qzu2StD0D0AtAtC0AyDzztGtD0Azy yDtG0A0D0AtBtGtCyC0FtAtGtDtAzy0AtAtCyC0E0B0CtDyE2Q tN1M1F1B2Z1V1N2Y1L1Qzu2StB0F0BtC0C0BzyyCtG0AzztB0E tGyEyCtB0CtGzzyCyDyDtGyEzyyC0B0A0FzyyCtByDtBzz2QtN 0A0LzuyE%26cr%3D938657691%26a%3Dhdr_s_16_21_orgnl% 26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={se archTerms}
SearchScopes: HKU\S-1-5-21-2206348904-1594328239-1632451933-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-2206348904-1594328239-1632451933-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_21_orgnl&param1=1&param2=f%3D4%2 6b%3DIE%26cc%3Din%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L 1QzuyBtD0FtAzyyDyDzztA0FtB0DyDyEyDyEtN0D0Tzu0StCyC tDyCtN1L2XzutAtFtBtCtFtCtFtDtN1L1Czu1M1Q1CtByEtFtC tFtDtN1L1G1B1V1N2Y1L1Qzu2StD0D0AtAtC0AyDzztGtD0Azy yDtG0A0D0AtBtGtCyC0FtAtGtDtAzy0AtAtCyC0E0B0CtDyE2Q tN1M1F1B2Z1V1N2Y1L1Qzu2StB0F0BtC0C0BzyyCtG0AzztB0E tGyEyCtB0CtGzzyCyDyDtGyEzyyC0B0A0FzyyCtByDtBzz2QtN 0A0LzuyE%26cr%3D938657691%26a%3Dhdr_s_16_21_orgnl% 26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={se archTerms}
SearchScopes: HKU\S-1-5-21-2206348904-1594328239-1632451933-1001 -> {0BC1E2BB-709B-49F0-8E3D-299FDF3906F7} URL = hxxp://www.mysearchresults.com/search?c=8004&t=11&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2206348904-1594328239-1632451933-1001 -> {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&chnl=do wnload&cd=2XzuyEtN2Y1L1QzuyBtD0FtAzyyDyDzztA0FtB0D yDyEyDyEtN0D0Tzu0CtBzyyCtN1L2XzutBtFtBtFtDtFtAyEyE &cr=2136011712
BHO-x32: DefaultTab Browser Helper -> {7F6AFBF1-E065-4627-A2FD-810366367D01} -> C:\Users\Soudager\AppData\Roaming\DefaultTab\Defau ltTab\DefaultTabBHO.dll => No File
BHO-x32: PlurPush -> {82249076-d5c8-431d-982b-023779779587} -> C:\Program Files (x86)\PlurPush\PlurPushbho.dll => No File
Toolbar: HKU\S-1-5-21-2206348904-1594328239-1632451933-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-2206348904-1594328239-1632451933-1001 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
FF user.js: detected! => C:\Users\Soudager\AppData\Roaming\Mozilla\Firefox\ Profiles\nawte7v5.default\user.js [2016-02-22]
FF Homepage: Mozilla\Firefox\Profiles\nawte7v5.default -> hxxps://in.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_21_orgnl&param1=1&param2=f%3D1%2 6b%3DFirefox%26cc%3Din%26pa%3DHodor%26cd%3D2XzuyEt N2Y1L1QzuyBtD0FtAzyyDyDzztA0FtB0DyDyEyDyEtN0D0Tzu0 StCyCtDyCtN1L2XzutAtFtBtCtFtCtFtDtN1L1Czu1M1Q1CtBy EtFtCtFtDtN1L1G1B1V1N2Y1L1Qzu2StD0D0AtAtC0AyDzztGt D0AzyyDtG0A0D0AtBtGtCyC0FtAtGtDtAzy0AtAtCyC0E0B0Ct DyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0F0BtC0C0BzyyCtG0Az ztB0EtGyEyCtB0CtGzzyCyDyDtGyEzyyC0B0A0FzyyCtByDtBz z2QtN0A0LzuyE%26cr%3D938657691%26a%3Dhdr_s_16_21_o rgnl%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
FF Extension: (PlurPush 1.0.1) - C:\Users\Soudager\AppData\Roaming\Mozilla\Firefox\ Profiles\nawte7v5.default\Extensions\{9423905d-837c-4154-83f1-09bc74b40af1}.xpi [2016-02-22] [Legacy] [not signed]
FF SearchPlugin: C:\Users\Soudager\AppData\Roaming\Mozilla\Firefox\ Profiles\nawte7v5.default\searchplugins\Search Provided by Yahoo.xml [2016-05-25]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HomePage: Default -> hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1Qzuy BtD0FtAzyyDyDzztA0FtB0DyDyEyDyEtN0D0Tzu0CtBzyyCtN1 L2XzutBtFtBtFtDtFtAyEyE&cr=2136011712
CHR StartupUrls: Default -> "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1Qzuy BtD0FtAzyyDyDzztA0FtB0DyDyEyDyEtN0D0Tzu0CtBzyyCtN1 L2XzutBtFtBtFtDtFtAyEyE&cr=2136011712"
CHR NewTab: Default -> Not-active:"chrome-extension://jifpmgjhiagbmhjdefllbmdjcaidnlpd/productnewtab.html"
CHR Extension: (Hermes Tab) - C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehlceeijggpdgfcefmipcmdeli ckjgfg [2018-04-15]
CHR Extension: (PlurPush) - C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhjhhhoiplfiaklkaemnabohib heahhb [2016-02-24] [UpdateUrl: hxxp://wwwplurpushnet-a.akamaihd.net/update/chrome] <==== ATTENTION
CHR Extension: (Extutil) - C:\Users\Soudager\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-04-08]
CHR Extension: (Managera) - C:\Users\Soudager\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-04-08]
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Soudager\AppData\Local\funmoods.crx [2012-10-22]
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Soudager\AppData\Local\funmoods-speeddial_sf.crx [2012-10-22]
CHR HKU\S-1-5-21-2206348904-1594328239-1632451933-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\ Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Soudager\AppData\Local\funmoods.crx [2012-10-22]
CHR HKU\S-1-5-21-2206348904-1594328239-1632451933-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\ Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Soudager\AppData\Local\funmoods-speeddial_sf.crx [2012-10-22]
CHR HKU\S-1-5-21-2206348904-1594328239-1632451933-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\ Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2206348904-1594328239-1632451933-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\ Extension: [kofkpgiaknijknhajbhnghkodiccblkg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Soudager\AppData\Local\funmoods.crx [2012-10-22]
CHR HKLM-x32\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Soudager\AppData\Local\funmoods-speeddial_sf.crx [2012-10-22]
CHR HKLM-x32\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files (x86)\DefaultTab\DefaultTab.crx [2013-02-12]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_ extension.crx [2014-04-11]
StartMenuInternet: Google Chrome.JSZ574JC4YWDHUMOIZD2Y42T44 - C:\Users\Soudager\AppData\Local\Google\Chrome\Appl ication\chrome.exe
S2 DefaultTabSearch; C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [574464 2013-12-20] () [File not signed]
R2 DefaultTabUpdate; C:\Users\Soudager\AppData\Roaming\DefaultTab\Defau ltTab\DTUpdate.exe [107520 2014-04-07] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.717\McCHSvc.exe [405392 2018-03-27] (McAfee, Inc.)
C:\Users\Soudager\AppData\Roaming\Chromium
2018-04-01 11:38 - 2018-04-01 11:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2018-04-01 11:37 - 2018-04-01 11:37 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2018-03-29 19:27 - 2018-03-29 20:03 - 000000000 ____D C:\Users\Soudager\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Chromium Apps
C:\Windows\system32\Drivers\etc\hosts.ics
C:\Windows\Tasks\{41DE393B-197C-B50E-1B58-72359101EBC9}.job
C:\Users\Soudager\AppData\Roaming\WB.CFG
C:\Users\Soudager\AppData\Local\Chromium
C:\Users\Soudager\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Chromium.lnk
C:\Program Files\McAfee Security Scan
2012-08-28 16:47 - 2012-08-28 16:47 - 000000000 _____ () C:\Users\Soudager\AppData\Roaming\.NANotifyHere
2016-05-13 17:24 - 2016-05-13 17:24 - 003033108 _____ () C:\Users\Soudager\AppData\Roaming\sb203.dat
2016-06-23 16:24 - 2016-06-23 16:24 - 000343040 _____ () C:\Users\Soudager\AppData\Roaming\Setup59150.exe
2016-05-13 17:23 - 2016-05-13 17:23 - 000385024 _____ () C:\Users\Soudager\AppData\Roaming\Setup62715.exe
2014-01-17 22:21 - 2018-04-25 07:23 - 000000639 _____ () C:\Users\Soudager\AppData\Roaming\WB.CFG
2018-01-22 16:23 - 2018-01-22 16:23 - 000000068 _____ () C:\Users\Soudager\AppData\Local\eb82wtqnkh
2012-10-22 13:56 - 2012-10-22 13:55 - 000290500 _____ () C:\Users\Soudager\AppData\Local\funmoods-speeddial_sf.crx
2012-10-22 13:56 - 2012-10-22 13:55 - 000031465 _____ () C:\Users\Soudager\AppData\Local\funmoods.crx
2014-04-07 18:34 - 2014-04-07 18:34 - 000000218 _____ () C:\Users\Soudager\AppData\Local\recently-used.xbel
C:\Windows\Tasks\{41DE393B-197C-B50E-1B58-72359101EBC9}.job
FirewallRules: [TCP Query User{F2B2F79D-2DEE-4CEE-989B-15603C9526FB}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [UDP Query User{4BFDF966-E0C6-44C1-B816-B05037647F70}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [TCP Query User{7428BF5A-E6C5-4D75-9190-8CB98E0552C3}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [UDP Query User{ADCCC170-D552-4604-BA01-90726CBEC015}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Orbitdownloader\orbitdm.exe] => Enabled:Orbit
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Orbitdownloader\orbitnet.exe] => Enabled:Orbit
BHO-x32: Octh Class -> {000123B4-9B42-4900-B3F7-F4B073EFC214} -> C:\Program Files (x86)\Orbitdownloader\orbitcth.dll [2012-09-14] (Orbitdownloader.com)
Toolbar: HKLM-x32 - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll [2012-09-14]
2016-07-11 22:43 - 2018-04-05 15:26 - 091075072 _____ (Avant Force) C:\Users\Soudager\AppData\Local\Temp\$avantbrowser $.update.exe
2016-04-23 14:29 - 2016-04-23 01:39 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\08830a75-8e25-4035-8d94-baa03301770d.dll
2016-03-31 16:27 - 2016-03-30 23:52 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\0bce9734-18f6-4707-9dbd-f04c09d4e904.dll
2016-04-16 13:40 - 2016-04-15 20:11 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\0fb495e7-0136-47a2-93f7-00646e1b6abf.dll
2016-04-16 13:39 - 2016-04-15 08:12 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\15b50000-431d-40b8-a985-af07b2eb8317.dll
2016-04-12 20:36 - 2016-04-01 23:50 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\15ff85e4-b487-4666-88f1-e1a89f7c12d6.dll
2016-04-15 16:25 - 2016-04-15 02:11 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\1b13ef06-c9bc-4c5e-89ab-50e80d703aea.dll
2016-04-21 14:06 - 2016-04-20 19:38 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\1bd7e2b7-bc23-4e6e-9aed-20d6ca2a4383.dll
2016-04-02 16:45 - 2016-04-01 23:50 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\2556c918-27bc-47a9-b20f-a58d75c0f1e4.dll
2013-08-09 13:33 - 2012-10-22 13:55 - 000397312 _____ (Setup © ) C:\Users\Soudager\AppData\Local\Temp\26761uninstal l.exe
2016-03-28 21:29 - 2016-03-28 07:00 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\279e05b9-0a8c-41a4-b476-ecd920a72669.dll
2016-04-17 20:02 - 2016-04-17 02:11 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\29bc401f-8d1e-443a-9700-de3a5234ac40.dll
2016-04-12 20:58 - 2016-04-11 23:53 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\2a652ee4-3b78-4a8c-b112-c20b8f8374bd.dll
2016-04-20 19:23 - 2016-04-20 02:12 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\2b1e08d3-52e8-49d8-9644-d1ebd5ba4746.dll
2016-04-23 12:29 - 2016-04-22 19:39 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\328c38cc-bc61-4a24-b89b-5139596539dc.dll
2016-04-15 14:56 - 2016-04-15 02:11 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\3a6ac989-1426-45ef-ad36-e0319909f6fc.dll
2016-04-16 13:38 - 2016-04-15 08:12 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\4e69cb17-5d02-4071-9148-49a84bf94f1b.dll
2016-04-15 19:14 - 2016-04-15 02:11 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\55db0035-0177-4bc0-aad2-f622cc2cbe34.dll
2016-03-28 20:25 - 2016-03-28 00:58 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\5bb1b015-ce5e-42f9-b9aa-9a8ed469ab8c.dll
2014-04-07 18:25 - 2014-04-07 18:28 - 012998543 _____ () C:\Users\Soudager\AppData\Local\Temp\6_Offer_6.exe
2016-04-20 20:36 - 2016-04-20 02:12 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\710fcf48-de71-4cc7-8183-4da327936112.dll
2016-04-19 21:19 - 2016-04-19 08:12 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\74f08d79-4308-4a49-8862-463a4891f174.dll
2016-04-17 21:07 - 2016-04-17 08:14 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\752258ce-ca3e-4a16-bd40-ac9b7343585a.dll
2016-03-28 14:13 - 2016-03-28 00:58 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\78e9929f-c9ac-4e71-9324-1d88789beb4b.dll
2016-04-20 21:37 - 2016-04-20 08:13 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\79d8c449-b4e3-49f5-a203-5964b5bb523d.dll
2016-04-18 08:42 - 2016-04-17 14:12 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\7e3a25e1-ee5e-494d-9d95-5eddf0d35d34.dll
2016-04-12 20:37 - 2016-04-11 23:53 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\84773470-2875-4bba-8839-8752a8306548.dll
2016-03-31 16:20 - 2016-03-30 23:52 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\98ca4acf-c26f-4234-a3e9-69984d66ba40.dll
2016-03-28 12:11 - 2016-03-27 18:59 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\9cb2170d-e45f-42dc-b434-bcd4cc2229fe.dll
2016-03-28 21:28 - 2016-03-28 00:58 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\a57e5b87-31b3-4635-a068-d08c63f2503b.dll
2016-04-15 21:15 - 2016-04-15 08:12 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\ace923ac-2c51-4cc8-959e-c2653653137d.dll
2016-04-24 21:23 - 2016-04-24 07:39 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\b60d8dc7-79c1-49d5-89a2-9809137c0376.dll
2016-04-19 20:18 - 2016-04-17 14:12 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\bc563a73-6821-49c8-b8e9-5e1903fc6405.dll
2016-04-19 20:19 - 2016-04-19 02:12 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\c9fbd1e9-f600-429a-a845-ba12c14d958a.dll
2016-04-17 20:05 - 2016-04-17 02:11 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\cb4c2640-588a-4f76-9832-784dcda7ccb5.dll
2016-04-02 16:49 - 2016-04-01 23:50 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\d1f1a4c7-1c50-408a-81d3-13f19f47f4e5.dll
2016-04-17 20:01 - 2016-04-15 20:11 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\d47e59f3-0073-452f-847a-dd005924ccb9.dll
2016-03-28 11:07 - 2016-03-27 18:59 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\d49317c8-23e1-4275-84e3-7a10941672f4.dll
2016-03-31 18:28 - 2016-03-31 05:51 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\d6bac729-9faf-4c83-a8a6-6b7c4cd8726e.dll
2014-03-20 14:44 - 2014-03-20 14:44 - 000026936 _____ (TuneUp Software) C:\Users\Soudager\AppData\Local\Temp\DseShExt-x64.dll
2014-03-20 14:44 - 2014-03-20 14:44 - 000028984 _____ (TuneUp Software) C:\Users\Soudager\AppData\Local\Temp\DseShExt-x86.dll
2016-04-23 12:28 - 2016-04-20 19:38 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\e174969a-f7b6-4e6f-9b54-684e4f18a1a6.dll
2016-04-12 20:41 - 2016-04-11 23:53 - 000055496 _____ () C:\Users\Soudager\AppData\Local\Temp\ef6822ff-b9b8-4251-8fff-7a5e5568b93c.dll
2007-01-02 02:52 - 2007-01-02 02:52 - 000069632 _____ () C:\Users\Soudager\AppData\Local\Temp\gtalkwmp1.dll
2014-04-07 18:23 - 2016-05-26 13:42 - 001383536 _____ (@@@) C:\Users\Soudager\AppData\Local\Temp\instructions. exe
2013-05-19 15:05 - 2017-12-01 13:37 - 000186736 _____ (RealNetworks, Inc.) C:\Users\Soudager\AppData\Local\Temp\lowproc.exe
2018-04-26 17:10 - 2018-04-26 17:10 - 000001536 _____ () C:\Users\Soudager\AppData\Local\Temp\NEventMessage s.dll
2012-09-11 13:51 - 2012-09-11 13:51 - 000001536 _____ () C:\Users\Soudager\AppData\Local\Temp\NOSEventMessa ges.dll
2013-09-22 17:03 - 2013-09-22 17:03 - 000110936 _____ (Conduit) C:\Users\Soudager\AppData\Local\Temp\nsjA053.exe
2013-09-22 17:03 - 2013-09-22 17:03 - 000110936 _____ (Conduit) C:\Users\Soudager\AppData\Local\Temp\nso3E53.exe
2014-03-20 14:44 - 2014-03-20 14:44 - 000032568 _____ (TuneUp Software) C:\Users\Soudager\AppData\Local\Temp\SDShelEx-win32.dll
2014-03-20 14:44 - 2014-03-20 14:44 - 000032056 _____ (TuneUp Software) C:\Users\Soudager\AppData\Local\Temp\SDShelEx-x64.dll
2014-04-07 18:23 - 2014-04-07 18:23 - 000066368 _____ (Conduit) C:\Users\Soudager\AppData\Local\Temp\SearchProtect INT.exe
2013-08-11 10:45 - 2017-03-05 15:38 - 000967680 _____ () C:\Users\Soudager\AppData\Local\Temp\SkypeSetup.ex e
2014-05-23 10:31 - 2014-05-23 10:31 - 006335544 _____ (Client Connect LTD) C:\Users\Soudager\AppData\Local\Temp\SPSetup.exe
2013-05-19 15:05 - 2016-11-13 08:57 - 000096496 _____ (RealNetworks, Inc.) C:\Users\Soudager\AppData\Local\Temp\stubhelper.dl l
2012-09-28 12:15 - 2012-09-28 12:15 - 000000000 _____ () C:\Users\Soudager\AppData\Local\Temp\szcldc0n.dll
2007-01-20 17:16 - 2007-01-20 17:16 - 000455600 ____R (Macrovision Corporation) C:\Users\Soudager\AppData\Local\Temp\_is3268.exe
Folder: C:\Users\Soudager\AppData\Local\Cobaro
Folder: C:\Users\Soudager\AppData\Local\Nilorer
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Hosts:
Emptytemp:
*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-2206348904-1594328239-1632451933-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}" => removed successfully
"HKU\S-1-5-21-2206348904-1594328239-1632451933-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => removed successfully
"HKU\S-1-5-21-2206348904-1594328239-1632451933-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}" => removed successfully
"HKU\S-1-5-21-2206348904-1594328239-1632451933-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}" => removed successfully
"HKU\S-1-5-21-2206348904-1594328239-1632451933-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}" => removed successfully
"HKU\S-1-5-21-2206348904-1594328239-1632451933-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}" => removed successfully
"HKU\S-1-5-21-2206348904-1594328239-1632451933-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{303084 59-51B3-46EC-BB1D-CD473632F32E} => could not remove. Access Denied.
"C:\Windows\System32\Tasks\DefaultReg" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DefaultR eg => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A3471 E2-624A-4DF1-AAFC-898BFBF568D3} => could not remove. Access Denied.
"C:\Windows\System32\Tasks\DefaultCheck" => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DefaultC heck => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C770CE BB-921B-4203-93B8-6FDE716A9885}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C770CE BB-921B-4203-93B8-6FDE716A9885}" => removed successfully
C:\Windows\System32\Tasks\{41DE393B-197C-B50E-1B58-72359101EBC9} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{41DE393 B-197C-B50E-1B58-72359101EBC9}" => removed successfully
C:\Windows\Tasks\{41DE393B-197C-B50E-1B58-72359101EBC9}.job => moved successfully
"C:\Users\Soudager\AppData\Roaming\Microsoft\Windo w s\Start Menu\Programs\Chromium Apps\Polycraft.lnk" => not found
"C:\Users\Soudager\AppData\Roaming\Microsoft\Windo w s\Start Menu\Programs\Chromium Apps\WeatherBug.lnk" => not found
"C:\Users\Soudager\AppData\Roaming\Microsoft\Windo w s\Start Menu\Programs\Chromium Apps\WorkFlowy.lnk" => not found
"C:\Users\Soudager\AppData\Roaming\DefaultTab\Defa u ltTab\DTUpdate.exe" => not found
"C:\Users\Soudager\AppData\Local\Chromium\Applicat i on\63.0.3215.0\swiftshader\libglesv2.dll" => not found
"C:\Users\Soudager\AppData\Local\Chromium\Applicat i on\63.0.3215.0\swiftshader\libegl.dll" => not found
"C:\Users\Soudager\AppData\Roaming\DefaultTab\Defa u ltTab\DTUpdate.exe" => not found
C:\Users\Soudager\AppData\Local\Chromium\Applicati on\chrome.exe => No running process found
"HKLM\Software\WOW6432Node\Microsoft\Windows\Curre ntVersion\Run\\mobilegeni daemon" => not found
"HKU\S-1-5-21-2206348904-1594328239-1632451933-1001\Software\Microsoft\Windows\CurrentVersion\Run \\GoogleChromeAutoLaunch_432966B364D9CDF7B766E4328 C1 F0DA6" => not found
"HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOn ce\\SpUninstallDeleteDir" => removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
"HKLM\SOFTWARE\Policies\Google" => removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2206348904-1594328239-1632451933-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}" => removed successfully
HKLM\Software\Classes\CLSID\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} => not found
"HKU\S-1-5-21-2206348904-1594328239-1632451933-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-2206348904-1594328239-1632451933-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => removed successfully
HKLM\Software\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => not found
"HKU\S-1-5-21-2206348904-1594328239-1632451933-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKU\S-1-5-21-2206348904-1594328239-1632451933-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0BC1E2BB-709B-49F0-8E3D-299FDF3906F7}" => removed successfully
HKLM\Software\Classes\CLSID\{0BC1E2BB-709B-49F0-8E3D-299FDF3906F7} => not found
"HKU\S-1-5-21-2206348904-1594328239-1632451933-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}" => removed successfully
HKLM\Software\Classes\CLSID\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curre ntVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}" => removed successfully
"HKLM\Software\Wow6432Node\Classes\CLSID\{7F6A FBF1-E065-4627-A2FD-810366367D01}" => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects\{82249076-d5c8-431d-982b-023779779587} => not found
HKLM\Software\Wow6432Node\Classes\CLSID\{82249076-d5c8-431d-982b-023779779587} => not found
"HKU\S-1-5-21-2206348904-1594328239-1632451933-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}" => not found
HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => not found
"HKU\S-1-5-21-2206348904-1594328239-1632451933-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" => not found
HKLM\Software\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} => not found
"HKLM\Software\Classes\PROTOCOLS\Handler\skype4com " => removed successfully
HKLM\Software\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} => not found
"C:\Users\Soudager\AppData\Roaming\Mozilla\Firefox \ Profiles\nawte7v5.default\user.js" => not found
"Firefox homepage" => removed successfully
"C:\Users\Soudager\AppData\Roaming\Mozilla\Firefox \ Profiles\nawte7v5.default\Extensions\{9423905d-837c-4154-83f1-09bc74b40af1}.xpi" => not found
"C:\Users\Soudager\AppData\Roaming\Mozilla\Firefox \ Profiles\nawte7v5.default\searchplugins\Search Provided by Yahoo.xml" => not found
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microso ft.com/GENUINE" => removed successfully
"Chrome HomePage" => removed successfully
"Chrome StartupUrls" => removed successfully
"Chrome NewTab" => removed successfully
CHR Extension: (Hermes Tab) - C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehlceeijggpdgfcefmipcmdeli ckjgfg [2018-04-15] => Error: No automatic fix found for this entry.
CHR Extension: (PlurPush) - C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhjhhhoiplfiaklkaemnabohib heahhb [2016-02-24] [UpdateUrl: hxxp://wwwplurpushnet-a.akamaihd.net/update/chrome] <==== ATTENTION => Error: No automatic fix found for this entry.
CHR Extension: (Extutil) - C:\Users\Soudager\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-04-08] => Error: No automatic fix found for this entry.
CHR Extension: (Managera) - C:\Users\Soudager\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-04-08] => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahcea mgodcoidkjpchnokgfpphh" => removed successfully
"C:\Users\Soudager\AppData\Local\funmoods.crx" => not found
"HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicen ollcignonpgiafdgfeehoj" => removed successfully
"C:\Users\Soudager\AppData\Local\funmoods-speeddial_sf.crx" => not found
"HKU\S-1-5-21-2206348904-1594328239-1632451933-1001\SOFTWARE\Google\Chrome\Extensions\bbjciahceam godcoidkjpchnokgfpphh" => removed successfully
"C:\Users\Soudager\AppData\Local\funmoods.crx" => not found
"HKU\S-1-5-21-2206348904-1594328239-1632451933-1001\SOFTWARE\Google\Chrome\Extensions\cjpglkiceno llcignonpgiafdgfeehoj" => removed successfully
"C:\Users\Soudager\AppData\Local\funmoods-speeddial_sf.crx" => not found
"HKU\S-1-5-21-2206348904-1594328239-1632451933-1001\SOFTWARE\Google\Chrome\Extensions\ehlceeijggp dgfcefmipcmdelickjgfg" => removed successfully
"HKU\S-1-5-21-2206348904-1594328239-1632451933-1001\SOFTWARE\Google\Chrome\Extensions\kofkpgiakni jknhajbhnghkodiccblkg" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extension s\bbjciahceamgodcoidkjpchnokgfpphh" => removed successfully
"C:\Users\Soudager\AppData\Local\funmoods.crx" => not found
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extension s\cjpglkicenollcignonpgiafdgfeehoj" => removed successfully
"C:\Users\Soudager\AppData\Local\funmoods-speeddial_sf.crx" => not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \kdidombaedgpfiiedeimiebkmbilgmlc => not found
"C:\Program Files (x86)\DefaultTab\DefaultTab.crx" => not found
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extension s\lifbcibllhkdhoafpjfnlhfpfgnpldfl" => removed successfully
"C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_ extension.crx" => not found
HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome.JSZ574JC4YWDHUMOIZD2Y42T44\shell\open\comma nd\\Default => value restored successfully
DefaultTabSearch => service not found.
DefaultTabUpdate => service not found.
"HKLM\System\CurrentControlSet\Services\McComponen tHostService" => removed successfully
McComponentHostService => service removed successfully
"C:\Users\Soudager\AppData\Roaming\Chromium" => not found
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus" => not found
"C:\ProgramData\McAfee Security Scan" => not found
"C:\Users\Soudager\AppData\Roaming\Microsoft\Windo w s\Start Menu\Programs\Chromium Apps" => not found
C:\Windows\system32\Drivers\etc\hosts.ics => moved successfully
"C:\Windows\Tasks\{41DE393B-197C-B50E-1B58-72359101EBC9}.job" => not found
C:\Users\Soudager\AppData\Roaming\WB.CFG => moved successfully
C:\Users\Soudager\AppData\Local\Chromium => moved successfully
"C:\Users\Soudager\AppData\Roaming\Microsoft\Windo w s\Start Menu\Programs\Chromium.lnk" => not found
"C:\Program Files\McAfee Security Scan" => not found
C:\Users\Soudager\AppData\Roaming\.NANotifyHere => moved successfully
C:\Users\Soudager\AppData\Roaming\sb203.dat => moved successfully
C:\Users\Soudager\AppData\Roaming\Setup59150.exe => moved successfully
C:\Users\Soudager\AppData\Roaming\Setup62715.exe => moved successfully
"C:\Users\Soudager\AppData\Roaming\WB.CFG" => not found
C:\Users\Soudager\AppData\Local\eb82wtqnkh => moved successfully
"C:\Users\Soudager\AppData\Local\funmoods-speeddial_sf.crx" => not found
"C:\Users\Soudager\AppData\Local\funmoods.crx" => not found
C:\Users\Soudager\AppData\Local\recently-used.xbel => moved successfully
"C:\Windows\Tasks\{41DE393B-197C-B50E-1B58-72359101EBC9}.job" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F2B2F79D-2DEE-4CEE-989B-15603C9526FB}C:\program files (x86)\orbitdownloader\orbitnet.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4BFDF966-E0C6-44C1-B816-B05037647F70}C:\program files (x86)\orbitdownloader\orbitnet.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7428BF5A-E6C5-4D75-9190-8CB98E0552C3}C:\program files (x86)\orbitdownloader\orbitnet.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{ADCCC170-D552-4604-BA01-90726CBEC015}C:\program files (x86)\orbitdownloader\orbitnet.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\StandardProfile\Autho rizedApplications\List\\C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAcce ss\Parameters\FirewallPolicy\StandardProfile\Autho rizedApplications\List\\C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214} => not found
HKLM\Software\Wow6432Node\Classes\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214} => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} => not found
"C:\Users\Soudager\AppData\Local\Temp\$avantbrowse r $.update.exe" => not found
C:\Users\Soudager\AppData\Local\Temp\08830a75-8e25-4035-8d94-baa03301770d.dll => moved successfully
C:\Users\Soudager\AppData\Local\Temp\0bce9734-18f6-4707-9dbd-f04c09d4e904.dll => moved successfully
C:\Users\Soudager\AppData\Local\Temp\0fb495e7-0136-47a2-93f7-00646e1b6abf.dll => moved successfully
C:\Users\Soudager\AppData\Local\Temp\15b50000-431d-40b8-a985-af07b2eb8317.dll => moved successfully
C:\Users\Soudager\AppData\Local\Temp\15ff85e4-b487-4666-88f1-e1a89f7c12d6.dll => moved successfully
C:\Users\Soudager\AppData\Local\Temp\1b13ef06-c9bc-4c5e-89ab-50e80d703aea.dll => moved successfully
C:\Users\Soudager\AppData\Local\Temp\1bd7e2b7-bc23-4e6e-9aed-20d6ca2a4383.dll => moved successfully
C:\Users\Soudager\AppData\Local\Temp\2556c918-27bc-47a9-b20f-a58d75c0f1e4.dll => moved successfully
"C:\Users\Soudager\AppData\Local\Temp\26761uninsta l l.exe" => not found
C:\Users\Soudager\AppData\Local\Temp\279e05b9-0a8c-41a4-b476-ecd920a72669.dll => moved successfully
C:\Users\Soudager\AppData\Local\Temp\29bc401f-8d1e-443a-9700-de3a5234ac40.dll => moved successfully
C:\Users\Soudager\AppData\Local\Temp\2a652ee4-3b78-4a8c-b112-c20b8f8374bd.dll => moved successfully
C:\Users\Soudager\AppData\Local\Temp\2b1e08d3-52e8-49d8-9644-d1ebd5ba4746.dll => moved successfully
C:\Users\Soudager\AppData\Local\Temp\328c38cc-bc61-4a24-b89b-5139596539dc.dll => moved successfully
C:\Users\Soudager\AppData\Local\Temp\3a6ac989-1426-45ef-ad36-e0319909f6fc.dll => moved successfully
C:\Users\Soudager\AppData\Local\Temp\4e69cb17-5d02-4071-9148-49a84bf94f1b.dll => moved successfully
C:\Users\Soudager\AppData\Local\Temp\55db0035-0177-4bc0-aad2-f622cc2cbe34.dll => moved successfully
C:\Users\Soudager\AppData\Local\Temp\5bb1b015-ce5e-42f9-b9aa-9a8ed469ab8c.dll => moved successfully
C:\Users\Soudager\AppData\Local\Temp\6_Offer_6.exe => moved successfully
C:\Users\Soudager\AppData\Local\Temp\710fcf48-de71-4cc7-8183-4da327936112.dll => moved successfully
C:\Users\Soudager\AppData\Local\Temp\74f08d79-4308-4a49-8862-463a4891f174.dll => moved successfully
C:\Users\Soudager\AppData\Local\Temp\752258ce-ca3e-4a16-bd40-ac9b7343585a.dll => moved successfully
C:\Users\Soudager\AppData\Local\Temp\78e9929f-c9ac-4e71-9324-1d88789beb4b.dll => moved successfully
C:\Users\Soudager\AppData\Local\Temp\79d8c449-b4e3-49f5-a203-5964b5bb523d.dll => moved successfully
C:\Users\Soudager\AppData\Local\Temp\7e3a25e1-ee5e-494d-9d95-5eddf0d35d34.dll => moved successfully
C:\Users\Soudager\AppData\Local\Temp\84773470-2875-4bba-8839-8752a8306548.dll => moved successfully
C:\Users\Soudager\AppData\Local\Temp\98ca4acf-c26f-4234-a3e9-69984d66ba40.dll => moved successfully
C:\Users\Soudager\AppData\Local\Temp\9cb2170d-e45f-42dc-b434-bcd4cc2229fe.dll => moved successfully
C:\Users\Soudager\AppData\Local\Temp\a57e5b87-31b3-4635-a068-d08c63f2503b.dll => moved successfully
C:\Users\Soudager\AppData\Local\Temp\ace923ac-2c51-4cc8-959e-c2653653137d.dll => moved successfully
C:\Users\Soudager\AppData\Local\Temp\b60d8dc7-79c1-49d5-89a2-9809137c0376.dll => moved successfully
C:\Users\Soudager\AppData\Local\Temp\bc563a73-6821-49c8-b8e9-5e1903fc6405.dll => moved successfully
C:\Users\Soudager\AppData\Local\Temp\c9fbd1e9-f600-429a-a845-ba12c14d958a.dll => moved successfully
C:\Users\Soudager\AppData\Local\Temp\cb4c2640-588a-4f76-9832-784dcda7ccb5.dll => moved successfully
C:\Users\Soudager\AppData\Local\Temp\d1f1a4c7-1c50-408a-81d3-13f19f47f4e5.dll => moved successfully
C:\Users\Soudager\AppData\Local\Temp\d47e59f3-0073-452f-847a-dd005924ccb9.dll => moved successfully
C:\Users\Soudager\AppData\Local\Temp\d49317c8-23e1-4275-84e3-7a10941672f4.dll => moved successfully
C:\Users\Soudager\AppData\Local\Temp\d6bac729-9faf-4c83-a8a6-6b7c4cd8726e.dll => moved successfully
C:\Users\Soudager\AppData\Local\Temp\DseShExt-x64.dll => moved successfully
C:\Users\Soudager\AppData\Local\Temp\DseShExt-x86.dll => moved successfully
C:\Users\Soudager\AppData\Local\Temp\e174969a-f7b6-4e6f-9b54-684e4f18a1a6.dll => moved successfully
C:\Users\Soudager\AppData\Local\Temp\ef6822ff-b9b8-4251-8fff-7a5e5568b93c.dll => moved successfully
C:\Users\Soudager\AppData\Local\Temp\gtalkwmp1.dll => moved successfully
"C:\Users\Soudager\AppData\Local\Temp\instructions . exe" => not found
C:\Users\Soudager\AppData\Local\Temp\lowproc.exe => moved successfully
"C:\Users\Soudager\AppData\Local\Temp\NEventMessag e s.dll" => not found
"C:\Users\Soudager\AppData\Local\Temp\NOSEventMess a ges.dll" => not found
C:\Users\Soudager\AppData\Local\Temp\nsjA053.exe => moved successfully
C:\Users\Soudager\AppData\Local\Temp\nso3E53.exe => moved successfully
C:\Users\Soudager\AppData\Local\Temp\SDShelEx-win32.dll => moved successfully
C:\Users\Soudager\AppData\Local\Temp\SDShelEx-x64.dll => moved successfully
"C:\Users\Soudager\AppData\Local\Temp\SearchProtec t INT.exe" => not found
"C:\Users\Soudager\AppData\Local\Temp\SkypeSetup.e x e" => not found
C:\Users\Soudager\AppData\Local\Temp\SPSetup.exe => moved successfully
"C:\Users\Soudager\AppData\Local\Temp\stubhelper.d l l" => not found
C:\Users\Soudager\AppData\Local\Temp\szcldc0n.dll => moved successfully
C:\Users\Soudager\AppData\Local\Temp\_is3268.exe => moved successfully

========================= Folder: C:\Users\Soudager\AppData\Local\Cobaro ========================

====== End of Folder: ======

========================= Folder: C:\Users\Soudager\AppData\Local\Nilorer ========================

2018-04-15 11:22 - 2018-04-15 11:22 - 000257536 ____A [ADCF7CE7564EF924F6B16F82F59E27DA] () C:\Users\Soudager\AppData\Local\Nilorer\Bahedi.exe

====== End of Folder: ======

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state on =========

Ok.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 156560940 B
Java, Flash, Steam htmlcache => 3909 B
Windows/system/drivers => 311402752 B
Edge => 0 B
Chrome => 388841497 B
Firefox => 61915637 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 20685298 B
systemprofile32 => 13812002 B
LocalService => 260843 B
NetworkService => 110480 B
Soudager => 2566796238 B
Guest => 267808 B

RecycleBin => 0 B
EmptyTemp: => 3.3 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 06-05-2018 07:11:58)

Result of scheduled keys to remove after reboot:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{303084 59-51B3-46EC-BB1D-CD473632F32E} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DefaultR eg => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A3471 E2-624A-4DF1-AAFC-898BFBF568D3} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DefaultC heck => could not remove. Access Denied.

==== End of Fixlog 07:11:58 ====

Soudager · #12 May 6th, 2018, 03:21 AM

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/6/18
Scan Time: 7:31 AM
Log File: 5a591e18-50d1-11e8-a9fa-70f395583f2d.json
Administrator: Yes

-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.5002
License: Trial

-System Information-
OS: Windows 7
CPU: x64
File System: NTFS
User: Soudager-PC\Soudager

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 259578
Threats Detected: 168
Threats Quarantined: 166
Time Elapsed: 14 min, 19 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 11
PUP.Optional.HermesTab.ChrPRST, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS \EHLCEEIJGGPDGFCEFMIPCMDELICKJGFG, Delete-on-Reboot, [7074], [514922],1.0.5002
PUP.Optional.HermesTab.ChrPRST, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ehlceeijggp dgfcefmipcmdelickjgfg, Delete-on-Reboot, [7074], [514922],1.0.5002
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\DefaultTabBHO.DefaultTabBrow serActiveX.1, Delete-on-Reboot, [847], [237689],1.0.5002
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\DefaultTabBHO.DefaultTabBrow serActiveX, Delete-on-Reboot, [847], [237689],1.0.5002
PUP.Optional.DefaultTab, HKU\S-1-5-21-2206348904-1594328239-1632451933-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXP LORER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Delete-on-Reboot, [847], [167893],1.0.5002
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\DefaultTabBHO.DefaultTabBrow ser, Delete-on-Reboot, [847], [167893],1.0.5002
PUP.Optional.DefaultTab, HKLM\SOFTWARE\CLASSES\DefaultTabBHO.DefaultTabBrow ser.1, Delete-on-Reboot, [847], [167893],1.0.5002
PUP.Optional.DefaultTab, HKU\S-1-5-21-2206348904-1594328239-1632451933-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT \SETTINGS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Delete-on-Reboot, [847], [167893],1.0.5002
PUP.Optional.DefaultTab, HKU\S-1-5-21-2206348904-1594328239-1632451933-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT \STATS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Delete-on-Reboot, [847], [167893],1.0.5002
PUP.Optional.DefaultTab, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURREN TVERSION\EXT\PREAPPROVED\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Delete-on-Reboot, [847], [167893],1.0.5002
PUP.Optional.DefaultTab, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLO RER\BROWSER HELPER OBJECTS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Delete-on-Reboot, [847], [167893],1.0.5002

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 19
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\css\jquery_ui\images, Quarantined, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\images\engines_icons, Quarantined, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\images\injection, Quarantined, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\css\jquery_ui, Quarantined, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\images, Quarantined, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\css, Quarantined, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\js, Quarantined, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0, Quarantined, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\L OCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\KDIDOMBAEDGPFIIEDEIMIEBKMB ILGMLC, Quarantined, [847], [176791],1.0.5002
PUP.Optional.FunMoods, C:\USERS\SOUDAGER\APPDATA\ROAMING\FUNMOODSCHAT\UPD ATEPROC, Quarantined, [968], [177346],1.0.5002
PUP.Optional.WinYahoo.TskLnk, C:\Users\Soudager\AppData\Local\{E080D6DC-C428-BA64-A9B0-9F8C8DD86314}\HowToRemove, Quarantined, [3723], [484244],1.0.5002
PUP.Optional.WinYahoo.TskLnk, C:\USERS\SOUDAGER\APPDATA\LOCAL\{E080D6DC-C428-BA64-A9B0-9F8C8DD86314}, Quarantined, [3723], [484244],1.0.5002
PUP.Optional.SeenOnScreen, C:\USERS\SOUDAGER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\jifpmgjhiagbmhjdefllbmdjcaidnlpd, Quarantined, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd\13.421.12.64459_0\_metadata, Quarantined, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd\13.421.12.64459_0\config, Quarantined, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd\13.421.12.64459_0\icons, Quarantined, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd\13.421.12.64459_0\js, Quarantined, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd\13.421.12.64459_0, Quarantined, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\USERS\SOUDAGER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JIFPMGJHIAGBMHJDEFLLBMDJCA IDNLPD, Quarantined, [4929], [443165],1.0.5002

File: 138
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_flat_0_aaaaaa_40x100.png, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_flat_75_ffffff_40x100.png, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_glass_55_fbf9ee_1x400.png, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_glass_65_ffffff_1x400.png, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_glass_75_dadada_1x400.png, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_glass_75_e6e6e6_1x400.png, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_glass_95_fef1ec_1x400.png, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_highlight-soft_75_cccccc_1x100.png, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\css\jquery_ui\images\ui-icons_222222_256x240.png, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\css\jquery_ui\images\ui-icons_2e83ff_256x240.png, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\css\jquery_ui\images\ui-icons_454545_256x240.png, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\css\jquery_ui\images\ui-icons_888888_256x240.png, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\css\jquery_ui\images\ui-icons_cd0a0a_256x240.png, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\css\jquery_ui\jquery-ui-1.8.16.custom.css, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\css\injection.css, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\images\engines_icons\Bing.png, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\images\engines_icons\Google.png, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\images\engines_icons\Search here.png, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\images\engines_icons\Yahoo.png, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\images\injection\search_bottom_bord er_bg.png, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\images\injection\bullet_arrow_down. png, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\images\injection\bullet_arrow_down_ old.png, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\images\injection\icon.png, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\images\injection\search-inner-wrapper.png, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\images\injection\search-left.png, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\images\injection\search_arrow_top_b utton.png, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\images\injection\search_arrow_top_b utton_hovered.png, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\images\injection\search_bottom_bg.p ng, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\images\injection\search_bottom_left _before_corner.png, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\images\injection\search_bottom_left _corner.png, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\images\injection\search_bottom_righ t_before_corner.png, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\images\injection\search_bottom_righ t_corner.png, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\images\injection\search_left_border _bg.png, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\images\injection\search_left_bottom _border_bg.png, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\images\injection\search_middle_bg.p ng, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\images\injection\search_right_borde r_bg.png, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\images\injection\search_right_botto m_border_bg.png, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\images\injection\search_top_bg.png, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\images\injection\search_top_left_be fore_corner.png, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\images\injection\search_top_left_co rner.png, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\images\injection\search_top_right_b efore_corner.png, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\images\injection\search_top_right_c orner.png, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\images\help.png, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\js\bg.js, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\js\ConfigManager.js, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\js\content.js, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\js\InjectionManager.js, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\js\jquery-1.7.1.min.js, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\js\jquery-ui-1.8.16.custom.min.js, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\js\jquery.guid.js, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\js\newTab.js, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\js\ScriptChecker.js, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\js\ScriptInjector.js, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\js\SearchBox.js, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\18x18.png, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\background.html, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\blank.html, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\manifest.json, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\manifest_no_button.json, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\new_tab.html, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmb ilgmlc\2.0.0_0\search_box.html, Delete-on-Reboot, [847], [176791],1.0.5002
PUP.Optional.DefaultTab, C:\USERS\SOUDAGER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Removal Failed, [847], [176791],1.0.5002
PUP.Optional.FunMoods, C:\Users\Soudager\AppData\Roaming\FunmoodsChat\Upd ateProc\config.dat, Delete-on-Reboot, [968], [177346],1.0.5002
PUP.Optional.FunMoods, C:\Users\Soudager\AppData\Roaming\FunmoodsChat\Upd ateProc\info.dat, Delete-on-Reboot, [968], [177346],1.0.5002
PUP.Optional.FunMoods, C:\Users\Soudager\AppData\Roaming\FunmoodsChat\Upd ateProc\src.dat, Delete-on-Reboot, [968], [177346],1.0.5002
PUP.Optional.FunMoods, C:\Users\Soudager\AppData\Roaming\FunmoodsChat\Upd ateProc\STTL.DAT, Delete-on-Reboot, [968], [177346],1.0.5002
PUP.Optional.FunMoods, C:\Users\Soudager\AppData\Roaming\FunmoodsChat\Upd ateProc\TTL.DAT, Delete-on-Reboot, [968], [177346],1.0.5002
PUP.Optional.WinYahoo.TskLnk, C:\USERS\SOUDAGER\APPDATA\LOCAL\{E080D6DC-C428-BA64-A9B0-9F8C8DD86314}\nano, Delete-on-Reboot, [3723], [484244],1.0.5002
PUP.Optional.WinYahoo.TskLnk, C:\Users\Soudager\AppData\Local\{E080D6DC-C428-BA64-A9B0-9F8C8DD86314}\HowToRemove\chromium-min.jpg, Delete-on-Reboot, [3723], [484244],1.0.5002
PUP.Optional.WinYahoo.TskLnk, C:\Users\Soudager\AppData\Local\{E080D6DC-C428-BA64-A9B0-9F8C8DD86314}\HowToRemove\control panel-min-min.JPG, Delete-on-Reboot, [3723], [484244],1.0.5002
PUP.Optional.WinYahoo.TskLnk, C:\Users\Soudager\AppData\Local\{E080D6DC-C428-BA64-A9B0-9F8C8DD86314}\HowToRemove\down.png, Delete-on-Reboot, [3723], [484244],1.0.5002
PUP.Optional.WinYahoo.TskLnk, C:\Users\Soudager\AppData\Local\{E080D6DC-C428-BA64-A9B0-9F8C8DD86314}\HowToRemove\ff menu.JPG, Delete-on-Reboot, [3723], [484244],1.0.5002
PUP.Optional.WinYahoo.TskLnk, C:\Users\Soudager\AppData\Local\{E080D6DC-C428-BA64-A9B0-9F8C8DD86314}\HowToRemove\ff search engine-min.png, Delete-on-Reboot, [3723], [484244],1.0.5002
PUP.Optional.WinYahoo.TskLnk, C:\Users\Soudager\AppData\Local\{E080D6DC-C428-BA64-A9B0-9F8C8DD86314}\HowToRemove\HowToRemove.html, Delete-on-Reboot, [3723], [484244],1.0.5002
PUP.Optional.WinYahoo.TskLnk, C:\Users\Soudager\AppData\Local\{E080D6DC-C428-BA64-A9B0-9F8C8DD86314}\HowToRemove\hp-min ff.png, Delete-on-Reboot, [3723], [484244],1.0.5002
PUP.Optional.WinYahoo.TskLnk, C:\Users\Soudager\AppData\Local\{E080D6DC-C428-BA64-A9B0-9F8C8DD86314}\HowToRemove\hp-min ie.png, Delete-on-Reboot, [3723], [484244],1.0.5002
PUP.Optional.WinYahoo.TskLnk, C:\Users\Soudager\AppData\Local\{E080D6DC-C428-BA64-A9B0-9F8C8DD86314}\HowToRemove\search engine.gif, Delete-on-Reboot, [3723], [484244],1.0.5002
PUP.Optional.WinYahoo.TskLnk, C:\Users\Soudager\AppData\Local\{E080D6DC-C428-BA64-A9B0-9F8C8DD86314}\HowToRemove\setup pages.gif, Delete-on-Reboot, [3723], [484244],1.0.5002
PUP.Optional.WinYahoo.TskLnk, C:\Users\Soudager\AppData\Local\{E080D6DC-C428-BA64-A9B0-9F8C8DD86314}\HowToRemove\sp-min.png, Delete-on-Reboot, [3723], [484244],1.0.5002
PUP.Optional.WinYahoo.TskLnk, C:\Users\Soudager\AppData\Local\{E080D6DC-C428-BA64-A9B0-9F8C8DD86314}\HowToRemove\start-min.jpg, Delete-on-Reboot, [3723], [484244],1.0.5002
PUP.Optional.WinYahoo.TskLnk, C:\Users\Soudager\AppData\Local\{E080D6DC-C428-BA64-A9B0-9F8C8DD86314}\HowToRemove\up.png, Delete-on-Reboot, [3723], [484244],1.0.5002
PUP.Optional.WinYahoo.TskLnk, C:\Users\Soudager\AppData\Local\{E080D6DC-C428-BA64-A9B0-9F8C8DD86314}\config.dat, Delete-on-Reboot, [3723], [484244],1.0.5002
PUP.Optional.WinYahoo.TskLnk, C:\Users\Soudager\AppData\Local\{E080D6DC-C428-BA64-A9B0-9F8C8DD86314}\info.dat, Delete-on-Reboot, [3723], [484244],1.0.5002
PUP.Optional.WinYahoo.TskLnk, C:\Users\Soudager\AppData\Local\{E080D6DC-C428-BA64-A9B0-9F8C8DD86314}\install.log, Delete-on-Reboot, [3723], [484244],1.0.5002
PUP.Optional.WinYahoo.TskLnk, C:\Users\Soudager\AppData\Local\{E080D6DC-C428-BA64-A9B0-9F8C8DD86314}\Sqlite3.dll, Delete-on-Reboot, [3723], [484244],1.0.5002
PUP.Optional.WinYahoo.TskLnk, C:\Users\Soudager\AppData\Local\{E080D6DC-C428-BA64-A9B0-9F8C8DD86314}\STTL.DAT, Delete-on-Reboot, [3723], [484244],1.0.5002
PUP.Optional.WinYahoo.TskLnk, C:\Users\Soudager\AppData\Local\{E080D6DC-C428-BA64-A9B0-9F8C8DD86314}\TTL.DAT, Delete-on-Reboot, [3723], [484244],1.0.5002
PUP.Optional.WinYahoo.TskLnk, C:\Users\Soudager\AppData\Local\{E080D6DC-C428-BA64-A9B0-9F8C8DD86314}\uninst.dat, Delete-on-Reboot, [3723], [484244],1.0.5002
PUP.Optional.WinYahoo.TskLnk, C:\Users\Soudager\AppData\Local\{E080D6DC-C428-BA64-A9B0-9F8C8DD86314}\uninstall.exe, Delete-on-Reboot, [3723], [484244],1.0.5002
PUP.Optional.HermesTab.ChrPRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\NTUSER.POL, Quarantined, [7074], [-1],0.0.0
PUP.Optional.HermesTab.ChrPRST, C:\PROGRAMDATA\NTUSER.POL, Quarantined, [7074], [-1],0.0.0
PUP.Optional.HermesTab.ChrPRST, C:\USERS\SOUDAGER\NTUSER.POL, Quarantined, [7074], [-1],0.0.0
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jifpmgjhiagbmhjdefllbmdjcaidnlpd\000003.l og, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jifpmgjhiagbmhjdefllbmdjcaidnlpd\CURRENT, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jifpmgjhiagbmhjdefllbmdjcaidnlpd\LOCK, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jifpmgjhiagbmhjdefllbmdjcaidnlpd\LOG, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jifpmgjhiagbmhjdefllbmdjcaidnlpd\LOG.old, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jifpmgjhiagbmhjdefllbmdjcaidnlpd\MANIFEST-000001, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\USERS\SOUDAGER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Removal Failed, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\USERS\SOUDAGER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\USERS\SOUDAGER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JIFPMGJHIAGBMHJDEFLLBMDJCA IDNLPD\13.421.12.64459_0\MANIFEST.JSON, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd\13.421.12.64459_0\config\config.json, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd\13.421.12.64459_0\config\extension-config.json, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd\13.421.12.64459_0\config\extension-dev-config.json, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd\13.421.12.64459_0\icons\icon128.png, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd\13.421.12.64459_0\icons\icon16.png, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd\13.421.12.64459_0\icons\icon19disabled.png, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd\13.421.12.64459_0\icons\icon19on.png, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd\13.421.12.64459_0\icons\icon48.png, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd\13.421.12.64459_0\js\logger.js, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd\13.421.12.64459_0\js\ajax.js, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd\13.421.12.64459_0\js\b2b-partner-tracking.js, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd\13.421.12.64459_0\js\background.js, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd\13.421.12.64459_0\js\chrome.js, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd\13.421.12.64459_0\js\content_script.js, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd\13.421.12.64459_0\js\dlp.js, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd\13.421.12.64459_0\js\dlpHelper.js, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd\13.421.12.64459_0\js\extension_detect.js, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd\13.421.12.64459_0\js\genericLoadRemoteSetti ngs.js, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd\13.421.12.64459_0\js\index.js, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd\13.421.12.64459_0\js\initOfferCEF.js, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd\13.421.12.64459_0\js\offerService.js, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd\13.421.12.64459_0\js\pageUtils.js, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd\13.421.12.64459_0\js\PartnerId.js, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd\13.421.12.64459_0\js\product.js, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd\13.421.12.64459_0\js\storage.js, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd\13.421.12.64459_0\js\TabManager.js, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd\13.421.12.64459_0\js\TemplateParser.js, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd\13.421.12.64459_0\js\ul.js, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd\13.421.12.64459_0\js\urlFragmentActions.js, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd\13.421.12.64459_0\js\urlUtils.js, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd\13.421.12.64459_0\js\util.js, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd\13.421.12.64459_0\js\webtooltabAPI.js, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd\13.421.12.64459_0\_metadata\verified_conten ts.json, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd\13.421.12.64459_0\dynamicNewTab.html, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd\13.421.12.64459_0\productnewtab.html, Delete-on-Reboot, [4929], [443165],1.0.5002
PUP.Optional.SeenOnScreen, C:\Users\Soudager\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifpmgjhiagbmhjdefllbmdjca idnlpd\13.421.12.64459_0\stubby.html, Delete-on-Reboot, [4929], [443165],1.0.5002
Trojan.Injector.BHO, C:\SETTINGS.INI, Delete-on-Reboot, [14415], [302129],1.0.5002

Physical Sector: 0
(No malicious items detected)

(end)

olgun52 · #13 May 8th, 2018, 12:45 AM

Thanks for the logs.

Next, download ComboFix Save to the Desktop

Now, close all open windows
Double-click combofix.exe to run the program
Follow the prompts.
If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
When told that the RC is installed correctly, press YES to continue scanning for malware.
ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
CF may reboot the computer and resume running when it restarts.
When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

==============================

Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.

Download RogueKiller to your desktop

close all running programs
for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
when the pre-scan is finished, click on Scan
click on Report and copy/paste the content in your next post
NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad

If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.

Please post the contents of the RKreport.txt in your next reply.

Have a nice day.

Soudager · #14 May 11th, 2018, 01:18 PM

ComboFix 18-05-11.01 - Soudager 05/11/2018 17:32:40.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1976.861 [GMT 5.5:30]
Running from: c:\users\Soudager\Desktop\ComboFix.exe
AV: Malwarebytes *Enabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Malwarebytes *Enabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Soudager\googletalk-setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2018-04-11 to 2018-05-11 )))))))))))))))))))))))))))))))
.
.
2018-05-11 12:09 . 2018-05-11 12:09 -------- d-----w- c:\users\Guest\AppData\Local\temp
2018-05-11 12:09 . 2018-05-11 12:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2018-05-11 11:58 . 2018-05-11 11:58 193768 ----a-w- c:\windows\system32\drivers\MbamChameleon.sys
2018-05-11 11:57 . 2018-05-11 11:57 253664 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2018-05-08 12:55 . 2018-05-08 12:55 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BDEB36F0-5DB5-48DF-96C1-83B8BC9F3AD9}\offreg.dll
2018-05-06 01:52 . 2018-03-19 07:27 76192 ----a-w- c:\windows\system32\drivers\mbae64.sys
2018-05-06 01:52 . 2018-05-06 01:52 -------- d-----w- c:\programdata\Malwarebytes
2018-05-06 01:52 . 2018-05-06 01:52 -------- d-----w- c:\program files\Malwarebytes
2018-05-03 15:00 . 2018-05-03 15:00 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\S portsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2018-05-03 15:00 . 2018-05-03 15:00 1707160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientU X\UpdateableMarkup-2\markup.dll
2018-05-03 15:00 . 2018-05-03 15:00 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientU X\dSM-2\StartResources.dll
2018-05-03 15:00 . 2018-05-03 15:00 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlig ht\MCESpotlight-2\SpotlightResources.dll
2018-05-02 14:03 . 2018-05-02 14:22 -------- d-----w- C:\AdwCleaner
2018-05-02 13:22 . 2018-05-02 13:22 -------- d-----w- c:\program files\VS Revo Group
2018-05-02 04:53 . 2018-05-02 06:31 -------- d-----w- c:\users\Soudager\AppData\Local\Henotu
2018-05-01 06:12 . 2018-05-11 06:51 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\S portsTemplateCore\Microsoft.MediaCenter.Sports.UI. dll
2018-05-01 06:12 . 2018-05-11 06:50 1707160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientU X\UpdateableMarkup\markup.dll
2018-05-01 06:11 . 2018-05-11 06:50 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientU X\dSM\StartResources.dll
2018-05-01 06:11 . 2018-05-11 06:50 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlig ht\MCESpotlight\SpotlightResources.dll
2018-04-29 01:05 . 2018-05-11 11:22 62902208 ----a-w- c:\users\Soudager\AppData\Roaming\Microsoft\Skype for Desktop\Skype-Setup.exe
2018-04-27 02:37 . 2018-05-06 01:41 -------- d-----w- C:\FRST
2018-04-24 01:52 . 2018-04-24 01:56 -------- d-----w- c:\users\Soudager\AppData\Local\Cobaro
2018-04-15 06:41 . 2018-05-10 07:54 -------- d-----w- c:\users\Soudager\AppData\Local\hodor
2018-04-15 05:52 . 2018-04-15 06:41 -------- d-----w- c:\users\Soudager\AppData\Local\Nilorer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2018-05-09 15:51 . 2012-10-16 19:56 804864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2018-05-09 15:51 . 2012-08-28 14:29 144896 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]
"Skype for Desktop"="c:\program files (x86)\Microsoft\Skype for Desktop\Skype.exe" [2018-04-24 49654216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-05-19 295512]
.
c:\users\Soudager\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MBAMService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\w indows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EraserUtilDrv11520;EraserUtilDrv11520;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11520.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11520.sys [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys; c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\w indows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c: \windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 MBAMChameleon;MBAMChameleon;c:\windows\System32\Dr ivers\MbamChameleon.sys;c:\windows\SYSNATIVE\Drive rs\MbamChameleon.sys [x]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc. exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc. exe [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\Dr ivers\mbamswissarmy.sys;c:\windows\SYSNATIVE\Drive rs\mbamswissarmy.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c: \windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c :\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMCHAMELEON
*NewlyCreated* - MBAMPROTECTION
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - ESProtectionDriver
*Deregistered* - MBAMProtection
*Deregistered* - MBAMWebProtection
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 06:59 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.43.1
FF - ProfilePath - c:\users\Soudager\AppData\Roaming\Mozilla\Firefox\ Profiles\nawte7v5.default\
FF - prefs.js: browser.search.selectedEngine - Search Provided by Yahoo
FF - user.js: xpinstall.signatures.required - false
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-RealPlayer 16.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3B F-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macrome d\\Flash\\FlashUtil64_29_0_0_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3B F-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3B F-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUt il64_29_0_0_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3B F-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299 817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299 817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299 817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil32_29_0_0_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il32_29_0_0_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _29_0_0_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.29"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _29_0_0_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _29_0_0_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _29_0_0_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2018-05-11 17:42:52
ComboFix-quarantined-files.txt 2018-05-11 12:12
.
Pre-Run: 10,839,293,952 bytes free
Post-Run: 10,693,881,856 bytes free
.
- - End Of File - - 2D2216482CC88E85E4931943A36CC8F7
A36C5E4F47E84449FF07ED3517B43A31

Soudager · #15 May 11th, 2018, 05:16 PM

RogueKiller V12.12.16.0 (x64) [May 4 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600) 64 bits version
Started in : Normal mode
User : Soudager [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 05/11/2018 21:12:21 (Duration : 00:28:22)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \{4D71AD05-713E-250A-0318-221077F30F98}\synhelper -- C:\Users\Soudager\AppData\Local\hodor\SYNHEL~1.EXE (/Check) -> Found

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 5 ¤¤¤
[PUP.Gen0][Chrome:Addon] Default : Share With Care [jjflmfkjppbmejlfbhlpgjnomdoefkfa] -> Found
[PUM.SearchEngine][Firefox:Config] nawte7v5.default : user_pref("browser.search.selectedEngine", "Search Provided by Yahoo"); -> Found
[PUM.SearchEngine][Firefox:Config] nawte7v5.default : user_pref("browser.search.defaultenginename", "Search Provided by Yahoo"); -> Found
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [http://www.houseofquran.com/] -> Found
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [http://www.houseofquran.com/|https:/...ate&uref=chmm] -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD2500BEVT-60A23T0 ATA Device +++++
--- User ---
[MBR] 9c4988aebec3de4a023e014a316c8042
[BSP] b8510907608e0b1e5a2209ca063fb59c : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 60000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 123086848 | Size: 60000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 245966848 | Size: 60000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Similar Topics
Topic	Topic Starter	Forum	Replies	Last Post
click a link on a webpage and an incorrect tab opens	gaesilva	Malware Removal	27	February 24th, 2021 08:23 PM
A new window opens with every click	Soudager	Windows 7	1	February 26th, 2016 03:32 AM
Drive opens in new window	terry12	Windows XP	1	December 8th, 2007 02:46 PM
link opens pop-up window	DJoe	Web Development & Graphic Design	7	October 2nd, 2005 09:27 PM
Click on MP3 link, file opens in same browser window w/MediaPlayer,but file doesnt DL	wh00t	Windows 98	4	March 6th, 2002 04:55 AM