hamadoto
2016-01-29, 09:52
my browsing exprience became so slow since this malware appeard. and my pc is suffering from go.pasdel.com or tradeadexchange.com, basiclly what that spyware does is, redirect me to some maliciouse with as shortner link site
http://s23.postimg.org/816uuz4fv/malware_caught_it.jpg
this is my malwarebyte catching it, its supposed to redirect me to a link shortner site, but malware blocked it ( http://s12.postimg.org/oj5dw2nfh/redirect.jpg )
now i made scan with spyware hunter, pc clean, adware cleaner, kas2015, junk remover
now this virus just don't want to get removed, always always coming back, it disappear for a period like 1-2 days, then come back again, first time i did scan, i caught alot of spywares second time, i catch non, but problem still there
just today my brother laptop got affected as well by it
here is the frst
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by hamadoto (administrator) on HAMADOTO-PC (29-01-2016 09:08:07)
Running from C:\Users\hamadoto\Downloads\Programs
Loaded Profiles: hamadoto (Available Profiles: hamadoto)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2RPK.EXE
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNABFSWK.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe
(Microsoft Corporation) C:\Windows\System32\PING.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [CNAP2 Launcher] => C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [226784 2010-10-15] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-10-05] (Malwarebytes)
HKU\S-1-5-21-3792168985-1176982872-3723076907-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3911248 2015-10-08] (Tonec Inc.)
HKU\S-1-5-21-3792168985-1176982872-3723076907-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
BootExecute: autocheck autochk * sh4native Sh4Removal
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 37.59.72.131 8.8.8.8
Tcpip\..\Interfaces\{4BB6DFD2-15BD-4040-9714-2E41ABF75429}: [DhcpNameServer] 37.59.72.131 8.8.8.8
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2015-10-16] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2015-10-16] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2015-10-16] (Kaspersky Lab ZAO)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2015-10-16] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-20] (Oracle Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2015-10-16] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-20] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2015-10-16] (Kaspersky Lab ZAO)
FireFox:
========
FF ProfilePath: C:\Users\hamadoto\AppData\Roaming\Mozilla\Firefox\Profiles\fs81t73p.default-1454013078005
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-20] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-10-16] ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-10-16] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-10-16] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\hamadoto\AppData\Roaming\Mozilla\Firefox\Profiles\fs81t73p.default-1454013078005\user.js [2016-01-29]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-10-16] [not signed]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-10-16] [not signed]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-10-16] [not signed]
FF Extension: Adblock Plus - C:\Users\hamadoto\AppData\Roaming\Mozilla\Firefox\Profiles\fs81t73p.default-1454013078005\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-29]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com
FF HKU\S-1-5-21-3792168985-1176982872-3723076907-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: IDM integration - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2015-10-02]
FF HKU\S-1-5-21-3792168985-1176982872-3723076907-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\hamadoto\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\hamadoto\AppData\Roaming\IDM\idmmzcc5 [2016-01-26] [not signed]
FF HKU\S-1-5-21-3792168985-1176982872-3723076907-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
Chrome:
=======
CHR Profile: C:\Users\hamadoto\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\hamadoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-26]
CHR Extension: (Google Docs) - C:\Users\hamadoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-16]
CHR Extension: (Google Drive) - C:\Users\hamadoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-05]
CHR Extension: (YouTube) - C:\Users\hamadoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-16]
CHR Extension: (Adblock Plus) - C:\Users\hamadoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-29]
CHR Extension: (Google Search) - C:\Users\hamadoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-05]
CHR Extension: (Kaspersky Protection) - C:\Users\hamadoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-10-16]
CHR Extension: (Google Sheets) - C:\Users\hamadoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-26]
CHR Extension: (Google Docs Offline) - C:\Users\hamadoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-21]
CHR Extension: (IDM Integration Module) - C:\Users\hamadoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-01-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\hamadoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-16]
CHR Extension: (Gmail) - C:\Users\hamadoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-16]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-10-08]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-10-08]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-31] (Kaspersky Lab ZAO)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-10-09] (IObit)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-15] (Kaspersky Lab UK Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 esgiguard; E:\SpyHunter 4.21.10.4585 Portable by wood\esgiguard.sys [15920 2016-01-22] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-01-22] ()
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2016-01-11] (REALiX(tm))
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-03] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2015-10-16] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-13] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [819896 2015-10-16] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-29] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-09] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-13] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-06] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2015-10-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-10] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [404184 2016-01-11] (Realsil Semiconductor Corporation)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr (http://www.devguru.co.kr)))
U0 tple; C:\Windows\System32\drivers\eomrjvp.sys [79064 2016-01-29] (Malwarebytes)
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-29 08:57 - 2016-01-29 09:08 - 00000000 ____D C:\FRST
2016-01-29 07:46 - 2016-01-29 07:46 - 00079064 _____ (Malwarebytes) C:\Windows\system32\Drivers\eomrjvp.sys
2016-01-28 00:31 - 2016-01-28 03:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-26 20:02 - 2016-01-26 20:02 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\ProductData
2016-01-26 19:58 - 2016-01-26 19:58 - 00003266 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2016-01-26 19:58 - 2016-01-22 21:50 - 00025984 ____R C:\Windows\SysWOW64\sh4native.exe
2016-01-26 19:56 - 2016-01-26 20:01 - 00000000 ___HD C:\23yMqNsLDSnSsIWT
2016-01-26 19:56 - 2016-01-26 19:56 - 00051181 _____ C:\spyhunter.fix
2016-01-26 19:09 - 2016-01-29 07:20 - 00003532 _____ C:\Windows\System32\Tasks\PCCleaner-AutoCleanup-Task
2016-01-26 19:09 - 2016-01-26 19:09 - 00003160 _____ C:\Windows\System32\Tasks\PCCleaner-Maintenance-Autorun
2016-01-26 19:01 - 2016-01-29 07:34 - 00000000 ____D C:\ProgramData\PC1Data
2016-01-26 19:01 - 2016-01-26 19:01 - 00000750 _____ C:\Users\hamadoto\Desktop\PC Cleaner Pro.lnk
2016-01-26 19:01 - 2016-01-26 19:01 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Cleaners
2016-01-26 19:01 - 2016-01-26 19:01 - 00000000 ____D C:\ProgramData\PC Cleaner Pro
2016-01-26 19:01 - 2016-01-18 11:26 - 05310360 _____ ((c) PC Cleaners Inc) C:\ProgramData\pclunst.exe
2016-01-26 18:30 - 2016-01-26 18:37 - 00000000 ____D C:\Program Files (x86)\Free Window Registry Repair
2016-01-26 18:30 - 2016-01-26 18:30 - 00001035 _____ C:\Users\hamadoto\Desktop\Free Window Registry Repair.lnk
2016-01-26 18:30 - 2016-01-26 18:30 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
2016-01-26 18:30 - 2016-01-26 18:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
2016-01-25 13:41 - 2010-11-01 01:11 - 419185203 _____ C:\Users\hamadoto\Desktop\Eat.Pray.Love.2010.DVDR5.X264.ASD.DooSH.mkv
2016-01-25 00:05 - 2016-01-25 00:05 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\35AB4403.sys
2016-01-24 22:42 - 2016-01-24 22:52 - 00000000 ____D C:\ProgramData\HitmanPro
2016-01-24 22:34 - 2016-01-25 05:59 - 00001156 _____ C:\Users\hamadoto\Desktop\JRT.txt
2016-01-24 22:15 - 2016-01-25 15:38 - 00000000 ____D C:\AdwCleaner
2016-01-24 22:03 - 2016-01-24 22:32 - 00114744 _____ C:\Windows\ntbtlog.txt
2016-01-24 09:12 - 2016-01-28 22:38 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-24 09:12 - 2016-01-24 09:12 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-24 09:12 - 2016-01-24 09:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-24 09:11 - 2016-01-24 09:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-24 09:11 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-24 09:11 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-24 09:11 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-24 08:50 - 2016-01-28 22:31 - 00000000 ____D C:\Users\hamadoto\Desktop\Old Firefox Data
2016-01-23 23:56 - 2016-01-23 23:56 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\23AF6F5C.sys
2016-01-23 23:37 - 2016-01-23 23:37 - 00001392 _____ C:\Users\Public\Desktop\Blade & Soul.lnk
2016-01-23 18:23 - 2016-01-23 18:23 - 00000000 ____D C:\Users\hamadoto\Documents\BnS
2016-01-23 18:23 - 2016-01-09 17:39 - 03916368 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des
2016-01-23 18:23 - 2005-01-03 08:43 - 00004682 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npptNT2.sys
2016-01-23 18:23 - 2003-07-18 23:17 - 00005174 _____ C:\Windows\SysWOW64\nppt9x.vxd
2016-01-23 18:22 - 2016-01-23 18:22 - 00000000 ____D C:\Program Files\Common Files\INCA Shared
2016-01-22 21:23 - 2016-01-22 21:23 - 00000000 _____ C:\autoexec.bat
2016-01-22 21:13 - 2016-01-22 21:13 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-01-22 20:07 - 2016-01-22 20:07 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-22 19:58 - 2016-01-22 20:01 - 22908888 _____ (Malwarebytes ) C:\Users\hamadoto\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-20 14:35 - 2016-01-20 14:35 - 04499648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-01-20 02:40 - 2016-01-23 23:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2016-01-20 02:38 - 2016-01-23 23:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2016-01-20 02:38 - 2016-01-23 23:16 - 00000000 ____D C:\Program Files (x86)\NCWest
2016-01-20 01:54 - 2016-01-20 01:54 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\Awesomium
2016-01-20 01:18 - 2016-01-20 02:00 - 00000000 ____D C:\Users\hamadoto\BrawlhallaReplays
2016-01-20 01:16 - 2016-01-20 01:16 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\BrawlhallaAir
2016-01-20 00:56 - 2016-01-20 00:56 - 00000222 _____ C:\Users\hamadoto\Desktop\Brawlhalla.url
2016-01-20 00:31 - 2016-01-20 00:36 - 05271256 _____ (Husdawg, LLC) C:\Users\hamadoto\Downloads\Detection.exe
2016-01-20 00:29 - 2016-01-20 00:31 - 00643680 _____ (Oracle Corporation) C:\Users\hamadoto\Downloads\jxpiinstall(1).exe
2016-01-18 01:24 - 2016-01-18 01:24 - 00000000 ____D C:\Users\hamadoto\Desktop\replay
2016-01-18 01:24 - 2015-11-13 20:57 - 01269248 _____ C:\Users\hamadoto\Desktop\ArenaValue.exe
2016-01-17 22:28 - 2016-01-17 22:28 - 00002334 _____ C:\Users\hamadoto\Desktop\Safe Money.lnk
2016-01-16 15:36 - 2016-01-16 15:36 - 02802818 _____ C:\Users\hamadoto\Desktop\Ch02_Chemistry_Slides_2perpage.pdf
2016-01-16 15:36 - 2016-01-16 15:36 - 00221414 _____ C:\Users\hamadoto\Desktop\Chapter02_ChemistryNotes.pdf
2016-01-16 15:35 - 2016-01-16 15:35 - 00210411 _____ C:\Users\hamadoto\Desktop\Chapter01_OrientationNotes.pdf
2016-01-16 14:39 - 2016-01-16 14:40 - 02802818 _____ C:\Users\hamadoto\Downloads\Ch02_Chemistry_Slides_2perpage.pdf
2016-01-16 14:39 - 2016-01-16 14:40 - 01625870 _____ C:\Users\hamadoto\Downloads\Ch02_Chemistry_Slides_6perpage.pdf
2016-01-16 14:39 - 2016-01-16 14:39 - 00221414 _____ C:\Users\hamadoto\Downloads\Chapter02_ChemistryNotes.pdf
2016-01-16 14:39 - 2016-01-16 14:39 - 00210411 _____ C:\Users\hamadoto\Downloads\Chapter01_OrientationNotes.pdf
2016-01-16 14:38 - 2016-01-16 14:39 - 01237556 _____ C:\Users\hamadoto\Downloads\Ch01_Orientation_Slides_6perpage.pdf
2016-01-16 14:36 - 2016-01-16 14:37 - 02483449 _____ C:\Users\hamadoto\Downloads\Ch01_Orientation_Slides_2perpage (1).pdf
2016-01-15 21:33 - 2016-01-15 21:34 - 01216888 _____ C:\Users\hamadoto\Desktop\ArenaValue.1.0.7.5.zip
2016-01-11 15:39 - 2016-01-11 15:39 - 02483449 _____ C:\Users\hamadoto\Downloads\Ch01_Orientation_Slides_2perpage.pdf
2016-01-11 15:35 - 2016-01-11 15:36 - 01050834 _____ C:\Users\hamadoto\Downloads\IntroductionToADAM_InteractiveAnatomyLite2015.pdf
2016-01-11 15:35 - 2016-01-11 15:36 - 01050834 _____ C:\Users\hamadoto\Downloads\IntroductionToADAM_InteractiveAnatomyLite2015 (1).pdf
2016-01-11 15:34 - 2016-01-11 15:34 - 00183553 _____ C:\Users\hamadoto\Downloads\DiscussionGroups1407Session1.pdf
2016-01-11 02:18 - 2016-01-11 02:18 - 73334784 _____ C:\Windows\system32\config\SOFTWARE.iobit
2016-01-11 02:18 - 2016-01-11 02:18 - 44257280 _____ C:\Windows\system32\config\COMPONENTS.iobit
2016-01-11 02:18 - 2016-01-11 02:18 - 00233472 _____ C:\Windows\system32\config\DEFAULT.iobit
2016-01-11 02:18 - 2016-01-11 02:18 - 00028672 _____ C:\Windows\system32\config\SAM.iobit
2016-01-11 02:18 - 2016-01-11 02:18 - 00024576 _____ C:\Windows\system32\config\SECURITY.iobit
2016-01-11 02:11 - 2016-01-11 02:11 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\Apple Computer
2016-01-11 02:10 - 2016-01-11 02:10 - 00000000 ____D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
2016-01-11 01:48 - 2015-10-13 18:19 - 05972783 _____ C:\Windows\system32\nvcoproc.bin
2016-01-11 01:46 - 2016-01-11 01:46 - 31514288 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-01-11 01:46 - 2016-01-11 01:46 - 24199344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-01-11 01:46 - 2016-01-11 01:46 - 22993200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2016-01-11 01:46 - 2016-01-11 01:46 - 18634072 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-01-11 01:46 - 2016-01-11 01:46 - 17559432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-01-11 01:46 - 2016-01-11 01:46 - 15293104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2016-01-11 01:46 - 2016-01-11 01:46 - 13916600 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-01-11 01:46 - 2016-01-11 01:46 - 13828224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-01-11 01:46 - 2016-01-11 01:46 - 12898992 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-01-11 01:46 - 2016-01-11 01:46 - 11272048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-01-11 01:46 - 2016-01-11 01:46 - 11209376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-01-11 01:46 - 2016-01-11 01:46 - 04245624 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-01-11 01:46 - 2016-01-11 01:46 - 03986608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-01-11 01:46 - 2016-01-11 01:46 - 02823992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-01-11 01:46 - 2016-01-11 01:46 - 01908528 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434192.dll
2016-01-11 01:46 - 2016-01-11 01:46 - 01556656 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434192.dll
2016-01-11 01:46 - 2016-01-11 01:46 - 00944304 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-01-11 01:46 - 2016-01-11 01:46 - 00907440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-01-11 01:46 - 2016-01-11 01:46 - 00903472 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-01-11 01:46 - 2016-01-11 01:46 - 00869040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-01-11 01:44 - 2016-01-11 01:44 - 09890008 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RsCRIcon.dll
2016-01-11 01:44 - 2016-01-11 01:44 - 01026304 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2016-01-11 01:44 - 2016-01-11 01:44 - 00404184 _____ (Realsil Semiconductor Corporation) C:\Windows\system32\Drivers\RtsUer.sys
2016-01-11 01:44 - 2016-01-11 01:44 - 00083160 _____ (Realtek Semiconductor.) C:\Windows\system32\RtCRX64.dll
2016-01-11 01:44 - 2016-01-11 01:44 - 00082544 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2016-01-11 01:44 - 2016-01-11 01:44 - 00000000 ____D C:\Windows\SysWOW64\sda
2016-01-11 01:43 - 2016-01-11 01:43 - 04161536 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys
2016-01-11 01:41 - 2016-01-11 01:41 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-01-11 01:41 - 2016-01-11 01:41 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-01-11 00:37 - 2016-01-11 00:37 - 00053624 _____ (TOSHIBA Corporation) C:\Windows\system32\Drivers\tosrfec.sys
2016-01-11 00:30 - 2016-01-24 22:33 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\IObit
2016-01-11 00:30 - 2016-01-24 22:33 - 00000000 ____D C:\ProgramData\IObit
2016-01-11 00:30 - 2016-01-18 01:23 - 00000000 ____D C:\Program Files (x86)\IObit
2016-01-11 00:30 - 2016-01-11 02:11 - 00000000 ____D C:\Users\hamadoto\AppData\LocalLow\IObit
2016-01-11 00:30 - 2016-01-11 00:30 - 00026528 _____ (REALiX(tm)) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2016-01-11 00:30 - 2016-01-11 00:30 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2016-01-10 23:47 - 2016-01-26 19:13 - 00000000 ____D C:\Users\hamadoto\Desktop\folder 1
2016-01-04 08:45 - 2016-01-04 08:45 - 00000000 ____D C:\Users\hamadoto\Downloads\جلدية وتناسلية مراجعة دكتور طارق أبو اليزيد
2016-01-03 23:00 - 2016-01-20 00:56 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-01-03 15:25 - 2016-01-03 15:26 - 04508873 _____ C:\Users\hamadoto\Downloads\جلدية وتناسلية مراجعة دكتور طارق أبو اليزيد.rar
2015-12-30 14:33 - 2015-12-30 14:33 - 01048576 ___SH C:\Windows\system32\config\COMPONENTS{1dfba603-aee1-11e5-9c1e-b870f4d1ae51}.TxR.2.regtrans-ms
2015-12-30 14:33 - 2015-12-30 14:33 - 01048576 ___SH C:\Windows\system32\config\COMPONENTS{1dfba603-aee1-11e5-9c1e-b870f4d1ae51}.TxR.1.regtrans-ms
2015-12-30 14:33 - 2015-12-30 14:33 - 01048576 ___SH C:\Windows\system32\config\COMPONENTS{1dfba603-aee1-11e5-9c1e-b870f4d1ae51}.TxR.0.regtrans-ms
2015-12-30 14:33 - 2015-12-30 14:33 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{1dfba604-aee1-11e5-9c1e-b870f4d1ae51}.TMContainer00000000000000000002.regtrans-ms
2015-12-30 14:33 - 2015-12-30 14:33 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{1dfba604-aee1-11e5-9c1e-b870f4d1ae51}.TMContainer00000000000000000001.regtrans-ms
2015-12-30 14:33 - 2015-12-30 14:33 - 00065536 ___SH C:\Windows\system32\config\COMPONENTS{1dfba604-aee1-11e5-9c1e-b870f4d1ae51}.TM.blf
2015-12-30 14:33 - 2015-12-30 14:33 - 00065536 ___SH C:\Windows\system32\config\COMPONENTS{1dfba603-aee1-11e5-9c1e-b870f4d1ae51}.TxR.blf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-29 08:35 - 2015-10-16 03:24 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-29 08:29 - 2015-10-16 03:11 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-29 08:20 - 2015-10-16 03:03 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-01-29 07:53 - 2009-07-14 06:45 - 00026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-29 07:53 - 2009-07-14 06:45 - 00026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-29 07:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-01-29 07:23 - 2015-12-10 18:06 - 00000000 ____D C:\Users\hamadoto\AppData\Local\launcher
2016-01-29 07:23 - 2015-11-14 18:35 - 00000000 ____D C:\Users\hamadoto\.counterplay
2016-01-29 07:23 - 2015-10-16 03:16 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\DMCache
2016-01-29 00:34 - 2015-10-16 03:12 - 00002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-28 15:29 - 2015-10-16 03:11 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-28 08:47 - 2009-07-14 07:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-28 08:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-01-28 03:38 - 2015-10-16 03:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-27 04:22 - 2015-10-16 07:30 - 00000000 ____D C:\Users\hamadoto\AppData\Local\Battle.net
2016-01-26 20:27 - 2015-10-24 04:28 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-01-26 20:01 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-26 19:14 - 2015-11-14 18:34 - 00000000 ____D C:\Users\hamadoto\AppData\Local\SquirrelTemp
2016-01-26 19:13 - 2015-10-16 03:11 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nvidia Forceware Driver
2016-01-25 15:15 - 2015-10-24 11:48 - 12291754 _____ C:\Users\hamadoto\Documents\menna
2016-01-25 05:34 - 2015-11-14 18:59 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\Duelyst
2016-01-24 00:03 - 2015-11-14 18:35 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\DuelystLauncher
2016-01-23 23:37 - 2015-10-16 03:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-23 23:15 - 2015-10-16 03:04 - 00109112 _____ C:\Users\hamadoto\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-23 23:12 - 2009-07-14 06:45 - 00428320 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-23 23:11 - 2015-10-24 01:39 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-23 22:53 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-01-23 22:52 - 2015-10-29 08:31 - 00000000 ____D C:\Program Files\Microsoft Office
2016-01-23 22:51 - 2011-04-12 10:28 - 00000000 ____D C:\Windows\ShellNew
2016-01-23 22:47 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-01-23 22:46 - 2009-07-14 04:34 - 00000387 _____ C:\Windows\win.ini
2016-01-22 21:22 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Web
2016-01-21 13:53 - 2015-10-16 03:16 - 00000000 ____D C:\Users\hamadoto\Downloads\Compressed
2016-01-20 14:36 - 2015-10-16 03:24 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-20 14:36 - 2015-10-16 03:24 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-20 14:36 - 2015-10-16 03:24 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-20 02:12 - 2015-10-16 03:16 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\IDM
2016-01-20 01:18 - 2015-10-16 02:53 - 00000000 ____D C:\Users\hamadoto
2016-01-20 00:55 - 2015-10-20 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-20 00:55 - 2015-10-20 22:48 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-20 00:55 - 2015-10-16 03:30 - 00000000 ____D C:\ProgramData\Oracle
2016-01-20 00:54 - 2015-10-20 22:49 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-01-20 00:54 - 2015-10-16 03:30 - 00000000 ____D C:\Users\hamadoto\.oracle_jre_usage
2016-01-18 01:24 - 2015-10-21 07:12 - 00000000 ____D C:\Users\hamadoto\AppData\Local\netz
2016-01-17 22:46 - 2015-11-09 16:28 - 00000000 ____D C:\Program Files\Keylogger Detector
2016-01-12 02:48 - 2015-10-16 04:10 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\Media Player Classic
2016-01-11 02:22 - 2015-10-16 03:29 - 00000000 ____D C:\Windows\Panther
2016-01-11 02:22 - 2015-10-16 03:16 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IDM
2016-01-11 02:20 - 2015-11-12 19:08 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\Sony
2016-01-11 01:48 - 2015-10-16 02:59 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-11 01:47 - 2015-10-16 02:55 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-01-11 01:46 - 2015-10-16 02:55 - 16128576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-01-11 01:46 - 2015-10-16 02:55 - 14497568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-01-11 01:46 - 2015-10-16 02:55 - 03209920 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-01-11 01:46 - 2015-10-16 02:55 - 00026155 _____ C:\Windows\system32\nvinfo.pb
2016-01-11 01:44 - 2011-06-10 15:34 - 00116304 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2016-01-11 01:41 - 2015-10-16 02:55 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2016-01-06 02:11 - 2015-10-23 23:05 - 00000000 ____D C:\Program Files (x86)\osu!
==================== Files in the root of some directories =======
2016-01-26 19:01 - 2016-01-18 11:26 - 5310360 _____ ((c) PC Cleaners Inc) C:\ProgramData\pclunst.exe
Files to move or delete:
====================
C:\ProgramData\pclunst.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-01-26 19:56
==================== End of FRST.txt ============================
here is addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by hamadoto (2016-01-29 09:08:40)
Running from C:\Users\hamadoto\Downloads\Programs
Windows 7 Ultimate Service Pack 1 (X64) (2015-10-16 00:53:01)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3792168985-1176982872-3723076907-500 - Administrator - Disabled)
Guest (S-1-5-21-3792168985-1176982872-3723076907-501 - Limited - Enabled)
hamadoto (S-1-5-21-3792168985-1176982872-3723076907-1000 - Administrator - Enabled) => C:\Users\hamadoto
HomeGroupUser$ (S-1-5-21-3792168985-1176982872-3723076907-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Internet Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.3 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.237 - NC Interactive, LLC)
Blade & Soul (x32 Version: 1.0.63.237 - NC Interactive, LLC) Hidden
Brawlhalla (HKLM-x32\...\Steam App 291550) (Version: - Blue Mammoth Games)
Canon LBP6020 (HKLM\...\Canon LBP6020) (Version: - )
DomDomSoft Manga Downloader (remove only) (HKLM-x32\...\DomDomSoft Manga Downloader) (Version: - )
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Free Window Registry Repair (HKLM-x32\...\Free Window Registry Repair) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
K-Lite Codec Pack 9.9.5 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.5 - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Markets.com MetaTrader (HKLM-x32\...\Markets.com MetaTrader) (Version: 4.00 - MetaQuotes Software Corp.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft DirectX SDK (June 2010) (HKLM-x32\...\Microsoft DirectX SDK (June 2010)) (Version: 9.29.1962.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 44.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0 (x86 en-US)) (Version: 44.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.0.5866 - Mozilla)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
osu! (HKLM-x32\...\{b1da0b9d-2d4a-4a01-b10a-ba41ab63f757}) (Version: latest - ppy Pty Ltd)
osu! (HKLM-x32\...\{b73fe97b-5bed-4734-a4ef-adc7e67a5efa}) (Version: latest - ppy Pty Ltd)
paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC)
PC Cleaners (HKU\S-1-5-21-3792168985-1176982872-3723076907-1000\...\PC Cleaners) (Version: - PC Cleaners) <==== ATTENTION
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Vegas Pro 12.0 (64-bit) (HKLM\...\{64A98EF1-2680-11E3-A909-F04DA23A5C58}) (Version: 12.0.726 - Sony)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0DB08A6A-E3FF-403D-8A89-36D15C27BEA0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-20] (Adobe Systems Incorporated)
Task: {13CFC452-BF18-4C44-80F3-DD2DE6147E21} - System32\Tasks\SpyHunter4Startup => E:\SpyHunter 4.21.10.4585 Portable by wood\SpyHunter4.exe [2016-01-22] (Enigma Software Group USA, LLC.)
Task: {146CA3E5-4E6D-46CC-9EF2-83D25B72C497} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-16] (Google Inc.)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {6CBC587B-9B58-4BFF-8073-1DE8DDA4E130} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2015-11-13] (AO Kaspersky Lab)
Task: {7E24C408-AB10-4798-AB43-5B1C3C570C84} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-16] (Google Inc.)
Task: {898C0306-3D53-4ABA-A5E2-3D70D4378B93} - System32\Tasks\Microsoft\Windows\Setup\xtgt\refreshxtgtconfig => C:\Windows\system32\XTgt\XTgtMgr.exe [2015-10-05] (Microsoft Corporation)
Task: {B5995177-4D5C-4956-948E-50C49A9B1F1B} - System32\Tasks\PCCleaner-AutoCleanup-Task => C:\ProgramData\PC Cleaner Pro\PCCleaners.exe [2016-01-26] (PC Cleaners Inc.)
Task: {DD04852B-0144-40BE-BE0C-2F77FADC58BB} - System32\Tasks\PCCleaner-Maintenance-Autorun => C:\ProgramData\PC Cleaner Pro\PCCleaners.exe [2016-01-26] (PC Cleaners Inc.)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {EA1A7C2F-F8CC-49CF-BA55-21230681AE7F} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3792168985-1176982872-3723076907-1000
Task: {FD09ACC1-27B2-4F99-A400-66B6B973C36D} - System32\Tasks\KMSAuto => C:\Windows\KMSAuto.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-10-16 02:57 - 2015-10-13 19:26 - 00125616 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-08-31 02:12 - 2014-08-31 02:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\kpcengine.2.3.dll
2016-01-29 00:34 - 2016-01-27 19:39 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libglesv2.dll
2016-01-29 00:34 - 2016-01-27 19:39 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libegl.dll
2014-08-31 02:12 - 2015-10-16 03:24 - 00459048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-08-31 02:12 - 2015-10-16 03:24 - 00587048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
2014-08-31 02:12 - 2015-10-16 03:24 - 00332584 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com\nponlinebanking.dll
2016-01-20 14:36 - 2016-01-20 14:36 - 17882304 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2013-09-03 17:19 - 00000833 ____A C:\Windows\system32\Drivers\etc\hosts
# ::1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3792168985-1176982872-3723076907-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\hamadoto\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 37.59.72.131 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Lync => "C:\Program Files\Microsoft Office\Office16\lync.exe" /fromrunkey
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{0D9C4C6C-3870-4CE8-88E1-25B8B062D6FC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{77466574-B2CD-42AB-A0AE-8C09B7040F87}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{480EA2C7-0C75-4CD5-8B08-65273BBB9872}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{19B143BE-1EF2-4450-9D27-DC238CA1630D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4344194D-2CBF-47C1-8D7F-D1312FE429A0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1C02056E-D441-47D6-A5BA-122F573DCDB2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9F28588F-D91B-471D-A074-2FF0C6DE1013}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{4E365906-CF9D-47BE-A858-FB3632A7A7BD}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{97F0D21C-2027-4082-8FFB-2D1CD45A45FA}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{71B0C1C0-B326-4857-9ED6-7E3D54EAD875}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{AA67949D-2C38-4C23-88B5-189B652476BA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{54814E78-DCD5-41A0-A79F-AB214EE8A0B0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{821E924E-CA2E-47D3-8B02-13FB50CBA22A}D:\hearthstone\hearthstone.exe] => (Allow) D:\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{8E646B4D-7718-4BC6-AFFC-E1D0E835AB5C}D:\hearthstone\hearthstone.exe] => (Allow) D:\hearthstone\hearthstone.exe
FirewallRules: [{727DB2CD-2726-4672-A85A-CCCC70F02246}] => (Allow) C:\Users\hamadoto\Downloads\DomDomSoftMangaDownloader_5.5_Installer-70384064.exe
FirewallRules: [{5131D83E-0C9E-4818-BA40-8EF4AB49114C}] => (Allow) C:\Users\hamadoto\Downloads\DomDomSoftMangaDownloader_5.5_Installer-70384064.exe
FirewallRules: [{5007589C-AAD9-45CE-A350-0CCA87DD8551}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4145BF9A-C8BB-4116-A10D-BA6E4A21C25A}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EB2567B9-5C76-4FB0-A945-7208B6248BC7}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{9C362567-81FC-4E23-A3BB-969951D863D1}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{9580237A-3C40-492E-90E4-11659C27D6E5}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{99FD83C5-C58F-4F9B-8780-CF13D90C4094}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{979A7F27-EBED-4C63-A839-4EF5748A4F03}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{799CDC76-0923-4FA2-97FF-F40E2E175B97}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{D5D8C017-6B7E-4DAF-8FA8-5673F7CC443C}] => (Allow) E:\SteamLibrary\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{6807C3E0-91FB-42EE-B13C-C419228B93AB}] => (Allow) E:\SteamLibrary\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{3667D125-B584-4047-A2AD-D6AD1231FE2F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
29-01-2016 07:22:05 PC Cleaner Pro System Backup
==================== Faulty Device Manager Devices =============
Name: Realtek PCIe FE Family Controller
Description: Realtek PCIe FE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device cannot find enough free resources that it can use. If you want to use this device, you will need to disable one of the other devices on this system. (Code12)
Resolution: Two devices have been assigned the same input/output (I/O) ports, the same interrupt, or the same Direct Memory Access channel (either by the BIOS, the operating system, or a combination of the two). This error message can also appear if the BIOS did not allocate enough resources to the device (for example, if a universal serial bus (USB) controller does not get an interrupt from the BIOS because of a corrupt Multiprocessor System (MPS) table).
You can use Device Manager to determine where the conflict is and disable the conflicting device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/29/2016 07:41:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: regedit.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc2cc
Faulting module name: mshtml.dll, version: 11.0.9600.18057, time stamp: 0x55f8f2f2
Exception code: 0xc000041d
Fault offset: 0x00000000000c49a5
Faulting process id: 0x16360
Faulting application start time: 0xregedit.exe0
Faulting application path: regedit.exe1
Faulting module path: regedit.exe2
Report Id: regedit.exe3
Error: (01/29/2016 07:41:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: regedit.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc2cc
Faulting module name: mshtml.dll, version: 11.0.9600.18057, time stamp: 0x55f8f2f2
Exception code: 0xc0000005
Fault offset: 0x00000000000c49a5
Faulting process id: 0x16360
Faulting application start time: 0xregedit.exe0
Faulting application path: regedit.exe1
Faulting module path: regedit.exe2
Report Id: regedit.exe3
Error: (01/26/2016 08:14:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 43.0.4.5848, time stamp: 0x568c88bd
Faulting module name: mozglue.dll, version: 43.0.4.5848, time stamp: 0x568c7b16
Exception code: 0x80000003
Fault offset: 0x0000ed44
Faulting process id: 0x6a4
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Error: (01/26/2016 08:14:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 43.0.4.5848, time stamp: 0x568c88bd
Faulting module name: mozglue.dll, version: 43.0.4.5848, time stamp: 0x568c7b16
Exception code: 0x80000003
Fault offset: 0x0000ed44
Faulting process id: 0x1168
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Error: (01/26/2016 08:14:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 43.0.4.5848, time stamp: 0x568c88bd
Faulting module name: mozglue.dll, version: 43.0.4.5848, time stamp: 0x568c7b16
Exception code: 0x80000003
Fault offset: 0x0000ed44
Faulting process id: 0x1050
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Error: (01/26/2016 08:02:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/26/2016 05:57:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/26/2016 11:21:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/25/2016 03:50:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/25/2016 05:06:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (01/29/2016 09:07:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058
Error: (01/29/2016 09:07:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058
Error: (01/29/2016 09:07:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058
Error: (01/29/2016 09:07:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058
Error: (01/29/2016 09:07:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058
Error: (01/29/2016 09:07:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058
Error: (01/29/2016 09:07:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1058
Error: (01/29/2016 09:07:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058
Error: (01/29/2016 09:07:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058
Error: (01/29/2016 09:07:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 60%
Total physical RAM: 4073.76 MB
Available physical RAM: 1616.14 MB
Total Virtual: 8145.73 MB
Available Virtual: 5336.6 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:59.47 GB) (Free:15.03 GB) NTFS
Drive d: () (Fixed) (Total:233.4 GB) (Free:31.89 GB) NTFS
Drive e: () (Fixed) (Total:172.79 GB) (Free:4.63 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B6A5B88C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=59.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=233.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=172.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Previous topic: https://forums.spybot.info/showthread.php?73205-go-pasdel-com-or-tradeadexchange-com-presistant-spyware-cant-be-removed!
http://s23.postimg.org/816uuz4fv/malware_caught_it.jpg
this is my malwarebyte catching it, its supposed to redirect me to a link shortner site, but malware blocked it ( http://s12.postimg.org/oj5dw2nfh/redirect.jpg )
now i made scan with spyware hunter, pc clean, adware cleaner, kas2015, junk remover
now this virus just don't want to get removed, always always coming back, it disappear for a period like 1-2 days, then come back again, first time i did scan, i caught alot of spywares second time, i catch non, but problem still there
just today my brother laptop got affected as well by it
here is the frst
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by hamadoto (administrator) on HAMADOTO-PC (29-01-2016 09:08:07)
Running from C:\Users\hamadoto\Downloads\Programs
Loaded Profiles: hamadoto (Available Profiles: hamadoto)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2RPK.EXE
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNABFSWK.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe
(Microsoft Corporation) C:\Windows\System32\PING.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [CNAP2 Launcher] => C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [226784 2010-10-15] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-10-05] (Malwarebytes)
HKU\S-1-5-21-3792168985-1176982872-3723076907-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3911248 2015-10-08] (Tonec Inc.)
HKU\S-1-5-21-3792168985-1176982872-3723076907-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
BootExecute: autocheck autochk * sh4native Sh4Removal
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 37.59.72.131 8.8.8.8
Tcpip\..\Interfaces\{4BB6DFD2-15BD-4040-9714-2E41ABF75429}: [DhcpNameServer] 37.59.72.131 8.8.8.8
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2015-10-16] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2015-10-16] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2015-10-16] (Kaspersky Lab ZAO)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2015-10-16] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-20] (Oracle Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2015-10-16] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-20] (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2015-10-16] (Kaspersky Lab ZAO)
FireFox:
========
FF ProfilePath: C:\Users\hamadoto\AppData\Roaming\Mozilla\Firefox\Profiles\fs81t73p.default-1454013078005
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-20] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-10-16] ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-10-16] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-10-16] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\hamadoto\AppData\Roaming\Mozilla\Firefox\Profiles\fs81t73p.default-1454013078005\user.js [2016-01-29]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-10-16] [not signed]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-10-16] [not signed]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-10-16] [not signed]
FF Extension: Adblock Plus - C:\Users\hamadoto\AppData\Roaming\Mozilla\Firefox\Profiles\fs81t73p.default-1454013078005\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-29]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com
FF HKU\S-1-5-21-3792168985-1176982872-3723076907-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: IDM integration - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2015-10-02]
FF HKU\S-1-5-21-3792168985-1176982872-3723076907-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\hamadoto\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\hamadoto\AppData\Roaming\IDM\idmmzcc5 [2016-01-26] [not signed]
FF HKU\S-1-5-21-3792168985-1176982872-3723076907-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
Chrome:
=======
CHR Profile: C:\Users\hamadoto\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\hamadoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-26]
CHR Extension: (Google Docs) - C:\Users\hamadoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-16]
CHR Extension: (Google Drive) - C:\Users\hamadoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-05]
CHR Extension: (YouTube) - C:\Users\hamadoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-16]
CHR Extension: (Adblock Plus) - C:\Users\hamadoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-29]
CHR Extension: (Google Search) - C:\Users\hamadoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-05]
CHR Extension: (Kaspersky Protection) - C:\Users\hamadoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-10-16]
CHR Extension: (Google Sheets) - C:\Users\hamadoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-26]
CHR Extension: (Google Docs Offline) - C:\Users\hamadoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-21]
CHR Extension: (IDM Integration Module) - C:\Users\hamadoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-01-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\hamadoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-16]
CHR Extension: (Gmail) - C:\Users\hamadoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-16]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-10-08]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-10-08]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-31] (Kaspersky Lab ZAO)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-10-09] (IObit)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-15] (Kaspersky Lab UK Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 esgiguard; E:\SpyHunter 4.21.10.4585 Portable by wood\esgiguard.sys [15920 2016-01-22] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-01-22] ()
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2016-01-11] (REALiX(tm))
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-03] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2015-10-16] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-13] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [819896 2015-10-16] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-29] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-09] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-13] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-06] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2015-10-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-10] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [404184 2016-01-11] (Realsil Semiconductor Corporation)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr (http://www.devguru.co.kr)))
U0 tple; C:\Windows\System32\drivers\eomrjvp.sys [79064 2016-01-29] (Malwarebytes)
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-29 08:57 - 2016-01-29 09:08 - 00000000 ____D C:\FRST
2016-01-29 07:46 - 2016-01-29 07:46 - 00079064 _____ (Malwarebytes) C:\Windows\system32\Drivers\eomrjvp.sys
2016-01-28 00:31 - 2016-01-28 03:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-26 20:02 - 2016-01-26 20:02 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\ProductData
2016-01-26 19:58 - 2016-01-26 19:58 - 00003266 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2016-01-26 19:58 - 2016-01-22 21:50 - 00025984 ____R C:\Windows\SysWOW64\sh4native.exe
2016-01-26 19:56 - 2016-01-26 20:01 - 00000000 ___HD C:\23yMqNsLDSnSsIWT
2016-01-26 19:56 - 2016-01-26 19:56 - 00051181 _____ C:\spyhunter.fix
2016-01-26 19:09 - 2016-01-29 07:20 - 00003532 _____ C:\Windows\System32\Tasks\PCCleaner-AutoCleanup-Task
2016-01-26 19:09 - 2016-01-26 19:09 - 00003160 _____ C:\Windows\System32\Tasks\PCCleaner-Maintenance-Autorun
2016-01-26 19:01 - 2016-01-29 07:34 - 00000000 ____D C:\ProgramData\PC1Data
2016-01-26 19:01 - 2016-01-26 19:01 - 00000750 _____ C:\Users\hamadoto\Desktop\PC Cleaner Pro.lnk
2016-01-26 19:01 - 2016-01-26 19:01 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Cleaners
2016-01-26 19:01 - 2016-01-26 19:01 - 00000000 ____D C:\ProgramData\PC Cleaner Pro
2016-01-26 19:01 - 2016-01-18 11:26 - 05310360 _____ ((c) PC Cleaners Inc) C:\ProgramData\pclunst.exe
2016-01-26 18:30 - 2016-01-26 18:37 - 00000000 ____D C:\Program Files (x86)\Free Window Registry Repair
2016-01-26 18:30 - 2016-01-26 18:30 - 00001035 _____ C:\Users\hamadoto\Desktop\Free Window Registry Repair.lnk
2016-01-26 18:30 - 2016-01-26 18:30 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
2016-01-26 18:30 - 2016-01-26 18:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
2016-01-25 13:41 - 2010-11-01 01:11 - 419185203 _____ C:\Users\hamadoto\Desktop\Eat.Pray.Love.2010.DVDR5.X264.ASD.DooSH.mkv
2016-01-25 00:05 - 2016-01-25 00:05 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\35AB4403.sys
2016-01-24 22:42 - 2016-01-24 22:52 - 00000000 ____D C:\ProgramData\HitmanPro
2016-01-24 22:34 - 2016-01-25 05:59 - 00001156 _____ C:\Users\hamadoto\Desktop\JRT.txt
2016-01-24 22:15 - 2016-01-25 15:38 - 00000000 ____D C:\AdwCleaner
2016-01-24 22:03 - 2016-01-24 22:32 - 00114744 _____ C:\Windows\ntbtlog.txt
2016-01-24 09:12 - 2016-01-28 22:38 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-24 09:12 - 2016-01-24 09:12 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-24 09:12 - 2016-01-24 09:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-24 09:11 - 2016-01-24 09:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-24 09:11 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-24 09:11 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-24 09:11 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-24 08:50 - 2016-01-28 22:31 - 00000000 ____D C:\Users\hamadoto\Desktop\Old Firefox Data
2016-01-23 23:56 - 2016-01-23 23:56 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\23AF6F5C.sys
2016-01-23 23:37 - 2016-01-23 23:37 - 00001392 _____ C:\Users\Public\Desktop\Blade & Soul.lnk
2016-01-23 18:23 - 2016-01-23 18:23 - 00000000 ____D C:\Users\hamadoto\Documents\BnS
2016-01-23 18:23 - 2016-01-09 17:39 - 03916368 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des
2016-01-23 18:23 - 2005-01-03 08:43 - 00004682 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npptNT2.sys
2016-01-23 18:23 - 2003-07-18 23:17 - 00005174 _____ C:\Windows\SysWOW64\nppt9x.vxd
2016-01-23 18:22 - 2016-01-23 18:22 - 00000000 ____D C:\Program Files\Common Files\INCA Shared
2016-01-22 21:23 - 2016-01-22 21:23 - 00000000 _____ C:\autoexec.bat
2016-01-22 21:13 - 2016-01-22 21:13 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-01-22 20:07 - 2016-01-22 20:07 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-22 19:58 - 2016-01-22 20:01 - 22908888 _____ (Malwarebytes ) C:\Users\hamadoto\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-20 14:35 - 2016-01-20 14:35 - 04499648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-01-20 02:40 - 2016-01-23 23:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2016-01-20 02:38 - 2016-01-23 23:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2016-01-20 02:38 - 2016-01-23 23:16 - 00000000 ____D C:\Program Files (x86)\NCWest
2016-01-20 01:54 - 2016-01-20 01:54 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\Awesomium
2016-01-20 01:18 - 2016-01-20 02:00 - 00000000 ____D C:\Users\hamadoto\BrawlhallaReplays
2016-01-20 01:16 - 2016-01-20 01:16 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\BrawlhallaAir
2016-01-20 00:56 - 2016-01-20 00:56 - 00000222 _____ C:\Users\hamadoto\Desktop\Brawlhalla.url
2016-01-20 00:31 - 2016-01-20 00:36 - 05271256 _____ (Husdawg, LLC) C:\Users\hamadoto\Downloads\Detection.exe
2016-01-20 00:29 - 2016-01-20 00:31 - 00643680 _____ (Oracle Corporation) C:\Users\hamadoto\Downloads\jxpiinstall(1).exe
2016-01-18 01:24 - 2016-01-18 01:24 - 00000000 ____D C:\Users\hamadoto\Desktop\replay
2016-01-18 01:24 - 2015-11-13 20:57 - 01269248 _____ C:\Users\hamadoto\Desktop\ArenaValue.exe
2016-01-17 22:28 - 2016-01-17 22:28 - 00002334 _____ C:\Users\hamadoto\Desktop\Safe Money.lnk
2016-01-16 15:36 - 2016-01-16 15:36 - 02802818 _____ C:\Users\hamadoto\Desktop\Ch02_Chemistry_Slides_2perpage.pdf
2016-01-16 15:36 - 2016-01-16 15:36 - 00221414 _____ C:\Users\hamadoto\Desktop\Chapter02_ChemistryNotes.pdf
2016-01-16 15:35 - 2016-01-16 15:35 - 00210411 _____ C:\Users\hamadoto\Desktop\Chapter01_OrientationNotes.pdf
2016-01-16 14:39 - 2016-01-16 14:40 - 02802818 _____ C:\Users\hamadoto\Downloads\Ch02_Chemistry_Slides_2perpage.pdf
2016-01-16 14:39 - 2016-01-16 14:40 - 01625870 _____ C:\Users\hamadoto\Downloads\Ch02_Chemistry_Slides_6perpage.pdf
2016-01-16 14:39 - 2016-01-16 14:39 - 00221414 _____ C:\Users\hamadoto\Downloads\Chapter02_ChemistryNotes.pdf
2016-01-16 14:39 - 2016-01-16 14:39 - 00210411 _____ C:\Users\hamadoto\Downloads\Chapter01_OrientationNotes.pdf
2016-01-16 14:38 - 2016-01-16 14:39 - 01237556 _____ C:\Users\hamadoto\Downloads\Ch01_Orientation_Slides_6perpage.pdf
2016-01-16 14:36 - 2016-01-16 14:37 - 02483449 _____ C:\Users\hamadoto\Downloads\Ch01_Orientation_Slides_2perpage (1).pdf
2016-01-15 21:33 - 2016-01-15 21:34 - 01216888 _____ C:\Users\hamadoto\Desktop\ArenaValue.1.0.7.5.zip
2016-01-11 15:39 - 2016-01-11 15:39 - 02483449 _____ C:\Users\hamadoto\Downloads\Ch01_Orientation_Slides_2perpage.pdf
2016-01-11 15:35 - 2016-01-11 15:36 - 01050834 _____ C:\Users\hamadoto\Downloads\IntroductionToADAM_InteractiveAnatomyLite2015.pdf
2016-01-11 15:35 - 2016-01-11 15:36 - 01050834 _____ C:\Users\hamadoto\Downloads\IntroductionToADAM_InteractiveAnatomyLite2015 (1).pdf
2016-01-11 15:34 - 2016-01-11 15:34 - 00183553 _____ C:\Users\hamadoto\Downloads\DiscussionGroups1407Session1.pdf
2016-01-11 02:18 - 2016-01-11 02:18 - 73334784 _____ C:\Windows\system32\config\SOFTWARE.iobit
2016-01-11 02:18 - 2016-01-11 02:18 - 44257280 _____ C:\Windows\system32\config\COMPONENTS.iobit
2016-01-11 02:18 - 2016-01-11 02:18 - 00233472 _____ C:\Windows\system32\config\DEFAULT.iobit
2016-01-11 02:18 - 2016-01-11 02:18 - 00028672 _____ C:\Windows\system32\config\SAM.iobit
2016-01-11 02:18 - 2016-01-11 02:18 - 00024576 _____ C:\Windows\system32\config\SECURITY.iobit
2016-01-11 02:11 - 2016-01-11 02:11 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\Apple Computer
2016-01-11 02:10 - 2016-01-11 02:10 - 00000000 ____D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
2016-01-11 01:48 - 2015-10-13 18:19 - 05972783 _____ C:\Windows\system32\nvcoproc.bin
2016-01-11 01:46 - 2016-01-11 01:46 - 31514288 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-01-11 01:46 - 2016-01-11 01:46 - 24199344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-01-11 01:46 - 2016-01-11 01:46 - 22993200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2016-01-11 01:46 - 2016-01-11 01:46 - 18634072 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-01-11 01:46 - 2016-01-11 01:46 - 17559432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-01-11 01:46 - 2016-01-11 01:46 - 15293104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2016-01-11 01:46 - 2016-01-11 01:46 - 13916600 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-01-11 01:46 - 2016-01-11 01:46 - 13828224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-01-11 01:46 - 2016-01-11 01:46 - 12898992 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-01-11 01:46 - 2016-01-11 01:46 - 11272048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-01-11 01:46 - 2016-01-11 01:46 - 11209376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-01-11 01:46 - 2016-01-11 01:46 - 04245624 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-01-11 01:46 - 2016-01-11 01:46 - 03986608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-01-11 01:46 - 2016-01-11 01:46 - 02823992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-01-11 01:46 - 2016-01-11 01:46 - 01908528 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434192.dll
2016-01-11 01:46 - 2016-01-11 01:46 - 01556656 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434192.dll
2016-01-11 01:46 - 2016-01-11 01:46 - 00944304 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-01-11 01:46 - 2016-01-11 01:46 - 00907440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-01-11 01:46 - 2016-01-11 01:46 - 00903472 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-01-11 01:46 - 2016-01-11 01:46 - 00869040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-01-11 01:44 - 2016-01-11 01:44 - 09890008 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RsCRIcon.dll
2016-01-11 01:44 - 2016-01-11 01:44 - 01026304 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2016-01-11 01:44 - 2016-01-11 01:44 - 00404184 _____ (Realsil Semiconductor Corporation) C:\Windows\system32\Drivers\RtsUer.sys
2016-01-11 01:44 - 2016-01-11 01:44 - 00083160 _____ (Realtek Semiconductor.) C:\Windows\system32\RtCRX64.dll
2016-01-11 01:44 - 2016-01-11 01:44 - 00082544 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2016-01-11 01:44 - 2016-01-11 01:44 - 00000000 ____D C:\Windows\SysWOW64\sda
2016-01-11 01:43 - 2016-01-11 01:43 - 04161536 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys
2016-01-11 01:41 - 2016-01-11 01:41 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-01-11 01:41 - 2016-01-11 01:41 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-01-11 00:37 - 2016-01-11 00:37 - 00053624 _____ (TOSHIBA Corporation) C:\Windows\system32\Drivers\tosrfec.sys
2016-01-11 00:30 - 2016-01-24 22:33 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\IObit
2016-01-11 00:30 - 2016-01-24 22:33 - 00000000 ____D C:\ProgramData\IObit
2016-01-11 00:30 - 2016-01-18 01:23 - 00000000 ____D C:\Program Files (x86)\IObit
2016-01-11 00:30 - 2016-01-11 02:11 - 00000000 ____D C:\Users\hamadoto\AppData\LocalLow\IObit
2016-01-11 00:30 - 2016-01-11 00:30 - 00026528 _____ (REALiX(tm)) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2016-01-11 00:30 - 2016-01-11 00:30 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2016-01-10 23:47 - 2016-01-26 19:13 - 00000000 ____D C:\Users\hamadoto\Desktop\folder 1
2016-01-04 08:45 - 2016-01-04 08:45 - 00000000 ____D C:\Users\hamadoto\Downloads\جلدية وتناسلية مراجعة دكتور طارق أبو اليزيد
2016-01-03 23:00 - 2016-01-20 00:56 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-01-03 15:25 - 2016-01-03 15:26 - 04508873 _____ C:\Users\hamadoto\Downloads\جلدية وتناسلية مراجعة دكتور طارق أبو اليزيد.rar
2015-12-30 14:33 - 2015-12-30 14:33 - 01048576 ___SH C:\Windows\system32\config\COMPONENTS{1dfba603-aee1-11e5-9c1e-b870f4d1ae51}.TxR.2.regtrans-ms
2015-12-30 14:33 - 2015-12-30 14:33 - 01048576 ___SH C:\Windows\system32\config\COMPONENTS{1dfba603-aee1-11e5-9c1e-b870f4d1ae51}.TxR.1.regtrans-ms
2015-12-30 14:33 - 2015-12-30 14:33 - 01048576 ___SH C:\Windows\system32\config\COMPONENTS{1dfba603-aee1-11e5-9c1e-b870f4d1ae51}.TxR.0.regtrans-ms
2015-12-30 14:33 - 2015-12-30 14:33 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{1dfba604-aee1-11e5-9c1e-b870f4d1ae51}.TMContainer00000000000000000002.regtrans-ms
2015-12-30 14:33 - 2015-12-30 14:33 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{1dfba604-aee1-11e5-9c1e-b870f4d1ae51}.TMContainer00000000000000000001.regtrans-ms
2015-12-30 14:33 - 2015-12-30 14:33 - 00065536 ___SH C:\Windows\system32\config\COMPONENTS{1dfba604-aee1-11e5-9c1e-b870f4d1ae51}.TM.blf
2015-12-30 14:33 - 2015-12-30 14:33 - 00065536 ___SH C:\Windows\system32\config\COMPONENTS{1dfba603-aee1-11e5-9c1e-b870f4d1ae51}.TxR.blf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-29 08:35 - 2015-10-16 03:24 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-29 08:29 - 2015-10-16 03:11 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-29 08:20 - 2015-10-16 03:03 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-01-29 07:53 - 2009-07-14 06:45 - 00026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-29 07:53 - 2009-07-14 06:45 - 00026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-29 07:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-01-29 07:23 - 2015-12-10 18:06 - 00000000 ____D C:\Users\hamadoto\AppData\Local\launcher
2016-01-29 07:23 - 2015-11-14 18:35 - 00000000 ____D C:\Users\hamadoto\.counterplay
2016-01-29 07:23 - 2015-10-16 03:16 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\DMCache
2016-01-29 00:34 - 2015-10-16 03:12 - 00002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-28 15:29 - 2015-10-16 03:11 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-28 08:47 - 2009-07-14 07:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-28 08:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-01-28 03:38 - 2015-10-16 03:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-27 04:22 - 2015-10-16 07:30 - 00000000 ____D C:\Users\hamadoto\AppData\Local\Battle.net
2016-01-26 20:27 - 2015-10-24 04:28 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-01-26 20:01 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-26 19:14 - 2015-11-14 18:34 - 00000000 ____D C:\Users\hamadoto\AppData\Local\SquirrelTemp
2016-01-26 19:13 - 2015-10-16 03:11 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nvidia Forceware Driver
2016-01-25 15:15 - 2015-10-24 11:48 - 12291754 _____ C:\Users\hamadoto\Documents\menna
2016-01-25 05:34 - 2015-11-14 18:59 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\Duelyst
2016-01-24 00:03 - 2015-11-14 18:35 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\DuelystLauncher
2016-01-23 23:37 - 2015-10-16 03:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-23 23:15 - 2015-10-16 03:04 - 00109112 _____ C:\Users\hamadoto\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-23 23:12 - 2009-07-14 06:45 - 00428320 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-23 23:11 - 2015-10-24 01:39 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-23 22:53 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-01-23 22:52 - 2015-10-29 08:31 - 00000000 ____D C:\Program Files\Microsoft Office
2016-01-23 22:51 - 2011-04-12 10:28 - 00000000 ____D C:\Windows\ShellNew
2016-01-23 22:47 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-01-23 22:46 - 2009-07-14 04:34 - 00000387 _____ C:\Windows\win.ini
2016-01-22 21:22 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Web
2016-01-21 13:53 - 2015-10-16 03:16 - 00000000 ____D C:\Users\hamadoto\Downloads\Compressed
2016-01-20 14:36 - 2015-10-16 03:24 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-20 14:36 - 2015-10-16 03:24 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-20 14:36 - 2015-10-16 03:24 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-20 02:12 - 2015-10-16 03:16 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\IDM
2016-01-20 01:18 - 2015-10-16 02:53 - 00000000 ____D C:\Users\hamadoto
2016-01-20 00:55 - 2015-10-20 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-20 00:55 - 2015-10-20 22:48 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-20 00:55 - 2015-10-16 03:30 - 00000000 ____D C:\ProgramData\Oracle
2016-01-20 00:54 - 2015-10-20 22:49 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-01-20 00:54 - 2015-10-16 03:30 - 00000000 ____D C:\Users\hamadoto\.oracle_jre_usage
2016-01-18 01:24 - 2015-10-21 07:12 - 00000000 ____D C:\Users\hamadoto\AppData\Local\netz
2016-01-17 22:46 - 2015-11-09 16:28 - 00000000 ____D C:\Program Files\Keylogger Detector
2016-01-12 02:48 - 2015-10-16 04:10 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\Media Player Classic
2016-01-11 02:22 - 2015-10-16 03:29 - 00000000 ____D C:\Windows\Panther
2016-01-11 02:22 - 2015-10-16 03:16 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IDM
2016-01-11 02:20 - 2015-11-12 19:08 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\Sony
2016-01-11 01:48 - 2015-10-16 02:59 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-11 01:47 - 2015-10-16 02:55 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-01-11 01:46 - 2015-10-16 02:55 - 16128576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-01-11 01:46 - 2015-10-16 02:55 - 14497568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-01-11 01:46 - 2015-10-16 02:55 - 03209920 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-01-11 01:46 - 2015-10-16 02:55 - 00026155 _____ C:\Windows\system32\nvinfo.pb
2016-01-11 01:44 - 2011-06-10 15:34 - 00116304 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2016-01-11 01:41 - 2015-10-16 02:55 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2016-01-06 02:11 - 2015-10-23 23:05 - 00000000 ____D C:\Program Files (x86)\osu!
==================== Files in the root of some directories =======
2016-01-26 19:01 - 2016-01-18 11:26 - 5310360 _____ ((c) PC Cleaners Inc) C:\ProgramData\pclunst.exe
Files to move or delete:
====================
C:\ProgramData\pclunst.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-01-26 19:56
==================== End of FRST.txt ============================
here is addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by hamadoto (2016-01-29 09:08:40)
Running from C:\Users\hamadoto\Downloads\Programs
Windows 7 Ultimate Service Pack 1 (X64) (2015-10-16 00:53:01)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3792168985-1176982872-3723076907-500 - Administrator - Disabled)
Guest (S-1-5-21-3792168985-1176982872-3723076907-501 - Limited - Enabled)
hamadoto (S-1-5-21-3792168985-1176982872-3723076907-1000 - Administrator - Enabled) => C:\Users\hamadoto
HomeGroupUser$ (S-1-5-21-3792168985-1176982872-3723076907-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Internet Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.3 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.237 - NC Interactive, LLC)
Blade & Soul (x32 Version: 1.0.63.237 - NC Interactive, LLC) Hidden
Brawlhalla (HKLM-x32\...\Steam App 291550) (Version: - Blue Mammoth Games)
Canon LBP6020 (HKLM\...\Canon LBP6020) (Version: - )
DomDomSoft Manga Downloader (remove only) (HKLM-x32\...\DomDomSoft Manga Downloader) (Version: - )
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Free Window Registry Repair (HKLM-x32\...\Free Window Registry Repair) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
K-Lite Codec Pack 9.9.5 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.5 - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Markets.com MetaTrader (HKLM-x32\...\Markets.com MetaTrader) (Version: 4.00 - MetaQuotes Software Corp.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft DirectX SDK (June 2010) (HKLM-x32\...\Microsoft DirectX SDK (June 2010)) (Version: 9.29.1962.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 44.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0 (x86 en-US)) (Version: 44.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.0.5866 - Mozilla)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
osu! (HKLM-x32\...\{b1da0b9d-2d4a-4a01-b10a-ba41ab63f757}) (Version: latest - ppy Pty Ltd)
osu! (HKLM-x32\...\{b73fe97b-5bed-4734-a4ef-adc7e67a5efa}) (Version: latest - ppy Pty Ltd)
paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC)
PC Cleaners (HKU\S-1-5-21-3792168985-1176982872-3723076907-1000\...\PC Cleaners) (Version: - PC Cleaners) <==== ATTENTION
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Vegas Pro 12.0 (64-bit) (HKLM\...\{64A98EF1-2680-11E3-A909-F04DA23A5C58}) (Version: 12.0.726 - Sony)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0DB08A6A-E3FF-403D-8A89-36D15C27BEA0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-20] (Adobe Systems Incorporated)
Task: {13CFC452-BF18-4C44-80F3-DD2DE6147E21} - System32\Tasks\SpyHunter4Startup => E:\SpyHunter 4.21.10.4585 Portable by wood\SpyHunter4.exe [2016-01-22] (Enigma Software Group USA, LLC.)
Task: {146CA3E5-4E6D-46CC-9EF2-83D25B72C497} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-16] (Google Inc.)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {6CBC587B-9B58-4BFF-8073-1DE8DDA4E130} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2015-11-13] (AO Kaspersky Lab)
Task: {7E24C408-AB10-4798-AB43-5B1C3C570C84} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-16] (Google Inc.)
Task: {898C0306-3D53-4ABA-A5E2-3D70D4378B93} - System32\Tasks\Microsoft\Windows\Setup\xtgt\refreshxtgtconfig => C:\Windows\system32\XTgt\XTgtMgr.exe [2015-10-05] (Microsoft Corporation)
Task: {B5995177-4D5C-4956-948E-50C49A9B1F1B} - System32\Tasks\PCCleaner-AutoCleanup-Task => C:\ProgramData\PC Cleaner Pro\PCCleaners.exe [2016-01-26] (PC Cleaners Inc.)
Task: {DD04852B-0144-40BE-BE0C-2F77FADC58BB} - System32\Tasks\PCCleaner-Maintenance-Autorun => C:\ProgramData\PC Cleaner Pro\PCCleaners.exe [2016-01-26] (PC Cleaners Inc.)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {EA1A7C2F-F8CC-49CF-BA55-21230681AE7F} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3792168985-1176982872-3723076907-1000
Task: {FD09ACC1-27B2-4F99-A400-66B6B973C36D} - System32\Tasks\KMSAuto => C:\Windows\KMSAuto.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-10-16 02:57 - 2015-10-13 19:26 - 00125616 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-08-31 02:12 - 2014-08-31 02:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\kpcengine.2.3.dll
2016-01-29 00:34 - 2016-01-27 19:39 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libglesv2.dll
2016-01-29 00:34 - 2016-01-27 19:39 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libegl.dll
2014-08-31 02:12 - 2015-10-16 03:24 - 00459048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-08-31 02:12 - 2015-10-16 03:24 - 00587048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
2014-08-31 02:12 - 2015-10-16 03:24 - 00332584 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com\nponlinebanking.dll
2016-01-20 14:36 - 2016-01-20 14:36 - 17882304 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2013-09-03 17:19 - 00000833 ____A C:\Windows\system32\Drivers\etc\hosts
# ::1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3792168985-1176982872-3723076907-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\hamadoto\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 37.59.72.131 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Lync => "C:\Program Files\Microsoft Office\Office16\lync.exe" /fromrunkey
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{0D9C4C6C-3870-4CE8-88E1-25B8B062D6FC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{77466574-B2CD-42AB-A0AE-8C09B7040F87}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{480EA2C7-0C75-4CD5-8B08-65273BBB9872}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{19B143BE-1EF2-4450-9D27-DC238CA1630D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4344194D-2CBF-47C1-8D7F-D1312FE429A0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1C02056E-D441-47D6-A5BA-122F573DCDB2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9F28588F-D91B-471D-A074-2FF0C6DE1013}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{4E365906-CF9D-47BE-A858-FB3632A7A7BD}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{97F0D21C-2027-4082-8FFB-2D1CD45A45FA}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{71B0C1C0-B326-4857-9ED6-7E3D54EAD875}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{AA67949D-2C38-4C23-88B5-189B652476BA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{54814E78-DCD5-41A0-A79F-AB214EE8A0B0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{821E924E-CA2E-47D3-8B02-13FB50CBA22A}D:\hearthstone\hearthstone.exe] => (Allow) D:\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{8E646B4D-7718-4BC6-AFFC-E1D0E835AB5C}D:\hearthstone\hearthstone.exe] => (Allow) D:\hearthstone\hearthstone.exe
FirewallRules: [{727DB2CD-2726-4672-A85A-CCCC70F02246}] => (Allow) C:\Users\hamadoto\Downloads\DomDomSoftMangaDownloader_5.5_Installer-70384064.exe
FirewallRules: [{5131D83E-0C9E-4818-BA40-8EF4AB49114C}] => (Allow) C:\Users\hamadoto\Downloads\DomDomSoftMangaDownloader_5.5_Installer-70384064.exe
FirewallRules: [{5007589C-AAD9-45CE-A350-0CCA87DD8551}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4145BF9A-C8BB-4116-A10D-BA6E4A21C25A}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{EB2567B9-5C76-4FB0-A945-7208B6248BC7}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{9C362567-81FC-4E23-A3BB-969951D863D1}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{9580237A-3C40-492E-90E4-11659C27D6E5}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{99FD83C5-C58F-4F9B-8780-CF13D90C4094}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{979A7F27-EBED-4C63-A839-4EF5748A4F03}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{799CDC76-0923-4FA2-97FF-F40E2E175B97}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{D5D8C017-6B7E-4DAF-8FA8-5673F7CC443C}] => (Allow) E:\SteamLibrary\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{6807C3E0-91FB-42EE-B13C-C419228B93AB}] => (Allow) E:\SteamLibrary\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{3667D125-B584-4047-A2AD-D6AD1231FE2F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
29-01-2016 07:22:05 PC Cleaner Pro System Backup
==================== Faulty Device Manager Devices =============
Name: Realtek PCIe FE Family Controller
Description: Realtek PCIe FE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device cannot find enough free resources that it can use. If you want to use this device, you will need to disable one of the other devices on this system. (Code12)
Resolution: Two devices have been assigned the same input/output (I/O) ports, the same interrupt, or the same Direct Memory Access channel (either by the BIOS, the operating system, or a combination of the two). This error message can also appear if the BIOS did not allocate enough resources to the device (for example, if a universal serial bus (USB) controller does not get an interrupt from the BIOS because of a corrupt Multiprocessor System (MPS) table).
You can use Device Manager to determine where the conflict is and disable the conflicting device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/29/2016 07:41:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: regedit.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc2cc
Faulting module name: mshtml.dll, version: 11.0.9600.18057, time stamp: 0x55f8f2f2
Exception code: 0xc000041d
Fault offset: 0x00000000000c49a5
Faulting process id: 0x16360
Faulting application start time: 0xregedit.exe0
Faulting application path: regedit.exe1
Faulting module path: regedit.exe2
Report Id: regedit.exe3
Error: (01/29/2016 07:41:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: regedit.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc2cc
Faulting module name: mshtml.dll, version: 11.0.9600.18057, time stamp: 0x55f8f2f2
Exception code: 0xc0000005
Fault offset: 0x00000000000c49a5
Faulting process id: 0x16360
Faulting application start time: 0xregedit.exe0
Faulting application path: regedit.exe1
Faulting module path: regedit.exe2
Report Id: regedit.exe3
Error: (01/26/2016 08:14:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 43.0.4.5848, time stamp: 0x568c88bd
Faulting module name: mozglue.dll, version: 43.0.4.5848, time stamp: 0x568c7b16
Exception code: 0x80000003
Fault offset: 0x0000ed44
Faulting process id: 0x6a4
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Error: (01/26/2016 08:14:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 43.0.4.5848, time stamp: 0x568c88bd
Faulting module name: mozglue.dll, version: 43.0.4.5848, time stamp: 0x568c7b16
Exception code: 0x80000003
Fault offset: 0x0000ed44
Faulting process id: 0x1168
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Error: (01/26/2016 08:14:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 43.0.4.5848, time stamp: 0x568c88bd
Faulting module name: mozglue.dll, version: 43.0.4.5848, time stamp: 0x568c7b16
Exception code: 0x80000003
Fault offset: 0x0000ed44
Faulting process id: 0x1050
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Error: (01/26/2016 08:02:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/26/2016 05:57:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/26/2016 11:21:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/25/2016 03:50:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/25/2016 05:06:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (01/29/2016 09:07:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058
Error: (01/29/2016 09:07:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058
Error: (01/29/2016 09:07:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058
Error: (01/29/2016 09:07:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058
Error: (01/29/2016 09:07:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058
Error: (01/29/2016 09:07:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058
Error: (01/29/2016 09:07:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1058
Error: (01/29/2016 09:07:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058
Error: (01/29/2016 09:07:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058
Error: (01/29/2016 09:07:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 60%
Total physical RAM: 4073.76 MB
Available physical RAM: 1616.14 MB
Total Virtual: 8145.73 MB
Available Virtual: 5336.6 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:59.47 GB) (Free:15.03 GB) NTFS
Drive d: () (Fixed) (Total:233.4 GB) (Free:31.89 GB) NTFS
Drive e: () (Fixed) (Total:172.79 GB) (Free:4.63 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B6A5B88C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=59.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=233.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=172.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Previous topic: https://forums.spybot.info/showthread.php?73205-go-pasdel-com-or-tradeadexchange-com-presistant-spyware-cant-be-removed!