Results 1 to 4 of 4

Thread: go.pasdel.com or tradeadexchange.com redirecting

  1. #1
    Junior Member
    Join Date
    Jan 2016
    Posts
    4

    Default go.pasdel.com or tradeadexchange.com redirecting

    my browsing exprience became so slow since this malware appeard. and my pc is suffering from go.pasdel.com or tradeadexchange.com, basiclly what that spyware does is, redirect me to some maliciouse with as shortner link site

    http://s23.postimg.org/816uuz4fv/malware_caught_it.jpg

    this is my malwarebyte catching it, its supposed to redirect me to a link shortner site, but malware blocked it ( http://s12.postimg.org/oj5dw2nfh/redirect.jpg )

    now i made scan with spyware hunter, pc clean, adware cleaner, kas2015, junk remover

    now this virus just don't want to get removed, always always coming back, it disappear for a period like 1-2 days, then come back again, first time i did scan, i caught alot of spywares second time, i catch non, but problem still there

    just today my brother laptop got affected as well by it

    here is the frst
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
    Ran by hamadoto (administrator) on HAMADOTO-PC (29-01-2016 09:08:07)
    Running from C:\Users\hamadoto\Downloads\Programs
    Loaded Profiles: hamadoto (Available Profiles: hamadoto)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
    (CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE
    (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
    (CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2RPK.EXE
    (CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNABFSWK.EXE
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe
    (Microsoft Corporation) C:\Windows\System32\PING.EXE
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [CNAP2 Launcher] => C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [226784 2010-10-15] (CANON INC.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
    HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-10-05] (Malwarebytes)
    HKU\S-1-5-21-3792168985-1176982872-3723076907-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3911248 2015-10-08] (Tonec Inc.)
    HKU\S-1-5-21-3792168985-1176982872-3723076907-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
    ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
    BootExecute: autocheck autochk * sh4native Sh4Removal

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 37.59.72.131 8.8.8.8
    Tcpip\..\Interfaces\{4BB6DFD2-15BD-4040-9714-2E41ABF75429}: [DhcpNameServer] 37.59.72.131 8.8.8.8

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)
    BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2015-10-16] (Kaspersky Lab ZAO)
    BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2015-10-16] (Kaspersky Lab ZAO)
    BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2015-10-16] (Kaspersky Lab ZAO)
    BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-09-28] (Internet Download Manager, Tonec Inc.)
    BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2015-10-16] (Kaspersky Lab ZAO)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-20] (Oracle Corporation)
    BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2015-10-16] (Kaspersky Lab ZAO)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-20] (Oracle Corporation)
    BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2015-10-16] (Kaspersky Lab ZAO)

    FireFox:
    ========
    FF ProfilePath: C:\Users\hamadoto\AppData\Roaming\Mozilla\Firefox\Profiles\fs81t73p.default-1454013078005
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-20] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-20] (Oracle Corporation)
    FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-10-16] ()
    FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-10-16] ()
    FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-10-16] ()
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
    FF user.js: detected! => C:\Users\hamadoto\AppData\Roaming\Mozilla\Firefox\Profiles\fs81t73p.default-1454013078005\user.js [2016-01-29]
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
    FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-10-16] [not signed]
    FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-10-16] [not signed]
    FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-10-16] [not signed]
    FF Extension: Adblock Plus - C:\Users\hamadoto\AppData\Roaming\Mozilla\Firefox\Profiles\fs81t73p.default-1454013078005\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-29]
    FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com
    FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
    FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com
    FF HKU\S-1-5-21-3792168985-1176982872-3723076907-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
    FF Extension: IDM integration - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2015-10-02]
    FF HKU\S-1-5-21-3792168985-1176982872-3723076907-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\hamadoto\AppData\Roaming\IDM\idmmzcc5
    FF Extension: IDM CC - C:\Users\hamadoto\AppData\Roaming\IDM\idmmzcc5 [2016-01-26] [not signed]
    FF HKU\S-1-5-21-3792168985-1176982872-3723076907-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi

    Chrome:
    =======
    CHR Profile: C:\Users\hamadoto\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\hamadoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-26]
    CHR Extension: (Google Docs) - C:\Users\hamadoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-16]
    CHR Extension: (Google Drive) - C:\Users\hamadoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-05]
    CHR Extension: (YouTube) - C:\Users\hamadoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-16]
    CHR Extension: (Adblock Plus) - C:\Users\hamadoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-29]
    CHR Extension: (Google Search) - C:\Users\hamadoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-05]
    CHR Extension: (Kaspersky Protection) - C:\Users\hamadoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-10-16]
    CHR Extension: (Google Sheets) - C:\Users\hamadoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-26]
    CHR Extension: (Google Docs Offline) - C:\Users\hamadoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-21]
    CHR Extension: (IDM Integration Module) - C:\Users\hamadoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-01-20]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\hamadoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-16]
    CHR Extension: (Gmail) - C:\Users\hamadoto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-16]
    CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-10-08]
    CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
    CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-10-08]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-31] (Kaspersky Lab ZAO)
    S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-10-09] (IObit)
    S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-15] (Kaspersky Lab UK Ltd)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    S3 esgiguard; E:\SpyHunter 4.21.10.4585 Portable by wood\esgiguard.sys [15920 2016-01-22] (Enigma Software Group USA, LLC.)
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-01-22] ()
    R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2016-01-11] (REALiX(tm))
    R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
    R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-03] (Kaspersky Lab ZAO)
    R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2015-10-16] (Kaspersky Lab ZAO)
    R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-13] (Kaspersky Lab ZAO)
    R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [819896 2015-10-16] (Kaspersky Lab ZAO)
    R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
    R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-29] (Kaspersky Lab ZAO)
    R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-09] (Kaspersky Lab ZAO)
    R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-13] (Kaspersky Lab ZAO)
    R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-06] (Kaspersky Lab ZAO)
    R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2015-10-16] (Kaspersky Lab ZAO)
    R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-10] (Kaspersky Lab ZAO)
    S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
    S3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [404184 2016-01-11] (Realsil Semiconductor Corporation)
    S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
    U0 tple; C:\Windows\System32\drivers\eomrjvp.sys [79064 2016-01-29] (Malwarebytes)
    S3 taphss6; system32\DRIVERS\taphss6.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-29 08:57 - 2016-01-29 09:08 - 00000000 ____D C:\FRST
    2016-01-29 07:46 - 2016-01-29 07:46 - 00079064 _____ (Malwarebytes) C:\Windows\system32\Drivers\eomrjvp.sys
    2016-01-28 00:31 - 2016-01-28 03:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-01-26 20:02 - 2016-01-26 20:02 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\ProductData
    2016-01-26 19:58 - 2016-01-26 19:58 - 00003266 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
    2016-01-26 19:58 - 2016-01-22 21:50 - 00025984 ____R C:\Windows\SysWOW64\sh4native.exe
    2016-01-26 19:56 - 2016-01-26 20:01 - 00000000 ___HD C:\23yMqNsLDSnSsIWT
    2016-01-26 19:56 - 2016-01-26 19:56 - 00051181 _____ C:\spyhunter.fix
    2016-01-26 19:09 - 2016-01-29 07:20 - 00003532 _____ C:\Windows\System32\Tasks\PCCleaner-AutoCleanup-Task
    2016-01-26 19:09 - 2016-01-26 19:09 - 00003160 _____ C:\Windows\System32\Tasks\PCCleaner-Maintenance-Autorun
    2016-01-26 19:01 - 2016-01-29 07:34 - 00000000 ____D C:\ProgramData\PC1Data
    2016-01-26 19:01 - 2016-01-26 19:01 - 00000750 _____ C:\Users\hamadoto\Desktop\PC Cleaner Pro.lnk
    2016-01-26 19:01 - 2016-01-26 19:01 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Cleaners
    2016-01-26 19:01 - 2016-01-26 19:01 - 00000000 ____D C:\ProgramData\PC Cleaner Pro
    2016-01-26 19:01 - 2016-01-18 11:26 - 05310360 _____ ((c) PC Cleaners Inc) C:\ProgramData\pclunst.exe
    2016-01-26 18:30 - 2016-01-26 18:37 - 00000000 ____D C:\Program Files (x86)\Free Window Registry Repair
    2016-01-26 18:30 - 2016-01-26 18:30 - 00001035 _____ C:\Users\hamadoto\Desktop\Free Window Registry Repair.lnk
    2016-01-26 18:30 - 2016-01-26 18:30 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
    2016-01-26 18:30 - 2016-01-26 18:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
    2016-01-25 13:41 - 2010-11-01 01:11 - 419185203 _____ C:\Users\hamadoto\Desktop\Eat.Pray.Love.2010.DVDR5.X264.ASD.DooSH.mkv
    2016-01-25 00:05 - 2016-01-25 00:05 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\35AB4403.sys
    2016-01-24 22:42 - 2016-01-24 22:52 - 00000000 ____D C:\ProgramData\HitmanPro
    2016-01-24 22:34 - 2016-01-25 05:59 - 00001156 _____ C:\Users\hamadoto\Desktop\JRT.txt
    2016-01-24 22:15 - 2016-01-25 15:38 - 00000000 ____D C:\AdwCleaner
    2016-01-24 22:03 - 2016-01-24 22:32 - 00114744 _____ C:\Windows\ntbtlog.txt
    2016-01-24 09:12 - 2016-01-28 22:38 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-01-24 09:12 - 2016-01-24 09:12 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-01-24 09:12 - 2016-01-24 09:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-01-24 09:11 - 2016-01-24 09:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-01-24 09:11 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2016-01-24 09:11 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2016-01-24 09:11 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2016-01-24 08:50 - 2016-01-28 22:31 - 00000000 ____D C:\Users\hamadoto\Desktop\Old Firefox Data
    2016-01-23 23:56 - 2016-01-23 23:56 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\23AF6F5C.sys
    2016-01-23 23:37 - 2016-01-23 23:37 - 00001392 _____ C:\Users\Public\Desktop\Blade & Soul.lnk
    2016-01-23 18:23 - 2016-01-23 18:23 - 00000000 ____D C:\Users\hamadoto\Documents\BnS
    2016-01-23 18:23 - 2016-01-09 17:39 - 03916368 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des
    2016-01-23 18:23 - 2005-01-03 08:43 - 00004682 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npptNT2.sys
    2016-01-23 18:23 - 2003-07-18 23:17 - 00005174 _____ C:\Windows\SysWOW64\nppt9x.vxd
    2016-01-23 18:22 - 2016-01-23 18:22 - 00000000 ____D C:\Program Files\Common Files\INCA Shared
    2016-01-22 21:23 - 2016-01-22 21:23 - 00000000 _____ C:\autoexec.bat
    2016-01-22 21:13 - 2016-01-22 21:13 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
    2016-01-22 20:07 - 2016-01-22 20:07 - 00000000 ____D C:\ProgramData\Malwarebytes
    2016-01-22 19:58 - 2016-01-22 20:01 - 22908888 _____ (Malwarebytes ) C:\Users\hamadoto\Downloads\mbam-setup-2.2.0.1024.exe
    2016-01-20 14:35 - 2016-01-20 14:35 - 04499648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2016-01-20 02:40 - 2016-01-23 23:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
    2016-01-20 02:38 - 2016-01-23 23:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
    2016-01-20 02:38 - 2016-01-23 23:16 - 00000000 ____D C:\Program Files (x86)\NCWest
    2016-01-20 01:54 - 2016-01-20 01:54 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\Awesomium
    2016-01-20 01:18 - 2016-01-20 02:00 - 00000000 ____D C:\Users\hamadoto\BrawlhallaReplays
    2016-01-20 01:16 - 2016-01-20 01:16 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\BrawlhallaAir
    2016-01-20 00:56 - 2016-01-20 00:56 - 00000222 _____ C:\Users\hamadoto\Desktop\Brawlhalla.url
    2016-01-20 00:31 - 2016-01-20 00:36 - 05271256 _____ (Husdawg, LLC) C:\Users\hamadoto\Downloads\Detection.exe
    2016-01-20 00:29 - 2016-01-20 00:31 - 00643680 _____ (Oracle Corporation) C:\Users\hamadoto\Downloads\jxpiinstall(1).exe
    2016-01-18 01:24 - 2016-01-18 01:24 - 00000000 ____D C:\Users\hamadoto\Desktop\replay
    2016-01-18 01:24 - 2015-11-13 20:57 - 01269248 _____ C:\Users\hamadoto\Desktop\ArenaValue.exe
    2016-01-17 22:28 - 2016-01-17 22:28 - 00002334 _____ C:\Users\hamadoto\Desktop\Safe Money.lnk
    2016-01-16 15:36 - 2016-01-16 15:36 - 02802818 _____ C:\Users\hamadoto\Desktop\Ch02_Chemistry_Slides_2perpage.pdf
    2016-01-16 15:36 - 2016-01-16 15:36 - 00221414 _____ C:\Users\hamadoto\Desktop\Chapter02_ChemistryNotes.pdf
    2016-01-16 15:35 - 2016-01-16 15:35 - 00210411 _____ C:\Users\hamadoto\Desktop\Chapter01_OrientationNotes.pdf
    2016-01-16 14:39 - 2016-01-16 14:40 - 02802818 _____ C:\Users\hamadoto\Downloads\Ch02_Chemistry_Slides_2perpage.pdf
    2016-01-16 14:39 - 2016-01-16 14:40 - 01625870 _____ C:\Users\hamadoto\Downloads\Ch02_Chemistry_Slides_6perpage.pdf
    2016-01-16 14:39 - 2016-01-16 14:39 - 00221414 _____ C:\Users\hamadoto\Downloads\Chapter02_ChemistryNotes.pdf
    2016-01-16 14:39 - 2016-01-16 14:39 - 00210411 _____ C:\Users\hamadoto\Downloads\Chapter01_OrientationNotes.pdf
    2016-01-16 14:38 - 2016-01-16 14:39 - 01237556 _____ C:\Users\hamadoto\Downloads\Ch01_Orientation_Slides_6perpage.pdf
    2016-01-16 14:36 - 2016-01-16 14:37 - 02483449 _____ C:\Users\hamadoto\Downloads\Ch01_Orientation_Slides_2perpage (1).pdf
    2016-01-15 21:33 - 2016-01-15 21:34 - 01216888 _____ C:\Users\hamadoto\Desktop\ArenaValue.1.0.7.5.zip
    2016-01-11 15:39 - 2016-01-11 15:39 - 02483449 _____ C:\Users\hamadoto\Downloads\Ch01_Orientation_Slides_2perpage.pdf
    2016-01-11 15:35 - 2016-01-11 15:36 - 01050834 _____ C:\Users\hamadoto\Downloads\IntroductionToADAM_InteractiveAnatomyLite2015.pdf
    2016-01-11 15:35 - 2016-01-11 15:36 - 01050834 _____ C:\Users\hamadoto\Downloads\IntroductionToADAM_InteractiveAnatomyLite2015 (1).pdf
    2016-01-11 15:34 - 2016-01-11 15:34 - 00183553 _____ C:\Users\hamadoto\Downloads\DiscussionGroups1407Session1.pdf
    2016-01-11 02:18 - 2016-01-11 02:18 - 73334784 _____ C:\Windows\system32\config\SOFTWARE.iobit
    2016-01-11 02:18 - 2016-01-11 02:18 - 44257280 _____ C:\Windows\system32\config\COMPONENTS.iobit
    2016-01-11 02:18 - 2016-01-11 02:18 - 00233472 _____ C:\Windows\system32\config\DEFAULT.iobit
    2016-01-11 02:18 - 2016-01-11 02:18 - 00028672 _____ C:\Windows\system32\config\SAM.iobit
    2016-01-11 02:18 - 2016-01-11 02:18 - 00024576 _____ C:\Windows\system32\config\SECURITY.iobit
    2016-01-11 02:11 - 2016-01-11 02:11 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\Apple Computer
    2016-01-11 02:10 - 2016-01-11 02:10 - 00000000 ____D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
    2016-01-11 01:48 - 2015-10-13 18:19 - 05972783 _____ C:\Windows\system32\nvcoproc.bin
    2016-01-11 01:46 - 2016-01-11 01:46 - 31514288 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
    2016-01-11 01:46 - 2016-01-11 01:46 - 24199344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2016-01-11 01:46 - 2016-01-11 01:46 - 22993200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
    2016-01-11 01:46 - 2016-01-11 01:46 - 18634072 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
    2016-01-11 01:46 - 2016-01-11 01:46 - 17559432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
    2016-01-11 01:46 - 2016-01-11 01:46 - 15293104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2016-01-11 01:46 - 2016-01-11 01:46 - 13916600 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
    2016-01-11 01:46 - 2016-01-11 01:46 - 13828224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
    2016-01-11 01:46 - 2016-01-11 01:46 - 12898992 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
    2016-01-11 01:46 - 2016-01-11 01:46 - 11272048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
    2016-01-11 01:46 - 2016-01-11 01:46 - 11209376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2016-01-11 01:46 - 2016-01-11 01:46 - 04245624 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
    2016-01-11 01:46 - 2016-01-11 01:46 - 03986608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2016-01-11 01:46 - 2016-01-11 01:46 - 02823992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2016-01-11 01:46 - 2016-01-11 01:46 - 01908528 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434192.dll
    2016-01-11 01:46 - 2016-01-11 01:46 - 01556656 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434192.dll
    2016-01-11 01:46 - 2016-01-11 01:46 - 00944304 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
    2016-01-11 01:46 - 2016-01-11 01:46 - 00907440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
    2016-01-11 01:46 - 2016-01-11 01:46 - 00903472 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
    2016-01-11 01:46 - 2016-01-11 01:46 - 00869040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
    2016-01-11 01:44 - 2016-01-11 01:44 - 09890008 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RsCRIcon.dll
    2016-01-11 01:44 - 2016-01-11 01:44 - 01026304 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
    2016-01-11 01:44 - 2016-01-11 01:44 - 00404184 _____ (Realsil Semiconductor Corporation) C:\Windows\system32\Drivers\RtsUer.sys
    2016-01-11 01:44 - 2016-01-11 01:44 - 00083160 _____ (Realtek Semiconductor.) C:\Windows\system32\RtCRX64.dll
    2016-01-11 01:44 - 2016-01-11 01:44 - 00082544 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
    2016-01-11 01:44 - 2016-01-11 01:44 - 00000000 ____D C:\Windows\SysWOW64\sda
    2016-01-11 01:43 - 2016-01-11 01:43 - 04161536 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys
    2016-01-11 01:41 - 2016-01-11 01:41 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
    2016-01-11 01:41 - 2016-01-11 01:41 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
    2016-01-11 00:37 - 2016-01-11 00:37 - 00053624 _____ (TOSHIBA Corporation) C:\Windows\system32\Drivers\tosrfec.sys
    2016-01-11 00:30 - 2016-01-24 22:33 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\IObit
    2016-01-11 00:30 - 2016-01-24 22:33 - 00000000 ____D C:\ProgramData\IObit
    2016-01-11 00:30 - 2016-01-18 01:23 - 00000000 ____D C:\Program Files (x86)\IObit
    2016-01-11 00:30 - 2016-01-11 02:11 - 00000000 ____D C:\Users\hamadoto\AppData\LocalLow\IObit
    2016-01-11 00:30 - 2016-01-11 00:30 - 00026528 _____ (REALiX(tm)) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
    2016-01-11 00:30 - 2016-01-11 00:30 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
    2016-01-10 23:47 - 2016-01-26 19:13 - 00000000 ____D C:\Users\hamadoto\Desktop\folder 1
    2016-01-04 08:45 - 2016-01-04 08:45 - 00000000 ____D C:\Users\hamadoto\Downloads\جلدية وتناسلية مراجعة دكتور طارق أبو اليزيد
    2016-01-03 23:00 - 2016-01-20 00:56 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2016-01-03 15:25 - 2016-01-03 15:26 - 04508873 _____ C:\Users\hamadoto\Downloads\جلدية وتناسلية مراجعة دكتور طارق أبو اليزيد.rar
    2015-12-30 14:33 - 2015-12-30 14:33 - 01048576 ___SH C:\Windows\system32\config\COMPONENTS{1dfba603-aee1-11e5-9c1e-b870f4d1ae51}.TxR.2.regtrans-ms
    2015-12-30 14:33 - 2015-12-30 14:33 - 01048576 ___SH C:\Windows\system32\config\COMPONENTS{1dfba603-aee1-11e5-9c1e-b870f4d1ae51}.TxR.1.regtrans-ms
    2015-12-30 14:33 - 2015-12-30 14:33 - 01048576 ___SH C:\Windows\system32\config\COMPONENTS{1dfba603-aee1-11e5-9c1e-b870f4d1ae51}.TxR.0.regtrans-ms
    2015-12-30 14:33 - 2015-12-30 14:33 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{1dfba604-aee1-11e5-9c1e-b870f4d1ae51}.TMContainer00000000000000000002.regtrans-ms
    2015-12-30 14:33 - 2015-12-30 14:33 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{1dfba604-aee1-11e5-9c1e-b870f4d1ae51}.TMContainer00000000000000000001.regtrans-ms
    2015-12-30 14:33 - 2015-12-30 14:33 - 00065536 ___SH C:\Windows\system32\config\COMPONENTS{1dfba604-aee1-11e5-9c1e-b870f4d1ae51}.TM.blf
    2015-12-30 14:33 - 2015-12-30 14:33 - 00065536 ___SH C:\Windows\system32\config\COMPONENTS{1dfba603-aee1-11e5-9c1e-b870f4d1ae51}.TxR.blf

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-01-29 08:35 - 2015-10-16 03:24 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-01-29 08:29 - 2015-10-16 03:11 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-01-29 08:20 - 2015-10-16 03:03 - 00000000 ____D C:\ProgramData\Kaspersky Lab
    2016-01-29 07:53 - 2009-07-14 06:45 - 00026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-01-29 07:53 - 2009-07-14 06:45 - 00026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-01-29 07:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2016-01-29 07:23 - 2015-12-10 18:06 - 00000000 ____D C:\Users\hamadoto\AppData\Local\launcher
    2016-01-29 07:23 - 2015-11-14 18:35 - 00000000 ____D C:\Users\hamadoto\.counterplay
    2016-01-29 07:23 - 2015-10-16 03:16 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\DMCache
    2016-01-29 00:34 - 2015-10-16 03:12 - 00002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-01-28 15:29 - 2015-10-16 03:11 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-01-28 08:47 - 2009-07-14 07:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-01-28 08:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
    2016-01-28 03:38 - 2015-10-16 03:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-01-27 04:22 - 2015-10-16 07:30 - 00000000 ____D C:\Users\hamadoto\AppData\Local\Battle.net
    2016-01-26 20:27 - 2015-10-24 04:28 - 00000000 ____D C:\Program Files (x86)\Battle.net
    2016-01-26 20:01 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-01-26 19:14 - 2015-11-14 18:34 - 00000000 ____D C:\Users\hamadoto\AppData\Local\SquirrelTemp
    2016-01-26 19:13 - 2015-10-16 03:11 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nvidia Forceware Driver
    2016-01-25 15:15 - 2015-10-24 11:48 - 12291754 _____ C:\Users\hamadoto\Documents\menna
    2016-01-25 05:34 - 2015-11-14 18:59 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\Duelyst
    2016-01-24 00:03 - 2015-11-14 18:35 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\DuelystLauncher
    2016-01-23 23:37 - 2015-10-16 03:08 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2016-01-23 23:15 - 2015-10-16 03:04 - 00109112 _____ C:\Users\hamadoto\AppData\Local\GDIPFONTCACHEV1.DAT
    2016-01-23 23:12 - 2009-07-14 06:45 - 00428320 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-01-23 23:11 - 2015-10-24 01:39 - 00000000 ____D C:\Program Files (x86)\Steam
    2016-01-23 22:53 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2016-01-23 22:52 - 2015-10-29 08:31 - 00000000 ____D C:\Program Files\Microsoft Office
    2016-01-23 22:51 - 2011-04-12 10:28 - 00000000 ____D C:\Windows\ShellNew
    2016-01-23 22:47 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\System
    2016-01-23 22:46 - 2009-07-14 04:34 - 00000387 _____ C:\Windows\win.ini
    2016-01-22 21:22 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Web
    2016-01-21 13:53 - 2015-10-16 03:16 - 00000000 ____D C:\Users\hamadoto\Downloads\Compressed
    2016-01-20 14:36 - 2015-10-16 03:24 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2016-01-20 14:36 - 2015-10-16 03:24 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2016-01-20 14:36 - 2015-10-16 03:24 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-01-20 02:12 - 2015-10-16 03:16 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\IDM
    2016-01-20 01:18 - 2015-10-16 02:53 - 00000000 ____D C:\Users\hamadoto
    2016-01-20 00:55 - 2015-10-20 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2016-01-20 00:55 - 2015-10-20 22:48 - 00000000 ____D C:\Program Files (x86)\Java
    2016-01-20 00:55 - 2015-10-16 03:30 - 00000000 ____D C:\ProgramData\Oracle
    2016-01-20 00:54 - 2015-10-20 22:49 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2016-01-20 00:54 - 2015-10-16 03:30 - 00000000 ____D C:\Users\hamadoto\.oracle_jre_usage
    2016-01-18 01:24 - 2015-10-21 07:12 - 00000000 ____D C:\Users\hamadoto\AppData\Local\netz
    2016-01-17 22:46 - 2015-11-09 16:28 - 00000000 ____D C:\Program Files\Keylogger Detector
    2016-01-12 02:48 - 2015-10-16 04:10 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\Media Player Classic
    2016-01-11 02:22 - 2015-10-16 03:29 - 00000000 ____D C:\Windows\Panther
    2016-01-11 02:22 - 2015-10-16 03:16 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IDM
    2016-01-11 02:20 - 2015-11-12 19:08 - 00000000 ____D C:\Users\hamadoto\AppData\Roaming\Sony
    2016-01-11 01:48 - 2015-10-16 02:59 - 00000000 ____D C:\ProgramData\NVIDIA
    2016-01-11 01:47 - 2015-10-16 02:55 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2016-01-11 01:46 - 2015-10-16 02:55 - 16128576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
    2016-01-11 01:46 - 2015-10-16 02:55 - 14497568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
    2016-01-11 01:46 - 2015-10-16 02:55 - 03209920 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
    2016-01-11 01:46 - 2015-10-16 02:55 - 00026155 _____ C:\Windows\system32\nvinfo.pb
    2016-01-11 01:44 - 2011-06-10 15:34 - 00116304 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
    2016-01-11 01:41 - 2015-10-16 02:55 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
    2016-01-06 02:11 - 2015-10-23 23:05 - 00000000 ____D C:\Program Files (x86)\osu!

    ==================== Files in the root of some directories =======

    2016-01-26 19:01 - 2016-01-18 11:26 - 5310360 _____ ((c) PC Cleaners Inc) C:\ProgramData\pclunst.exe

    Files to move or delete:
    ====================
    C:\ProgramData\pclunst.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-01-26 19:56

    ==================== End of FRST.txt ============================

    here is addition.txt

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
    Ran by hamadoto (2016-01-29 09:08:40)
    Running from C:\Users\hamadoto\Downloads\Programs
    Windows 7 Ultimate Service Pack 1 (X64) (2015-10-16 00:53:01)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3792168985-1176982872-3723076907-500 - Administrator - Disabled)
    Guest (S-1-5-21-3792168985-1176982872-3723076907-501 - Limited - Enabled)
    hamadoto (S-1-5-21-3792168985-1176982872-3723076907-1000 - Administrator - Enabled) => C:\Users\hamadoto
    HomeGroupUser$ (S-1-5-21-3792168985-1176982872-3723076907-1002 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Kaspersky Internet Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
    AS: Kaspersky Internet Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Kaspersky Internet Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
    Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
    Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.3 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
    Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.237 - NC Interactive, LLC)
    Blade & Soul (x32 Version: 1.0.63.237 - NC Interactive, LLC) Hidden
    Brawlhalla (HKLM-x32\...\Steam App 291550) (Version: - Blue Mammoth Games)
    Canon LBP6020 (HKLM\...\Canon LBP6020) (Version: - )
    DomDomSoft Manga Downloader (remove only) (HKLM-x32\...\DomDomSoft Manga Downloader) (Version: - )
    Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
    Free Window Registry Repair (HKLM-x32\...\Free Window Registry Repair) (Version: - )
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
    Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
    Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
    Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
    Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
    K-Lite Codec Pack 9.9.5 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.5 - )
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Markets.com MetaTrader (HKLM-x32\...\Markets.com MetaTrader) (Version: 4.00 - MetaQuotes Software Corp.)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft DirectX SDK (June 2010) (HKLM-x32\...\Microsoft DirectX SDK (June 2010)) (Version: 9.29.1962.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Mozilla Firefox 44.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0 (x86 en-US)) (Version: 44.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.0.5866 - Mozilla)
    NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
    NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
    osu! (HKLM-x32\...\{b1da0b9d-2d4a-4a01-b10a-ba41ab63f757}) (Version: latest - ppy Pty Ltd)
    osu! (HKLM-x32\...\{b73fe97b-5bed-4734-a4ef-adc7e67a5efa}) (Version: latest - ppy Pty Ltd)
    paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC)
    PC Cleaners (HKU\S-1-5-21-3792168985-1176982872-3723076907-1000\...\PC Cleaners) (Version: - PC Cleaners) <==== ATTENTION
    Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    Vegas Pro 12.0 (64-bit) (HKLM\...\{64A98EF1-2680-11E3-A909-F04DA23A5C58}) (Version: 12.0.726 - Sony)
    WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0DB08A6A-E3FF-403D-8A89-36D15C27BEA0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-20] (Adobe Systems Incorporated)
    Task: {13CFC452-BF18-4C44-80F3-DD2DE6147E21} - System32\Tasks\SpyHunter4Startup => E:\SpyHunter 4.21.10.4585 Portable by wood\SpyHunter4.exe [2016-01-22] (Enigma Software Group USA, LLC.)
    Task: {146CA3E5-4E6D-46CC-9EF2-83D25B72C497} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-16] (Google Inc.)
    Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
    Task: {6CBC587B-9B58-4BFF-8073-1DE8DDA4E130} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2015-11-13] (AO Kaspersky Lab)
    Task: {7E24C408-AB10-4798-AB43-5B1C3C570C84} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-16] (Google Inc.)
    Task: {898C0306-3D53-4ABA-A5E2-3D70D4378B93} - System32\Tasks\Microsoft\Windows\Setup\xtgt\refreshxtgtconfig => C:\Windows\system32\XTgt\XTgtMgr.exe [2015-10-05] (Microsoft Corporation)
    Task: {B5995177-4D5C-4956-948E-50C49A9B1F1B} - System32\Tasks\PCCleaner-AutoCleanup-Task => C:\ProgramData\PC Cleaner Pro\PCCleaners.exe [2016-01-26] (PC Cleaners Inc.)
    Task: {DD04852B-0144-40BE-BE0C-2F77FADC58BB} - System32\Tasks\PCCleaner-Maintenance-Autorun => C:\ProgramData\PC Cleaner Pro\PCCleaners.exe [2016-01-26] (PC Cleaners Inc.)
    Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
    Task: {EA1A7C2F-F8CC-49CF-BA55-21230681AE7F} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3792168985-1176982872-3723076907-1000
    Task: {FD09ACC1-27B2-4F99-A400-66B6B973C36D} - System32\Tasks\KMSAuto => C:\Windows\KMSAuto.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-10-16 02:57 - 2015-10-13 19:26 - 00125616 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2014-08-31 02:12 - 2014-08-31 02:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\kpcengine.2.3.dll
    2016-01-29 00:34 - 2016-01-27 19:39 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libglesv2.dll
    2016-01-29 00:34 - 2016-01-27 19:39 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libegl.dll
    2014-08-31 02:12 - 2015-10-16 03:24 - 00459048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
    2014-08-31 02:12 - 2015-10-16 03:24 - 00587048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
    2014-08-31 02:12 - 2015-10-16 03:24 - 00332584 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com\nponlinebanking.dll
    2016-01-20 14:36 - 2016-01-20 14:36 - 17882304 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 04:34 - 2013-09-03 17:19 - 00000833 ____A C:\Windows\system32\Drivers\etc\hosts

    # ::1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3792168985-1176982872-3723076907-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\hamadoto\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 37.59.72.131 - 8.8.8.8
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Lync => "C:\Program Files\Microsoft Office\Office16\lync.exe" /fromrunkey
    MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{0D9C4C6C-3870-4CE8-88E1-25B8B062D6FC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{77466574-B2CD-42AB-A0AE-8C09B7040F87}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{480EA2C7-0C75-4CD5-8B08-65273BBB9872}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{19B143BE-1EF2-4450-9D27-DC238CA1630D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{4344194D-2CBF-47C1-8D7F-D1312FE429A0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{1C02056E-D441-47D6-A5BA-122F573DCDB2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{9F28588F-D91B-471D-A074-2FF0C6DE1013}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
    FirewallRules: [{4E365906-CF9D-47BE-A858-FB3632A7A7BD}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
    FirewallRules: [{97F0D21C-2027-4082-8FFB-2D1CD45A45FA}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
    FirewallRules: [{71B0C1C0-B326-4857-9ED6-7E3D54EAD875}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
    FirewallRules: [{AA67949D-2C38-4C23-88B5-189B652476BA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{54814E78-DCD5-41A0-A79F-AB214EE8A0B0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{821E924E-CA2E-47D3-8B02-13FB50CBA22A}D:\hearthstone\hearthstone.exe] => (Allow) D:\hearthstone\hearthstone.exe
    FirewallRules: [UDP Query User{8E646B4D-7718-4BC6-AFFC-E1D0E835AB5C}D:\hearthstone\hearthstone.exe] => (Allow) D:\hearthstone\hearthstone.exe
    FirewallRules: [{727DB2CD-2726-4672-A85A-CCCC70F02246}] => (Allow) C:\Users\hamadoto\Downloads\DomDomSoftMangaDownloader_5.5_Installer-70384064.exe
    FirewallRules: [{5131D83E-0C9E-4818-BA40-8EF4AB49114C}] => (Allow) C:\Users\hamadoto\Downloads\DomDomSoftMangaDownloader_5.5_Installer-70384064.exe
    FirewallRules: [{5007589C-AAD9-45CE-A350-0CCA87DD8551}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{4145BF9A-C8BB-4116-A10D-BA6E4A21C25A}] => (Allow) E:\SteamLibrary\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
    FirewallRules: [{EB2567B9-5C76-4FB0-A945-7208B6248BC7}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
    FirewallRules: [{9C362567-81FC-4E23-A3BB-969951D863D1}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
    FirewallRules: [{9580237A-3C40-492E-90E4-11659C27D6E5}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
    FirewallRules: [{99FD83C5-C58F-4F9B-8780-CF13D90C4094}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
    FirewallRules: [{979A7F27-EBED-4C63-A839-4EF5748A4F03}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
    FirewallRules: [{799CDC76-0923-4FA2-97FF-F40E2E175B97}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
    FirewallRules: [{D5D8C017-6B7E-4DAF-8FA8-5673F7CC443C}] => (Allow) E:\SteamLibrary\steamapps\common\Brawlhalla\Brawlhalla.exe
    FirewallRules: [{6807C3E0-91FB-42EE-B13C-C419228B93AB}] => (Allow) E:\SteamLibrary\steamapps\common\Brawlhalla\Brawlhalla.exe
    FirewallRules: [{3667D125-B584-4047-A2AD-D6AD1231FE2F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    29-01-2016 07:22:05 PC Cleaner Pro System Backup

    ==================== Faulty Device Manager Devices =============

    Name: Realtek PCIe FE Family Controller
    Description: Realtek PCIe FE Family Controller
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Realtek
    Service: RTL8167
    Problem: : This device cannot find enough free resources that it can use. If you want to use this device, you will need to disable one of the other devices on this system. (Code12)
    Resolution: Two devices have been assigned the same input/output (I/O) ports, the same interrupt, or the same Direct Memory Access channel (either by the BIOS, the operating system, or a combination of the two). This error message can also appear if the BIOS did not allocate enough resources to the device (for example, if a universal serial bus (USB) controller does not get an interrupt from the BIOS because of a corrupt Multiprocessor System (MPS) table).
    You can use Device Manager to determine where the conflict is and disable the conflicting device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/29/2016 07:41:38 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: regedit.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc2cc
    Faulting module name: mshtml.dll, version: 11.0.9600.18057, time stamp: 0x55f8f2f2
    Exception code: 0xc000041d
    Fault offset: 0x00000000000c49a5
    Faulting process id: 0x16360
    Faulting application start time: 0xregedit.exe0
    Faulting application path: regedit.exe1
    Faulting module path: regedit.exe2
    Report Id: regedit.exe3

    Error: (01/29/2016 07:41:33 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: regedit.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc2cc
    Faulting module name: mshtml.dll, version: 11.0.9600.18057, time stamp: 0x55f8f2f2
    Exception code: 0xc0000005
    Fault offset: 0x00000000000c49a5
    Faulting process id: 0x16360
    Faulting application start time: 0xregedit.exe0
    Faulting application path: regedit.exe1
    Faulting module path: regedit.exe2
    Report Id: regedit.exe3

    Error: (01/26/2016 08:14:34 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: plugin-container.exe, version: 43.0.4.5848, time stamp: 0x568c88bd
    Faulting module name: mozglue.dll, version: 43.0.4.5848, time stamp: 0x568c7b16
    Exception code: 0x80000003
    Fault offset: 0x0000ed44
    Faulting process id: 0x6a4
    Faulting application start time: 0xplugin-container.exe0
    Faulting application path: plugin-container.exe1
    Faulting module path: plugin-container.exe2
    Report Id: plugin-container.exe3

    Error: (01/26/2016 08:14:34 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: plugin-container.exe, version: 43.0.4.5848, time stamp: 0x568c88bd
    Faulting module name: mozglue.dll, version: 43.0.4.5848, time stamp: 0x568c7b16
    Exception code: 0x80000003
    Fault offset: 0x0000ed44
    Faulting process id: 0x1168
    Faulting application start time: 0xplugin-container.exe0
    Faulting application path: plugin-container.exe1
    Faulting module path: plugin-container.exe2
    Report Id: plugin-container.exe3

    Error: (01/26/2016 08:14:23 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: plugin-container.exe, version: 43.0.4.5848, time stamp: 0x568c88bd
    Faulting module name: mozglue.dll, version: 43.0.4.5848, time stamp: 0x568c7b16
    Exception code: 0x80000003
    Fault offset: 0x0000ed44
    Faulting process id: 0x1050
    Faulting application start time: 0xplugin-container.exe0
    Faulting application path: plugin-container.exe1
    Faulting module path: plugin-container.exe2
    Report Id: plugin-container.exe3

    Error: (01/26/2016 08:02:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/26/2016 05:57:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/26/2016 11:21:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/25/2016 03:50:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/25/2016 05:06:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    System errors:
    =============
    Error: (01/29/2016 09:07:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
    %%1058

    Error: (01/29/2016 09:07:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
    %%1058

    Error: (01/29/2016 09:07:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
    %%1058

    Error: (01/29/2016 09:07:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
    %%1058

    Error: (01/29/2016 09:07:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
    %%1058

    Error: (01/29/2016 09:07:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
    %%1058

    Error: (01/29/2016 09:07:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
    %%1058

    Error: (01/29/2016 09:07:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
    %%1058

    Error: (01/29/2016 09:07:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
    %%1058

    Error: (01/29/2016 09:07:19 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
    %%1058


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
    Percentage of memory in use: 60%
    Total physical RAM: 4073.76 MB
    Available physical RAM: 1616.14 MB
    Total Virtual: 8145.73 MB
    Available Virtual: 5336.6 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:59.47 GB) (Free:15.03 GB) NTFS
    Drive d: () (Fixed) (Total:233.4 GB) (Free:31.89 GB) NTFS
    Drive e: () (Fixed) (Total:172.79 GB) (Free:4.63 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B6A5B88C)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=59.5 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=233.4 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=172.8 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

    Previous topic: https://forums.spybot.info/showthrea...ant-be-removed!
    Last edited by tashi; 2016-01-29 at 17:44. Reason: Added link for clarity

  2. #2
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,849

    Default

    IObit

    Please see the following links and make up your own mind if you want to keep this on your system.

    IOBit Steals Malwarebytes' Intellectual Property
    IOBit's Denial of Theft Unconvincing
    IOBit Theft Conclusion
    IObit: Trusting Your Antivirus Vendor
    Malwarebytes: IObit Stole Our Signatures Database
    IObit accused of stealing from Malwarebytes
    http://shanegowland....-sucky-company/

    ----------------------

    PC Cleaners/PC Cleaner Pro <== downloads with adware and is a reg cleaner, not recommended

    ~~~~~~~~~~~~~~~~~~~~~~~~~`

    You have markers in your log to suggest your copy of Windows and or Microsoft Office may not be valid, cracked or pirated software.

    Note:
    We do not support the use of Pirated-Warez-Keygens-Cracked software.

    If seeking help in our Malware removal forum please know that users who have programs obtained by such methods will be asked to remove them, since our help could otherwise be seen as aiding copyright violations.
    https://forums.spybot.info/showthrea...ll=1#post25290

    Any Pirated-Warez-Keygens-Cracked software needs to be removed.

    ~~~~~~~~~~~~~~~~~~~`

    Running from C:\Users\hamadoto\Downloads\Programs

    It's best we move Farbar's to desktop.

    Please go to your downloads folder, locate Farbar Recovery Scan Tool, right click and select CUT
    Go to an open spot on your desktop, right click and select PASTE
    You should now have Farbar Recovery Scan Tool on your desktop.


    Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
    To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)





    start
    CreateRestorePoint:
    CloseProcesses:
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-20] (Oracle Corporation)
    FF user.js: detected! => C:\Users\hamadoto\AppData\Roaming\Mozilla\Firefox\Profiles\fs81t73p.default-1454013078005\user.js [2016-01-29]
    CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
    CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
    C:\ProgramData\pclunst.exe
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset all
    CMD: netsh int ipv4 reset
    CMD: netsh int ipv6 reset
    EmptyTemp:
    Hosts:
    End
    Open FRST/FRST64 and press the > Fix < button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
    ~~~~~~~~~~~~~~~~~~~~~~~~~`

    Open Malwarebytes' Anti-Malware
    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Detections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan


    After the restart once you are back at your desktop, open MBAM once more.
    Click on the History tab > Application Logs.
    Double click on the scan log which shows the Date and time of the scan just performed.
    Click 'Copy to Clipboard'
    Paste the contents of the clipboard into your reply

    ~~~~~~~~~~~~~~~~~~~~~~~~

    Please post these 2 logs when done.
    Last edited by Juliet; 2016-02-04 at 01:03. Reason: typo
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,849

    Default

    Still need help?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  4. #4
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,849

    Default

    Due to the lack of feedback this Topic is closed.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •