Премини към съдържанието

m0ns7err

Потребител
  • Публикации

    9
  • Регистрация

  • Последно онлайн

Харесвания

1 Неутрална репутация

Всичко за m0ns7err

  • Титла
    Новобранец
  1. Папката FRST се премахна и всичко е окей !! Благодаря ти много ! Приятен уикенд и нa теб!
  2. FRST: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-07-2014 01Ran by roby at 2014-07-12 15:55:55 Run:5Running from C:UsersrobyDesktopBoot Mode: Normal============================================== Content of fixlist:*****************startUnlock: HKUS-1-5-21-753445142-1853107196-334102578-1000SoftwareMicrosoftInternet ExplorerApproved ExtensionsReg: reg delete "HKUS-1-5-21-753445142-1853107196-334102578-1000SoftwareMicrosoftInternet ExplorerApproved Extensions" /v {4D2D3B0F-69BE-477A-90F5-FDDB05357975} /fend***************** "HKUS-1-5-21-753445142-1853107196-334102578-1000SoftwareMicrosoftInternet ExplorerApproved Extensions" => Key unlocked successfully. ========= reg delete "HKUS-1-5-21-753445142-1853107196-334102578-1000SoftwareMicrosoftInternet ExplorerApproved Extensions" /v {4D2D3B0F-69BE-477A-90F5-FDDB05357975} /f ========= The operation completed successfully. ========= End of Reg: ========= ==== End of Fixlog ==== HitmanPro: HitmanPro 3.7.9.220www.hitmanpro.com Computer name . . . . : ROBERT-PC Windows . . . . . . . : 6.1.1.7601.X64/2 User name . . . . . . : ROBERT-PCroby UAC . . . . . . . . . : Disabled License . . . . . . . : Free Scan date . . . . . . : 2014-07-12 15:56:59 Scan mode . . . . . . : Normal Scan duration . . . . : 9m 31s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 2 Traces . . . . . . . : 96 Objects scanned . . . : 2 156 891 Files scanned . . . . : 43 460 Remnants scanned . . : 895 461 files / 1 217 970 keys Malware _____________________________________________________________________ C:GamesGarry`s Mod 11Launcher.exe Size . . . . . . . : 351 854 bytes Age . . . . . . . : 186.9 days (2014-01-06 19:23:17) Entropy . . . . . : 6.2 SHA-256 . . . . . : 9E71E983F2F1F118FBC68FC4498F66268648BD4EA810B5EB96DF145CF0462B6C Product Publisher . . . . : Team Garry Description . . . : Version Copyright LanguageID . . . . : 1033 > G Data . . . . . . : Trojan.Generic.3877932 (Engine-A) Fuzzy . . . . . . : 103.0 References C:UsersrobyAppDataRoamingMicrosoftWindowsStart MenuProgramsGarry`s Mod 11.lnk C:UsersrobyDesktopИгриGarry`s Mod 11.lnk C:UsersrobyDesktopИгриLauncher - Shortcut.lnk C:UsersrobyИнсталаториИнсталатори програмиSony Vegas Movie Studio Platinum Edition Pro v9.a Build 85patch.exe Size . . . . . . . : 479 232 bytes Age . . . . . . . : 821.7 days (2012-04-11 23:00:31) Entropy . . . . . : 6.2 SHA-256 . . . . . : 9307ED94BBCCD1C5C00686AC05ED3641A0EEF84AD2762708E0EBC05740167D6B > G Data . . . . . . : Trojan.Generic.1697383 (Engine A) Fuzzy . . . . . . : 111.0 Suspicious files ____________________________________________________________ C:UsersrobyAppDataLocalPunkBusterFC3pbpbcl.dll Size . . . . . . . : 953 886 bytes Age . . . . . . . : 524.1 days (2013-02-03 12:56:17) Entropy . . . . . : 7.6 SHA-256 . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:UsersrobyAppDataLocalPunkBusterFC3pbpbcls.dll Size . . . . . . . : 953 886 bytes Age . . . . . . . : 524.1 days (2013-02-03 12:56:16) Entropy . . . . . : 7.6 SHA-256 . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:UsersrobyAppDataLocalPunkBusterFC3pbPnkBstrK.sys Size . . . . . . . : 138 032 bytes Age . . . . . . . : 524.1 days (2013-02-03 12:56:43) Entropy . . . . . : 7.8 SHA-256 . . . . . : ABAF3FACF01E10E4C685F79C3B9E5D2118B3CF8629C4277EBE035B2A10474148 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. C:UsersrobyDesktopFRST-OlderVersionFRST64.exe Size . . . . . . . : 2 084 352 bytes Age . . . . . . . : 2.7 days (2014-07-09 23:36:26) Entropy . . . . . : 7.5 SHA-256 . . . . . : B4700A1052D7BA9860C77F7EB718BC878FFD3EBB1178B97B01CE6DA3679EB3B5 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. C:UsersrobyDesktopFRST64.exe Size . . . . . . . : 2 084 864 bytes Age . . . . . . . : 1.7 days (2014-07-11 00:15:33) Entropy . . . . . : 7.5 SHA-256 . . . . . : D9D2BFCDCB27D7F50FD9AB70FC0EED6A127C3389069CC5A2297B9050A51722AB Needs elevation . : Yes Source URL . . . . : hxxp://download.bleepingcomputer.com/dl/b6e912fc25c5df47a8284302d6033a99/53bf0275/windows/security/security-utilities/f/farbar-recovery-scan-tool/64/FRST64.exe Fuzzy . . . . . . : 27.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. The file is downloaded from the Internet to this computer. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. References HKUS-1-5-21-753445142-1853107196-334102578-1000SoftwareClassesLocal SettingsSoftwareMicrosoftWindowsShellMuiCacheC:UsersrobyDesktopFRST64.exe Forensic Cluster -0.3s C:UsersrobyAppDataRoamingMicrosoftWindowsCookiesOP6CL2C0.txt -0.2s C:UsersrobyAppDataRoamingMicrosoftWindowsCookiesDEY7BL35.txt -0.2s C:UsersrobyAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5JRWMIZ2T82[1].htm -0.2s C:UsersrobyAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5JRWMIZ2T82[1].htm 0.0s C:UsersrobyAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE53277WOD8FRST64[1].exe 0.0s C:UsersrobyDesktopFRST64.exe 17.3s C:FRSTLogsct 17.3s C:UsersrobyDesktopFixlog.txt 17.3s C:FRSTQuarantineC 17.3s C:FRSTQuarantineCWindows 17.3s C:FRSTQuarantineCWindowssystem32GroupPolicy 17.3s C:FRSTQuarantineCWindowssystem32 Cookies _____________________________________________________________________ C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ad.360yield.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ad.auditude.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ad.bodybuilding.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ad.kiosked.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ad.mlnadvertising.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ad.propellerads.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.21nova.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.ad4game.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.betfair.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.bg-mamma.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.creative-serving.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.eurogrand.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.joylandcasino.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.kaldata.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.maingames.co.id C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.mediade.sk C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.p161.net C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.prestigecasino.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.pubmatic.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.rio.bg C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.skykingscasino.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.stickyadstv.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.tv7.bg C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.yahoo.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:adserve.postrelease.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:adserver.abv.bg C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:adtech.de C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:adtechus.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:advertising-support.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:advertising.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:at.atwola.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:atdmt.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:bs.serving-sys.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:burstnet.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:casalemedia.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:chitika.net C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:clickbank.net C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:collective-media.net C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:diff3.smartadserver.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:dmtracker.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:doubleclick.net C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:fastclick.net C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:googleadservices.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:in.getclicky.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:interclick.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:kontera.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:livejasmin.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:media6degrees.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:mediaplex.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:mm.chitika.net C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:questionmarket.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:realmedia.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:revsci.net C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ru4.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:server.cpmstar.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:serving-sys.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:sexwell.bg C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:smartadserver.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:statcounter.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:stats.matomy.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:statse.webtrendslive.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:track.adform.net C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:track.exclusivecpa.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:track.markethealth.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:tribalfusion.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:uk.sitestat.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:warnerbros.112.2o7.net C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:www.googleadservices.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:www.sexwell.bg C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:xiti.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:yadro.ru C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:zedo.com C:UsersrobyAppDataRoamingMicrosoftWindowsCookies2LYB8NT6.txt C:UsersrobyAppDataRoamingMicrosoftWindowsCookies5YDJYJPI.txt C:UsersrobyAppDataRoamingMicrosoftWindowsCookies6IM8MXWZ.txt C:UsersrobyAppDataRoamingMicrosoftWindowsCookies855CN7HI.txt C:UsersrobyAppDataRoamingMicrosoftWindowsCookiesCJNVSM4K.txt C:UsersrobyAppDataRoamingMicrosoftWindowsCookiesHXE2YPAH.txt C:UsersrobyAppDataRoamingMicrosoftWindowsCookiesIXTVY0LO.txt C:UsersrobyAppDataRoamingMicrosoftWindowsCookiesMWSBQSCH.txt C:UsersrobyAppDataRoamingMicrosoftWindowsCookiesT1L92QSL.txt C:UsersrobyAppDataRoamingMicrosoftWindowsCookiesX54QR1HH.txt C:UsersrobyAppDataRoamingMicrosoftWindowsCookiesXYJFME2K.txt C:UsersrobyAppDataRoamingMicrosoftWindowsCookiesYQ6O3MHF.txt C:UsersrobyAppDataRoamingMozillaFirefoxProfilesmtqeqk7m.defaultcookies.sqlite:doubleclick.net
  3. FRST: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-07-2014 01 Ran by roby at 2014-07-12 14:05:22 Run:4Running from C:UsersrobyDesktopBoot Mode: Normal============================================== Content of fixlist:*****************startReg: reg delete "HKLMSOFTWAREClassesInterface{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}" /fReg: reg delete "HKLMSOFTWAREClassesWow6432NodeInterface{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}" /fReg: reg delete "HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionUninstall{FDB962F0-B5B8-9460-D12F-7966E97BAA43}" /fReg: reg delete "HKU.DEFAULTSoftwareAppDataLow{5F189DF5-2D05-472B-9091-84D9848AE48B}" /fReg: reg delete "HKUS-1-5-18SoftwareAppDataLow{5F189DF5-2D05-472B-9091-84D9848AE48B}" /fReg: reg delete "HKUS-1-5-19SoftwareAppDataLow{5F189DF5-2D05-472B-9091-84D9848AE48B}" /fReg: reg delete "HKUS-1-5-20SoftwareAppDataLow{5F189DF5-2D05-472B-9091-84D9848AE48B}" /fReg: reg delete "HKUS-1-5-21-753445142-1853107196-334102578-1000SoftwareMicrosoftInternet ExplorerApproved Extensions{4D2D3B0F-69BE-477A-90F5-FDDB05357975}" /fend ***************** ========= reg delete "HKLMSOFTWAREClassesInterface{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete "HKLMSOFTWAREClassesWow6432NodeInterface{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete "HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionUninstall{FDB962F0-B5B8-9460-D12F-7966E97BAA43}" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete "HKU.DEFAULTSoftwareAppDataLow{5F189DF5-2D05-472B-9091-84D9848AE48B}" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete "HKUS-1-5-18SoftwareAppDataLow{5F189DF5-2D05-472B-9091-84D9848AE48B}" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete "HKUS-1-5-19SoftwareAppDataLow{5F189DF5-2D05-472B-9091-84D9848AE48B}" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete "HKUS-1-5-20SoftwareAppDataLow{5F189DF5-2D05-472B-9091-84D9848AE48B}" /f ========= The operation completed successfully. ========= End of Reg: ========= ========= reg delete "HKUS-1-5-21-753445142-1853107196-334102578-1000SoftwareMicrosoftInternet ExplorerApproved Extensions{4D2D3B0F-69BE-477A-90F5-FDDB05357975}" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ==== End of Fixlog ==== HitmanPro: HitmanPro 3.7.9.220www.hitmanpro.com Computer name . . . . : ROBERT-PC Windows . . . . . . . : 6.1.1.7601.X64/2 User name . . . . . . : ROBERT-PCroby UAC . . . . . . . . . : Disabled License . . . . . . . : Free Scan date . . . . . . : 2014-07-12 14:06:29 Scan mode . . . . . . : Normal Scan duration . . . . : 10m 36s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 2 Traces . . . . . . . : 95 Objects scanned . . . : 2 383 866 Files scanned . . . . : 43 599 Remnants scanned . . : 895 681 files / 1 444 586 keys Malware _____________________________________________________________________ C:GamesGarry`s Mod 11Launcher.exe Size . . . . . . . : 351 854 bytes Age . . . . . . . : 186.8 days (2014-01-06 19:23:17) Entropy . . . . . : 6.2 SHA-256 . . . . . : 9E71E983F2F1F118FBC68FC4498F66268648BD4EA810B5EB96DF145CF0462B6C Product Publisher . . . . : Team Garry Description . . . : Version Copyright LanguageID . . . . : 1033 > G Data . . . . . . : Trojan.Generic.3877932 (Engine-A) Fuzzy . . . . . . : 103.0 References C:UsersrobyAppDataRoamingMicrosoftWindowsStart MenuProgramsGarry`s Mod 11.lnk C:UsersrobyDesktopИгриGarry`s Mod 11.lnk C:UsersrobyDesktopИгриLauncher - Shortcut.lnk C:UsersrobyИнсталаториИнсталатори програмиSony Vegas Movie Studio Platinum Edition Pro v9.a Build 85patch.exe Size . . . . . . . : 479 232 bytes Age . . . . . . . : 821.6 days (2012-04-11 23:00:31) Entropy . . . . . : 6.2 SHA-256 . . . . . : 9307ED94BBCCD1C5C00686AC05ED3641A0EEF84AD2762708E0EBC05740167D6B > G Data . . . . . . : Trojan.Generic.1697383 (Engine A) Fuzzy . . . . . . : 111.0 Suspicious files ____________________________________________________________ C:UsersrobyAppDataLocalPunkBusterFC3pbpbcl.dll Size . . . . . . . : 953 886 bytes Age . . . . . . . : 524.0 days (2013-02-03 12:56:17) Entropy . . . . . : 7.6 SHA-256 . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:UsersrobyAppDataLocalPunkBusterFC3pbpbcls.dll Size . . . . . . . : 953 886 bytes Age . . . . . . . : 524.0 days (2013-02-03 12:56:16) Entropy . . . . . : 7.6 SHA-256 . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:UsersrobyAppDataLocalPunkBusterFC3pbPnkBstrK.sys Size . . . . . . . : 138 032 bytes Age . . . . . . . : 524.0 days (2013-02-03 12:56:43) Entropy . . . . . : 7.8 SHA-256 . . . . . : ABAF3FACF01E10E4C685F79C3B9E5D2118B3CF8629C4277EBE035B2A10474148 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. C:UsersrobyDesktopFRST-OlderVersionFRST64.exe Size . . . . . . . : 2 084 352 bytes Age . . . . . . . : 2.6 days (2014-07-09 23:36:26) Entropy . . . . . : 7.5 SHA-256 . . . . . : B4700A1052D7BA9860C77F7EB718BC878FFD3EBB1178B97B01CE6DA3679EB3B5 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. C:UsersrobyDesktopFRST64.exe Size . . . . . . . : 2 084 864 bytes Age . . . . . . . : 1.6 days (2014-07-11 00:15:33) Entropy . . . . . : 7.5 SHA-256 . . . . . : D9D2BFCDCB27D7F50FD9AB70FC0EED6A127C3389069CC5A2297B9050A51722AB Needs elevation . : Yes Source URL . . . . : hxxp://download.bleepingcomputer.com/dl/b6e912fc25c5df47a8284302d6033a99/53bf0275/windows/security/security-utilities/f/farbar-recovery-scan-tool/64/FRST64.exe Fuzzy . . . . . . : 27.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. The file is downloaded from the Internet to this computer. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. References HKUS-1-5-21-753445142-1853107196-334102578-1000SoftwareClassesLocal SettingsSoftwareMicrosoftWindowsShellMuiCacheC:UsersrobyDesktopFRST64.exe Forensic Cluster -0.3s C:UsersrobyAppDataRoamingMicrosoftWindowsCookiesOP6CL2C0.txt -0.2s C:UsersrobyAppDataRoamingMicrosoftWindowsCookiesDEY7BL35.txt -0.2s C:UsersrobyAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5JRWMIZ2T82[1].htm -0.2s C:UsersrobyAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5JRWMIZ2T82[1].htm 0.0s C:UsersrobyAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE53277WOD8FRST64[1].exe 0.0s C:UsersrobyDesktopFRST64.exe 17.3s C:FRSTLogsct 17.3s C:UsersrobyDesktopFixlog.txt 17.3s C:FRSTQuarantineC 17.3s C:FRSTQuarantineCWindows 17.3s C:FRSTQuarantineCWindowssystem32GroupPolicy 17.3s C:FRSTQuarantineCWindowssystem32 Potential Unwanted Programs _________________________________________________ HKUS-1-5-21-753445142-1853107196-334102578-1000SoftwareMicrosoftInternet ExplorerApproved Extensions{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro) Cookies _____________________________________________________________________ C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ad.360yield.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ad.bodybuilding.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ad.kiosked.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ad.mlnadvertising.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ad.propellerads.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.21nova.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.ad4game.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.betfair.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.bg-mamma.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.creative-serving.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.eurogrand.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.joylandcasino.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.kaldata.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.maingames.co.id C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.mediade.sk C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.p161.net C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.prestigecasino.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.pubmatic.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.rio.bg C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.skykingscasino.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.stickyadstv.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.yahoo.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:adserve.postrelease.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:adserver.abv.bg C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:adtech.de C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:adtechus.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:advertising-support.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:advertising.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:at.atwola.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:atdmt.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:bs.serving-sys.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:burstnet.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:casalemedia.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:chitika.net C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:clickbank.net C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:collective-media.net C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:diff3.smartadserver.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:dmtracker.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:doubleclick.net C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:fastclick.net C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:googleadservices.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:in.getclicky.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:interclick.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:kontera.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:livejasmin.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:media6degrees.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:mediaplex.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:mm.chitika.net C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:questionmarket.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:realmedia.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:revsci.net C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ru4.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:server.cpmstar.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:serving-sys.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:sexwell.bg C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:smartadserver.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:statcounter.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:stats.matomy.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:statse.webtrendslive.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:track.adform.net C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:track.exclusivecpa.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:track.markethealth.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:tribalfusion.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:uk.sitestat.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:warnerbros.112.2o7.net C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:www.googleadservices.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:www.sexwell.bg C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:xiti.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:yadro.ru C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:zedo.com C:UsersrobyAppDataRoamingMicrosoftWindowsCookies2LYB8NT6.txt C:UsersrobyAppDataRoamingMicrosoftWindowsCookies5YDJYJPI.txt C:UsersrobyAppDataRoamingMicrosoftWindowsCookies6IM8MXWZ.txt C:UsersrobyAppDataRoamingMicrosoftWindowsCookies855CN7HI.txt C:UsersrobyAppDataRoamingMicrosoftWindowsCookiesCJNVSM4K.txt C:UsersrobyAppDataRoamingMicrosoftWindowsCookiesHXE2YPAH.txt C:UsersrobyAppDataRoamingMicrosoftWindowsCookiesIXTVY0LO.txt C:UsersrobyAppDataRoamingMicrosoftWindowsCookiesMWSBQSCH.txt C:UsersrobyAppDataRoamingMicrosoftWindowsCookiesT1L92QSL.txt C:UsersrobyAppDataRoamingMicrosoftWindowsCookiesX54QR1HH.txt C:UsersrobyAppDataRoamingMicrosoftWindowsCookiesXYJFME2K.txt C:UsersrobyAppDataRoamingMicrosoftWindowsCookiesYQ6O3MHF.txt C:UsersrobyAppDataRoamingMozillaFirefoxProfilesmtqeqk7m.defaultcookies.sqlite:doubleclick.net
  4. HitmanPro 3.7.9.220www.hitmanpro.com Computer name . . . . : ROBERT-PC Windows . . . . . . . : 6.1.1.7601.X64/2 User name . . . . . . : ROBERT-PCroby UAC . . . . . . . . . : Disabled License . . . . . . . : Free Scan date . . . . . . : 2014-07-12 01:07:52 Scan mode . . . . . . : Normal Scan duration . . . . : 11m 38s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 2 Traces . . . . . . . : 101 Objects scanned . . . : 2 157 765 Files scanned . . . . : 43 903 Remnants scanned . . : 895 932 files / 1 217 930 keys Malware _____________________________________________________________________ C:GamesGarry`s Mod 11Launcher.exe Size . . . . . . . : 351 854 bytes Age . . . . . . . : 186.2 days (2014-01-06 19:23:17) Entropy . . . . . : 6.2 SHA-256 . . . . . : 9E71E983F2F1F118FBC68FC4498F66268648BD4EA810B5EB96DF145CF0462B6C Product Publisher . . . . : Team Garry Description . . . : Version Copyright LanguageID . . . . : 1033 > G Data . . . . . . : Trojan.Generic.3877932 (Engine-A) Fuzzy . . . . . . : 103.0 References C:UsersrobyAppDataRoamingMicrosoftWindowsStart MenuProgramsGarry`s Mod 11.lnk C:UsersrobyDesktopИгриGarry`s Mod 11.lnk C:UsersrobyDesktopИгриLauncher - Shortcut.lnk C:UsersrobyИнсталаториИнсталатори програмиSony Vegas Movie Studio Platinum Edition Pro v9.a Build 85patch.exe Size . . . . . . . : 479 232 bytes Age . . . . . . . : 821.1 days (2012-04-11 23:00:31) Entropy . . . . . : 6.2 SHA-256 . . . . . : 9307ED94BBCCD1C5C00686AC05ED3641A0EEF84AD2762708E0EBC05740167D6B > G Data . . . . . . : Trojan.Generic.1697383 (Engine A) Fuzzy . . . . . . : 111.0 Suspicious files ____________________________________________________________ C:UsersrobyAppDataLocalPunkBusterFC3pbpbcl.dll Size . . . . . . . : 953 886 bytes Age . . . . . . . : 523.5 days (2013-02-03 12:56:17) Entropy . . . . . : 7.6 SHA-256 . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:UsersrobyAppDataLocalPunkBusterFC3pbpbcls.dll Size . . . . . . . : 953 886 bytes Age . . . . . . . : 523.5 days (2013-02-03 12:56:16) Entropy . . . . . : 7.6 SHA-256 . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13 Fuzzy . . . . . . : 29.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. C:UsersrobyAppDataLocalPunkBusterFC3pbPnkBstrK.sys Size . . . . . . . : 138 032 bytes Age . . . . . . . : 523.5 days (2013-02-03 12:56:43) Entropy . . . . . : 7.8 SHA-256 . . . . . : ABAF3FACF01E10E4C685F79C3B9E5D2118B3CF8629C4277EBE035B2A10474148 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : 22.0 The .reloc (relocation) section in this program contains code. This is an indication of malware infection. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program contains PE structure anomalies. This is not typical for most programs. The file is a device driver. Device drivers run as trusted (highly privileged) code. Program is code signed with a valid Authenticode certificate. C:UsersrobyDesktopFRST-OlderVersionFRST64.exe Size . . . . . . . : 2 084 352 bytes Age . . . . . . . : 2.1 days (2014-07-09 23:36:26) Entropy . . . . . : 7.5 SHA-256 . . . . . : B4700A1052D7BA9860C77F7EB718BC878FFD3EBB1178B97B01CE6DA3679EB3B5 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. C:UsersrobyDesktopFRST64.exe Size . . . . . . . : 2 084 864 bytes Age . . . . . . . : 1.0 days (2014-07-11 00:15:33) Entropy . . . . . : 7.5 SHA-256 . . . . . : D9D2BFCDCB27D7F50FD9AB70FC0EED6A127C3389069CC5A2297B9050A51722AB Needs elevation . : Yes Source URL . . . . : hxxp://download.bleepingcomputer.com/dl/b6e912fc25c5df47a8284302d6033a99/53bf0275/windows/security/security-utilities/f/farbar-recovery-scan-tool/64/FRST64.exe Fuzzy . . . . . . : 27.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. The file is downloaded from the Internet to this computer. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Forensic Cluster -0.3s C:UsersrobyAppDataRoamingMicrosoftWindowsCookiesOP6CL2C0.txt -0.2s C:UsersrobyAppDataRoamingMicrosoftWindowsCookiesDEY7BL35.txt -0.2s C:UsersrobyAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5JRWMIZ2T82[1].htm -0.2s C:UsersrobyAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5JRWMIZ2T82[1].htm 0.0s C:UsersrobyAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE53277WOD8FRST64[1].exe 0.0s C:UsersrobyDesktopFRST64.exe 17.3s C:FRSTLogsct 17.3s C:UsersrobyDesktopFixlog.txt 17.3s C:FRSTQuarantineC 17.3s C:FRSTQuarantineCWindows 17.3s C:FRSTQuarantineCWindowssystem32GroupPolicy 17.3s C:FRSTQuarantineCWindowssystem32 Potential Unwanted Programs _________________________________________________ HKLMSOFTWAREClassesInterface{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326} (PCOptimizerPro) HKLMSOFTWAREClassesWow6432NodeInterface{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326} (PCOptimizerPro) HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionUninstall{FDB962F0-B5B8-9460-D12F-7966E97BAA43} (PriceChop) HKU.DEFAULTSoftwareAppDataLow{5F189DF5-2D05-472B-9091-84D9848AE48B} (PCOptimizerPro) HKUS-1-5-18SoftwareAppDataLow{5F189DF5-2D05-472B-9091-84D9848AE48B} (PCOptimizerPro) HKUS-1-5-19SoftwareAppDataLow{5F189DF5-2D05-472B-9091-84D9848AE48B} (PCOptimizerPro) HKUS-1-5-20SoftwareAppDataLow{5F189DF5-2D05-472B-9091-84D9848AE48B} (PCOptimizerPro) HKUS-1-5-21-753445142-1853107196-334102578-1000SoftwareMicrosoftInternet ExplorerApproved Extensions{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro) Cookies _____________________________________________________________________ C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ad.360yield.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ad.bodybuilding.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ad.kiosked.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ad.mlnadvertising.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ad.propellerads.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.21nova.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.ad4game.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.betfair.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.bg-mamma.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.creative-serving.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.eurogrand.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.joylandcasino.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.kaldata.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.maingames.co.id C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.mediade.sk C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.p161.net C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.prestigecasino.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.pubmatic.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.rio.bg C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.skykingscasino.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.stickyadstv.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ads.yahoo.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:adserve.postrelease.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:adserver.abv.bg C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:adtech.de C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:adtechus.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:advertising-support.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:advertising.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:at.atwola.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:atdmt.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:bs.serving-sys.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:burstnet.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:casalemedia.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:chitika.net C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:clickbank.net C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:collective-media.net C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:diff3.smartadserver.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:dmtracker.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:doubleclick.net C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:fastclick.net C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:googleadservices.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:in.getclicky.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:interclick.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:kontera.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:livejasmin.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:media6degrees.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:mediaplex.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:mm.chitika.net C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:questionmarket.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:realmedia.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:revsci.net C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:ru4.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:server.cpmstar.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:serving-sys.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:sexwell.bg C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:smartadserver.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:statcounter.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:stats.matomy.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:statse.webtrendslive.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:track.adform.net C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:track.exclusivecpa.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:track.markethealth.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:tribalfusion.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:uk.sitestat.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:warnerbros.112.2o7.net C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:www.googleadservices.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:www.sexwell.bg C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:xiti.com C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:yadro.ru C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultCookies:zedo.com C:UsersrobyAppDataRoamingMicrosoftWindowsCookies2LYB8NT6.txt C:UsersrobyAppDataRoamingMicrosoftWindowsCookies5YDJYJPI.txt C:UsersrobyAppDataRoamingMicrosoftWindowsCookies6IM8MXWZ.txt C:UsersrobyAppDataRoamingMicrosoftWindowsCookies855CN7HI.txt C:UsersrobyAppDataRoamingMicrosoftWindowsCookiesCJNVSM4K.txt C:UsersrobyAppDataRoamingMicrosoftWindowsCookiesHXE2YPAH.txt C:UsersrobyAppDataRoamingMicrosoftWindowsCookiesIXTVY0LO.txt C:UsersrobyAppDataRoamingMicrosoftWindowsCookiesMWSBQSCH.txt C:UsersrobyAppDataRoamingMicrosoftWindowsCookiesT1L92QSL.txt C:UsersrobyAppDataRoamingMicrosoftWindowsCookiesX54QR1HH.txt C:UsersrobyAppDataRoamingMicrosoftWindowsCookiesXYJFME2K.txt C:UsersrobyAppDataRoamingMicrosoftWindowsCookiesYQ6O3MHF.txt C:UsersrobyAppDataRoamingMozillaFirefoxProfilesmtqeqk7m.defaultcookies.sqlite:doubleclick.net
  5. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-07-2014 01Ran by roby at 2014-07-12 00:12:57 Run:3Running from C:UsersrobyDesktopBoot Mode: Normal============================================== Content of fixlist:*****************startC:ProgramDataEmailNotifierReg: reg delete "HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{0C5365B7-358F-402d-A440-F1270AEF1175}" /fReg: reg delete "HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerLow RightsElevationPolicy{0C5365B7-358F-402d-A440-F1270AEF1175}" /fReg: reg delete "HKU.DEFAULTSoftwareAskToolbar" /fReg: reg delete "HKUS-1-5-18SoftwareAskToolbar" /fReg: reg delete "HKUS-1-5-21-753445142-1853107196-334102578-1000SoftwareMicrosoftInternet ExplorerApproved Extensions" /v {4D2D3B0F-69BE-477A-90F5-FDDB05357975} /fReg: reg delete "HKUS-1-5-21-753445142-1853107196-334102578-1000SoftwareMicrosoftInternet ExplorerTabbedBrowsing" /v "bProtectNewTabPageShow" /fReg: reg delete "HKUS-1-5-21-753445142-1853107196-334102578-1000SoftwareMicrosoftInternet ExplorerTabbedBrowsing" /v "bProtectShowTabsWelcome" /fend***************** "C:ProgramDataEmailNotifier" => File/Directory not found. ========= reg delete "HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{0C5365B7-358F-402d-A440-F1270AEF1175}" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete "HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerLow RightsElevationPolicy{0C5365B7-358F-402d-A440-F1270AEF1175}" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete "HKU.DEFAULTSoftwareAskToolbar" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete "HKUS-1-5-18SoftwareAskToolbar" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete "HKUS-1-5-21-753445142-1853107196-334102578-1000SoftwareMicrosoftInternet ExplorerApproved Extensions" /v {4D2D3B0F-69BE-477A-90F5-FDDB05357975} /f ========= ERROR: Access is denied. ========= End of Reg: ========= ========= reg delete "HKUS-1-5-21-753445142-1853107196-334102578-1000SoftwareMicrosoftInternet ExplorerTabbedBrowsing" /v "bProtectNewTabPageShow" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= reg delete "HKUS-1-5-21-753445142-1853107196-334102578-1000SoftwareMicrosoftInternet ExplorerTabbedBrowsing" /v "bProtectShowTabsWelcome" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ==== End of Fixlog ====
  6. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-07-2014 01Ran by roby at 2014-07-11 00:15:50 Run:1Running from C:UsersrobyDesktopBoot Mode: Normal============================================== Content of fixlist:*****************startGroupPolicy: Group Policy on Chrome detected <======= ATTENTIONSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDFSearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDFSearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}SearchScopes: HKLM-x32 - DefaultScope {CA1F3DC7-1491-46D5-8467-C0C48BBA934A} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDFSearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://www.mystart.com/results.php?gen=ms&pr=manycam&id=manycam_ot&v=4_0&ent=ch_5007&q={searchTerms}SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDFSearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No FileBHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No FileToolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileFF SearchEngineOrder.1: WhiteSmoke SearchFF Extension: NEWSaver - C:UsersrobyAppDataRoamingMozillaFirefoxProfilesmtqeqk7m.defaultExtensionsee_jkb@kjzfdyytez.co.uk [2014-04-11]FF Extension: No Name - C:UsersrobyAppDataRoamingMozillaFirefoxProfilesmtqeqk7m.defaultExtensionsstaged [2014-07-08]CHR Extension: (No Name) - C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultExtensionsbjbgijommpikhbkniglggngpcganhmhm [2013-11-25]CHR Extension: (priceChop) - C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultExtensionshdnknlacbpjpblpadefjmfneolnedpel [2014-07-08]CHR Extension: (NextCuoup) - C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultExtensionsmfagdkigfhflclodkbeefkgbkdabohpg [2014-07-08]CHR Extension: (priceChop) - C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultExtensionshdnknlacbpjpblpadefjmfneolnedpel3.9 [2014-07-08]CHR Extension: (NextCuoup) - C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultExtensionsmfagdkigfhflclodkbeefkgbkdabohpg1.0 [2014-07-08]CHR HKLM-x32...ChromeExtension: [mmbieohkbhcmbadfnopijbijlpbagccd] - C:ProgramDataSaveAsmmbieohkbhcmbadfnopijbijlpbagccd.crx [2013-08-30]CHR HKLMSOFTWAREPoliciesGoogle: Policy restriction <======= ATTENTION2014-07-08 19:35 - 2013-11-25 23:05 - 00000000 ____D () C:ProgramData212a3aa9c450663e2014-07-08 19:35 - 2014-07-08 19:35 - 00000000 ____D () C:Program Files (x86)NextCuoup2014-07-08 19:30 - 2014-07-08 19:34 - 00000000 ____D () C:Program Files (x86)NextCoup2014-07-08 19:29 - 2014-07-08 19:29 - 00000000 ____D () C:Program Files (x86)MySearch2014-07-08 18:01 - 2014-07-08 19:31 - 00000000 ____D () C:ProgramDataMySearch2014-07-08 18:00 - 2014-07-08 19:29 - 00000000 ____D () C:Program Files (x86)priceChop2014-07-08 18:00 - 2014-07-08 18:00 - 00000000 ____D () C:UsersrobyAppDataLocalChromatic Browser2014-07-08 18:00 - 2014-07-08 18:00 - 00000000 ____D () C:UsersHomeGroupUser$AppDataLocalChromatic Browser2014-07-08 18:00 - 2014-07-08 18:00 - 00000000 ____D () C:UsersGuest.ROBERT-PCAppDataLocalTorch2014-07-08 18:00 - 2014-07-08 18:00 - 00000000 ____D () C:UsersGuest.ROBERT-PCAppDataLocalGoogle2014-07-08 18:00 - 2014-07-08 18:00 - 00000000 ____D () C:UsersGuest.ROBERT-PCAppDataLocalComodo2014-07-08 18:00 - 2014-07-08 18:00 - 00000000 ____D () C:UsersGuest.ROBERT-PCAppDataLocalChromatic Browser2014-07-08 18:00 - 2014-07-08 18:00 - 00000000 ____D () C:UsersAdministratorAppDataLocalChromatic Browser2014-07-08 17:35 - 2012-03-20 15:25 - 00000000 ____D () C:ProgramDataboost_interprocessTask: {175B8698-EA0F-4828-8FE8-413C1185D325} - System32TasksGS.Enabler-S-926685765 => c:programdatasoftwarehousegs.enablerGS.Enabler.exe <==== ATTENTIONTask: C:WindowsTasksGS.Enabler-S-926685765.job => c:programdatasoftwarehousegs.enablerGS.Enabler.exe <==== ATTENTIONAlternateDataStreams: C:UsersrobyApplication Data:NTAlternateDataStreams: C:UsersrobyAppDataRoaming:NTC:UsersrobyAppDataLocalTempend***************** C:Windowssystem32GroupPolicyMachine => Moved successfully.C:Windowssystem32GroupPolicyGPT.ini => Moved successfully.'HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.'HKCRCLSID{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.'HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{2fa28606-de77-4029-af96-b231e3b8f827}' => Key deleted successfully.'HKCRCLSID{2fa28606-de77-4029-af96-b231e3b8f827}'=> Key not found.'HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{b7fca997-d0fb-4fe0-8afd-255e89cf9671}' => Key deleted successfully.'HKCRCLSID{b7fca997-d0fb-4fe0-8afd-255e89cf9671}'=> Key not found.'HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{d43b3890-80c7-4010-a95d-1e77b5924dc3}' => Key deleted successfully.'HKCRCLSID{d43b3890-80c7-4010-a95d-1e77b5924dc3}'=> Key not found.'HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{D944BB61-2E34-4DBF-A683-47E505C587DC}' => Key deleted successfully.'HKCRCLSID{D944BB61-2E34-4DBF-A683-47E505C587DC}'=> Key not found.HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerSearchScopesDefaultScope => Value was restored successfully.'HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerSearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.'HKCRWow6432NodeCLSID{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.'HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerSearchScopes{b7fca997-d0fb-4fe0-8afd-255e89cf9671}' => Key deleted successfully.'HKCRWow6432NodeCLSID{b7fca997-d0fb-4fe0-8afd-255e89cf9671}'=> Key not found.'HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerSearchScopes{d43b3890-80c7-4010-a95d-1e77b5924dc3}' => Key deleted successfully.'HKCRWow6432NodeCLSID{d43b3890-80c7-4010-a95d-1e77b5924dc3}'=> Key not found.'HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerSearchScopes{D944BB61-2E34-4DBF-A683-47E505C587DC}' => Key deleted successfully.'HKCRWow6432NodeCLSID{D944BB61-2E34-4DBF-A683-47E505C587DC}'=> Key not found.'HKCUSOFTWAREMicrosoftInternet ExplorerSearchScopes{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}' => Key deleted successfully.'HKCRCLSID{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}'=> Key not found.'HKCUSOFTWAREMicrosoftInternet ExplorerSearchScopes{483830EE-A4CD-4b71-B0A3-3D82E62A6909}' => Key deleted successfully.'HKCRCLSID{483830EE-A4CD-4b71-B0A3-3D82E62A6909}'=> Key not found.'HKCUSOFTWAREMicrosoftInternet ExplorerSearchScopes{b7fca997-d0fb-4fe0-8afd-255e89cf9671}' => Key deleted successfully.'HKCRCLSID{b7fca997-d0fb-4fe0-8afd-255e89cf9671}'=> Key not found.'HKCUSOFTWAREMicrosoftInternet ExplorerSearchScopes{d43b3890-80c7-4010-a95d-1e77b5924dc3}' => Key deleted successfully.'HKCRCLSID{d43b3890-80c7-4010-a95d-1e77b5924dc3}'=> Key not found.'HKCUSOFTWAREMicrosoftInternet ExplorerSearchScopes{D944BB61-2E34-4DBF-A683-47E505C587DC}' => Key deleted successfully.'HKCRCLSID{D944BB61-2E34-4DBF-A683-47E505C587DC}'=> Key not found.'HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}' => Key deleted successfully.'HKCRCLSID{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}'=> Key not found.'HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}' => Key deleted successfully.'HKCRCLSID{DBC80044-A445-435b-BC74-9C25C1C588A9}'=> Key not found.HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.'HKCRCLSID{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}'=> Key not found.Firefox SearchEngineOrder.1 deleted successfully.C:UsersrobyAppDataRoamingMozillaFirefoxProfilesmtqeqk7m.defaultExtensionsee_jkb@kjzfdyytez.co.uk => Moved successfully.C:UsersrobyAppDataRoamingMozillaFirefoxProfilesmtqeqk7m.defaultExtensionsstaged => Moved successfully.C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultExtensionsbjbgijommpikhbkniglggngpcganhmhm => Moved successfully.C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultExtensionshdnknlacbpjpblpadefjmfneolnedpel => Moved successfully.C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultExtensionsmfagdkigfhflclodkbeefkgbkdabohpg => Moved successfully.C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultExtensionshdnknlacbpjpblpadefjmfneolnedpel3.9 directory not found.C:UsersrobyAppDataLocalGoogleChromeUser DataDefaultExtensionsmfagdkigfhflclodkbeefkgbkdabohpg1.0 directory not found.'HKLMSOFTWAREWow6432NodeGoogleChromeExtensionsmmbieohkbhcmbadfnopijbijlpbagccd' => Key deleted successfully."C:ProgramDataSaveAsmmbieohkbhcmbadfnopijbijlpbagccd.crx" => File/Directory not found.'HKLMSOFTWAREPoliciesGoogle' => Key deleted successfully.C:ProgramData212a3aa9c450663e => Moved successfully.C:Program Files (x86)NextCuoup => Moved successfully."C:Program Files (x86)NextCoup" => File/Directory not found.C:Program Files (x86)MySearch => Moved successfully.C:ProgramDataMySearch => Moved successfully.C:Program Files (x86)priceChop => Moved successfully.C:UsersrobyAppDataLocalChromatic Browser => Moved successfully.C:UsersHomeGroupUser$AppDataLocalChromatic Browser => Moved successfully.C:UsersGuest.ROBERT-PCAppDataLocalTorch => Moved successfully.C:UsersGuest.ROBERT-PCAppDataLocalGoogle => Moved successfully.C:UsersGuest.ROBERT-PCAppDataLocalComodo => Moved successfully.C:UsersGuest.ROBERT-PCAppDataLocalChromatic Browser => Moved successfully.C:UsersAdministratorAppDataLocalChromatic Browser => Moved successfully.C:ProgramDataboost_interprocess => Moved successfully.'HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheLogon{175B8698-EA0F-4828-8FE8-413C1185D325}' => Key deleted successfully.'HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{175B8698-EA0F-4828-8FE8-413C1185D325}' => Key deleted successfully.C:WindowsSystem32TasksGS.Enabler-S-926685765 => Moved successfully.'HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTreeGS.Enabler-S-926685765' => Key deleted successfully.C:WindowsTasksGS.Enabler-S-926685765.job => Moved successfully."C:UsersrobyApplication Data" => ":NT" ADS not found.C:UsersrobyAppDataRoaming => ":NT" ADS removed successfully. "C:UsersrobyAppDataLocalTemp" directory move: C:UsersrobyAppDataLocalTemp+JXF122264032306423605.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF1226326091211878768.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF1228887407505621128.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF1235471523498052887.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF1332471521171865349.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF1384453952103142015.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF1560343945953083812.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF1735458263302168704.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF1807387014645179283.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF182525661414951649.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF1864877663228707806.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF2000405331292947996.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF2114258287065174809.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF212799257095166677.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF2235763760756960033.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF2290981438024452784.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF2346303275626230804.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF2365560054921294186.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF2520224188430855203.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF2548657240135415051.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF2608166700021308518.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF2631829854561201700.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF2696568242612472678.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF2722162180930230729.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF277728568170552807.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF2863462395906792547.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF2902517003843675613.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF2911708491483003179.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF2937582668781831703.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF3052874051997713815.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF3316207019953711266.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF3340522354526503265.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF3446978899442872344.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF3646941378576461637.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF3673215236581510074.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF3742576898343628429.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF3842106653256224171.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF3947263543774156641.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF4022908480914215633.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF4205851173078409089.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF4303915225534435217.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF4368941667726336322.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF442222512990272375.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF4458272595491669217.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF4560705993625065346.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF4569661037734130734.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF4588711625052200253.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF4670890540765353666.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF467770979933166681.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF4706237235206296184.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF4707735013204677732.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF4802876708678052089.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF4882555183381064325.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF4902485563931327908.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF4933120540961784009.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF5015160166603625828.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF5094057223492077577.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF5117365718432819526.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF534834236881839843.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF549445949537170594.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF5523491262044971219.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF5526360346807240356.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF5569601477837547802.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF5594797577456971880.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF5613861311153055631.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF5631917524103392334.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF5687926833689129702.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF5768732148872505584.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF5819724768344016223.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF5929225861243223718.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF5933301436118304976.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF6016068916565403015.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF6084427304290904032.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF6095576020158723663.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF6203206518142659941.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF6560456341702175591.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF6798251558645937618.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF6878868787110779120.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF7038126492001945733.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF704255587717049204.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF7090889305251491524.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF7118358183704148451.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF7218729113423518256.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF7228828042986443389.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF7234340143524056824.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF7260885245511459217.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF728636412251845978.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF7331632482018622056.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF758697942244055313.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF7643193617131197517.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF7670770628578898700.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF7855738235474234630.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF7881905220250668333.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF8319359273840652269.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF8570225029943554669.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF8687020416089402115.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF8701812841897084927.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF8713535328078022796.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF8747163535709516093.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF8839211617097537080.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF8926995523031556107.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF8931644172010065202.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF894456673468330280.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF928807453693368573.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp+JXF931396404380138769.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp118E0C3.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp12284A9.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp1323824679.xml => Moved successfully.C:UsersrobyAppDataLocalTemp1368800.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp13970FB.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp144790.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp17538EB.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp177B27D.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp186693D.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp187FC97.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp188EF9B.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp191E62A.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp1955467.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp198537D.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp198687A.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp1998C99.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp339235119.xml => Moved successfully.C:UsersrobyAppDataLocalTemp4565CFD.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp473470E.tmp => Moved successfully.C:UsersrobyAppDataLocalTempAdministrator.bmp => Moved successfully.C:UsersrobyAppDataLocalTempamt3.log => Moved successfully.C:UsersrobyAppDataLocalTempbtsendto_explorer.txt => Moved successfully.C:UsersrobyAppDataLocalTempConnectifyInstall.txt => Moved successfully.C:UsersrobyAppDataLocalTempen5zbjmr.bf2.store => Moved successfully.C:UsersrobyAppDataLocalTempEsgScanner.inf => Moved successfully.C:UsersrobyAppDataLocalTempESGScanner.sys => Moved successfully.Could not move "C:UsersrobyAppDataLocalTempetilqs_E6JzSWayS1gQfEE" => Scheduled to move on reboot.Could not move "C:UsersrobyAppDataLocalTempetilqs_HcjQqHJqu4qLWZ4" => Scheduled to move on reboot.Could not move "C:UsersrobyAppDataLocalTempetilqs_ow8otwn8eyC3qBX" => Scheduled to move on reboot.Could not move "C:UsersrobyAppDataLocalTempFXSAPIDebugLogFile.txt" => Scheduled to move on reboot.C:UsersrobyAppDataLocalTempGuest.bmp => Moved successfully.C:UsersrobyAppDataLocalTemphlc1exis.k2f.store => Moved successfully.C:UsersrobyAppDataLocalTempHomeGroupUser$.bmp => Moved successfully.C:UsersrobyAppDataLocalTempHPSAActionItems.xml => Moved successfully.C:UsersrobyAppDataLocalTemphpsekkv0.exv.store => Moved successfully.C:UsersrobyAppDataLocalTempjansi-32-git-Bukkit-1.7.2-R0.3-2-g85f5776-b3024jnks.dll => Moved successfully.C:UsersrobyAppDataLocalTempjansi-32-git-Bukkit-1.7.2-R0.3-b3020jnks.dll => Moved successfully.C:UsersrobyAppDataLocalTempJavaDeployReg.log => Moved successfully.C:UsersrobyAppDataLocalTempjusched.log => Moved successfully.C:UsersrobyAppDataLocalTempMicrosoft Visual C++ 2010 x64 Redistributable Setup_20140627_201025087-MSI_vc_red.msi.txt => Moved successfully.C:UsersrobyAppDataLocalTempMicrosoft Visual C++ 2010 x64 Redistributable Setup_20140627_201025087.html => Moved successfully.C:UsersrobyAppDataLocalTempMicrosoft Visual C++ 2010 x86 Redistributable Setup_20140627_201014074-Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-MSP0.txt => Moved successfully.C:UsersrobyAppDataLocalTempMicrosoft Visual C++ 2010 x86 Redistributable Setup_20140627_201014074-MSI_vc_red.msi.txt => Moved successfully.C:UsersrobyAppDataLocalTempMicrosoft Visual C++ 2010 x86 Redistributable Setup_20140627_201014074.html => Moved successfully.C:UsersrobyAppDataLocalTempqd5eavmc.2el.store => Moved successfully.C:UsersrobyAppDataLocalTempreb35o2o.lqz.store => Moved successfully.C:UsersrobyAppDataLocalTemproby.bmp => Moved successfully.C:UsersrobyAppDataLocalTemprsiv5jro.agx.store => Moved successfully.C:UsersrobyAppDataLocalTempSHSetup.exe => Moved successfully.C:UsersrobyAppDataLocalTempSRLDetectionLibrary2695661903576150137.dll => Moved successfully.C:UsersrobyAppDataLocalTempswt-win32-3448.dll => Moved successfully.C:UsersrobyAppDataLocalTempswtag.log => Moved successfully.C:UsersrobyAppDataLocalTempt3zkkemx.ls0.store => Moved successfully.C:UsersrobyAppDataLocalTemptmp7EE.tmp => Moved successfully.C:UsersrobyAppDataLocalTemptrkC3FC.tmp => Moved successfully.C:UsersrobyAppDataLocalTemptrkDDE7.tmp => Moved successfully.C:UsersrobyAppDataLocalTempWindowsAPI.dll3051306449840779779.lib => Moved successfully.C:UsersrobyAppDataLocalTempwmplog00.sqm => Moved successfully.C:UsersrobyAppDataLocalTempwpi.msi => Moved successfully.C:UsersrobyAppDataLocalTempxjmqpkns.1zs.store => Moved successfully.C:UsersrobyAppDataLocalTemp_iu14D2N.tmp => Moved successfully.C:UsersrobyAppDataLocalTemp~DF4D461A2A6ED6792A.TMP => Moved successfully.C:UsersrobyAppDataLocalTemp~DFCADD547FAB12158C.TMP => Moved successfully.Could not move "C:UsersrobyAppDataLocalTempSkypeDbTemptemp-07yRnWOXq4H06jtFMY3gqZiX" => Scheduled to move on reboot.Could not move "C:UsersrobyAppDataLocalTempSkypeDbTemptemp-BfWf7FLgjYlCGazDEMSNMawh" => Scheduled to move on reboot.Could not move "C:UsersrobyAppDataLocalTempSkypeDbTemptemp-HywBKn2N85bDo5Dlg91tRurZ" => Scheduled to move on reboot.Could not move "C:UsersrobyAppDataLocalTempSkypeDbTemptemp-sgwJGDPqGRPCuWtAcKKeF4wX" => Scheduled to move on reboot.C:UsersrobyAppDataLocalTemppreprocessor1323824679.xml => Moved successfully.C:UsersrobyAppDataLocalTemppreprocessor339235119.xml => Moved successfully.C:UsersrobyAppDataLocalTempoutlook loggingfirstrun.log => Moved successfully.C:UsersrobyAppDataLocalTempnsuD877.tmpInstallOptions.dll => Moved successfully.C:UsersrobyAppDataLocalTempnsuD877.tmpioSpecial.ini => Moved successfully.C:UsersrobyAppDataLocalTempnsuD877.tmpmodern-wizard.bmp => Moved successfully.C:UsersrobyAppDataLocalTempnsuD877.tmpnsExec.dll => Moved successfully.C:UsersrobyAppDataLocalTempnsuD877.tmpSystem.dll => Moved successfully.C:UsersrobyAppDataLocalTempis126279315973E8C24C_stpConnectifyInstaller_ic_.exe => Moved successfully.C:UsersrobyAppDataLocalTempiisexpress740.log => Moved successfully.C:UsersrobyAppDataLocalTempiisexpress7440.log => Moved successfully.C:UsersrobyAppDataLocalTempHP Support FrameworkHPSF_Config1.dll => Moved successfully.C:UsersrobyAppDataLocalTempConnectifyConnectifyInstaller_ic_.exe => Moved successfully.C:UsersrobyAppDataLocalTemp8188_20729crl-set => Moved successfully.C:UsersrobyAppDataLocalTemp8188_20729manifest.fingerprint => Moved successfully.C:UsersrobyAppDataLocalTemp8188_20729manifest.json => Moved successfully.C:UsersrobyAppDataLocalTemp8016_9899crl-set => Moved successfully.C:UsersrobyAppDataLocalTemp8016_9899manifest.fingerprint => Moved successfully.C:UsersrobyAppDataLocalTemp8016_9899manifest.json => Moved successfully.C:UsersrobyAppDataLocalTemp7740_23972crl-set => Moved successfully.C:UsersrobyAppDataLocalTemp7740_23972manifest.fingerprint => Moved successfully.C:UsersrobyAppDataLocalTemp7740_23972manifest.json => Moved successfully.C:UsersrobyAppDataLocalTemp7276_30210crl-set => Moved successfully.C:UsersrobyAppDataLocalTemp7276_30210manifest.fingerprint => Moved successfully.C:UsersrobyAppDataLocalTemp7276_30210manifest.json => Moved successfully.C:UsersrobyAppDataLocalTemp7260_15852crl-set => Moved successfully.C:UsersrobyAppDataLocalTemp7260_15852manifest.fingerprint => Moved successfully.C:UsersrobyAppDataLocalTemp7260_15852manifest.json => Moved successfully.C:UsersrobyAppDataLocalTemp7256_10558crl-set => Moved successfully.C:UsersrobyAppDataLocalTemp7256_10558manifest.fingerprint => Moved successfully.C:UsersrobyAppDataLocalTemp7256_10558manifest.json => Moved successfully.C:UsersrobyAppDataLocalTemp6740_27822crl-set => Moved successfully.C:UsersrobyAppDataLocalTemp6740_27822manifest.fingerprint => Moved successfully.C:UsersrobyAppDataLocalTemp6740_27822manifest.json => Moved successfully.C:UsersrobyAppDataLocalTemp6572_26098crl-set => Moved successfully.C:UsersrobyAppDataLocalTemp6572_26098manifest.fingerprint => Moved successfully.C:UsersrobyAppDataLocalTemp6572_26098manifest.json => Moved successfully.C:UsersrobyAppDataLocalTemp6184_20306crl-set => Moved successfully.C:UsersrobyAppDataLocalTemp6184_20306manifest.fingerprint => Moved successfully.C:UsersrobyAppDataLocalTemp6184_20306manifest.json => Moved successfully.C:UsersrobyAppDataLocalTemp6008_10833crl-set => Moved successfully.C:UsersrobyAppDataLocalTemp6008_10833manifest.fingerprint => Moved successfully.C:UsersrobyAppDataLocalTemp6008_10833manifest.json => Moved successfully.C:UsersrobyAppDataLocalTemp5880_8955crl-set => Moved successfully.C:UsersrobyAppDataLocalTemp5880_8955manifest.fingerprint => Moved successfully.C:UsersrobyAppDataLocalTemp5880_8955manifest.json => Moved successfully.C:UsersrobyAppDataLocalTemp5864_15900crl-set => Moved successfully.C:UsersrobyAppDataLocalTemp5864_15900manifest.fingerprint => Moved successfully.C:UsersrobyAppDataLocalTemp5864_15900manifest.json => Moved successfully.C:UsersrobyAppDataLocalTemp5424_20260crl-set => Moved successfully.C:UsersrobyAppDataLocalTemp5424_20260manifest.fingerprint => Moved successfully.C:UsersrobyAppDataLocalTemp5424_20260manifest.json => Moved successfully.C:UsersrobyAppDataLocalTemp5252_31688crl-set => Moved successfully.C:UsersrobyAppDataLocalTemp5252_31688manifest.fingerprint => Moved successfully.C:UsersrobyAppDataLocalTemp5252_31688manifest.json => Moved successfully.C:UsersrobyAppDataLocalTemp5088_9930crl-set => Moved successfully.C:UsersrobyAppDataLocalTemp5088_9930manifest.fingerprint => Moved successfully.C:UsersrobyAppDataLocalTemp5088_9930manifest.json => Moved successfully.C:UsersrobyAppDataLocalTemp5068_25975crl-set => Moved successfully.C:UsersrobyAppDataLocalTemp5068_25975manifest.fingerprint => Moved successfully.C:UsersrobyAppDataLocalTemp5068_25975manifest.json => Moved successfully.C:UsersrobyAppDataLocalTemp5048_13434crl-set => Moved successfully.C:UsersrobyAppDataLocalTemp5048_13434manifest.fingerprint => Moved successfully.C:UsersrobyAppDataLocalTemp5048_13434manifest.json => Moved successfully.C:UsersrobyAppDataLocalTemp4828_8993crl-set => Moved successfully.C:UsersrobyAppDataLocalTemp4828_8993manifest.fingerprint => Moved successfully.C:UsersrobyAppDataLocalTemp4828_8993manifest.json => Moved successfully.C:UsersrobyAppDataLocalTemp4792_20788crl-set => Moved successfully.C:UsersrobyAppDataLocalTemp4792_20788manifest.fingerprint => Moved successfully.C:UsersrobyAppDataLocalTemp4792_20788manifest.json => Moved successfully.C:UsersrobyAppDataLocalTemp4656_7202crl-set => Moved successfully.C:UsersrobyAppDataLocalTemp4656_7202manifest.fingerprint => Moved successfully.C:UsersrobyAppDataLocalTemp4656_7202manifest.json => Moved successfully.C:UsersrobyAppDataLocalTemp4532_24760crl-set => Moved successfully.C:UsersrobyAppDataLocalTemp4532_24760manifest.fingerprint => Moved successfully.C:UsersrobyAppDataLocalTemp4532_24760manifest.json => Moved successfully.C:UsersrobyAppDataLocalTemp4432_10870crl-set => Moved successfully.C:UsersrobyAppDataLocalTemp4432_10870manifest.fingerprint => Moved successfully.C:UsersrobyAppDataLocalTemp4432_10870manifest.json => Moved successfully.C:UsersrobyAppDataLocalTemp4364_6853crl-set => Moved successfully.C:UsersrobyAppDataLocalTemp4364_6853manifest.fingerprint => Moved successfully.C:UsersrobyAppDataLocalTemp4364_6853manifest.json => Moved successfully.C:UsersrobyAppDataLocalTemp4260_26869crl-set => Moved successfully.C:UsersrobyAppDataLocalTemp4260_26869manifest.fingerprint => Moved successfully.C:UsersrobyAppDataLocalTemp4260_26869manifest.json => Moved successfully.C:UsersrobyAppDataLocalTemp4060_16667crl-set => Moved successfully.C:UsersrobyAppDataLocalTemp4060_16667manifest.fingerprint => Moved successfully.C:UsersrobyAppDataLocalTemp4060_16667manifest.json => Moved successfully.C:UsersrobyAppDataLocalTemp3908_21738crl-set => Moved successfully.C:UsersrobyAppDataLocalTemp3908_21738manifest.fingerprint => Moved successfully.C:UsersrobyAppDataLocalTemp3908_21738manifest.json => Moved successfully.C:UsersrobyAppDataLocalTemp36fc0f52steps1.ini => Moved successfully.C:UsersrobyAppDataLocalTemp36fc0f52steps10.ini => Moved successfully.C:UsersrobyAppDataLocalTemp36fc0f52steps11.ini => Moved successfully.C:UsersrobyAppDataLocalTemp36fc0f52steps3.ini => Moved successfully.C:UsersrobyAppDataLocalTemp36fc0f52steps3.ini.txt => Moved successfully.C:UsersrobyAppDataLocalTemp36fc0f52steps4.ini => Moved successfully.C:UsersrobyAppDataLocalTemp36fc0f52steps4_1.ini => Moved successfully.C:UsersrobyAppDataLocalTemp36fc0f52steps4_2.ini => Moved successfully.C:UsersrobyAppDataLocalTemp36fc0f52steps4_3.ini => Moved successfully.C:UsersrobyAppDataLocalTemp36fc0f52steps4_3_1.ini => Moved successfully.C:UsersrobyAppDataLocalTemp36fc0f52steps5.ini => Moved successfully.C:UsersrobyAppDataLocalTemp36fc0f52steps6.ini => Moved successfully.C:UsersrobyAppDataLocalTemp36fc0f52steps6_1_1.ini => Moved successfully.C:UsersrobyAppDataLocalTemp36fc0f52steps6_1_3.ini => Moved successfully.C:UsersrobyAppDataLocalTemp36fc0f52steps6_1_4.ini => Moved successfully.C:UsersrobyAppDataLocalTemp36fc0f52steps6_1_5.ini => Moved successfully.C:UsersrobyAppDataLocalTemp36fc0f52steps6_1_6.ini => Moved successfully.C:UsersrobyAppDataLocalTemp36fc0f52steps6_2.ini => Moved successfully.C:UsersrobyAppDataLocalTemp36fc0f52steps6_2_1.ini => Moved successfully.C:UsersrobyAppDataLocalTemp36fc0f52steps6_3.ini => Moved successfully.C:UsersrobyAppDataLocalTemp36fc0f52steps7.ini => Moved successfully.C:UsersrobyAppDataLocalTemp36fc0f52steps7_1.ini => Moved successfully.C:UsersrobyAppDataLocalTemp36fc0f52steps7_2.ini => Moved successfully.C:UsersrobyAppDataLocalTemp36fc0f52steps8.ini => Moved successfully.C:UsersrobyAppDataLocalTemp36fc0f52steps8_1.ini => Moved successfully.C:UsersrobyAppDataLocalTemp36fc0f52steps8_2.ini => Moved successfully.C:UsersrobyAppDataLocalTemp36fc0f52steps9.ini => Moved successfully.C:UsersrobyAppDataLocalTemp36fc0f52steps9.ini.txt => Moved successfully.C:UsersrobyAppDataLocalTemp36fc0f52steps9_1.ini => Moved successfully.C:UsersrobyAppDataLocalTemp36fc0f52installerstep0.ini.old => Moved successfully.C:UsersrobyAppDataLocalTemp3472_3406crl-set => Moved successfully.C:UsersrobyAppDataLocalTemp3472_3406manifest.fingerprint => Moved successfully.C:UsersrobyAppDataLocalTemp3472_3406manifest.json => Moved successfully.C:UsersrobyAppDataLocalTemp3260_1173crl-set => Moved successfully.C:UsersrobyAppDataLocalTemp3260_1173manifest.fingerprint => Moved successfully.C:UsersrobyAppDataLocalTemp3260_1173manifest.json => Moved successfully.C:UsersrobyAppDataLocalTemp3236_1051crl-set => Moved successfully.C:UsersrobyAppDataLocalTemp3236_1051manifest.fingerprint => Moved successfully.C:UsersrobyAppDataLocalTemp3236_1051manifest.json => Moved successfully.C:UsersrobyAppDataLocalTemp3188_12581crl-set => Moved successfully.C:UsersrobyAppDataLocalTemp3188_12581manifest.fingerprint => Moved successfully.C:UsersrobyAppDataLocalTemp3188_12581manifest.json => Moved successfully.C:UsersrobyAppDataLocalTemp2932_30483crl-set => Moved successfully.C:UsersrobyAppDataLocalTemp2932_30483manifest.fingerprint => Moved successfully.C:UsersrobyAppDataLocalTemp2932_30483manifest.json => Moved successfully.C:UsersrobyAppDataLocalTemp2916_8132crl-set => Moved successfully.C:UsersrobyAppDataLocalTemp2916_8132manifest.fingerprint => Moved successfully.C:UsersrobyAppDataLocalTemp2916_8132manifest.json => Moved successfully.C:UsersrobyAppDataLocalTemp2688_8992crl-set => Moved successfully.C:UsersrobyAppDataLocalTemp2688_8992manifest.fingerprint => Moved successfully.C:UsersrobyAppDataLocalTemp2688_8992manifest.json => Moved successfully.C:UsersrobyAppDataLocalTemp2656_27340crl-set => Moved successfully.C:UsersrobyAppDataLocalTemp2656_27340manifest.fingerprint => Moved successfully.C:UsersrobyAppDataLocalTemp2656_27340manifest.json => Moved successfully.C:UsersrobyAppDataLocalTemp2464_30911crl-set => Moved successfully.C:UsersrobyAppDataLocalTemp2464_30911manifest.fingerprint => Moved successfully.C:UsersrobyAppDataLocalTemp2464_30911manifest.json => Moved successfully.C:UsersrobyAppDataLocalTemp1792_4439crl-set => Moved successfully.C:UsersrobyAppDataLocalTemp1792_4439manifest.fingerprint => Moved successfully.C:UsersrobyAppDataLocalTemp1792_4439manifest.json => Moved successfully.C:UsersrobyAppDataLocalTemp1528_14733crl-set => Moved successfully.C:UsersrobyAppDataLocalTemp1528_14733manifest.fingerprint => Moved successfully.C:UsersrobyAppDataLocalTemp1528_14733manifest.json => Moved successfully.C:UsersrobyAppDataLocalTemp1360_13887crl-set => Moved successfully.C:UsersrobyAppDataLocalTemp1360_13887manifest.fingerprint => Moved successfully.C:UsersrobyAppDataLocalTemp1360_13887manifest.json => Moved successfully.C:UsersrobyAppDataLocalTemp1140_3768crl-set => Moved successfully.C:UsersrobyAppDataLocalTemp1140_3768manifest.fingerprint => Moved successfully.C:UsersrobyAppDataLocalTemp1140_3768manifest.json => Moved successfully.Could not move "C:UsersrobyAppDataLocalTemp" directory. => Scheduled to move on reboot. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-07-11 00:19:16)<= C:UsersrobyAppDataLocalTempetilqs_E6JzSWayS1gQfEE => Is moved successfully.C:UsersrobyAppDataLocalTempetilqs_HcjQqHJqu4qLWZ4 => Is moved successfully.C:UsersrobyAppDataLocalTempetilqs_ow8otwn8eyC3qBX => Is moved successfully.C:UsersrobyAppDataLocalTempFXSAPIDebugLogFile.txt => Is moved successfully.C:UsersrobyAppDataLocalTempSkypeDbTemptemp-07yRnWOXq4H06jtFMY3gqZiX => Is moved successfully.C:UsersrobyAppDataLocalTempSkypeDbTemptemp-BfWf7FLgjYlCGazDEMSNMawh => Is moved successfully.C:UsersrobyAppDataLocalTempSkypeDbTemptemp-HywBKn2N85bDo5Dlg91tRurZ => Is moved successfully.C:UsersrobyAppDataLocalTempSkypeDbTemptemp-sgwJGDPqGRPCuWtAcKKeF4wX => Is moved successfully.C:UsersrobyAppDataLocalTemp => Moved successfully. ==== End of Fixlog ==== Приставките са прмахнати от браузъра.Благодаря ви .Ако има още нещо за премахване ще следя темата ! Fixlog.txt
  7. Здравейте.Нямам представа от къде съм ги хванал но ето...По принцип гледам лаптопа ми да е чист. Така днес забелязах че ми излизат някакви странни реклами при търсене в google,youtube и други сайтове.Дори тук в kaldata.Прегледах инсталираните extensions и намерих два нови които са се инсталирали сами (Използвам google chrome).Имената им са NextCuoup и priceChop.Първото нещо което направих беше сканиране с Malwarebytes Anti-Malware програмата намери няколко вируса и ги премахнах.Трябваше да рестартирам лаптопа.Рестартирах го но като погледнах рекламите се показват пак.Второто нещо което направих беше първо да премахна Extension-ите от google chrome и след това да направя пълно сканиране с Malwarebytes Anti-Malware,но този път програмата не откри нито един вирус.Базата данни за вируси на програмата е ъпдейтната до последния ъпдейт.Моля помогнете Извинете ме темата е в грешния раздел ако може да я преместите в Премахване на зловреден софтуер - HiJackThis логове. Извинете ме за грешката.
  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.