Премини към съдържанието
  • Добре дошли!

    Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

    Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

     

Препоръчан отговор


Задравейте,

когато отворя който и да е браузър, ме пренасочва към страница за инталиране Flash video player. Пробва със Avast и други програми да оправя проблема но няма ефект. Мисля че съм хванал тази гадинка като съм инсталирал някои модове за GTA:SA.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2017
Ran by Ali Baba (administrator) on BABA (05-01-2017 22:20:06)
Running from C:\Documents and Settings\Ali Baba\Desktop
Loaded Profiles: Ali Baba (Available Profiles: Ali Baba & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files\IObit\Advanced SystemCare\ASCService.exe
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare\Monitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(ZSMCSNAP) C:\WINDOWS\vmsnap3.exe
(Vimicro) C:\WINDOWS\Domino.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
(Sonix) C:\WINDOWS\vsnp2uvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Program Files\HDD Regenerator\hrsrv.exe
(Hi-Rez Studios) C:\Program Files\Hi-Rez Studios\HiPatchService.exe
() C:\Program Files\HDD Regenerator\HDD Regenerator.exe
() C:\Program Files\HDD Regenerator\HDD Regenerator.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(IObit) C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [831576 2016-09-01] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [VMSnap3] => C:\WINDOWS\VMSnap3.EXE [49152 2006-08-30] (ZSMCSNAP)
HKLM\...\Run: [Domino] => C:\WINDOWS\Domino.EXE [49152 2006-06-28] (Vimicro)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2015-01-22] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-07-11] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [IObit Malware Fighter] => C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [5371168 2016-03-10] (IObit)
HKLM\...\Run: [HDD Regenerator] => C:\Program Files\HDD Regenerator\Shell.exe [90336 2013-05-08] ()
HKLM\...\Run: [BigDog303] => C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
HKLM\...\Run: [snp2uvc] => C:\WINDOWS\vsnp2uvc.exe [662016 2016-12-26] (Sonix)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2008-06-11] (ATI Technologies Inc.)
HKU\S-1-5-21-299502267-448539723-1801674531-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4825880 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-299502267-448539723-1801674531-1003\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [3576664 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-299502267-448539723-1801674531-1003\...\Run: [Advanced SystemCare 9] => C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe [2019616 2016-01-11] (IObit)
HKU\S-1-5-21-299502267-448539723-1801674531-1003\...\Run: [ZoomInfo Contact Contributor] => C:\Documents and Settings\Ali Baba\Local Settings\Application Data\ZoomInfoCEUtility\launch.bat [108 2016-08-06] ()
HKU\S-1-5-21-299502267-448539723-1801674531-1003\...\Run: [GoogleChromeAutoLaunch_F77A4B669589D810440153176D3D8073] => C:\Program Files\Google\Chrome\Application\chrome.exe [874648 2016-04-06] (Google Inc.)
HKU\S-1-5-21-299502267-448539723-1801674531-1003\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-299502267-448539723-1801674531-1003\...\Policies\system: [DisableClock] 0
HKU\S-1-5-21-299502267-448539723-1801674531-1003\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-299502267-448539723-1801674531-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [9216 2008-04-14] (Microsoft Corporation)
IFEO: [Debugger] logonui.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-08-18]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Restriction ? <======= ATTENTION
GroupPolicy\User: Restriction ? <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-06-03] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-06-03] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 09 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2014-06-03] (Avira Operations GmbH & Co. KG)
Tcpip\..\Interfaces\{9FF34EAA-3A59-4C06-BA58-F6DD97C899F7}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-299502267-448539723-1801674531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/web?fr=avira-hp
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/web?fr=avira-ds
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.yahoo.com/web?fr=avira-hp
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.yahoo.com/web?fr=avira-ds
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-299502267-448539723-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-299502267-448539723-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1420177819&from=wpc&uid=HitachiXHDS721050CLA360_JP1532FR34Z7WK34Z7WKX
HKU\S-1-5-21-299502267-448539723-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.yahoo.com/web?fr=avira-ds
HKU\S-1-5-21-299502267-448539723-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.yahoo.com/web?fr=avira-hp
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=563&systemid=406&apn_uid=4258237201324525&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchisbestmy.info/?l=1&q={searchTerms}&pid=1273&r=2013/11/17&hid=3067889980883296824&lg=EN&cc=BG&unqvl=41
SearchScopes: HKU\.DEFAULT -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKU\S-1-5-21-299502267-448539723-1801674531-1003 -> 53A9319E59EF479FAA2FA62650FDABF4 URL = hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_ss_sps&mntrId=A4B4001FD0992621&affID=119982&tt=040713_ifrmful&tsp=3287
SearchScopes: HKU\S-1-5-21-299502267-448539723-1801674531-1003 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-299502267-448539723-1801674531-1003 -> {1E33F981-E92A-4F78-9D61-AE25CBFF1521} URL = hxxp://en.eazel.com/results.php?id=AAAc786a2a87ab13107be625bc8f8f45bd3&oid=12&cat=web&co=&lg=en&q={searchTerms}
SearchScopes: HKU\S-1-5-21-299502267-448539723-1801674531-1003 -> {2FB80C74-68D7-4887-907C-E2CC21D39D3C} URL = hxxp://www.mysearchresults.com/search?c=3523&t=01&q={searchTerms}
SearchScopes: HKU\S-1-5-21-299502267-448539723-1801674531-1003 -> {3E406995-03EA-4506-86C7-75F8A68AF331} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=512435&p={searchTerms}
SearchScopes: HKU\S-1-5-21-299502267-448539723-1801674531-1003 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=563&systemid=406&apn_uid=4258237201324525&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKU\S-1-5-21-299502267-448539723-1801674531-1003 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchisbestmy.info/?l=1&q={searchTerms}&pid=1273&r=2013/11/17&hid=3067889980883296824&lg=EN&cc=BG&unqvl=41
SearchScopes: HKU\S-1-5-21-299502267-448539723-1801674531-1003 -> {D87C08D1-B11E-40C2-A27E-FBE97236636C} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3247436&CUI=UN23264510252253223&UM=2
SearchScopes: HKU\S-1-5-21-299502267-448539723-1801674531-1003 -> {EBD839AE-B08C-4fb7-859B-F54AF16C159F} URL = hxxp://search.ividi.org/?q={searchTerms}&src=tbsp&id=a4b41138000000000000001fd0992621&affilt=3&r=421
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-09] (Oracle Corporation)
BHO: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-04-01] (IObit)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-09] (Oracle Corporation)
Toolbar: HKLM - ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)
Handler: skype-ie-addon-data - No CLSID Value -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: k57oxwd8.default-1439487724136
FF ProfilePath: C:\Documents and Settings\Ali Baba\Application Data\Mozilla\Firefox\Profiles\k57oxwd8.default-1439487724136 [2017-01-05]
FF user.js: detected! => C:\Documents and Settings\Ali Baba\Application Data\Mozilla\Firefox\Profiles\k57oxwd8.default-1439487724136\user.js [2016-04-08]
FF NetworkProxy: C:\Documents and Settings\Ali Baba\Application Data\Mozilla\Firefox\Profiles\k57oxwd8.default-1439487724136 -> no_proxies_on", ""
FF NetworkProxy: C:\Documents and Settings\Ali Baba\Application Data\Mozilla\Firefox\Profiles\k57oxwd8.default-1439487724136 -> type", 0
FF Extension: (Grammarly for Firefox) - C:\Documents and Settings\Ali Baba\Application Data\Mozilla\Firefox\Profiles\k57oxwd8.default-1439487724136\Extensions\[email protected] [2016-11-03]
FF Extension: (VK Universal Downloader) - C:\Documents and Settings\Ali Baba\Application Data\Mozilla\Firefox\Profiles\k57oxwd8.default-1439487724136\Extensions\@vkmad.xpi [2016-12-16]
FF Extension: (MEGA) - C:\Documents and Settings\Ali Baba\Application Data\Mozilla\Firefox\Profiles\k57oxwd8.default-1439487724136\Extensions\[email protected] [2017-01-04]
FF Extension: (Google™ Translator Lite) - C:\Documents and Settings\Ali Baba\Application Data\Mozilla\Firefox\Profiles\k57oxwd8.default-1439487724136\Extensions\[email protected] [2016-08-11]
FF Extension: (uBlock) - C:\Documents and Settings\Ali Baba\Application Data\Mozilla\Firefox\Profiles\k57oxwd8.default-1439487724136\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2016-03-09]
FF ProfilePath: C:\Documents and Settings\Ali Baba\Application Data\Mozilla\Firefox\Profiles\vo854e7i.default-1473369861250 [2017-01-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-08-26] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-06-03] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-09] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1420177819&from=wpc&uid=HitachiXHDS721050CLA360_JP1532FR34Z7WK34Z7WKX"
CHR Profile: C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-01-05]
CHR Extension: (Readlang) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apcnmoajpaldpbepelpjgbplhoeidhia [2015-10-24]
CHR Extension: (Bomomo) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dnalbhgkcocoepphagnnlaiomnnngeln [2015-06-06]
CHR Extension: (Avira Browser Safety) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2008-12-31]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-01-04]
CHR Extension: (Pinterest Save Button) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-11-18]
CHR Extension: (Windscribe - Free VPN and Ad Block) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2016-11-29]
CHR Extension: (2048 Puzzle Game Offline) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfnbjbahocpfkbbadndnocljpjpccggf [2015-06-07]
CHR Extension: (Purple flowers) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kgplpejojljhgndghinonhjpmbdmjamk [2015-06-06]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Launch Readlang Web Reader) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\odpdkefpnfejbfnmdilmfhephfffmfoh [2016-11-25]
CHR Extension: (Amazon Assistant for Chrome) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2016-05-19]
CHR Profile: C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 1 [2017-01-02]
CHR Extension: (Google Презентации) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-18]
CHR Extension: (Google Документи) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-18]
CHR Extension: (Google Диск) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-18]
CHR Extension: (YouTube) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-18]
CHR Extension: (Електронни таблици от Google) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-18]
CHR Extension: (Avira Browser Safety) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-08-18]
CHR Extension: (Google Документи офлайн) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-18]
CHR Extension: (Notificatoin) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\hmhfbmpdiffkamakhdbcgojfnbnlcenm [2016-08-18]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-18]
CHR Extension: (Gmail) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-18]
CHR Profile: C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 2 [2017-01-02]
CHR Extension: (Google Презентации) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-18]
CHR Extension: (Google Документи) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-18]
CHR Extension: (Google Диск) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-18]
CHR Extension: (YouTube) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-18]
CHR Extension: (Електронни таблици от Google) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-18]
CHR Extension: (Avira Browser Safety) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-08-18]
CHR Extension: (Google Документи офлайн) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-18]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-08-18]
CHR Extension: (Notificatoin) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\hmhfbmpdiffkamakhdbcgojfnbnlcenm [2016-08-18]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-18]
CHR Extension: (Gmail) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-18]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [giacfgjdclhnmkacnfbaljbmpnelflol] - <no Path/update_url>
CHR HKLM\...\Chrome\Extension: [hmhfbmpdiffkamakhdbcgojfnbnlcenm] - C:\ProgramData\Microsoft\Windows\DRM\Server\notificatoin_1.0.0.crx [2013-10-28]
CHR HKLM\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - <no Path/update_url>
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - <no Path/update_url>
CHR HKLM\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx <not found>
CHR HKLM\...\Chrome\Extension: [nkgfcicgjhneabbbfhddfcgifljdhhpl] - <no Path/update_url>
CHR HKU\S-1-5-21-299502267-448539723-1801674531-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hmhfbmpdiffkamakhdbcgojfnbnlcenm] - C:\ProgramData\Microsoft\Windows\DRM\Server\notificatoin_1.0.0.crx [2013-10-28]
StartMenuInternet: chrome.exe - C:\Program Files\Google\Chrome\Application\chrome.exe hxxp://www.mystartsearch.com/?type=sc&ts=1420177819&from=wpc&uid=HitachiXHDS721050CLA360_JP1532FR34Z7WK34Z7WKX
StartMenuInternet: Google Chrome - Chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
R2 AdvancedSystemCareService9; C:\Program Files\IObit\Advanced SystemCare\ASCService.exe [446240 2016-01-05] (IObit)
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [970632 2016-09-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [470600 2016-09-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [470600 2016-09-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1253352 2016-09-01] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [309384 2016-07-11] (Avira Operations GmbH & Co. KG)
S3 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [437784 2016-03-11] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [417304 2016-03-11] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [880152 2016-03-11] (BlueStack Systems, Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1034584 2015-06-18] (Disc Soft Ltd)
R2 hddrsrv; C:\Program Files\HDD Regenerator\hrsrv.exe [82144 2013-05-08] ()
U2 HiPatchService; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [9728 2016-10-10] (Hi-Rez Studios) [File not signed]
R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [1576736 2016-03-10] (IObit)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit)
R2 NwSapAgent; C:\WINDOWS\System32\ipxsap.dll [66560 2008-04-14] (Microsoft Corporation)
S3 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S3 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [X]
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2015-01-22] (Creative)
R0 amdide; C:\WINDOWS\System32\DRIVERS\amdide.sys [11904 2016-12-26] (Advanced Micro Devices Inc.)
R0 amdide1; C:\WINDOWS\system32\Drivers\amdide1.sys [9096 2009-09-13] (Advanced Micro Devices)
R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-07-01] (Advanced Micro Devices)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [115600 2016-07-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [140272 2016-07-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37896 2015-07-30] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [140856 2016-03-11] (BlueStack Systems)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 cpuz138; C:\Documents and Settings\Ali Baba\Local Settings\temp\cpuz138\cpuz138_x32.sys [27832 2017-01-01] (CPUID)
R3 dtlitescsibus; C:\WINDOWS\System32\DRIVERS\dtlitescsibus.sys [25016 2015-06-20] (Disc Soft Ltd)
R3 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [246464 2015-12-22] (IObit)
S3 gdrv; C:\WINDOWS\gdrv.sys [16608 2013-07-05] (Windows (R) 2000 DDK provider)
R3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2015-01-22] (REALiX(tm))
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2015-01-22] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2008-04-14] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-14] (Microsoft Corporation)
R3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys [31776 2015-03-25] (IObit.com)
R3 RTHDMIAzAudService; C:\WINDOWS\System32\drivers\RtKHDMI.sys [4125352 2015-01-22] (Realtek Semiconductor Corp.)
R3 SNP2UVC; C:\WINDOWS\System32\DRIVERS\snp2uvc.sys [3566336 2016-12-26] ()
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [691696 2009-01-01] () [File not signed]
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys [17360 2015-03-25] (IObit.com)
S3 vmfilter303; C:\WINDOWS\System32\drivers\vmfilter303.sys [428160 2006-04-25] (Vimicro Corporation)
R1 XQHDrv; C:\WINDOWS\System32\DRIVERS\XQHDrv.sys [203424 2015-09-08] (BigNox Corporation) [File not signed]
S3 ZSMC303; C:\WINDOWS\System32\Drivers\usbVM303.sys [392122 2006-12-01] (Vimicro Corporation)
U3 avigp4w9; C:\WINDOWS\system32\Drivers\avigp4w9.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 cpuz137; \??\C:\DOCUME~1\ALIBAB~1\LOCALS~1\Temp\cpuz137\cpuz137_x32.sys [X]
S4 IntelIde; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-05 22:20 - 2017-01-05 22:21 - 00029394 _____ C:\Documents and Settings\Ali Baba\Desktop\FRST.txt
2017-01-05 22:19 - 2017-01-05 22:20 - 00000000 ____D C:\FRST
2017-01-05 22:18 - 2017-01-05 22:18 - 01760256 _____ (Farbar) C:\Documents and Settings\Ali Baba\Desktop\FRST.exe
2017-01-05 21:58 - 2017-01-05 21:58 - 00000000 ___HD C:\WINDOWS\PIF
2017-01-05 21:28 - 2017-01-05 21:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2017-01-05 12:30 - 2017-01-05 21:36 - 00000000 ____D C:\Documents and Settings\Ali Baba\Application Data\SetMyHomePage
2016-12-26 11:30 - 2016-12-26 11:30 - 03566336 _____ () C:\WINDOWS\system32\Drivers\snp2uvc.sys
2016-12-26 11:30 - 2016-12-26 11:30 - 00662016 _____ (Sonix) C:\WINDOWS\vsnp2uvc.exe
2016-12-26 11:30 - 2016-12-26 11:30 - 00306688 _____ (Sonix Technology Co., Ltd.) C:\WINDOWS\system32\vsnp2uvc.dll
2016-12-26 11:30 - 2016-12-26 11:30 - 00196608 _____ ( ) C:\WINDOWS\system32\csnp2uvc.dll
2016-12-26 11:30 - 2016-12-26 11:30 - 00028544 _____ C:\WINDOWS\system32\Drivers\sncduvc.sys
2016-12-26 11:30 - 2016-12-26 11:30 - 00015497 _____ C:\WINDOWS\snp2uvc.ini
2016-12-26 11:30 - 2016-12-26 11:30 - 00013021 _____ C:\WINDOWS\snp2uvc.src
2016-12-26 11:29 - 2017-01-05 22:03 - 00000298 _____ C:\WINDOWS\Tasks\Driver Booster Scheduler.job
2016-12-26 11:29 - 2016-12-26 11:33 - 00001893 _____ C:\Documents and Settings\All Users\Desktop\Driver Booster 4.lnk
2016-12-26 11:29 - 2016-12-26 11:29 - 00000000 ____D C:\WINDOWS\IObit
2016-12-26 11:29 - 2016-12-26 11:29 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Driver Booster 4
2016-12-19 22:30 - 2016-12-19 22:30 - 00087026 _____ C:\Documents and Settings\Ali Baba\Desktop\1477266578-fe5df232cafa4c4e0f1a0294418e5660.jpg
2016-12-19 22:30 - 2016-12-19 22:30 - 00068554 _____ C:\Documents and Settings\Ali Baba\Desktop\1477266612-549cfc258b5b09317e51edf0d640cf8d.jpeg
2016-12-19 22:30 - 2016-12-19 22:30 - 00068155 _____ C:\Documents and Settings\Ali Baba\Desktop\1477266601-30e62fddc14c05988b44e7c02788e187.jpg
2016-12-19 22:30 - 2016-12-19 22:30 - 00066893 _____ C:\Documents and Settings\Ali Baba\Desktop\1477266590-8cda81fc7ad906927144235dda5fdf15.jpg
2016-12-19 22:29 - 2016-12-19 22:29 - 00089430 _____ C:\Documents and Settings\Ali Baba\Desktop\1477266566-18e2999891374a475d0687ca9f989d83.jpg
2016-12-19 22:29 - 2016-12-19 22:29 - 00082971 _____ C:\Documents and Settings\Ali Baba\Desktop\1477266554-032b2cc936860b03048302d991c3498f.jpg
2016-12-19 22:29 - 2016-12-19 22:29 - 00079254 _____ C:\Documents and Settings\Ali Baba\Desktop\1477266519-ea571676ce9b75b0730a5d56350ae93e.jpeg
2016-12-19 22:29 - 2016-12-19 22:29 - 00072472 _____ C:\Documents and Settings\Ali Baba\Desktop\1477266531-799bad5a3b514f096e69bbc4a7896cd9.jpg
2016-12-19 22:29 - 2016-12-19 22:29 - 00060565 _____ C:\Documents and Settings\Ali Baba\Desktop\1477266543-d0096ec6c83575373e3a21d129ff8fef.jpg
2016-12-19 22:14 - 2016-12-19 22:15 - 00034635 _____ C:\Documents and Settings\Ali Baba\Desktop\1477266508-f3ccdd27d2000e3f9255a7e3e2c48800.jpg
2016-12-19 22:06 - 2016-12-19 22:06 - 00190290 _____ C:\Documents and Settings\Ali Baba\Desktop\4-25.jpg
2016-12-19 22:06 - 2016-12-19 22:06 - 00189717 _____ C:\Documents and Settings\Ali Baba\Desktop\3-30.jpg
2016-12-19 22:06 - 2016-12-19 22:06 - 00174915 _____ C:\Documents and Settings\Ali Baba\Desktop\2-28.jpg
2016-12-19 22:06 - 2016-12-19 22:06 - 00163735 _____ C:\Documents and Settings\Ali Baba\Desktop\1-37.jpg
2016-12-14 00:26 - 2016-12-14 14:40 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-12-12 15:48 - 2016-12-12 15:48 - 00000000 ____D C:\output

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-05 22:21 - 2016-08-01 15:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP
2017-01-05 22:21 - 2009-01-01 00:17 - 00000000 ____D C:\Documents and Settings\Ali Baba\Local Settings\temp
2017-01-05 22:10 - 2015-10-06 17:00 - 00000418 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1444143615.job
2017-01-05 22:00 - 2008-04-14 11:00 - 00000435 _____ C:\WINDOWS\system.ini
2017-01-05 21:58 - 2008-04-14 11:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2017-01-05 21:56 - 2016-10-19 22:38 - 00000000 ____D C:\Program Files\Hi-Rez Studios
2017-01-05 21:56 - 2016-03-10 18:19 - 00000282 _____ C:\WINDOWS\Tasks\ASC9_PerformanceMonitor.job
2017-01-05 21:56 - 2015-05-10 17:48 - 00000286 _____ C:\WINDOWS\Tasks\SmartDefrag4_Startup.job
2017-01-05 21:56 - 2015-05-10 17:48 - 00000286 _____ C:\WINDOWS\Tasks\ASC8_PerformanceMonitor.job
2017-01-05 21:56 - 2015-05-10 17:48 - 00000284 _____ C:\WINDOWS\Tasks\SmartDefrag4_Update.job
2017-01-05 21:56 - 2015-02-08 23:43 - 00000278 _____ C:\WINDOWS\Tasks\Driver Booster Update.job
2017-01-05 21:56 - 2015-02-08 23:43 - 00000276 _____ C:\WINDOWS\Tasks\Driver Booster Scan.job
2017-01-05 21:56 - 2014-11-16 09:18 - 00000228 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2017-01-05 21:56 - 2013-07-05 00:01 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-05 21:56 - 2009-01-01 12:28 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-01-05 21:52 - 2015-08-19 20:33 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2017-01-05 21:47 - 2009-01-01 12:28 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-01-05 21:27 - 2013-07-07 22:53 - 00186368 _____ C:\Documents and Settings\Ali Baba\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-01-05 21:00 - 2013-08-17 16:58 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2017-01-05 20:59 - 2013-07-04 23:47 - 00000000 ____D C:\WINDOWS\Registration
2017-01-05 15:31 - 2013-07-05 02:28 - 00000000 ____D C:\Documents and Settings\Ali Baba\Application Data\Skype
2017-01-05 14:51 - 2016-10-21 20:54 - 00032460 _____ C:\WINDOWS\SchedLgU.Txt
2017-01-05 12:31 - 2015-10-06 17:00 - 00000721 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
2017-01-05 12:31 - 2015-10-06 17:00 - 00000715 _____ C:\Documents and Settings\All Users\Desktop\Opera.lnk
2017-01-05 12:31 - 2015-02-03 15:22 - 00000788 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2017-01-05 12:31 - 2015-02-03 15:22 - 00000782 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2017-01-05 12:31 - 2009-01-01 12:28 - 00001875 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
2017-01-05 12:31 - 2009-01-01 12:28 - 00001869 _____ C:\Documents and Settings\Ali Baba\Desktop\Google Chrome.lnk
2017-01-05 12:29 - 2015-04-21 22:36 - 00135168 ___SH C:\Documents and Settings\Ali Baba\Desktop\Thumbs.db
2017-01-05 02:56 - 2014-11-30 05:47 - 00273426 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2017-01-05 02:56 - 2013-07-05 00:02 - 00000178 ___SH C:\Documents and Settings\Ali Baba\ntuser.ini
2017-01-05 02:55 - 2013-07-05 00:02 - 00000000 ____D C:\Documents and Settings\Ali Baba
2017-01-04 13:28 - 2009-01-01 02:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ProductData
2017-01-02 13:39 - 2009-01-01 08:33 - 00000000 ____D C:\Documents and Settings\Ali Baba\Application Data\PhotoScape
2017-01-01 16:13 - 2009-01-01 02:13 - 00000000 ___HD C:\WINDOWS\inf
2017-01-01 16:13 - 2009-01-01 02:13 - 00000000 ____D C:\WINDOWS\security
2016-12-30 00:05 - 2014-11-30 05:47 - 01137361 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-299502267-448539723-1801674531-1003-0.dat
2016-12-27 17:57 - 2015-07-12 19:45 - 00000000 ____D C:\Documents and Settings\Ali Baba\Start Menu\Programs\San Andreas Multiplayer
2016-12-27 00:47 - 2013-07-05 00:02 - 00000000 ___HD C:\Documents and Settings\Ali Baba\Local Settings\Application Data
2016-12-26 11:45 - 2015-01-22 23:12 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 8
2016-12-26 11:45 - 2009-01-01 02:31 - 00000000 ____D C:\Documents and Settings\All Users\Desktop
2016-12-26 11:32 - 2013-07-05 01:45 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups
2016-12-26 11:31 - 2015-01-22 23:25 - 00011904 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\Drivers\amdide.sys
2016-12-26 11:31 - 2013-07-05 01:45 - 00000000 ___DC C:\WINDOWS\system32\DRVSTORE
2016-12-26 11:29 - 2015-07-30 14:09 - 00000000 ____D C:\Program Files\IObit
2016-12-26 11:29 - 2015-07-30 14:09 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\IObit
2016-12-25 21:07 - 2013-07-05 00:02 - 00000000 ____D C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Microsoft
2016-12-22 22:00 - 2016-09-09 14:53 - 00000000 ____D C:\Program Files\Steam
2016-12-20 02:38 - 2013-07-07 20:42 - 00000000 ___RD C:\Documents and Settings\Ali Baba\My Documents\My Videos
2016-12-17 00:47 - 2009-01-01 02:21 - 00000000 __SHD C:\WINDOWS\Installer
2016-12-17 00:43 - 2009-01-01 02:21 - 00000000 ____D C:\Program Files
2016-12-15 13:11 - 2015-02-03 15:22 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-12-11 13:09 - 2015-07-11 18:43 - 00000000 ____D C:\Documents and Settings\Ali Baba\My Documents\GTA San Andreas User Files
2016-12-10 22:10 - 2009-01-01 04:00 - 00000000 ____D C:\Program Files\Opera
2016-12-07 02:52 - 2016-12-03 18:48 - 00000000 ____D C:\Documents and Settings\Ali Baba\Application Data\CoreFTP
2016-12-07 02:52 - 2015-06-19 22:20 - 00000000 ____D C:\Documents and Settings\Ali Baba\Application Data\DAEMON Tools Lite
2016-12-07 02:52 - 2015-01-24 21:44 - 00000000 ____D C:\WINDOWS\Minidump
2016-12-07 02:52 - 2009-01-01 00:03 - 00000000 ____D C:\Documents and Settings\Ali Baba\Application Data\uTorrent

==================== Files in the root of some directories =======

2015-12-01 22:20 - 2015-12-01 22:20 - 0000022 _____ () C:\Program Files\MEGA-MASTERKEY.txt
2013-07-07 22:53 - 2017-01-05 21:27 - 0186368 _____ () C:\Documents and Settings\Ali Baba\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-05-30 23:49 - 2014-10-16 01:55 - 0145792 _____ () C:\Documents and Settings\Ali Baba\Local Settings\Application Data\downloader.exe

Some files in TEMP:
====================
C:\Documents and Settings\Ali Baba\Local Settings\temp\avgnt.exe
C:\Documents and Settings\Ali Baba\Local Settings\temp\KMP_4.1.5.3.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

Addition.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте..! :)

 

Направете резервно копие на вашите Favourites/Bookmarks  и други данни, следвайки инструкциите по-долу за наличните ви браузъри.

След това ресетнете настройките на вашите браузери..:

 

GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

Моля, изтеглете Malwarebytes Anti-Malware 2.2.0.1024 Final и я запазете на вашия десктоп.

  • Стартирайте файла mbam-setup-bc.хххх-х.х.х.хххх.exe и следвайте указанията за да инсталирате програмата.
  • След като инсталацията приключи се уверете че сте сложили отметка пред:
  • Launch Malwarebytes Anti-Malware
  • Отметката активираща пробния 14 дневен период също е маркиран по-подразбиране. Ако не желаете да тествате защитата в реално време на програмата през следващите 14 дни тогава премахнете отметката. Т.е. премахнете първата отметка:

DkgJ7Zr.png

  • Натиснете бутона Finish.
  • Отидете до табът Settings > Detection and Protection > и под категориятаDetection Options включете опцията "Scan for rootkits".
  • Отидете до табът Scan, сложете радио-бутона пред Threat Scan и след това натиснете бутона Scan Now >> . Ако е намерена актуализация тогава натиснете бутона Update Now.
  • Ще започне проверка за зловреден софтуер.
  • При някои инфекции можете да видите съобщението:
  • "Could not load DDA driver"
  • Натиснете "Yes" на това съобщение за да позволите драйвера да се зареди след рестарт.
  • Разрешете на компютъра да се рестартира и след това продължете с останалите инструкции.
  • След като проверката приключи натиснете бутона Apply Actions.
  • Изчакайте да се появи прозореца подканващ ви да рестартирате и след това натиснете бутона Yes.
  • След рестарта, когато се появи десктопа MBAM ще се зареди още веднъж.
  • Отидете то табът History > Application Logs.

65ZBqkR.jpg

  • Отворете рапорта с последната дата и час и натиснете бутона "Copy to Clipboard"
  • Сега вече поставете съдържанието на лог файла с клавишната комбинацияCtrl + V и го публикувайте в следващия си коментар.

 

 

BY4dvz9.png Сканиране с AdwCleaner

 
Моля, изтеглете и стартирайте програмата Malwarebytes AdwCleaner (by Xplode):

  • Затворете всички стартирани програми и браузъри
  • Кликнете два пъти върху adwcleaner.exe за да стартирате инструмента.
  • Натиснете OK, за да потвърдите, че всички стартирани програми ще бъдат затворени.
  • Маркирайте A49sxPr.pngScan (провери).
  • След завършване, кликнете на 6cyn5v5.pngLogfile (дневник).Ще се отвори прозорец в който се намира дневника (AdwCleaner [S0] .txt).Кликнете два пъти върх реда и ще се отвори съдържанието на дневника.Публикувайте го в следващия си пост
  • Върнете се към основния прозорец на AdwCleaner .маркирайте MqHawIb.pngClean (Почисти)
  • Следвайте указанията и разрешете на компютъра да се рестартира.
  • След рестарта ще се отвори дневник AdwCleaner[C0].txt . Моля копирайте съдържанието на лог файла в следващия си пост.

 

 

E3feWj5.png  Сканиране с Junkware Removal Tool
 
Моля, изтеглете Junkware Removal Tool (by Thisisu ) и запазете на вашия десктоп.

  • Спрете временно работата на защитните програми.
  • Стартирайте инструмента JRT.exe
  • Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.
  • Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
  • Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
  • Моля копирайте съдържанието на лог файла в следващия си пост.

 

122.jpg?1414578932  Моля, изтеглете  Check Browsers' LNK by Dragokas & regist

  • Запомнете архива на вашия декстоп,разархивирате.
  • Временно спрете вашия  антивирусен софтуер.
  • Стартирайте файла Check Browsers LNK.exe от името на администратор.
  • Изчакайте програмата да завърши работата си.Това може да отнеме до 5 минути. Моля бъдете търпеливи. След сканирането, отворете генерираната папка LOG и публикувайте отчета Check_Browsers_LNK.log, в следвашия си пост.

 

 

25.jpg?1426074241   Сканиране с SecurityCheck by glax24

  • Изтеглете SecurityCheck by glax24 от тук и запомнете инструмента на десктопа .
  • Стартирате програмата (ако използвате Windows XP) или стартирате с десен бутон на мишката от името на администратор (ако използватеWindows Vista/7/8/10)
  • Изчакайте да приключи сканирането.Ще се отвори в текстов файл с имеSecurityCheck.txt. Копирайте съдържанието на  този файл  следващия си пост
  • Можете да намерите този файл в основната директория на системния диск в папка с име SecurityCheck, напр. C:\SecurityCheck\SecurityCheck.txt

 

Дневници
 
В следващия си отговор, моля да включите (като копирате целите съдържания ) следните дневници:

  • Дневник от Malwarebytes Anti -Malware
  • AdwCleaner.txt
  • JRT.txt
  • Check_Browsers_LNK.log
  • SecurityCheck.txt (копирате съдържанието)

 

 

 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Дневник от Malwarebytes Anti -Malware:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/6/2017
Scan Time: 19:46:15
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.01.06.07
Rootkit Database: v2016.11.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Ali Baba

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 320348
Time Elapsed: 52 min, 27 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 32
PUP.Optional.SmileysWeLove, HKLM\SOFTWARE\CLASSES\CLSID\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775}, , [a00fa9cf50587fb764dd611006fc8878],
PUP.Optional.SmileysWeLove, HKLM\SOFTWARE\CLASSES\SmileysWeLoveToolbar.IEModule, , [a00fa9cf50587fb764dd611006fc8878],
PUP.Optional.Babylon, HKU\S-1-5-21-299502267-448539723-1801674531-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, , [b8f7294fb1f795a1be1ba5c743bf5ea2],
PUP.Optional.EazelBar, HKU\S-1-5-21-299502267-448539723-1801674531-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EBD839AE-B08C-4fb7-859B-F54AF16C159F}, , [b8f707714a5e2b0be6f84a23d72b51af],
PUP.Optional.SmileysWeLove, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\1afb8e7a-a08b-475a-beb2-376df461eb17, , [911efc7c2a7e9b9ba39fc0b1887a7888],
PUP.Optional.DefaultTab, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}, , [03acb1c7d8d0d066c6eec1acb54d30d0],
PUP.Optional.Kango, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A88DE8D3-9C38-4F0D-8981-A4C17F7677A1}, , [753a1563d6d268ceebb41658de2410f0],
PUP.Optional.Ividi, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\giacfgjdclhnmkacnfbaljbmpnelflol, , [753a50286e3ae650594fa8a53dc6a060],
PUP.Optional.Kango, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\hmhfbmpdiffkamakhdbcgojfnbnlcenm, , [f7b80672f7b14fe71fd69ab3a063a957],
PUP.Optional.Delta.ShrtCln, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\kiplfnciaokpcennlkldkdaeaaomamof, , [a40bf880c4e42610d5ee2f842ed40000],
PUP.Optional.AppsUpdater, HKLM\SOFTWARE\MICROSOFT\ESENT\PROCESS\AppsUpdater, , [4768de9a476152e49e26dc62e122b14f],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0B090169-3072-4646-B062-6D5235020D3D}, , [3b7466125b4d1620decd162d887bbc44],
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9F5BE1DE-B1EC-48C9-9720-32987C0AF5B4}, , [4768bbbd01a7ee48e3eca2dc5da69b65],
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}, , [ffb0492ff3b5c076a22d106e61a2738d],
PUP.Optional.FastSearchings, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, , [feb16315822669cd4b86072dbc476a96],
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}, , [b0ffb4c4d5d3f04631a1f58940c33ac6],
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, , [515e2652dccc87afd5ff126835ce9f61],
PUP.Optional.UpdateCheckerApp, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\UpdateCheckerApp, , [4f608eea634534026d60b4aaf11260a0],
PUP.Optional.ASK.Gen, HKU\S-1-5-21-299502267-448539723-1801674531-1003\SOFTWARE\APN DTX, , [c1ee3246792f4ceaae608ad90bf87f81],
PUP.Optional.SmileysWeLove, HKU\S-1-5-21-299502267-448539723-1801674531-1003\SOFTWARE\SmileysWeLove, , [ab047404eeba75c1753baeac1ee5cb35],
PUP.Optional.WebSearches.ShrtCln, HKU\S-1-5-21-299502267-448539723-1801674531-1003\SOFTWARE\SupHpUISoft, , [baf58debb5f360d62cd6f1c8f70bc937],
PUP.Optional.eSupportUndeletePlus, HKU\S-1-5-21-299502267-448539723-1801674531-1003\SOFTWARE\ESUPPORT.COM\UndeletePlus, , [b8f7fb7dc5e3c670bde79d212fd1c040],
PUP.Optional.Kango, HKU\S-1-5-21-299502267-448539723-1801674531-1003\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\hmhfbmpdiffkamakhdbcgojfnbnlcenm, , [931cfc7cbdebba7cd42069e4a45f1be5],
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-299502267-448539723-1801674531-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, , [1a959cdc0a9edb5b18bf6dc215ee8e72],
PUP.Optional.Babylon, HKU\S-1-5-21-299502267-448539723-1801674531-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\53A9319E59EF479FAA2FA62650FDABF4, , [8d228aeeadfb63d37eb8d46b6b98aa56],
PUP.Optional.EazelBar, HKU\S-1-5-21-299502267-448539723-1801674531-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{1E33F981-E92A-4F78-9D61-AE25CBFF1521}, , [2d8287f14d5b7eb8a82a8eb97f842ad6],
PUP.Optional.MySearchResults, HKU\S-1-5-21-299502267-448539723-1801674531-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2FB80C74-68D7-4887-907C-E2CC21D39D3C}, , [882748302f79231311fbcf8452b1b34d],
PUP.Optional.Spigot, HKU\S-1-5-21-299502267-448539723-1801674531-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3E406995-03EA-4506-86C7-75F8A68AF331}, , [931c3d3be4c40e28700cb9a2cd369967],
PUP.Optional.Conduit, HKU\S-1-5-21-299502267-448539723-1801674531-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{D87C08D1-B11E-40C2-A27E-FBE97236636C}, , [0fa013651692ea4c6731bd8633d0c63a],
PUP.Optional.Bandoo.AppFlsh, HKU\S-1-5-21-299502267-448539723-1801674531-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}, , [b1fe591fcbdd30063393255947bc15eb],
PUP.Optional.SmileysWeLove, HKU\S-1-5-21-299502267-448539723-1801674531-1003\SOFTWARE\POPAJAR\SWL, , [cde2a1d797113ef8d3dcfd5db54eb14f],
PUP.Optional.Popajar, HKU\S-1-5-21-299502267-448539723-1801674531-1003\SOFTWARE\POPAJAR, , [efc0c9af495fb97db406490cda295ba5],

Registry Values: 18
PUP.Optional.BrowserProtect, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|bProtectTabs, http://www.yhs.delta-search.com/?babsrc=NT_ss&mntrId=A4B4001FD0992621&affID=119982&tt=040713_ifrmful&tsp=3287, , [ddd21e5a743447efea5b5ee3976c5ba5]
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{0B090169-3072-4646-B062-6D5235020D3D}|AppPath, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\CT3247436, , [3b7466125b4d1620decd162d887bbc44]
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{9F5BE1DE-B1EC-48C9-9720-32987C0AF5B4}|AppPath, C:\PROGRA~1\MOVIES~1\Datamngr\SRTOOL~1\IE, , [4768bbbd01a7ee48e3eca2dc5da69b65]
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{ec2bae47-25af-4ce9-9e78-10627a49c9ea}|AppPath, C:\PROGRA~1\MOVIES~1\Datamngr\SRTOOL~1\FF, , [ffb0492ff3b5c076a22d106e61a2738d]
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}|URL, http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=563&systemid=406&apn_uid=4258237201324525&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}, , [b0ffb4c4d5d3f04631a1f58940c33ac6]
PUP.Optional.ASK, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}|SuggestionsURL_JSON, http://www.search.ask.com/suggest.php?src=ieb&gct=ds&appid=563&systemid=406&apn_uid=4258237201324525&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&qu={searchTerms}&ft=json, , [2a85ee8a248489ad07c735599a6960a0]
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, , [515e2652dccc87afd5ff126835ce9f61]
PUP.Optional.Babylon, HKU\S-1-5-21-299502267-448539723-1801674531-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\53A9319E59EF479FAA2FA62650FDABF4|URL, http://search.babylon.com/?q={searchTerms}&babsrc=SP_ss_sps&mntrId=A4B4001FD0992621&affID=119982&tt=040713_ifrmful&tsp=3287, , [8d228aeeadfb63d37eb8d46b6b98aa56]
PUP.Optional.Babylon, HKU\S-1-5-21-299502267-448539723-1801674531-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\53A9319E59EF479FAA2FA62650FDABF4|FaviconURL, search.babylon.com/favicon.ico, , [1798e98f0f99a195072f63dcdd26748c]
PUP.Optional.EazelBar, HKU\S-1-5-21-299502267-448539723-1801674531-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{1E33F981-E92A-4F78-9D61-AE25CBFF1521}|DisplayName, EazelBar Search, , [2d8287f14d5b7eb8a82a8eb97f842ad6]
PUP.Optional.MySearchResults, HKU\S-1-5-21-299502267-448539723-1801674531-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2FB80C74-68D7-4887-907C-E2CC21D39D3C}|URL, http://www.mysearchresults.com/search?c=3523&t=01&q={searchTerms}, , [882748302f79231311fbcf8452b1b34d]
PUP.Optional.Spigot, HKU\S-1-5-21-299502267-448539723-1801674531-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3E406995-03EA-4506-86C7-75F8A68AF331}|URL, http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=512435&p={searchTerms}, , [931c3d3be4c40e28700cb9a2cd369967]
PUP.Optional.Conduit, HKU\S-1-5-21-299502267-448539723-1801674531-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{D87C08D1-B11E-40C2-A27E-FBE97236636C}|URL, http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3247436&CUI=UN23264510252253223&UM=2, , [0fa013651692ea4c6731bd8633d0c63a]
PUP.Optional.Conduit, HKU\S-1-5-21-299502267-448539723-1801674531-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{D87C08D1-B11E-40C2-A27E-FBE97236636C}|SuggestionsURL_JSON, http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}, , [7936e692109870c690083c075da632ce]
PUP.Optional.Conduit, HKU\S-1-5-21-299502267-448539723-1801674531-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{D87C08D1-B11E-40C2-A27E-FBE97236636C}|FaviconURL, http://search.conduit.com/favicon.ico, , [3778d2a6dfc904329107a3a03cc7f60a]
PUP.Optional.Bandoo.AppFlsh, HKU\S-1-5-21-299502267-448539723-1801674531-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}|URL, http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=563&systemid=406&apn_uid=4258237201324525&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}, , [b1fe591fcbdd30063393255947bc15eb]
PUP.Optional.ASK, HKU\S-1-5-21-299502267-448539723-1801674531-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}|SuggestionsURL_JSON, http://www.search.ask.com/suggest.php?src=ieb&gct=ds&appid=563&systemid=406&apn_uid=4258237201324525&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&qu={searchTerms}&ft=json, , [a50a83f534740b2bebe2a1edec17e719]
PUP.Optional.Popajar, HKU\S-1-5-21-299502267-448539723-1801674531-1003\SOFTWARE\POPAJAR|UpdateNotifierPath, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Popajar\UpdateChecker\UpdateNotifier.exe, , [efc0c9af495fb97db406490cda295ba5]

Registry Data: 3
PUP.Optional.MyStartSearch.ShrtCln, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\CHROME.EXE\SHELL\OPEN\COMMAND, "C:\Program Files\Google\Chrome\Application\chrome.exe" http://www.mystartsearch.com/?type=sc&ts=1420177819&from=wpc&uid=HitachiXHDS721050CLA360_JP1532FR34Z7WK34Z7WKX, Good: (Chrome.exe), Bad: ("C:\Program Files\Google\Chrome\Application\chrome.exe" http://www.mystartsearch.com/?type=sc&ts=1420177819&from=wpc&uid=HitachiXHDS721050CLA360_JP1532FR34Z7WK34Z7WKX),,[f5ba93e5ccdcdd591de137a90ff4a858]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[624da7d1525666d0f285e9fba85b38c8]
PUP.Optional.MyStartSearch.ShrtCln, HKU\S-1-5-21-299502267-448539723-1801674531-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.mystartsearch.com/?type=hp&ts=1420177819&from=wpc&uid=HitachiXHDS721050CLA360_JP1532FR34Z7WK34Z7WKX, Good: (www.google.com), Bad: (http://www.mystartsearch.com/?type=hp&ts=1420177819&from=wpc&uid=HitachiXHDS721050CLA360_JP1532FR34Z7WK34Z7WKX),,[109f87f1dacea591ab3b3da3a063a25e]

Folders: 40
PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\gojckjhmehbdfldhldngfjjgbdeapjdh, , [d6d9bfb9feaaa393dfd81b1d000322de],
PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\jllcbhfnmbfiidoobcmcoekebmgjfkmp, , [e2cdf4849b0d999d9423b8808b7803fd],
PUP.Optional.MultiPlug.Gen, C:\Documents and Settings\All Users\Application Data\6720499325772236768, , [cce3a5d377313303c9e7c873c241ee12],
PUP.Optional.OpenCandy, C:\Documents and Settings\Ali Baba\Application Data\OpenCandy, , [238ca8d0f4b49a9c248995ea887a1de3],
PUP.Optional.OpenCandy, C:\Documents and Settings\Ali Baba\Application Data\OpenCandy\53ACF26C95A747E5AC45453C7858F778, , [238ca8d0f4b49a9c248995ea887a1de3],
PUP.Optional.OpenCandy, C:\Documents and Settings\Ali Baba\Application Data\OpenCandy\D7510784F83F4AAD9DB6AD406FB5FB39, , [238ca8d0f4b49a9c248995ea887a1de3],
PUP.Optional.OpenCandy, C:\Documents and Settings\Ali Baba\Application Data\OpenCandy\E724B4CB372E45539A190C79B3A396E8, , [238ca8d0f4b49a9c248995ea887a1de3],
PUP.Optional.APNToolBar.Gen, C:\Documents and Settings\All Users\Application Data\APN\APN-Stub, , [e6c994e43375e74f7a70671ebe4447b9],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\engines_icons, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\icons, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango-ui, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango-ui\theme, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango-ui\theme\bubble, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Wideblue, C:\Documents and Settings\All Users\Application Data\Wideblue installer\Setup, , [a10e01776d3b2d09784dc0d9a161748c],
PUP.Optional.SetMyHomePage, C:\Documents and Settings\Ali Baba\Application Data\SetMyHomePage, , [674867114464b5818c80faa104fedb25],
PUP.Optional.SetMyHomePage, C:\Documents and Settings\Ali Baba\Application Data\SetMyHomePage\ffsearch, , [674867114464b5818c80faa104fedb25],
PUP.Optional.DataMngr.AppFlsh, C:\Documents and Settings\Ali Baba\AppData\LocalLow\DataMngr, , [fcb3babe9b0d43f34f089409a55d9070],
PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\WinterSoft\SK_Enhancer, , [852a7dfbdeca4bebf1bfcfce29d9a15f],
PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\WinterSoft\SK_Enhancer\2095614310, , [852a7dfbdeca4bebf1bfcfce29d9a15f],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Feeds, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Log, , [ac036f09cbddb4828f43ccd3ac56b848],

Files: 190
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\UpMedia\hk64tbUpM0.dll, , [406f36422a7e280e5105866a2fd47c84],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\UpMedia\hk64tbUpM2.dll, , [208fbabe3f693105f6608f6115ee7a86],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\UpMedia\hk64tbUpMe.dll, , [446b5f1907a179bd015514dc649f926e],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\UpMedia\hktbUpM0.dll, , [555a5820c9dfcf676beb985823e09c64],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\UpMedia\hktbUpM2.dll, , [456a6c0c4860290d480ed9172fd4f20e],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\UpMedia\hktbUpMe.dll, , [e2cd502883256bcb15412bc525debe42],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\UpMedia\ldrtbUpM0.dll, , [c3ec2f49d9cff54189cd28c89d6630d0],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\UpMedia\ldrtbUpM2.dll, , [f2bd1d5b1d8ba096035310e0f11246ba],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\UpMedia\ldrtbUpMe.dll, , [0fa06d0bcade092d8acc1fd17a89a759],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\UpMedia\tbUpM0.dll, , [0ca3babed3d5c1754b0b5b95b84b1de3],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\UpMedia\tbUpM2.dll, , [6c431365882038fea8ae29c7996a34cc],
PUP.Optional.ConduitTB.Gen, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\UpMedia\tbUpMe.dll, , [2d821365cbdd75c1a6b022ce32d126da],
PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\gojckjhmehbdfldhldngfjjgbdeapjdh\lsdb.js, , [d6d9bfb9feaaa393dfd81b1d000322de],
PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\gojckjhmehbdfldhldngfjjgbdeapjdh\background.html, , [d6d9bfb9feaaa393dfd81b1d000322de],
PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\gojckjhmehbdfldhldngfjjgbdeapjdh\content.js, , [d6d9bfb9feaaa393dfd81b1d000322de],
PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\gojckjhmehbdfldhldngfjjgbdeapjdh\manifest.json, , [d6d9bfb9feaaa393dfd81b1d000322de],
PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\jllcbhfnmbfiidoobcmcoekebmgjfkmp\lsdb.js, , [e2cdf4849b0d999d9423b8808b7803fd],
PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\jllcbhfnmbfiidoobcmcoekebmgjfkmp\background.html, , [e2cdf4849b0d999d9423b8808b7803fd],
PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\jllcbhfnmbfiidoobcmcoekebmgjfkmp\content.js, , [e2cdf4849b0d999d9423b8808b7803fd],
PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\jllcbhfnmbfiidoobcmcoekebmgjfkmp\manifest.json, , [e2cdf4849b0d999d9423b8808b7803fd],
PUP.Optional.MultiPlug.Gen, C:\Documents and Settings\All Users\Application Data\6720499325772236768\cd5b15e575e1c3d0d49311a366a9edff.ini, , [cce3a5d377313303c9e7c873c241ee12],
PUP.Optional.Kango, C:\ProgramData\Microsoft\Windows\DRM\Server\notificatoin_1.0.0.crx, , [08a702769f099b9b747fc6878b785ea2],
PUP.Optional.OpenCandy, C:\Documents and Settings\Ali Baba\Application Data\OpenCandy\53ACF26C95A747E5AC45453C7858F778\Trial-14.0.1000.88_en-US_1004739_ROW-EN.exe, , [238ca8d0f4b49a9c248995ea887a1de3],
PUP.Optional.OpenCandy, C:\Documents and Settings\Ali Baba\Application Data\OpenCandy\D7510784F83F4AAD9DB6AD406FB5FB39\RealPlayerR81POC6_ROWUKWEuro_p3v1.exe, , [238ca8d0f4b49a9c248995ea887a1de3],
PUP.Optional.OpenCandy, C:\Documents and Settings\Ali Baba\Application Data\OpenCandy\E724B4CB372E45539A190C79B3A396E8\SmileysWeLove_SetupS_cdn.exe, , [238ca8d0f4b49a9c248995ea887a1de3],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\18x18.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\background.html, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\blank.html, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\manifest.json, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\manifest_no_button.json, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\new_tab.html, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\search_box.html, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\injection.css, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\jquery-ui-1.8.16.custom.css, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_flat_0_aaaaaa_40x100.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_flat_75_ffffff_40x100.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_glass_55_fbf9ee_1x400.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_glass_65_ffffff_1x400.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_glass_75_dadada_1x400.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_glass_75_e6e6e6_1x400.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_glass_95_fef1ec_1x400.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-bg_highlight-soft_75_cccccc_1x100.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-icons_222222_256x240.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-icons_2e83ff_256x240.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-icons_454545_256x240.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-icons_888888_256x240.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\css\jquery_ui\images\ui-icons_cd0a0a_256x240.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\help.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\engines_icons\Bing.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\engines_icons\Google.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\engines_icons\Search here.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\engines_icons\Yahoo.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_bottom_left_before_corner.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\bullet_arrow_down.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\bullet_arrow_down_old.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\icon.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search-inner-wrapper.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search-left.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_arrow_top_button.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_arrow_top_button_hovered.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_bottom_bg.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_bottom_border_bg.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_bottom_left_corner.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_bottom_right_before_corner.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_bottom_right_corner.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_left_border_bg.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_left_bottom_border_bg.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_middle_bg.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_right_border_bg.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_right_bottom_border_bg.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_top_bg.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_top_left_before_corner.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_top_left_corner.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_top_right_before_corner.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\images\injection\search_top_right_corner.png, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\bg.js, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\content.js, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\InjectionManager.js, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\jquery-1.7.1.min.js, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\jquery-ui-1.8.16.custom.min.js, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\jquery.guid.js, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\newTab.js, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\ScriptChecker.js, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\ScriptInjector.js, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.DefaultTab, C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\2.0.0_0\js\SearchBox.js, , [0ca3c5b3eabef046adab692309f96b95],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\b.js, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\background.html, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\config.xml, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\extension_info.json, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\f.js, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\id.js, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\jquery.js, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\KangoBHO.dll, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\KangoBHO64.dll, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\KangoEngine.exe, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\p.js, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\readme.txt, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\Uninstall.exe, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\icons\button.png, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\icons\icon100.png, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\icons\icon128.png, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\icons\icon32.png, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\icons\icon48.png, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango\backgroundscript_engine.js, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango\base.js, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango\browser.js, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango\console.js, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango\global.js, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango\i18n.js, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango\initialize.js, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango\invoke_async.js, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango\io.js, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango\json2.js, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango\kango.js, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango\lang.js, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango\legacy.js, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango\message_target.js, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango\message_target_module.js, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango\messaging.js, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango\storage.js, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango\timer.js, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango\updater.js, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango\userscript_client.js, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango\userscript_engine.js, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango\utils.js, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango\xhr.js, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango-ui\browser_button.js, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango-ui\context_menu.js, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango-ui\context_menu_item_handler.html, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango-ui\kango_api.js, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango-ui\notification.html, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango-ui\notifications.js, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango-ui\options.js, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango-ui\ui_base.js, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango-ui\theme\bubble\bottom-left.png, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango-ui\theme\bubble\bottom-middle.png, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango-ui\theme\bubble\bottom-right.png, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango-ui\theme\bubble\middle-left.png, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango-ui\theme\bubble\middle-right.png, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango-ui\theme\bubble\tail-bottom.png, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango-ui\theme\bubble\tail-left.png, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango-ui\theme\bubble\tail-right.png, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango-ui\theme\bubble\tail-top.png, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango-ui\theme\bubble\top-left.png, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango-ui\theme\bubble\top-middle.png, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.Notificatoin, C:\Program Files\Notificatoin\1.0.0\kango-ui\theme\bubble\top-right.png, , [179836423b6d6acc3232eea5ad5532ce],
PUP.Optional.SetMyHomePage, C:\Documents and Settings\Ali Baba\Application Data\SetMyHomePage\main.ini, , [674867114464b5818c80faa104fedb25],
PUP.Optional.SetMyHomePage, C:\Documents and Settings\Ali Baba\Application Data\SetMyHomePage\ffsearch\defaultsearch.xml, , [674867114464b5818c80faa104fedb25],
PUP.Optional.DataMngr.AppFlsh, C:\Documents and Settings\Ali Baba\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED}, , [fcb3babe9b0d43f34f089409a55d9070],
PUP.Optional.MultiPlug, C:\Documents and Settings\All Users\Application Data\WinterSoft\SK_Enhancer\2095614310.ini, , [852a7dfbdeca4bebf1bfcfce29d9a15f],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\DialogsAPI.js, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\PIE.htc, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\settings.js, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\version.txt, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\AppNotification.js, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\initialNotification.html, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\main.html, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyle.css, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyleIE9.css, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\sampleNotification.html, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\close.png, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\like.png, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next.png, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next_hover.png, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\powered-by.png, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev.png, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev_hover.png, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\settings.png, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Thumbs.db, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\close.png, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\closeBtn.png, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Next.png, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Next_hover.png, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\powered-by.png, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Prev.png, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Prev_hover.png, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\settings.png, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\settingsBtn.png, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\close.png, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\closeBtn.png, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Next.png, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Next_hover.png, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\powered-by.png, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Prev.png, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Prev_hover.png, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\settings.png, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\settingsBtn.png, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Thumbs.db, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1706315_1697515_BG.xml, , [ac036f09cbddb4828f43ccd3ac56b848],
PUP.Optional.Conduit, C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks\en.xml, , [ac036f09cbddb4828f43ccd3ac56b848],

Physical Sectors: 0
(No malicious items detected)


(end)

 

Malwarebytes AdwCleaner Logfile: AdwCleaner[S0].txt

# AdwCleaner v6.042 - Logfile created 06/01/2017 at 20:55:38
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-06.1 [Server]
# Operating System : Microsoft Windows XP Service Pack 3 (X86)
# Username : Ali Baba - BABA
# Running from : C:\Documents and Settings\Ali Baba\Desktop\adwcleaner_6.042.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support

 

***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

Folder Found:  C:\Documents and Settings\All Users\Application Data\suuurf ANd  keEipp
Folder Found:  C:\Program Files\suuurf ANd  keEipp
Folder Found:  C:\Program Files\uneisaleS
Folder Found:  C:\Documents and Settings\All Users\Application Data\5d440287b1e807e0
Folder Found:  C:\Documents and Settings\All Users\Application Data\suuurf ANd  keEipp
Folder Found:  C:\Documents and Settings\All Users\Application Data\apn
Folder Found:  C:\Documents and Settings\All Users\Application Data\Babylon
Folder Found:  C:\Documents and Settings\All Users\Application Data\Device
Folder Found:  C:\Documents and Settings\All Users\Application Data\Wideblue installer
Folder Found:  C:\Documents and Settings\All Users\Application Data\WinterSoft
Folder Found:  C:\Program Files\Conduit


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found:  HKCU\Software\a28cddb53def49
Key Found:  HKLM\SOFTWARE\Classes\Applications\iLividSetup-r563-n-bf.exe
Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SrvUpdater
Key Found:  HKLM\SOFTWARE\Classes\AppID\{685F23D9-FCFD-475C-B56A-362645945C5A}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found:  HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found:  HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found:  HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found:  HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found:  HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found:  HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found:  HKU\S-1-5-21-299502267-448539723-1801674531-1003\Software\distromatic
Key Found:  HKU\S-1-5-21-299502267-448539723-1801674531-1003\Software\eSupport.com
Key Found:  HKU\S-1-5-21-299502267-448539723-1801674531-1003\Software\SetMyHomePage
Key Found:  HKU\S-1-5-21-299502267-448539723-1801674531-1003\Software\Softonic
Key Found:  HKU\S-1-5-21-299502267-448539723-1801674531-1003\Software\WEBAPP
Key Found:  HKU\S-1-5-21-299502267-448539723-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Protection
Key Found:  HKU\S-1-5-21-299502267-448539723-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\torch
Key Found:  HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-299502267-448539723-1801674531-1003\Software\SweetIM
Key Found:  HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\APN DTX
Key Found:  HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\distromatic
Key Found:  HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\eSupport.com
Key Found:  HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Popajar
Key Found:  HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\SetMyHomePage
Key Found:  HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\SmileysWeLove
Key Found:  HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Softonic
Key Found:  HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\SupHpUISoft
Key Found:  HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\WEBAPP
Key Found:  HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Protection
Key Found:  HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\torch
Key Found:  HKU\S-1-5-21-299502267-448539723-1801674531-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found:  HKU\S-1-5-21-299502267-448539723-1801674531-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found:  HKCU\Software\distromatic
Key Found:  HKCU\Software\eSupport.com
Key Found:  HKCU\Software\SetMyHomePage
Key Found:  HKCU\Software\Softonic
Key Found:  HKCU\Software\WEBAPP
Key Found:  HKLM\SOFTWARE\SoftwareUpdater
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Protection
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\torch
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{7304C9D1-98AD-55F0-636E-22D8DD57F176}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A88DE8D3-9C38-4F0D-8981-A4C17F7677A1}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\EazelBar
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilividmoviestoolbardlaFF
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilividmoviestoolbardlaIE
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ividi
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iVIDI Plugin
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Mobogenie
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdater
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Vittalia
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Amazon Assistant
Data Found:  HKU\S-1-5-21-299502267-448539723-1801674531-1003\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.mystartsearch.com/?type=hp&ts=1420177819&from=wpc&uid=HitachiXHDS721050CLA360_JP153
Data Found:  HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.mystartsearch.com/?type=hp&ts=1420177819&f
Data Found:  HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.mystartsearch.com/?type=hp&ts=1420177819&from=wpc&uid=HitachiXHDS721050CLA360_JP1532FR34Z7WK34Z7WKX
Key Found:  HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\53A9319E59EF479FAA2FA62650FDABF4
Key Found:  HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{1E33F981-E92A-4F78-9D61-AE25CBFF1521}
Key Found:  HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{2FB80C74-68D7-4887-907C-E2CC21D39D3C}
Key Found:  HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{3E406995-03EA-4506-86C7-75F8A68AF331}
Key Found:  HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found:  HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{D87C08D1-B11E-40C2-A27E-FBE97236636C}
Key Found:  HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{EBD839AE-B08C-4fb7-859B-F54AF16C159F}
Key Found:  HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\se
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found:  HKLM\SOFTWARE\Google\Chrome\Extensions\nkgfcicgjhneabbbfhddfcgifljdhhpl
Key Found:  HKLM\SOFTWARE\Google\Chrome\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [10404 Bytes] - [06/01/2017 20:55:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10478 Bytes] ##########

 

ecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 06.01.2017 21:47:29
Path starting: C:\Documents and Settings\Ali Baba\Local Settings\temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Ali Baba
VersionXML: 3.67is-25.12.2016
___________________________________________________________________________

Windows XP(5.1.2600) Service Pack 3 (x86) Lang: English(0409)
Installation date OS: 04.07.2013 21:57:12
Boot Mode: Normal
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
SystemDrive: C: FS: [NTFS] Capacity: [49.8 Gb] Used: [31.8 Gb] Free: [18 Gb]
------------------------------- [ Windows ] -------------------------------
Extended support has ended 08.04.2014, Your operating system may be vulnerable to new types of threats
Internet Explorer 8.0.6001.18702
Automatically download and schedule installation
Date install updates: 2016-11-02 22:07:12
Automatic Updates (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
Terminal Services (TermService) - The service is running
SSDP Discovery Service (SSDPSRV) - The service is running
Account guest is enabled. Not require a password.
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2007 v.12.0.6425.1000
---------------------------- [ Antivirus_WMI ] ----------------------------
IObit Malware Fighter (disabled and out of date)
Avira Antivirus (disabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Avira Antivirus v.15.0.19.164
McAfee Security Scan Plus v.3.11.376.2
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes Anti-Malware version 2.2.1.1043 v.2.2.1.1043
--------------------------- [ OtherUtilities ] ----------------------------
WinRAR 5.00 (32-bit) v.5.00.0 Warning! Download Update
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.29 v.7.29.102 Warning! Download Update
^Optional update.^
--------------------------------- [ P2P ] ---------------------------------
µTorrent v.3.4.3.40298 Warning! P2P-client.
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 91 v.8.0.910.14 Warning! Download Update
Uninstall old version and install new one (jre-8u112-windows-i586.exe).
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 17 ActiveX v.17.0.0.169 Warning! Download Update
Adobe Flash Player 21 NPAPI v.21.0.0.242 Warning! Download Update
Adobe Reader XI (11.0.08) v.11.0.08 Warning! Download Update
^Please run Adobe Reader XI and go Help - Check for updates...^
------------------------------- [ Browser ] -------------------------------
Google Chrome v.49.0.2623.112 Warning! Download Update
Mozilla Firefox 50.1.0 (x86 bg) v.50.1.0
Opera Stable 36.0.2130.80 v.36.0.2130.80 Warning! Download Update
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files\Mozilla Firefox\firefox.exe v.50.1.0.6186
------------------ [ AntivirusFirewallProcessServices ] -------------------
Avira Планировщик (AntiVirSchedulerService) - The service is running
C:\Program Files\Avira\AntiVir Desktop\sched.exe v.15.0.19.163
Avira Real-Time Protection (AntiVirService) - The service is running
C:\Program Files\Avira\AntiVir Desktop\avguard.exe v.15.0.19.163
Avira Mail Protection (AntiVirMailService) - The service has stopped
Avira Web Protection (AntiVirWebService) - The service has stopped
Avira Service Host (Avira.ServiceHost) - The service is running
C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe v.1.1.67.18988
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe v.15.0.19.164
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe v.15.0.19.163
MBAMScheduler (MBAMScheduler) - The service is running
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe v.3.1.7.0
MBAMService (MBAMService) - The service is running
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe v.3.2.21.0
McAfee Security Scan Component Host Service (McComponentHostService) - The service has stopped
---------------------------- [ UnwantedApps ] -----------------------------
IObit Uninstaller v.5.2.1.126 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
Skype Click to Call v.6.13.13771 Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems.
----------------------------- [ End of Log ] ------------------------------

 

 

AdwCleaner[C0].txt

JRT.txt

Check_Browsers_LNK.log

SecurityCheck.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Какво е моментното състояние на системата ви..? Дръжте ме в течение какво се случва след всяка процедура..?

 

102.jpg?1414583023 Моля, изтеглете ClearLNK by Dragokas & regist.

  • Запомнете архива на вашия декстоп,разархивирате програмата ClearLNK
  • Влачите и пускате файла Check_Browsers_LNK.log (логът генериран от програмата Check Browsers LNK в предния ми инструкция) на иконката на програмата ClearLNK.


[IMG]

  • Ще се генерира отчет ClearLNK-<Дата>.log, който ще бъде създаден в папката LOG. Публикувайте дневника в следващия си пост.

 

 

Направете повторно сканиране с :

GfiJrQ9.png Malwarebytes Anti-Malware (MBAM) 

 

Искам да се уверя че всичко намерено в първото сканиране е премахнато..! :)

 

 

Направете ново  сканиране с Farbar Recovery Scan Tool

 

Сканиране с Farbar Recovery Scan

  • Моля изтеглете icon1337953436.pngFarbar Recovery Scan Tool (според версията на Windows изберете 32 битовата или 64 битовата версия) и го запазете надесктопа.
  • Стартирайте файла FRST.exe (или FRST64.exe)
  • Програмата ще се стартира. Натиснете YES за да се съгласите с лицензионното споразумение.
  • Натиснете бутона YClYkft.jpg.
  • Изчакайте търпеливо проверката да приключи.
  • Ще се създадат два лог файла с името - FRST.txt и Addition.txt надесктопа.
  • Копирайте съдържанието на файла FRST.txt в следващия си пост.Прикачете Addition.txt в коментар си (погледнете опцията Прикачване на файлове, когато публикувате мнение).

 

 Дневници
 
В следващия си отговор, моля да включите (като копирате целите съдържания ) следните дневници:

  • Дневник ClearLNK-<Дата>.log
  • Дневник от Malwarebytes Anti -Malware
  • FRST.txt (копирате цялото съдържание)
  • Addition.txt (прикачате..) 

 

 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

След използването на ClearLNK вече не ме redirect-ва при отваряне на браузърът.

 

Дневник от Malwarebytes Anti -Malware: 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/7/2017
Scan Time: 1:47:57
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.01.06.09
Rootkit Database: v2016.11.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Ali Baba

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 319484
Time Elapsed: 41 min, 12 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 Дневника от FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2017
Ran by Ali Baba (administrator) on BABA (07-01-2017 02:34:14)
Running from C:\Documents and Settings\Ali Baba\Desktop
Loaded Profiles: Ali Baba &  (Available Profiles: Ali Baba & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare\ASC.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [831576 2016-09-01] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [VMSnap3] => C:\WINDOWS\VMSnap3.EXE [49152 2006-08-30] (ZSMCSNAP)
HKLM\...\Run: [Domino] => C:\WINDOWS\Domino.EXE [49152 2006-06-28] (Vimicro)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2015-01-22] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-07-11] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [IObit Malware Fighter] => C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [5371168 2016-03-10] (IObit)
HKLM\...\Run: [HDD Regenerator] => C:\Program Files\HDD Regenerator\Shell.exe [90336 2013-05-08] ()
HKLM\...\Run: [BigDog303] => C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
HKLM\...\Run: [snp2uvc] => C:\WINDOWS\vsnp2uvc.exe [662016 2016-12-26] (Sonix)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2008-06-11] (ATI Technologies Inc.)
HKU\S-1-5-21-299502267-448539723-1801674531-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4825880 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-299502267-448539723-1801674531-1003\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [3576664 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-299502267-448539723-1801674531-1003\...\Run: [Advanced SystemCare 9] => C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe [2019616 2016-01-11] (IObit)
HKU\S-1-5-21-299502267-448539723-1801674531-1003\...\Run: [ZoomInfo Contact Contributor] => C:\Documents and Settings\Ali Baba\Local Settings\Application Data\ZoomInfoCEUtility\launch.bat [108 2016-08-06] ()
HKU\S-1-5-21-299502267-448539723-1801674531-1003\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-299502267-448539723-1801674531-1003\...\Policies\system: [DisableClock] 0
HKU\S-1-5-21-299502267-448539723-1801674531-1003\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-299502267-448539723-1801674531-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [9216 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4825880 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [3576664 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Advanced SystemCare 9] => C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe [2019616 2016-01-11] (IObit)
HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ZoomInfo Contact Contributor] => C:\Documents and Settings\Ali Baba\Local Settings\Application Data\ZoomInfoCEUtility\launch.bat [108 2016-08-06] ()
HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableClock] 0
HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [9216 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4825880 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [3576664 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Advanced SystemCare 9] => C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe [2019616 2016-01-11] (IObit)
HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [ZoomInfo Contact Contributor] => C:\Documents and Settings\Ali Baba\Local Settings\Application Data\ZoomInfoCEUtility\launch.bat [108 2016-08-06] ()
HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Policies\system: [DisableClock] 0
HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [9216 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-299502267-448539723-1801674531-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-299502267-448539723-1801674531-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\system: [DisableClock] 0
HKU\S-1-5-21-299502267-448539723-1801674531-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Policies\Explorer: [NoFind] 0
IFEO: [Debugger] logonui.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-08-18]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Restriction ? <======= ATTENTION
GroupPolicy\User: Restriction ? <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{9FF34EAA-3A59-4C06-BA58-F6DD97C899F7}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-299502267-448539723-1801674531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/web?fr=avira-ds
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.yahoo.com/web?fr=avira-hp
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.yahoo.com/web?fr=avira-ds
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-299502267-448539723-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-299502267-448539723-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.yahoo.com/web?fr=avira-ds
HKU\S-1-5-21-299502267-448539723-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.yahoo.com/web?fr=avira-hp
HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.yahoo.com/web?fr=avira-ds
HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.yahoo.com/web?fr=avira-hp
HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.yahoo.com/web?fr=avira-ds
HKU\S-1-5-21-299502267-448539723-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.yahoo.com/web?fr=avira-hp
URLSearchHook: [S-1-5-21-299502267-448539723-1801674531-500-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-09] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-09] (Oracle Corporation)
Handler: skype-ie-addon-data - No CLSID Value -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: vo854e7i.default-1473369861250
FF ProfilePath: C:\Documents and Settings\Ali Baba\Application Data\Mozilla\Firefox\Profiles\vo854e7i.default-1473369861250 [2017-01-07]
FF DefaultSearchEngine: C:\Documents and Settings\Ali Baba\Application Data\Mozilla\Firefox\Profiles\vo854e7i.default-1473369861250 -> Google
FF ProfilePath: C:\Documents and Settings\Ali Baba\Application Data\Mozilla\Firefox\Profiles\f1kmk72i.default-1483723354109 [2017-01-07]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-08-26] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-06-03] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-09] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1420177819&from=wpc&uid=HitachiXHDS721050CLA360_JP1532FR34Z7WK34Z7WKX"
CHR Profile: C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-01-07]
CHR Extension: (Readlang) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apcnmoajpaldpbepelpjgbplhoeidhia [2015-10-24]
CHR Extension: (Bomomo) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dnalbhgkcocoepphagnnlaiomnnngeln [2015-06-06]
CHR Extension: (Avira Browser Safety) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2008-12-31]
CHR Extension: (Pinterest Save Button) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-11-18]
CHR Extension: (Windscribe - Free VPN and Ad Block) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2016-11-29]
CHR Extension: (2048 Puzzle Game Offline) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfnbjbahocpfkbbadndnocljpjpccggf [2015-06-07]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Launch Readlang Web Reader) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\odpdkefpnfejbfnmdilmfhephfffmfoh [2016-11-25]
CHR Profile: C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 1 [2017-01-02]
CHR Extension: (Google Презентации) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-18]
CHR Extension: (Google Документи) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-18]
CHR Extension: (Google Диск) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-18]
CHR Extension: (YouTube) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-18]
CHR Extension: (Електронни таблици от Google) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-18]
CHR Extension: (Avira Browser Safety) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-08-18]
CHR Extension: (Google Документи офлайн) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-18]
CHR Extension: (Notificatoin) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\hmhfbmpdiffkamakhdbcgojfnbnlcenm [2016-08-18]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-18]
CHR Extension: (Gmail) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-18]
CHR Profile: C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 2 [2017-01-02]
CHR Extension: (Google Презентации) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-18]
CHR Extension: (Google Документи) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-18]
CHR Extension: (Google Диск) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-18]
CHR Extension: (YouTube) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-18]
CHR Extension: (Електронни таблици от Google) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-18]
CHR Extension: (Avira Browser Safety) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-08-18]
CHR Extension: (Google Документи офлайн) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-18]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-08-18]
CHR Extension: (Notificatoin) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\hmhfbmpdiffkamakhdbcgojfnbnlcenm [2016-08-18]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-18]
CHR Extension: (Gmail) - C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-18]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - <no Path/update_url>
StartMenuInternet: chrome.exe - Chrome.exe
StartMenuInternet: Google Chrome - Chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
S2 AdvancedSystemCareService9; C:\Program Files\IObit\Advanced SystemCare\ASCService.exe [446240 2016-01-05] (IObit)
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [970632 2016-09-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [470600 2016-09-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [470600 2016-09-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1253352 2016-09-01] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [309384 2016-07-11] (Avira Operations GmbH & Co. KG)
S3 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [437784 2016-03-11] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [417304 2016-03-11] (BlueStack Systems, Inc.)
S2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [880152 2016-03-11] (BlueStack Systems, Inc.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1034584 2015-06-18] (Disc Soft Ltd)
S2 hddrsrv; C:\Program Files\HDD Regenerator\hrsrv.exe [82144 2013-05-08] ()
S2 HiPatchService; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [9728 2016-10-10] (Hi-Rez Studios) [File not signed]
S2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [1576736 2016-03-10] (IObit)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NwSapAgent; C:\WINDOWS\System32\ipxsap.dll [66560 2008-04-14] (Microsoft Corporation)
S3 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S3 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [X]
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2015-01-22] (Creative)
R0 amdide; C:\WINDOWS\System32\DRIVERS\amdide.sys [11904 2016-12-26] (Advanced Micro Devices Inc.)
S0 amdide1; C:\WINDOWS\system32\Drivers\amdide1.sys [9096 2009-09-13] (Advanced Micro Devices)
R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-07-01] (Advanced Micro Devices)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [115600 2016-07-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [140272 2016-07-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37896 2015-07-30] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [140856 2016-03-11] (BlueStack Systems)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 cpuz138; C:\Documents and Settings\Ali Baba\Local Settings\temp\cpuz138\cpuz138_x32.sys [27832 2017-01-01] (CPUID)
R3 dtlitescsibus; C:\WINDOWS\System32\DRIVERS\dtlitescsibus.sys [25016 2015-06-20] (Disc Soft Ltd)
R3 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [246464 2015-12-22] (IObit)
S3 gdrv; C:\WINDOWS\gdrv.sys [16608 2013-07-05] (Windows (R) 2000 DDK provider)
R3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2015-01-22] (REALiX(tm))
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2017-01-07] (Malwarebytes)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2015-01-22] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2008-04-14] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-14] (Microsoft Corporation)
R3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys [31776 2015-03-25] (IObit.com)
R3 RTHDMIAzAudService; C:\WINDOWS\System32\drivers\RtKHDMI.sys [4125352 2015-01-22] (Realtek Semiconductor Corp.)
R3 SNP2UVC; C:\WINDOWS\System32\DRIVERS\snp2uvc.sys [3566336 2016-12-26] ()
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [691696 2009-01-01] () [File not signed]
R3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys [17360 2015-03-25] (IObit.com)
S3 vmfilter303; C:\WINDOWS\System32\drivers\vmfilter303.sys [428160 2006-04-25] (Vimicro Corporation)
R1 XQHDrv; C:\WINDOWS\System32\DRIVERS\XQHDrv.sys [203424 2015-09-08] (BigNox Corporation) [File not signed]
S3 ZSMC303; C:\WINDOWS\System32\Drivers\usbVM303.sys [392122 2006-12-01] (Vimicro Corporation)
U3 ahwnbtjt; C:\WINDOWS\system32\Drivers\ahwnbtjt.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 cpuz137; \??\C:\DOCUME~1\ALIBAB~1\LOCALS~1\Temp\cpuz137\cpuz137_x32.sys [X]
S4 IntelIde; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-07 02:32 - 2017-01-07 02:32 - 00001104 _____ C:\Documents and Settings\Ali Baba\Desktop\Malwarebytes Anti -Malware.txt
2017-01-07 01:40 - 2017-01-07 01:40 - 00000000 ____D C:\Documents and Settings\Ali Baba\Application Data\ProductData
2017-01-07 01:39 - 2017-01-07 01:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
2017-01-07 01:36 - 2017-01-07 01:36 - 00200975 _____ C:\Documents and Settings\Ali Baba\Desktop\ClearLNK.zip
2017-01-07 01:36 - 2016-11-29 21:28 - 00462976 _____ (Alex Dragokas) C:\Documents and Settings\Ali Baba\Desktop\ClearLNK.exe
2017-01-06 21:47 - 2017-01-06 21:47 - 00000000 ____D C:\SecurityCheck
2017-01-06 21:46 - 2017-01-06 21:46 - 00511034 _____ (glax24 (safezone.cc)) C:\Documents and Settings\Ali Baba\Desktop\SecurityCheck.exe
2017-01-06 21:45 - 2017-01-07 01:42 - 00000000 ____D C:\Documents and Settings\Ali Baba\Desktop\LOG
2017-01-06 21:45 - 2016-11-13 21:56 - 00811120 _____ (Alex Dragokas) C:\Documents and Settings\Ali Baba\Desktop\Check Browsers LNK.exe
2017-01-06 21:42 - 2017-01-06 21:42 - 00005739 _____ C:\Documents and Settings\Ali Baba\Desktop\JRT.txt
2017-01-06 21:37 - 2017-01-06 21:37 - 01663040 _____ (Malwarebytes) C:\Documents and Settings\Ali Baba\Desktop\JRT.exe
2017-01-06 21:08 - 2017-01-06 21:08 - 00008702 _____ C:\Documents and Settings\Ali Baba\Desktop\AdwCleaner[C0].txt
2017-01-06 20:57 - 2017-01-06 21:28 - 00010558 _____ C:\Documents and Settings\Ali Baba\Desktop\AdwCleaner[S0].txt
2017-01-06 20:53 - 2017-01-06 21:02 - 00000000 ____D C:\AdwCleaner
2017-01-06 20:53 - 2017-01-06 20:53 - 00054780 _____ C:\Documents and Settings\Ali Baba\Desktop\otgovor.txt
2017-01-06 20:47 - 2017-01-06 20:48 - 03988944 _____ C:\Documents and Settings\Ali Baba\Desktop\adwcleaner_6.042.exe
2017-01-06 19:41 - 2017-01-07 02:31 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-06 19:40 - 2017-01-06 19:43 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2017-01-06 19:40 - 2017-01-06 19:43 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2017-01-06 19:40 - 2017-01-06 19:43 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2017-01-06 19:40 - 2017-01-06 19:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2017-01-06 19:40 - 2016-03-10 14:09 - 00123264 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-01-06 19:40 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-01-06 19:38 - 2017-01-06 19:39 - 22908888 _____ (Malwarebytes ) C:\Documents and Settings\Ali Baba\Desktop\mbam-setup-2.2.0.1024.exe
2017-01-06 19:30 - 2017-01-06 19:30 - 00224172 _____ C:\Documents and Settings\Ali Baba\Desktop\Redirect при отваряне на браузър - Премахване на зловреден софтуер - HiJackThis логове - kaldata.com - Форуми.htm
2017-01-06 19:30 - 2017-01-06 19:30 - 00000000 ____D C:\Documents and Settings\Ali Baba\Desktop\Redirect при отваряне на браузър - Премахване на зловреден софтуер - HiJackThis логове - kaldata.com - Форуми_files
2017-01-06 19:22 - 2017-01-06 19:22 - 00000000 ____D C:\Documents and Settings\Ali Baba\Desktop\Стари данни Firefox
2017-01-06 16:07 - 2017-01-06 20:39 - 00000000 ____D C:\Documents and Settings\Ali Baba\Desktop\Backup for Browsers
2017-01-05 22:21 - 2017-01-05 22:23 - 00067043 _____ C:\Documents and Settings\Ali Baba\Desktop\Addition.txt
2017-01-05 22:20 - 2017-01-07 02:34 - 00027090 _____ C:\Documents and Settings\Ali Baba\Desktop\FRST.txt
2017-01-05 22:19 - 2017-01-07 02:34 - 00000000 ____D C:\FRST
2017-01-05 22:18 - 2017-01-05 22:18 - 01760256 _____ (Farbar) C:\Documents and Settings\Ali Baba\Desktop\FRST.exe
2017-01-05 21:58 - 2017-01-05 21:58 - 00000000 ___HD C:\WINDOWS\PIF
2016-12-26 11:30 - 2016-12-26 11:30 - 03566336 _____ () C:\WINDOWS\system32\Drivers\snp2uvc.sys
2016-12-26 11:30 - 2016-12-26 11:30 - 00662016 _____ (Sonix) C:\WINDOWS\vsnp2uvc.exe
2016-12-26 11:30 - 2016-12-26 11:30 - 00306688 _____ (Sonix Technology Co., Ltd.) C:\WINDOWS\system32\vsnp2uvc.dll
2016-12-26 11:30 - 2016-12-26 11:30 - 00196608 _____ ( ) C:\WINDOWS\system32\csnp2uvc.dll
2016-12-26 11:30 - 2016-12-26 11:30 - 00028544 _____ C:\WINDOWS\system32\Drivers\sncduvc.sys
2016-12-26 11:30 - 2016-12-26 11:30 - 00015497 _____ C:\WINDOWS\snp2uvc.ini
2016-12-26 11:30 - 2016-12-26 11:30 - 00013021 _____ C:\WINDOWS\snp2uvc.src
2016-12-26 11:29 - 2016-12-26 11:33 - 00001893 _____ C:\Documents and Settings\All Users\Desktop\Driver Booster 4.lnk
2016-12-26 11:29 - 2016-12-26 11:29 - 00000000 ____D C:\WINDOWS\IObit
2016-12-26 11:29 - 2016-12-26 11:29 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Driver Booster 4
2016-12-14 00:26 - 2016-12-14 14:40 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-12-12 15:48 - 2016-12-12 15:48 - 00000000 ____D C:\output

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-07 02:36 - 2009-01-01 00:17 - 00000000 ____D C:\Documents and Settings\Ali Baba\Local Settings\temp
2017-01-07 01:47 - 2015-08-22 21:34 - 00000000 ____D C:\Documents and Settings\Ali Baba\My Documents\Изтегляния
2017-01-07 01:47 - 2009-01-01 12:28 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-01-07 01:38 - 2015-10-06 17:00 - 00000663 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
2017-01-07 01:38 - 2015-10-06 17:00 - 00000657 _____ C:\Documents and Settings\All Users\Desktop\Opera.lnk
2017-01-07 01:38 - 2015-02-03 15:22 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2017-01-07 01:38 - 2015-02-03 15:22 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2017-01-07 01:38 - 2009-01-01 12:28 - 00001817 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
2017-01-07 01:33 - 2013-07-05 02:28 - 00000000 ____D C:\Documents and Settings\Ali Baba\Application Data\Skype
2017-01-07 01:11 - 2015-08-19 20:33 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2017-01-07 00:47 - 2009-01-01 12:28 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-01-06 22:10 - 2015-10-06 17:00 - 00000418 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1444143615.job
2017-01-06 21:38 - 2016-08-01 15:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP
2017-01-06 21:38 - 2016-03-10 18:19 - 00000282 _____ C:\WINDOWS\Tasks\ASC9_PerformanceMonitor.job
2017-01-06 21:06 - 2008-04-14 11:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2017-01-06 21:05 - 2016-10-19 22:38 - 00000000 ____D C:\Program Files\Hi-Rez Studios
2017-01-06 21:04 - 2016-10-21 20:54 - 00032562 _____ C:\WINDOWS\SchedLgU.Txt
2017-01-06 21:04 - 2015-05-10 17:48 - 00000286 _____ C:\WINDOWS\Tasks\ASC8_PerformanceMonitor.job
2017-01-06 21:04 - 2015-05-10 17:48 - 00000284 _____ C:\WINDOWS\Tasks\SmartDefrag4_Update.job
2017-01-06 21:04 - 2014-11-16 09:18 - 00000228 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2017-01-06 21:04 - 2013-08-08 22:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2115168$
2017-01-06 21:04 - 2013-07-05 00:01 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-06 21:03 - 2014-11-30 05:47 - 00273426 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2017-01-06 21:03 - 2013-07-05 00:02 - 00000178 ___SH C:\Documents and Settings\Ali Baba\ntuser.ini
2017-01-06 21:03 - 2013-07-05 00:02 - 00000000 ____D C:\Documents and Settings\Ali Baba
2017-01-06 20:41 - 2009-01-01 02:18 - 00000000 ____D C:\Documents and Settings\Ali Baba\Local Settings\Application Data\UpMedia
2017-01-06 19:31 - 2009-01-01 12:28 - 00001811 _____ C:\Documents and Settings\Ali Baba\Desktop\Google Chrome.lnk
2017-01-06 11:00 - 2015-04-21 22:36 - 00143872 ___SH C:\Documents and Settings\Ali Baba\Desktop\Thumbs.db
2017-01-06 01:03 - 2014-11-30 05:47 - 01137361 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-299502267-448539723-1801674531-1003-0.dat
2017-01-05 22:00 - 2008-04-14 11:00 - 00000435 _____ C:\WINDOWS\system.ini
2017-01-05 21:27 - 2013-07-07 22:53 - 00186368 _____ C:\Documents and Settings\Ali Baba\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-01-05 21:00 - 2013-08-17 16:58 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2017-01-05 20:59 - 2013-07-04 23:47 - 00000000 ____D C:\WINDOWS\Registration
2017-01-04 13:28 - 2009-01-01 02:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ProductData
2017-01-02 13:39 - 2009-01-01 08:33 - 00000000 ____D C:\Documents and Settings\Ali Baba\Application Data\PhotoScape
2017-01-01 16:13 - 2009-01-01 02:13 - 00000000 ___HD C:\WINDOWS\inf
2017-01-01 16:13 - 2009-01-01 02:13 - 00000000 ____D C:\WINDOWS\security
2016-12-27 17:57 - 2015-07-12 19:45 - 00000000 ____D C:\Documents and Settings\Ali Baba\Start Menu\Programs\San Andreas Multiplayer
2016-12-26 11:45 - 2015-01-22 23:12 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Advanced SystemCare 8
2016-12-26 11:32 - 2013-07-05 01:45 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups
2016-12-26 11:31 - 2015-01-22 23:25 - 00011904 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\Drivers\amdide.sys
2016-12-26 11:31 - 2013-07-05 01:45 - 00000000 ___DC C:\WINDOWS\system32\DRVSTORE
2016-12-26 11:29 - 2015-07-30 14:09 - 00000000 ____D C:\Program Files\IObit
2016-12-26 11:29 - 2015-07-30 14:09 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\IObit
2016-12-25 21:07 - 2013-07-05 00:02 - 00000000 ____D C:\Documents and Settings\Ali Baba\Local Settings\Application Data\Microsoft
2016-12-22 22:00 - 2016-09-09 14:53 - 00000000 ____D C:\Program Files\Steam
2016-12-20 02:38 - 2013-07-07 20:42 - 00000000 ___RD C:\Documents and Settings\Ali Baba\My Documents\My Videos
2016-12-17 00:47 - 2009-01-01 02:21 - 00000000 __SHD C:\WINDOWS\Installer
2016-12-15 13:11 - 2015-02-03 15:22 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-12-11 13:09 - 2015-07-11 18:43 - 00000000 ____D C:\Documents and Settings\Ali Baba\My Documents\GTA San Andreas User Files
2016-12-10 22:10 - 2009-01-01 04:00 - 00000000 ____D C:\Program Files\Opera

==================== Files in the root of some directories =======

2015-12-01 22:20 - 2015-12-01 22:20 - 0000022 _____ () C:\Program Files\MEGA-MASTERKEY.txt
2013-07-07 22:53 - 2017-01-05 21:27 - 0186368 _____ () C:\Documents and Settings\Ali Baba\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-05-30 23:49 - 2014-10-16 01:55 - 0145792 _____ () C:\Documents and Settings\Ali Baba\Local Settings\Application Data\downloader.exe

Some files in TEMP:
====================
C:\Documents and Settings\Ali Baba\Local Settings\temp\avgnt.exe
C:\Documents and Settings\Ali Baba\Local Settings\temp\KMP_4.1.5.3.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

ClearLNK-07.01.2017_01-38.log

Addition.txt


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Добро утро..! :)

Виждат се остатъци от McAfee Security Scan ..:

  •  Моля, деинсталирате програмата по стандартния начин..!
  •  За да се уверете, че няма остатъци..:
  •  Моля, изтеглите MCPR.exe и го запишете на вашия Desktop.
  •  Затворете всички програми и щракнете двукратно върху MCPR.exe след това кликнете на Run
  •  Следвайте инструкциите на екрана.
  •  Когато процедурата приключи, ще се появи съобщение 'CLEANUP SUCCESSFUL'. и   Reboot required to remove all files. Would you like to reboot now?
  •  Кликнете върху ''Yes', за да рестартирате компютъра си.
  •  След това изтрийте MCPR.exe от вашия работен плот.

Деинсталирайте следния софтуер:

Цитат

IObit Uninstaller

Skype Click to Call

 

Този софтуер ви е за обновяване:

Цитат

Java 8 Update 91 v.8.0.910.14 Warning! Download Update
Uninstall old version and install new one (jre-8u112-windows-i586.exe).

Adobe Flash Player 17 ActiveX v.17.0.0.169 Warning! Download Update
Adobe Flash Player 21 NPAPI v.21.0.0.242 Warning! Download Update
Adobe Reader XI (11.0.08) v.11.0.08 Warning! Download Update
^Please run Adobe Reader XI and go Help - Check for updates...^

Google Chrome v.49.0.2623.112 Warning! Download Update
Opera Stable 36.0.2130.80 v.36.0.2130.80 Warning! Download Update

 

Фикс с Farbar Recovery Scan Tool
 
icon13.gif Изтеглете прикачения файл - fixlist.txt и го запазете там, където сте свалили FRST.exe
Стартирайте отново FRST.exe и натиснете бутона Fix веднъж и изчакайте.

Press%20the%20FIX%20button_zpsdd5zi3mt.p


Ще се създаде нов лог файла FixLog.txt. Прикачете съдържанието му в следващия си коментар.
 
ЗАБЕЛЕЖКА: Този скрипт е написан специално за този потребител,и за тази конкретна машина. Изпълнението на фикса, на друг компютър може да доведе до увреждане на  операционната ви система

 

pfNZP4A.png  Дневници
 
В следващия си отговор, моля да включите следните дневници:

  • FixLog.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Каква е ситуацията след процедурите до тук..? Наблюдавате ли някакви проблеми..?

Освен това бих ви препоръчал да премахнете IObit Malware Fighter ..!

Цитат

IObit Malware Fighter

Avira Antivirus

 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Ами засега не се появяват проблеми. Системата се държи нормално.

Също така деинсталирах IObit Malware Fighter.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Прекрасно..! :)  Да направим една  контролна проверка ,след което ще приключваме..!

 

Сканиране с ESET Online Scan

  • Моля изтеглете и стартирайте изпълнимия файл от линка отдолу:
    ESET OnlineScan
  • Сложете отметката пред 4yS3E9O.jpg
  • Натиснете бутона XTRkhju.jpg
  • Сложете отметката пред Enable detection of potentially unwanted applications.
  • Сега кликнете на Advanced Settings и се уверете, че опцията Remove found threats не е маркирана, а следните са маркирани:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
    • Изберете сега бутона Change и изберете само Operating memory и дял C:\

fhSji42.png

  • Натиснете бутона Start.
  • ESET ще започне да сваля и инсталира актуализации за вирусните дефиниции и след това ще започне да сканира компютъра. Бъдете търпеливи, защото процеса е бавен и може да отнеме доста време.
  • След като проверката приключи натиснете бутона gFggK2f.jpg
  • Сега натиснете бутона kINPPCe.jpg, и запазете файла на десктопа с име по избор като например (ESETScan.txt). Копирайте резултата в следващия си коментар.
  • Натиснете бутона ObVLksZ.jpg и след това натиснете бутона OWHYffT.jpg за да затворите приложението.

 

  Дневници
 
В следващия си отговор, моля да включите следните дневници:

  • Дневник от ESET Online Scanner ( List of found threats )

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте..! :)

 

Фикс с Farbar Recovery Scan Tool
 
icon13.gif Изтеглете прикачения файл - fixlist.txt и го запазете там, където сте свалили FRST.exe
Стартирайте отново FRST.exe и натиснете бутона Fix веднъж и изчакайте.

Press%20the%20FIX%20button_zpsdd5zi3mt.p


Ще се създаде нов лог файла FixLog.txt. Прикачете съдържанието му в следващия си коментар.
 
ЗАБЕЛЕЖКА: Този скрипт е написан специално за този потребител,и за тази конкретна машина. Изпълнението на фикса, на друг компютър може да доведе до увреждане на  операционната ви система

pfNZP4A.png  Дневници
 
В следващия си отговор, моля да включите следните дневници:

  • FixLog.txt

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Това е от мен..! Ако няма други проблеми да се ориентираме към приключване..!

Да премахнем  програмите които използвахме:

icon_arrow.gif Изтеглете DelFix и го стартирайте. Сложете отметка пред:

  • Remove disinfection tools
  • Purge system restore

delfix.JPG
 
..и след това натиснете бутона Run

  • След като операцията е завърши,ще се създаде дневник
  • Копирате го и го поставите в следващия си отговор

Инструмента ще се самоизтрие след като приключи своята задача!

Ако има нещо което използвахме в лечението до тук и не се е премахнало след последните инструкции го премахнете ръчно ,по стандартните методи..!

i_arrow-r.gif Препоръчвам програмата Malwarebytes' Anti-Malware да остане на вашия компютър и периодично да сканирате системата си с нея (поне един -два пъти в седмицата),като не забравяйте да обновите дефинициите и преди всяко сканиране..както и да изключите защитата в реално време на програмата.  Напомням че това не е антивирусна програма а едно изключително добро допълнение към нея..!

 

pfNZP4A.png  Дневници
 
В следващия си отговор, моля да включите следните дневници:

  • DelFix

 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Абсолютно чиста система,,,! Ако нямате други проблеми да приключваме...Маркирам случая за "Решен"...! Пожелавам лек ден и безопасен интернет..! :)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Добавете отговор

Можете да публикувате отговор сега и да се регистрирате по-късно. Ако имате регистрация, влезте в профила си за да публикувате от него.
Бележка: Вашата публикация изисква одобрение от модератор, преди да стане видима за всички.

Гост
Напишете отговор в тази тема...

×   Вмъкнахте текст, който съдържа форматиране.   Премахни форматирането на текста

  Разрешени са само 75 емотикони.

×   Съдържанието от линка беше вградено автоматично.   Премахни съдържанието и покажи само линк

×   Съдържанието, което сте написали преди беше възстановено..   Изтрий всичко

×   You cannot paste images directly. Upload or insert images from URL.


  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Подобни теми

    • от muselin21
      Здравейте, Криптираха ми целия лаптоп след като инсталирах програма. Отидох в сервиз и ми казаха, че след преинсталация всичко ще е нормално и част от файловете и програмите, които имах на флашка месец преди това мога да ги ползвам свободно и без притеснение. Послушах ги и си качих запазените файлове и програми на преинсталиране лаптоп, но компютъра започна да отваря страници и папки много бавно, в с: празното пространство постоянно ти падаше ту се покачваше с гб без да свалям или друго действие, в последствие започна да изписва, че промените, които правя могат да навредят на друг човек, който използва компютъра. Отидох в друг сервиз само да попитам без лаптопа и ми отговориха, че от моята флашка отново съм го заразила и тъй като през това време свалях и на друга нова флашка и двете  са заразени. Може ли някой да ми помогне? 
    • от dkaraulan
      Здравейте
      Сканирах с Malwarebytes и изтрих high risks detected. Останалите potential threats не ги разпознавам и затова пиша тема.
      Не разполагам с диск за операционна система. Прикачвам файловете от десктопа.
      Благодаря предварително!
      Addition.txt FRST.txt
    • от Adriyan Beev
      Здравейте, 

      Извинявам се предварително, ако има създатена тема за решаване на проблем с този вирус, но не успях да я открия, затова пиша. 

      Днес не знам как и по какъв начин, се заразих с Bora Ransomware, всички файлове в системата ми се промениха във формат .bora. Нямам достъп до офис файлове, снимки и др. 
       
      Може ли съдействие ? 
    • от doktorkartar
      При всяко стартиране на Мозила ми се блокират началните прозорци (без значение от кой сайт са) и ми излизат 3 грешки от Kaspersky T.S. След това мога да си презаредя блокирания прозорец на ново и го отваря без проблем. Проблема се явява само при стартирането на Мозила.
      Дали е от заразена система или неправилна настройка на АВ-та програма ?
      Имам наличен диск с ОС.
       

      Addition.txt FRST.txt
    • от CaptainJord
      Здравейте, от няколко дни, когато стартирам компютъра ми се отваря автоматично Google Chrome и ме пренасочва към някакви random сайтове.. Съмнявам се да нямам някакъв злонамерен софтуер. Понеже Eset не ми работи, а уж я имам на системата инсталирана, когато я натисна не ми тръгва и не мога да направя Scan на системата.. 
       
       
      Addition.txt FRST.txt
  • Дарение

×
×
  • Добави ново...