ComboFix Log File

Keanu

Keanu

New Member
Thread author
Feb 2, 2016
1
Can You please analyze my log file, as I'm not an expert :)
Thanks in Advance! :D

ComboFix 16-02-05.01 - Keanu 02/07/2016 22:20:40.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1979.1160 [GMT -8:00]
Running from: c:\users\Keanu\Downloads\Programs\ComboFix.exe
AV: Bitdefender Antivirus Free Edition *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
SP: Bitdefender Antivirus Free Edition *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1454310879.bdinstall.bin
c:\programdata\1454311183.bdinstall.bin
c:\programdata\1454311331.bdinstall.bin
c:\programdata\1454312710.bdinstall.bin
c:\programdata\1454312883.bdinstall.bin
c:\programdata\1454312922.bdinstall.bin
c:\programdata\1454313003.bdinstall.bin
c:\programdata\1454313690.bdinstall.bin
c:\programdata\1454350944.bdinstall.bin
c:\programdata\1454350952.bdinstall.bin
c:\programdata\1454351070.bdinstall.bin
c:\programdata\1454353864.3272.bin
c:\programdata\1454353864.bdinstall.bin
c:\programdata\1454353870.bdinstall.bin
c:\programdata\1454360864.bdinstall.bin
c:\programdata\1454470958.bdinstall.bin
c:\programdata\1454470960.bdinstall.bin
c:\programdata\1454565310.bdinstall.bin
c:\programdata\1454738721.bdinstall.bin
c:\programdata\1454738730.bdinstall.bin
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\ar\messages.json
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\bg\messages.json
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\ca\messages.json
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\cs\messages.json
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\da\messages.json
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\de\messages.json
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\el\messages.json
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\en\messages.json
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\es\messages.json
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\fi\messages.json
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\fr\messages.json
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\gu\messages.json
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\he\messages.json
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\hr\messages.json
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\hu\messages.json
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\id\messages.json
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\it\messages.json
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\ja\messages.json
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\ko\messages.json
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\nb\messages.json
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\nl\messages.json
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\pl\messages.json
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\pt_BR\messages.json
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\pt_PT\messages.json
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\ro\messages.json
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\ru\messages.json
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\sk\messages.json
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\sl\messages.json
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\sr\messages.json
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\sv\messages.json
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\tr\messages.json
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\uk\messages.json
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\vi\messages.json
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\zh_CN\messages.json
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\zh_TW\messages.json
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_metadata\computed_hashes.json
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_metadata\verified_contents.json
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\adblock_safari_beforeload.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\adblock_safari_contentblocking.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\adblock_start_chrome.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\adblock_start_common.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\background.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\bandaids.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\button\popup.css
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\button\popup.html
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\button\popup.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\CHANGELOG.txt
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\checkupdates.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\chrome_oauth_receiver.html
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\chrome_oauth_receiver.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\datacollection.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\dropbox-datastores.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\filtering\declarativewebrequest.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\filtering\domainset.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\filtering\filternormalizer.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\filtering\filteroptions.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\filtering\filterset.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\filtering\filtertypes.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\filtering\myfilters.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\functions.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\gab_question.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\idlehandler.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\delete.gif
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\dropbox1.png
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\dropbox2.png
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\dropbox3.png
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\facebook-sprite.png
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\gplus-sprite.png
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon128.png
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon16.png
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon16_grayscale.png
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon16_grayscale@2x.png
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon19-grayscale.png
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon19-whitelisted.png
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon19.png
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon24.png
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon32.png
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon38-grayscale.png
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon38-whitelisted.png
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon38.png
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon48.png
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\loader.gif
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\logo.png
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\search\check.png
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\search\magnifying_glass.png
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\search\search-engine-card_no-shadow.png
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\search\search-engine-icons.png
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\search\search-omnibox-card_no-shadow.png
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\search\search_engine_select_arrow.png
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\twitter-sprite.png
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-bg_flat_55_999999_40x100.png
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-bg_flat_75_aaaaaa_40x100.png
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-bg_glass_45_0078ae_1x400.png
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-bg_glass_55_f8da4e_1x400.png
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-bg_glass_75_79c9ec_1x400.png
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-bg_gloss-wave_50_38cfff_500x100.png
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-bg_gloss-wave_75_2191c0_500x100.png
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-bg_inset-hard_100_fcfdfd_1x100.png
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-icons_056b93_256x240.png
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-icons_d8e7f3_256x240.png
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\jquery-ui.custom.css
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\override-page.css
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\jquery-ui.custom.min.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\jquery.cookie.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\jquery.min.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\LICENSE
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\manifest.json
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\notificationoverlay.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\bug-report.html
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\bug-report.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\customize.html
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\customize.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\filters.html
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\filters.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\general.html
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\general.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\index.html
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\index.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\options.css
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\support.html
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\support.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\pages\adreport.html
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\pages\adreport.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\pages\resourceblock.css
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\pages\resourceblock.html
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\pages\resourceblock.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\pages\subscribe.css
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\pages\subscribe.html
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\pages\subscribe.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\port.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\punycode.min.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\README.markdown
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\stats.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\survey.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\translators.json
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\blacklisting\blacklistui.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\blacklisting\clickwatcher.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\blacklisting\elementchain.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\blacklisting\overlay.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\blacklisting\rightclick_hook.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\load_jquery_ui.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\send_content_to_back.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\top_open_blacklist_ui.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\top_open_whitelist_ui.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\ytchannel.js
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage-journal
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage
c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Keanu\AppData\Roaming\Microsoft\Windows\Recent\Your Software Deals.url
c:\windows\system32\drivers\SETD431.tmp
c:\users\Keanu\AppData\Local\Temp\RarSFX1\additional.dll . . . . Failed to delete
c:\users\Keanu\AppData\Local\Temp\RarSFX1\avcheck.exe . . . . Failed to delete
c:\users\Keanu\AppData\Local\Temp\RarSFX1\bdardrv.dll . . . . Failed to delete
c:\users\Keanu\AppData\Local\Temp\RarSFX1\bdmetrics.dll . . . . Failed to delete
c:\users\Keanu\AppData\Local\Temp\RarSFX1\bdnc.dll . . . . Failed to delete
c:\users\Keanu\AppData\Local\Temp\RarSFX1\bdselfpr.sys . . . . Failed to delete
c:\users\Keanu\AppData\Local\Temp\RarSFX1\core\bdcore.dll . . . . Failed to delete
c:\users\Keanu\AppData\Local\Temp\RarSFX1\gzflt.sys . . . . Failed to delete
c:\users\Keanu\AppData\Local\Temp\RarSFX1\gzfltum.dll . . . . Failed to delete
c:\users\Keanu\AppData\Local\Temp\RarSFX1\htmlayout.dll . . . . Failed to delete
c:\users\Keanu\AppData\Local\Temp\RarSFX1\Installer.exe . . . . Failed to delete
c:\users\Keanu\AppData\Local\Temp\RarSFX1\installerpackage.exe . . . . Failed to delete
c:\users\Keanu\AppData\Local\Temp\RarSFX1\lang\en-US.exe . . . . Failed to delete
c:\users\Keanu\AppData\Local\Temp\RarSFX1\lang\it-IT.exe . . . . Failed to delete
c:\users\Keanu\AppData\Local\Temp\RarSFX1\lang\pt-BR.exe . . . . Failed to delete
c:\users\Keanu\AppData\Local\Temp\RarSFX1\lang\ro-RO.exe . . . . Failed to delete
c:\users\Keanu\AppData\Local\Temp\RarSFX1\npcomm.dll . . . . Failed to delete
c:\users\Keanu\AppData\Local\Temp\RarSFX1\setuplauncher.exe . . . . Failed to delete
c:\users\Keanu\AppData\Local\Temp\RarSFX1\trufos.dll . . . . Failed to delete
c:\users\Keanu\AppData\Local\Temp\RarSFX1\trufos.sys . . . . Failed to delete
c:\users\Keanu\AppData\Local\Temp\RarSFX1\unrar.dll . . . . Failed to delete
c:\users\Keanu\AppData\Local\Temp\RarSFX1\WPFKickstarter.exe . . . . Failed to delete
c:\users\Keanu\AppData\Local\Temp\RarSFX1\WPFKickstarter4.exe . . . . Failed to delete
c:\users\Keanu\AppData\Local\Temp\RarSFX1\wslib.dll . . . . Failed to delete
c:\users\Keanu\AppData\Local\Temp\RarSFX1\wspack.dll . . . . Failed to delete
c:\users\Keanu\AppData\Local\Temp\RarSFX1\wsutils.dll . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2016-01-08 to 2016-02-08 )))))))))))))))))))))))))))))))
.
.
2016-02-08 06:30 . 2016-02-08 06:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-02-08 05:50 . 2016-02-08 05:50 -------- d-----w- c:\windows\Migration
2016-02-08 05:12 . 2016-02-08 05:12 -------- d-----w- c:\programdata\regid.1995-08.com.techsmith
2016-02-08 05:12 . 2016-02-08 05:12 -------- d-----w- c:\program files\QuickTime
2016-02-08 05:12 . 2016-02-08 05:12 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2016-02-08 05:10 . 2016-02-08 05:10 -------- d-----w- c:\programdata\TechSmith
2016-02-08 05:10 . 2016-02-08 05:10 -------- d-----w- c:\program files\TechSmith
2016-02-08 00:55 . 2016-02-08 00:55 -------- d-----w- c:\programdata\VS Revo Group
2016-02-08 00:55 . 2009-12-30 18:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2016-02-08 00:55 . 2016-02-08 00:55 -------- d-----w- c:\program files\VS Revo Group
2016-02-08 00:48 . 2016-02-08 00:48 -------- d-----w- c:\programdata\Ashampoo
2016-02-07 21:14 . 2016-02-04 06:01 0 ----a-w- c:\windows\system32\drivers\avchv.sys
2016-02-07 21:04 . 2014-05-14 16:23 45536 ----a-w- c:\windows\system32\wups2.dll
2016-02-07 21:04 . 2014-05-14 16:23 54240 ----a-w- c:\windows\system32\wuauclt.exe
2016-02-07 21:04 . 2014-05-14 16:17 2425856 ----a-w- c:\windows\system32\wucltux.dll
2016-02-07 21:04 . 2014-05-14 16:23 1973728 ----a-w- c:\windows\system32\wuaueng.dll
2016-02-07 21:03 . 2014-05-14 16:23 36320 ----a-w- c:\windows\system32\wups.dll
2016-02-07 21:03 . 2014-05-14 16:23 581600 ----a-w- c:\windows\system32\wuapi.dll
2016-02-07 21:03 . 2014-05-14 16:17 92672 ----a-w- c:\windows\system32\wudriver.dll
2016-02-07 21:03 . 2014-05-14 17:23 179656 ----a-w- c:\windows\system32\wuwebv.dll
2016-02-07 21:03 . 2014-05-14 17:17 33792 ----a-w- c:\windows\system32\wuapp.exe
2016-02-07 08:24 . 2016-02-07 08:24 -------- d-----w- c:\programdata\Geevs
2016-02-07 08:23 . 2016-02-07 08:23 -------- d-----w- c:\programdata\Package Cache
2016-02-06 18:29 . 2016-02-06 18:29 -------- d-----w- c:\program files\Google
2016-02-06 17:23 . 2016-02-06 17:24 -------- d-----w- c:\programdata\Globe Tattoo Broadband
2016-02-06 17:23 . 2016-02-06 17:22 168960 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2016-02-06 17:23 . 2016-02-06 17:22 85248 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2016-02-06 17:23 . 2016-02-06 17:22 72576 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2016-02-06 17:23 . 2016-02-06 17:22 51456 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2016-02-06 17:23 . 2016-02-06 17:22 26496 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2016-02-06 17:23 . 2016-02-06 17:22 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2016-02-06 17:23 . 2016-02-06 17:22 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2016-02-06 17:22 . 2016-02-06 17:22 860928 ----a-w- c:\windows\system32\drivers\mod7700.sys
2016-02-06 17:22 . 2016-02-06 17:22 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2016-02-06 17:22 . 2016-02-06 17:22 27136 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2016-02-06 17:22 . 2016-02-06 17:22 208896 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2016-02-06 17:22 . 2016-02-06 17:22 106880 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2016-02-06 17:22 . 2016-02-06 17:22 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2016-02-06 17:21 . 2016-02-06 17:24 -------- d-----w- c:\program files\Globe Tattoo Broadband
2016-02-06 17:21 . 2016-02-06 17:25 -------- d-----w- c:\programdata\DatacardService
2016-02-06 05:27 . 2016-02-06 05:27 -------- d-----w- c:\program files\Microsoft.NET
2016-02-04 06:01 . 2013-04-17 22:59 633344 ----a-w- c:\windows\system32\drivers\avc3.sys
2016-02-04 06:01 . 2013-04-17 22:59 486536 ----a-w- c:\windows\system32\drivers\avckf.sys
2016-02-04 06:01 . 2016-02-04 06:01 -------- d-----w- c:\program files\Bitdefender
2016-02-04 06:01 . 2013-04-22 21:20 164952 ----a-w- c:\windows\system32\drivers\gzflt.sys
2016-02-04 06:00 . 2013-05-28 20:11 355744 ----a-w- c:\windows\system32\drivers\trufos.sys
2016-02-04 04:39 . 2016-02-08 03:45 -------- d-----w- c:\programdata\Malwarebytes Anti-Exploit
2016-02-04 04:39 . 2016-02-04 04:39 -------- d-----w- c:\program files\Malwarebytes Anti-Exploit
2016-02-01 21:14 . 2009-07-15 07:27 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2016-02-01 19:20 . 2016-02-06 03:41 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-02-01 19:20 . 2016-02-03 05:45 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-02-01 19:20 . 2016-02-01 19:20 -------- d-----w- c:\programdata\Malwarebytes
2016-02-01 19:20 . 2015-10-05 17:50 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-02-01 19:20 . 2015-10-05 17:50 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-02-01 19:20 . 2015-10-05 17:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-02-01 06:53 . 2016-02-01 06:53 -------- d--h--w- c:\program files\InstallJammer Registry
2016-01-30 22:34 . 2016-01-30 22:34 -------- d-----w- c:\windows\system32\SupportAppPBHostless Modem
2016-01-30 22:34 . 2016-01-30 22:34 -------- d-----w- c:\program files\Hostless Modem
2016-01-30 20:09 . 2016-02-08 05:16 -------- d-----w- c:\users\Keanu
2016-01-30 20:07 . 2016-01-30 20:12 -------- d-----w- c:\program files\IDT
2016-01-30 20:07 . 2010-04-01 07:06 139776 ----a-w- c:\windows\system32\aestacap.dll
2016-01-30 20:07 . 2009-10-09 17:45 380928 ----a-w- c:\windows\system32\aestecap.dll
2016-01-30 20:07 . 2009-03-02 18:57 61440 ----a-w- c:\windows\system32\aestaren.dll
2016-01-30 20:07 . 2010-03-23 15:53 536576 ----a-w- c:\windows\system32\idtmini1.exe
2016-01-30 20:07 . 2010-03-23 15:53 495708 ----a-w- c:\windows\sttray.exe
2016-01-30 20:07 . 2010-03-23 15:53 3354624 ----a-w- c:\windows\system32\stlang.dll
2016-01-30 20:07 . 2010-03-23 15:53 12628060 ----a-w- c:\windows\system32\idtcpl.cpl
2016-01-30 20:07 . 2009-03-02 18:47 86016 ----a-w- c:\windows\system32\AESTCom.dll
2016-01-30 20:07 . 2016-01-30 20:07 -------- d-----w- c:\windows\system32\SRSLabs
2016-01-30 06:21 . 2015-12-16 18:15 9014120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ADB45125-0B7A-4050-A88C-25D14CA4A3EC}\mpengine.dll
2016-01-30 06:21 . 2015-12-02 21:25 247976 ----a-w- c:\windows\system32\MpSigStub.exe
2016-01-30 05:34 . 2016-01-30 20:12 -------- d-----w- c:\program files\VideoLAN
2016-01-30 04:58 . 2016-01-30 04:58 -------- d-----w- c:\programdata\IDM
2016-01-30 04:57 . 2016-01-30 20:12 -------- d-----w- c:\program files\Internet Download Manager
2016-01-30 04:30 . 2016-01-30 23:15 -------- d-----w- c:\program files\CCleaner
2016-01-30 03:31 . 2016-01-30 20:12 -------- d-----w- c:\program files\Unlocker
2016-01-30 02:37 . 2016-01-30 20:12 -------- d-----w- c:\program files\Intel
2016-01-30 02:37 . 2012-11-23 02:57 70248 ----a-w- c:\windows\system32\PrxerDrv.dll
2016-01-30 02:37 . 2012-11-23 02:57 56424 ----a-w- c:\windows\system32\PrxerNsp.dll
2016-01-30 02:37 . 2012-11-23 02:57 91240 ----a-w- c:\windows\system32\ProxifierShellExt.dll
2016-01-30 02:35 . 2016-01-30 20:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2016-01-30 01:31 . 2016-01-30 20:12 -------- d-----w- c:\programdata\BlueStacks
2016-01-30 00:40 . 1997-06-06 23:52 11264 ----a-w- c:\windows\system32\SPORDER.DLL
2016-01-30 00:40 . 2016-01-30 20:12 -------- d-----w- c:\program files\Proxifier
2016-01-30 00:34 . 2016-01-30 20:12 -------- d-----w- c:\program files\BlueStacks
2016-01-30 00:33 . 2016-02-08 05:56 -------- d-sh--w- c:\windows\Installer
2016-01-30 00:30 . 2016-01-30 00:30 796864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-01-30 00:30 . 2016-01-30 00:30 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-01-30 00:30 . 2016-01-30 20:13 -------- d-----w- c:\windows\system32\Macromed
2016-01-30 00:29 . 2016-02-08 05:38 -------- d-----w- c:\program files\Opera
2016-01-30 00:22 . 2010-03-23 15:53 940544 ----a-w- c:\windows\system32\stapo.dll
2016-01-30 00:22 . 2010-03-23 15:53 527872 ------w- c:\windows\system32\stapi32.dll
2016-01-30 00:22 . 2010-03-23 15:53 423424 ----a-w- c:\windows\system32\drivers\stwrt.sys
2016-01-30 00:22 . 2010-03-23 15:53 405504 ----a-w- c:\windows\system32\stcplx.dll
2016-01-30 00:22 . 2010-03-23 15:53 175616 ----a-w- c:\windows\system32\staco.dll
2016-01-29 00:11 . 2016-01-29 00:11 -------- d-----w- C:\Intel
2016-01-28 14:47 . 2016-01-28 09:20 134248 ----a-w- c:\windows\system32\drivers\idmwfp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-02-01 06:53 . 2016-02-01 06:53 1486076 ----a-w- c:\windows\cursors\uninstall.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 12:52 23520 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2016-01-30 3931728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-11-13 138784]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-11-13 172064]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-11-13 173600]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-23 495708]
"Malwarebytes Anti-Exploit"="c:\program files\Malwarebytes Anti-Exploit\mbae.exe" [2016-01-29 2622432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent]
2016-01-07 16:52 888344 ----a-w- c:\program files\BlueStacks\HD-Agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CancelAutoPlay_df]
2014-11-03 08:41 447744 ----a-w- c:\program files\Hostless Modem\SMART BRO\CancelAutoPlay_df.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2016-01-15 20:43 6628056 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CheckNDISPort51ac05]
2014-11-03 08:41 468736 ----a-w- c:\program files\Hostless Modem\SMART BRO\CheckNDISPort_df.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R3 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [2016-01-07 413208]
R3 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files\BlueStacks\HD-UpdaterService.exe [2016-01-07 859672]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2016-02-06 102784]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R4 Globe Tattoo Broadband. RunOuc;Globe Tattoo Broadband. OUC;c:\program files\Globe Tattoo Broadband\UpdateDog\ouc.exe [2016-02-06 218624]
R4 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [2010-11-16 264704]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2013-04-17 633344]
S1 bdfwfpf;bdfwfpf;c:\program files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [2013-07-02 108008]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files\Malwarebytes Anti-Exploit\mbae.sys [2016-01-29 50016]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1f4e5527ca660a3d\aestsrv.exe [2009-03-02 81920]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [2016-01-07 140856]
S2 gzserv;Bitdefender Antivirus Free Edition;c:\program files\Bitdefender\Antivirus Free Edition\gzserv.exe [2013-10-24 57520]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2016-01-28 134248]
S2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files\Malwarebytes Anti-Exploit\mbae-svc.exe [2016-01-29 740832]
S3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2013-04-17 486536]
S3 CFcatchme;CFcatchme;c:\users\Keanu\AppData\Local\Temp\CFcatchme.sys [x]
S3 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [2013-04-22 164952]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2016-02-06 72576]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-15 127488]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-02-06 18:29 1090376 ----a-w- c:\program files\Google\Chrome\Application\48.0.2564.103\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2016-02-06 18:29]
.
2016-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2016-02-06 18:29]
.
.
------- Supplementary Scan -------
.
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
LSP: %SystemRoot%\system32\PrxerDrv.dll
TCP: DhcpNameServer = 8.8.8.8
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-ProxyCap - c:\program files\Proxy Labs\ProxyCap\pcapui.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1092)
c:\windows\system32\cscapi.dll
c:\windows\system32\thumbcache.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\stobject.dll
c:\windows\system32\BatMeter.dll
c:\windows\system32\prnfldr.dll
c:\windows\system32\dxp.dll
c:\windows\System32\netshell.dll
c:\windows\System32\AltTab.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\taskschd.dll
c:\windows\System32\QUtil.dll
c:\windows\System32\srchadmin.dll
c:\windows\system32\Wlanapi.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\OLEACC.dll
c:\windows\System32\drprov.dll
c:\windows\System32\DAVHLPR.dll
c:\windows\System32\MFPlat.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1f4e5527ca660a3d\STacSV.exe
c:\windows\system32\taskhost.exe
c:\program files\Bitdefender\Antivirus Free Edition\gziface.exe
c:\windows\system32\conhost.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\windows\system32\sppsvc.exe
c:\program files\VideoLAN\VLC\vlc.exe
.
**************************************************************************
.
Completion time: 2016-02-07 22:37:03 - machine was rebooted
ComboFix-quarantined-files.txt 2016-02-08 06:37
.
Pre-Run: 18,286,440,448 bytes free
Post-Run: 18,101,448,704 bytes free
.
- - End Of File - - 740CBC607DA1B6F8894CAF272389BE07
A36C5E4F47E84449FF07ED3517B43A31

PS. Sorry that I put the log file in a spoiler; I can't upload the file :oops:
 

Similar threads

D
  • Locked
can't remove DodoIneptus
Replies
5
Views
419
Windows Malware Removal Help & Support
nasdaq
nasdaq
tanner_doriano
  • Locked
No Reply PC Infected with Persistent Malware Downloading Files Hourly
Replies
7
Views
391
Windows Malware Removal Help & Support
icotonev
icotonev
C
  • Locked
Emsisoft Emergency Kit's temp files detected as Trojan:Script/Wacatac.B!ml by Windows Security
Replies
8
Views
730
Windows Malware Removal Help & Support
Can't Decide
C

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top