Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
ComboFix Log File
Message
<blockquote data-quote="Keanu" data-source="post: 478344" data-attributes="member: 49185"><p>Can You please analyze my log file, as I'm not an expert <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /></p><p>Thanks in Advance! <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite116" alt=":D" title="Big grin :D" loading="lazy" data-shortname=":D" /></p><p></p><p>[SPOILER="Log File"]ComboFix 16-02-05.01 - Keanu 02/07/2016 22:20:40.2.2 - x86</p><p>Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1979.1160 [GMT -8:00]</p><p>Running from: c:\users\Keanu\Downloads\Programs\ComboFix.exe</p><p>AV: Bitdefender Antivirus Free Edition *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}</p><p>SP: Bitdefender Antivirus Free Edition *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}</p><p>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p> * Created a new restore point</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>c:\programdata\1454310879.bdinstall.bin</p><p>c:\programdata\1454311183.bdinstall.bin</p><p>c:\programdata\1454311331.bdinstall.bin</p><p>c:\programdata\1454312710.bdinstall.bin</p><p>c:\programdata\1454312883.bdinstall.bin</p><p>c:\programdata\1454312922.bdinstall.bin</p><p>c:\programdata\1454313003.bdinstall.bin</p><p>c:\programdata\1454313690.bdinstall.bin</p><p>c:\programdata\1454350944.bdinstall.bin</p><p>c:\programdata\1454350952.bdinstall.bin</p><p>c:\programdata\1454351070.bdinstall.bin</p><p>c:\programdata\1454353864.3272.bin</p><p>c:\programdata\1454353864.bdinstall.bin</p><p>c:\programdata\1454353870.bdinstall.bin</p><p>c:\programdata\1454360864.bdinstall.bin</p><p>c:\programdata\1454470958.bdinstall.bin</p><p>c:\programdata\1454470960.bdinstall.bin</p><p>c:\programdata\1454565310.bdinstall.bin</p><p>c:\programdata\1454738721.bdinstall.bin</p><p>c:\programdata\1454738730.bdinstall.bin</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\ar\messages.json</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\bg\messages.json</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\ca\messages.json</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\cs\messages.json</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\da\messages.json</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\de\messages.json</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\el\messages.json</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\en\messages.json</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\es\messages.json</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\fi\messages.json</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\fr\messages.json</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\gu\messages.json</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\he\messages.json</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\hr\messages.json</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\hu\messages.json</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\id\messages.json</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\it\messages.json</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\ja\messages.json</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\ko\messages.json</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\nb\messages.json</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\nl\messages.json</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\pl\messages.json</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\pt_BR\messages.json</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\pt_PT\messages.json</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\ro\messages.json</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\ru\messages.json</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\sk\messages.json</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\sl\messages.json</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\sr\messages.json</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\sv\messages.json</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\tr\messages.json</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\uk\messages.json</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\vi\messages.json</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\zh_CN\messages.json</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\zh_TW\messages.json</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_metadata\computed_hashes.json</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_metadata\verified_contents.json</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\adblock_safari_beforeload.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\adblock_safari_contentblocking.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\adblock_start_chrome.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\adblock_start_common.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\background.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\bandaids.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\button\popup.css</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\button\popup.html</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\button\popup.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\CHANGELOG.txt</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\checkupdates.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\chrome_oauth_receiver.html</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\chrome_oauth_receiver.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\datacollection.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\dropbox-datastores.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\filtering\declarativewebrequest.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\filtering\domainset.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\filtering\filternormalizer.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\filtering\filteroptions.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\filtering\filterset.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\filtering\filtertypes.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\filtering\myfilters.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\functions.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\gab_question.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\idlehandler.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\delete.gif</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\dropbox1.png</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\dropbox2.png</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\dropbox3.png</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\facebook-sprite.png</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\gplus-sprite.png</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon128.png</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon16.png</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon16_grayscale.png</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon16_grayscale@2x.png</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon19-grayscale.png</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon19-whitelisted.png</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon19.png</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon24.png</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon32.png</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon38-grayscale.png</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon38-whitelisted.png</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon38.png</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon48.png</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\loader.gif</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\logo.png</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\search\check.png</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\search\magnifying_glass.png</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\search\search-engine-card_no-shadow.png</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\search\search-engine-icons.png</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\search\search-omnibox-card_no-shadow.png</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\search\search_engine_select_arrow.png</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\twitter-sprite.png</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-bg_flat_55_999999_40x100.png</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-bg_flat_75_aaaaaa_40x100.png</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-bg_glass_45_0078ae_1x400.png</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-bg_glass_55_f8da4e_1x400.png</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-bg_glass_75_79c9ec_1x400.png</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-bg_gloss-wave_50_38cfff_500x100.png</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-bg_gloss-wave_75_2191c0_500x100.png</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-bg_inset-hard_100_fcfdfd_1x100.png</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-icons_056b93_256x240.png</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-icons_d8e7f3_256x240.png</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\jquery-ui.custom.css</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\override-page.css</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\jquery-ui.custom.min.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\jquery.cookie.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\jquery.min.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\LICENSE</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\manifest.json</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\notificationoverlay.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\bug-report.html</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\bug-report.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\customize.html</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\customize.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\filters.html</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\filters.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\general.html</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\general.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\index.html</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\index.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\options.css</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\support.html</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\support.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\pages\adreport.html</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\pages\adreport.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\pages\resourceblock.css</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\pages\resourceblock.html</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\pages\resourceblock.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\pages\subscribe.css</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\pages\subscribe.html</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\pages\subscribe.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\port.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\punycode.min.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\README.markdown</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\stats.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\survey.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\translators.json</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\blacklisting\blacklistui.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\blacklisting\clickwatcher.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\blacklisting\elementchain.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\blacklisting\overlay.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\blacklisting\rightclick_hook.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\load_jquery_ui.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\send_content_to_back.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\top_open_blacklist_ui.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\top_open_whitelist_ui.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\ytchannel.js</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage-journal</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage</p><p>c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Preferences</p><p>c:\users\Keanu\AppData\Roaming\Microsoft\Windows\Recent\Your Software Deals.url</p><p>c:\windows\system32\drivers\SETD431.tmp</p><p>c:\users\Keanu\AppData\Local\Temp\RarSFX1\additional.dll . . . . Failed to delete</p><p>c:\users\Keanu\AppData\Local\Temp\RarSFX1\avcheck.exe . . . . Failed to delete</p><p>c:\users\Keanu\AppData\Local\Temp\RarSFX1\bdardrv.dll . . . . Failed to delete</p><p>c:\users\Keanu\AppData\Local\Temp\RarSFX1\bdmetrics.dll . . . . Failed to delete</p><p>c:\users\Keanu\AppData\Local\Temp\RarSFX1\bdnc.dll . . . . Failed to delete</p><p>c:\users\Keanu\AppData\Local\Temp\RarSFX1\bdselfpr.sys . . . . Failed to delete</p><p>c:\users\Keanu\AppData\Local\Temp\RarSFX1\core\bdcore.dll . . . . Failed to delete</p><p>c:\users\Keanu\AppData\Local\Temp\RarSFX1\gzflt.sys . . . . Failed to delete</p><p>c:\users\Keanu\AppData\Local\Temp\RarSFX1\gzfltum.dll . . . . Failed to delete</p><p>c:\users\Keanu\AppData\Local\Temp\RarSFX1\htmlayout.dll . . . . Failed to delete</p><p>c:\users\Keanu\AppData\Local\Temp\RarSFX1\Installer.exe . . . . Failed to delete</p><p>c:\users\Keanu\AppData\Local\Temp\RarSFX1\installerpackage.exe . . . . Failed to delete</p><p>c:\users\Keanu\AppData\Local\Temp\RarSFX1\lang\en-US.exe . . . . Failed to delete</p><p>c:\users\Keanu\AppData\Local\Temp\RarSFX1\lang\it-IT.exe . . . . Failed to delete</p><p>c:\users\Keanu\AppData\Local\Temp\RarSFX1\lang\pt-BR.exe . . . . Failed to delete</p><p>c:\users\Keanu\AppData\Local\Temp\RarSFX1\lang\ro-RO.exe . . . . Failed to delete</p><p>c:\users\Keanu\AppData\Local\Temp\RarSFX1\npcomm.dll . . . . Failed to delete</p><p>c:\users\Keanu\AppData\Local\Temp\RarSFX1\setuplauncher.exe . . . . Failed to delete</p><p>c:\users\Keanu\AppData\Local\Temp\RarSFX1\trufos.dll . . . . Failed to delete</p><p>c:\users\Keanu\AppData\Local\Temp\RarSFX1\trufos.sys . . . . Failed to delete</p><p>c:\users\Keanu\AppData\Local\Temp\RarSFX1\unrar.dll . . . . Failed to delete</p><p>c:\users\Keanu\AppData\Local\Temp\RarSFX1\WPFKickstarter.exe . . . . Failed to delete</p><p>c:\users\Keanu\AppData\Local\Temp\RarSFX1\WPFKickstarter4.exe . . . . Failed to delete</p><p>c:\users\Keanu\AppData\Local\Temp\RarSFX1\wslib.dll . . . . Failed to delete</p><p>c:\users\Keanu\AppData\Local\Temp\RarSFX1\wspack.dll . . . . Failed to delete</p><p>c:\users\Keanu\AppData\Local\Temp\RarSFX1\wsutils.dll . . . . Failed to delete</p><p>.</p><p>.</p><p>((((((((((((((((((((((((( Files Created from 2016-01-08 to 2016-02-08 )))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>2016-02-08 06:30 . 2016-02-08 06:30 -------- d-----w- c:\users\Default\AppData\Local\temp</p><p>2016-02-08 05:50 . 2016-02-08 05:50 -------- d-----w- c:\windows\Migration</p><p>2016-02-08 05:12 . 2016-02-08 05:12 -------- d-----w- c:\programdata\regid.1995-08.com.techsmith</p><p>2016-02-08 05:12 . 2016-02-08 05:12 -------- d-----w- c:\program files\QuickTime</p><p>2016-02-08 05:12 . 2016-02-08 05:12 -------- d-----w- c:\program files\Common Files\TechSmith Shared</p><p>2016-02-08 05:10 . 2016-02-08 05:10 -------- d-----w- c:\programdata\TechSmith</p><p>2016-02-08 05:10 . 2016-02-08 05:10 -------- d-----w- c:\program files\TechSmith</p><p>2016-02-08 00:55 . 2016-02-08 00:55 -------- d-----w- c:\programdata\VS Revo Group</p><p>2016-02-08 00:55 . 2009-12-30 18:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys</p><p>2016-02-08 00:55 . 2016-02-08 00:55 -------- d-----w- c:\program files\VS Revo Group</p><p>2016-02-08 00:48 . 2016-02-08 00:48 -------- d-----w- c:\programdata\Ashampoo</p><p>2016-02-07 21:14 . 2016-02-04 06:01 0 ----a-w- c:\windows\system32\drivers\avchv.sys</p><p>2016-02-07 21:04 . 2014-05-14 16:23 45536 ----a-w- c:\windows\system32\wups2.dll</p><p>2016-02-07 21:04 . 2014-05-14 16:23 54240 ----a-w- c:\windows\system32\wuauclt.exe</p><p>2016-02-07 21:04 . 2014-05-14 16:17 2425856 ----a-w- c:\windows\system32\wucltux.dll</p><p>2016-02-07 21:04 . 2014-05-14 16:23 1973728 ----a-w- c:\windows\system32\wuaueng.dll</p><p>2016-02-07 21:03 . 2014-05-14 16:23 36320 ----a-w- c:\windows\system32\wups.dll</p><p>2016-02-07 21:03 . 2014-05-14 16:23 581600 ----a-w- c:\windows\system32\wuapi.dll</p><p>2016-02-07 21:03 . 2014-05-14 16:17 92672 ----a-w- c:\windows\system32\wudriver.dll</p><p>2016-02-07 21:03 . 2014-05-14 17:23 179656 ----a-w- c:\windows\system32\wuwebv.dll</p><p>2016-02-07 21:03 . 2014-05-14 17:17 33792 ----a-w- c:\windows\system32\wuapp.exe</p><p>2016-02-07 08:24 . 2016-02-07 08:24 -------- d-----w- c:\programdata\Geevs</p><p>2016-02-07 08:23 . 2016-02-07 08:23 -------- d-----w- c:\programdata\Package Cache</p><p>2016-02-06 18:29 . 2016-02-06 18:29 -------- d-----w- c:\program files\Google</p><p>2016-02-06 17:23 . 2016-02-06 17:24 -------- d-----w- c:\programdata\Globe Tattoo Broadband</p><p>2016-02-06 17:23 . 2016-02-06 17:22 168960 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys</p><p>2016-02-06 17:23 . 2016-02-06 17:22 85248 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys</p><p>2016-02-06 17:23 . 2016-02-06 17:22 72576 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys</p><p>2016-02-06 17:23 . 2016-02-06 17:22 51456 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys</p><p>2016-02-06 17:23 . 2016-02-06 17:22 26496 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys</p><p>2016-02-06 17:23 . 2016-02-06 17:22 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll</p><p>2016-02-06 17:23 . 2016-02-06 17:22 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll</p><p>2016-02-06 17:22 . 2016-02-06 17:22 860928 ----a-w- c:\windows\system32\drivers\mod7700.sys</p><p>2016-02-06 17:22 . 2016-02-06 17:22 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys</p><p>2016-02-06 17:22 . 2016-02-06 17:22 27136 ----a-w- c:\windows\system32\drivers\ewdcsc.sys</p><p>2016-02-06 17:22 . 2016-02-06 17:22 208896 ----a-w- c:\windows\system32\drivers\ewusbnet.sys</p><p>2016-02-06 17:22 . 2016-02-06 17:22 106880 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys</p><p>2016-02-06 17:22 . 2016-02-06 17:22 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys</p><p>2016-02-06 17:21 . 2016-02-06 17:24 -------- d-----w- c:\program files\Globe Tattoo Broadband</p><p>2016-02-06 17:21 . 2016-02-06 17:25 -------- d-----w- c:\programdata\DatacardService</p><p>2016-02-06 05:27 . 2016-02-06 05:27 -------- d-----w- c:\program files\Microsoft.NET</p><p>2016-02-04 06:01 . 2013-04-17 22:59 633344 ----a-w- c:\windows\system32\drivers\avc3.sys</p><p>2016-02-04 06:01 . 2013-04-17 22:59 486536 ----a-w- c:\windows\system32\drivers\avckf.sys</p><p>2016-02-04 06:01 . 2016-02-04 06:01 -------- d-----w- c:\program files\Bitdefender</p><p>2016-02-04 06:01 . 2013-04-22 21:20 164952 ----a-w- c:\windows\system32\drivers\gzflt.sys</p><p>2016-02-04 06:00 . 2013-05-28 20:11 355744 ----a-w- c:\windows\system32\drivers\trufos.sys</p><p>2016-02-04 04:39 . 2016-02-08 03:45 -------- d-----w- c:\programdata\Malwarebytes Anti-Exploit</p><p>2016-02-04 04:39 . 2016-02-04 04:39 -------- d-----w- c:\program files\Malwarebytes Anti-Exploit</p><p>2016-02-01 21:14 . 2009-07-15 07:27 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll</p><p>2016-02-01 19:20 . 2016-02-06 03:41 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys</p><p>2016-02-01 19:20 . 2016-02-03 05:45 -------- d-----w- c:\program files\Malwarebytes Anti-Malware</p><p>2016-02-01 19:20 . 2016-02-01 19:20 -------- d-----w- c:\programdata\Malwarebytes</p><p>2016-02-01 19:20 . 2015-10-05 17:50 51928 ----a-w- c:\windows\system32\drivers\mwac.sys</p><p>2016-02-01 19:20 . 2015-10-05 17:50 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys</p><p>2016-02-01 19:20 . 2015-10-05 17:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys</p><p>2016-02-01 06:53 . 2016-02-01 06:53 -------- d--h--w- c:\program files\InstallJammer Registry</p><p>2016-01-30 22:34 . 2016-01-30 22:34 -------- d-----w- c:\windows\system32\SupportAppPBHostless Modem</p><p>2016-01-30 22:34 . 2016-01-30 22:34 -------- d-----w- c:\program files\Hostless Modem</p><p>2016-01-30 20:09 . 2016-02-08 05:16 -------- d-----w- c:\users\Keanu</p><p>2016-01-30 20:07 . 2016-01-30 20:12 -------- d-----w- c:\program files\IDT</p><p>2016-01-30 20:07 . 2010-04-01 07:06 139776 ----a-w- c:\windows\system32\aestacap.dll</p><p>2016-01-30 20:07 . 2009-10-09 17:45 380928 ----a-w- c:\windows\system32\aestecap.dll</p><p>2016-01-30 20:07 . 2009-03-02 18:57 61440 ----a-w- c:\windows\system32\aestaren.dll</p><p>2016-01-30 20:07 . 2010-03-23 15:53 536576 ----a-w- c:\windows\system32\idtmini1.exe</p><p>2016-01-30 20:07 . 2010-03-23 15:53 495708 ----a-w- c:\windows\sttray.exe</p><p>2016-01-30 20:07 . 2010-03-23 15:53 3354624 ----a-w- c:\windows\system32\stlang.dll</p><p>2016-01-30 20:07 . 2010-03-23 15:53 12628060 ----a-w- c:\windows\system32\idtcpl.cpl</p><p>2016-01-30 20:07 . 2009-03-02 18:47 86016 ----a-w- c:\windows\system32\AESTCom.dll</p><p>2016-01-30 20:07 . 2016-01-30 20:07 -------- d-----w- c:\windows\system32\SRSLabs</p><p>2016-01-30 06:21 . 2015-12-16 18:15 9014120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ADB45125-0B7A-4050-A88C-25D14CA4A3EC}\mpengine.dll</p><p>2016-01-30 06:21 . 2015-12-02 21:25 247976 ----a-w- c:\windows\system32\MpSigStub.exe</p><p>2016-01-30 05:34 . 2016-01-30 20:12 -------- d-----w- c:\program files\VideoLAN</p><p>2016-01-30 04:58 . 2016-01-30 04:58 -------- d-----w- c:\programdata\IDM</p><p>2016-01-30 04:57 . 2016-01-30 20:12 -------- d-----w- c:\program files\Internet Download Manager</p><p>2016-01-30 04:30 . 2016-01-30 23:15 -------- d-----w- c:\program files\CCleaner</p><p>2016-01-30 03:31 . 2016-01-30 20:12 -------- d-----w- c:\program files\Unlocker</p><p>2016-01-30 02:37 . 2016-01-30 20:12 -------- d-----w- c:\program files\Intel</p><p>2016-01-30 02:37 . 2012-11-23 02:57 70248 ----a-w- c:\windows\system32\PrxerDrv.dll</p><p>2016-01-30 02:37 . 2012-11-23 02:57 56424 ----a-w- c:\windows\system32\PrxerNsp.dll</p><p>2016-01-30 02:37 . 2012-11-23 02:57 91240 ----a-w- c:\windows\system32\ProxifierShellExt.dll</p><p>2016-01-30 02:35 . 2016-01-30 20:12 -------- d--h--w- c:\program files\InstallShield Installation Information</p><p>2016-01-30 01:31 . 2016-01-30 20:12 -------- d-----w- c:\programdata\BlueStacks</p><p>2016-01-30 00:40 . 1997-06-06 23:52 11264 ----a-w- c:\windows\system32\SPORDER.DLL</p><p>2016-01-30 00:40 . 2016-01-30 20:12 -------- d-----w- c:\program files\Proxifier</p><p>2016-01-30 00:34 . 2016-01-30 20:12 -------- d-----w- c:\program files\BlueStacks</p><p>2016-01-30 00:33 . 2016-02-08 05:56 -------- d-sh--w- c:\windows\Installer</p><p>2016-01-30 00:30 . 2016-01-30 00:30 796864 ----a-w- c:\windows\system32\FlashPlayerApp.exe</p><p>2016-01-30 00:30 . 2016-01-30 00:30 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl</p><p>2016-01-30 00:30 . 2016-01-30 20:13 -------- d-----w- c:\windows\system32\Macromed</p><p>2016-01-30 00:29 . 2016-02-08 05:38 -------- d-----w- c:\program files\Opera</p><p>2016-01-30 00:22 . 2010-03-23 15:53 940544 ----a-w- c:\windows\system32\stapo.dll</p><p>2016-01-30 00:22 . 2010-03-23 15:53 527872 ------w- c:\windows\system32\stapi32.dll</p><p>2016-01-30 00:22 . 2010-03-23 15:53 423424 ----a-w- c:\windows\system32\drivers\stwrt.sys</p><p>2016-01-30 00:22 . 2010-03-23 15:53 405504 ----a-w- c:\windows\system32\stcplx.dll</p><p>2016-01-30 00:22 . 2010-03-23 15:53 175616 ----a-w- c:\windows\system32\staco.dll</p><p>2016-01-29 00:11 . 2016-01-29 00:11 -------- d-----w- C:\Intel</p><p>2016-01-28 14:47 . 2016-01-28 09:20 134248 ----a-w- c:\windows\system32\drivers\idmwfp.sys</p><p>.</p><p>.</p><p>.</p><p>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>2016-02-01 06:53 . 2016-02-01 06:53 1486076 ----a-w- c:\windows\cursors\uninstall.exe</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>*Note* empty entries & legit default entries are not shown </p><p>REGEDIT4</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ IDM Shell Extension]</p><p>@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]</p><p>2015-08-14 12:52 23520 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll</p><p>.</p><p>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2016-01-30 3931728]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-11-13 138784]</p><p>"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-11-13 172064]</p><p>"Persistence"="c:\windows\system32\igfxpers.exe" [2012-11-13 173600]</p><p>"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-23 495708]</p><p>"Malwarebytes Anti-Exploit"="c:\program files\Malwarebytes Anti-Exploit\mbae.exe" [2016-01-29 2622432]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</p><p>"ConsentPromptBehaviorAdmin"= 5 (0x5)</p><p>"ConsentPromptBehaviorUser"= 3 (0x3)</p><p>"EnableUIADesktopToggle"= 0 (0x0)</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]</p><p>"aux"=wdmaud.drv</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent]</p><p>2016-01-07 16:52 888344 ----a-w- c:\program files\BlueStacks\HD-Agent.exe</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CancelAutoPlay_df]</p><p>2014-11-03 08:41 447744 ----a-w- c:\program files\Hostless Modem\SMART BRO\CancelAutoPlay_df.exe</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]</p><p>2016-01-15 20:43 6628056 ----a-w- c:\program files\CCleaner\CCleaner.exe</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CheckNDISPort51ac05]</p><p>2014-11-03 08:41 468736 ----a-w- c:\program files\Hostless Modem\SMART BRO\CheckNDISPort_df.exe</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]</p><p>2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe</p><p>.</p><p>R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]</p><p>R3 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [2016-01-07 413208]</p><p>R3 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files\BlueStacks\HD-UpdaterService.exe [2016-01-07 859672]</p><p>R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]</p><p>R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2016-02-06 102784]</p><p>R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]</p><p>R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]</p><p>R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]</p><p>R4 Globe Tattoo Broadband. RunOuc;Globe Tattoo Broadband. OUC;c:\program files\Globe Tattoo Broadband\UpdateDog\ouc.exe [2016-02-06 218624]</p><p>R4 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [2010-11-16 264704]</p><p>S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2013-04-17 633344]</p><p>S1 bdfwfpf;bdfwfpf;c:\program files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [2013-07-02 108008]</p><p>S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files\Malwarebytes Anti-Exploit\mbae.sys [2016-01-29 50016]</p><p>S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1f4e5527ca660a3d\aestsrv.exe [2009-03-02 81920]</p><p>S2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [2016-01-07 140856]</p><p>S2 gzserv;Bitdefender Antivirus Free Edition;c:\program files\Bitdefender\Antivirus Free Edition\gzserv.exe [2013-10-24 57520]</p><p>S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2016-01-28 134248]</p><p>S2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files\Malwarebytes Anti-Exploit\mbae-svc.exe [2016-01-29 740832]</p><p>S3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2013-04-17 486536]</p><p>S3 CFcatchme;CFcatchme;c:\users\Keanu\AppData\Local\Temp\CFcatchme.sys [x]</p><p>S3 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [2013-04-22 164952]</p><p>S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2016-02-06 72576]</p><p>S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-15 127488]</p><p>S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]</p><p>.</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]</p><p>2016-02-06 18:29 1090376 ----a-w- c:\program files\Google\Chrome\Application\48.0.2564.103\Installer\chrmstp.exe</p><p>.</p><p>Contents of the 'Scheduled Tasks' folder</p><p>.</p><p>2016-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>- c:\program files\Google\Update\GoogleUpdate.exe [2016-02-06 18:29]</p><p>.</p><p>2016-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>- c:\program files\Google\Update\GoogleUpdate.exe [2016-02-06 18:29]</p><p>.</p><p>.</p><p>------- Supplementary Scan -------</p><p>.</p><p>IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm</p><p>IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm</p><p>LSP: %SystemRoot%\system32\PrxerDrv.dll</p><p>TCP: DhcpNameServer = 8.8.8.8</p><p>.</p><p>- - - - ORPHANS REMOVED - - - -</p><p>.</p><p>MSConfigStartUp-ProxyCap - c:\program files\Proxy Labs\ProxyCap\pcapui.exe</p><p>.</p><p>.</p><p>.</p><p>--------------------- LOCKED REGISTRY KEYS ---------------------</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]</p><p>@Denied: (A) (Users)</p><p>@Denied: (A) (Everyone)</p><p>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</p><p>"BlindDial"=dword:00000000</p><p>"MSCurrentCountry"=dword:000000b5</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]</p><p>@Denied: (A) (Users)</p><p>@Denied: (A) (Everyone)</p><p>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</p><p>"BlindDial"=dword:00000000</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]</p><p>@Denied: (Full) (Everyone)</p><p>.</p><p>--------------------- DLLs Loaded Under Running Processes ---------------------</p><p>.</p><p>- - - - - - - > 'Explorer.exe'(1092)</p><p>c:\windows\system32\cscapi.dll</p><p>c:\windows\system32\thumbcache.dll</p><p>c:\windows\system32\wdmaud.drv</p><p>c:\windows\system32\stobject.dll</p><p>c:\windows\system32\BatMeter.dll</p><p>c:\windows\system32\prnfldr.dll</p><p>c:\windows\system32\dxp.dll</p><p>c:\windows\System32\netshell.dll</p><p>c:\windows\System32\AltTab.dll</p><p>c:\windows\system32\wpdshserviceobj.dll</p><p>c:\windows\system32\PortableDeviceTypes.dll</p><p>c:\windows\system32\taskschd.dll</p><p>c:\windows\System32\QUtil.dll</p><p>c:\windows\System32\srchadmin.dll</p><p>c:\windows\system32\Wlanapi.dll</p><p>c:\windows\system32\wwapi.dll</p><p>c:\windows\system32\OLEACC.dll</p><p>c:\windows\System32\drprov.dll</p><p>c:\windows\System32\DAVHLPR.dll</p><p>c:\windows\System32\MFPlat.DLL</p><p>.</p><p>------------------------ Other Running Processes ------------------------</p><p>.</p><p>c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1f4e5527ca660a3d\STacSV.exe</p><p>c:\windows\system32\taskhost.exe</p><p>c:\program files\Bitdefender\Antivirus Free Edition\gziface.exe</p><p>c:\windows\system32\conhost.exe</p><p>c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe</p><p>c:\windows\system32\sppsvc.exe</p><p>c:\program files\VideoLAN\VLC\vlc.exe</p><p>.</p><p>**************************************************************************</p><p>.</p><p>Completion time: 2016-02-07 22:37:03 - machine was rebooted</p><p>ComboFix-quarantined-files.txt 2016-02-08 06:37</p><p>.</p><p>Pre-Run: 18,286,440,448 bytes free</p><p>Post-Run: 18,101,448,704 bytes free</p><p>.</p><p>- - End Of File - - 740CBC607DA1B6F8894CAF272389BE07</p><p>A36C5E4F47E84449FF07ED3517B43A31</p><p>[/SPOILER]</p><p></p><p>PS. Sorry that I put the log file in a spoiler; I can't upload the file <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite118" alt=":oops:" title="Oops! :oops:" loading="lazy" data-shortname=":oops:" /></p></blockquote><p></p>
[QUOTE="Keanu, post: 478344, member: 49185"] Can You please analyze my log file, as I'm not an expert :) Thanks in Advance! :D [SPOILER="Log File"]ComboFix 16-02-05.01 - Keanu 02/07/2016 22:20:40.2.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1979.1160 [GMT -8:00] Running from: c:\users\Keanu\Downloads\Programs\ComboFix.exe AV: Bitdefender Antivirus Free Edition *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4} SP: Bitdefender Antivirus Free Edition *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\1454310879.bdinstall.bin c:\programdata\1454311183.bdinstall.bin c:\programdata\1454311331.bdinstall.bin c:\programdata\1454312710.bdinstall.bin c:\programdata\1454312883.bdinstall.bin c:\programdata\1454312922.bdinstall.bin c:\programdata\1454313003.bdinstall.bin c:\programdata\1454313690.bdinstall.bin c:\programdata\1454350944.bdinstall.bin c:\programdata\1454350952.bdinstall.bin c:\programdata\1454351070.bdinstall.bin c:\programdata\1454353864.3272.bin c:\programdata\1454353864.bdinstall.bin c:\programdata\1454353870.bdinstall.bin c:\programdata\1454360864.bdinstall.bin c:\programdata\1454470958.bdinstall.bin c:\programdata\1454470960.bdinstall.bin c:\programdata\1454565310.bdinstall.bin c:\programdata\1454738721.bdinstall.bin c:\programdata\1454738730.bdinstall.bin c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\ar\messages.json c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\bg\messages.json c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\ca\messages.json c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\cs\messages.json c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\da\messages.json c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\de\messages.json c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\el\messages.json c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\en\messages.json c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\es\messages.json c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\fi\messages.json c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\fr\messages.json c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\gu\messages.json c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\he\messages.json c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\hr\messages.json c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\hu\messages.json c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\id\messages.json c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\it\messages.json c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\ja\messages.json c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\ko\messages.json c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\nb\messages.json c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\nl\messages.json c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\pl\messages.json c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\pt_BR\messages.json c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\pt_PT\messages.json c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\ro\messages.json c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\ru\messages.json c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\sk\messages.json c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\sl\messages.json c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\sr\messages.json c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\sv\messages.json c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\tr\messages.json c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\uk\messages.json c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\vi\messages.json c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\zh_CN\messages.json c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_locales\zh_TW\messages.json c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_metadata\computed_hashes.json c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\_metadata\verified_contents.json c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\adblock_safari_beforeload.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\adblock_safari_contentblocking.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\adblock_start_chrome.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\adblock_start_common.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\background.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\bandaids.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\button\popup.css c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\button\popup.html c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\button\popup.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\CHANGELOG.txt c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\checkupdates.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\chrome_oauth_receiver.html c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\chrome_oauth_receiver.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\datacollection.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\dropbox-datastores.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\filtering\declarativewebrequest.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\filtering\domainset.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\filtering\filternormalizer.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\filtering\filteroptions.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\filtering\filterset.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\filtering\filtertypes.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\filtering\myfilters.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\functions.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\gab_question.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\idlehandler.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\delete.gif c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\dropbox1.png c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\dropbox2.png c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\dropbox3.png c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\facebook-sprite.png c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\gplus-sprite.png c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon128.png c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon16.png c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon16_grayscale.png c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon16_grayscale@2x.png c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon19-grayscale.png c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon19-whitelisted.png c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon19.png c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon24.png c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon32.png c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon38-grayscale.png c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon38-whitelisted.png c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon38.png c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\icon48.png c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\loader.gif c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\logo.png c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\search\check.png c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\search\magnifying_glass.png c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\search\search-engine-card_no-shadow.png c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\search\search-engine-icons.png c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\search\search-omnibox-card_no-shadow.png c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\search\search_engine_select_arrow.png c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\img\twitter-sprite.png c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-bg_flat_55_999999_40x100.png c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-bg_flat_75_aaaaaa_40x100.png c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-bg_glass_45_0078ae_1x400.png c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-bg_glass_55_f8da4e_1x400.png c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-bg_glass_75_79c9ec_1x400.png c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-bg_gloss-wave_50_38cfff_500x100.png c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-bg_gloss-wave_75_2191c0_500x100.png c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-bg_inset-hard_100_fcfdfd_1x100.png c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-icons_056b93_256x240.png c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\images\ui-icons_d8e7f3_256x240.png c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\jquery-ui.custom.css c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\css\override-page.css c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\jquery-ui.custom.min.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\jquery.cookie.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\jquery\jquery.min.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\LICENSE c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\manifest.json c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\notificationoverlay.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\bug-report.html c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\bug-report.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\customize.html c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\customize.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\filters.html c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\filters.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\general.html c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\general.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\index.html c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\index.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\options.css c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\support.html c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\options\support.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\pages\adreport.html c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\pages\adreport.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\pages\resourceblock.css c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\pages\resourceblock.html c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\pages\resourceblock.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\pages\subscribe.css c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\pages\subscribe.html c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\pages\subscribe.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\port.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\punycode.min.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\README.markdown c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\stats.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\survey.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\translators.json c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\blacklisting\blacklistui.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\blacklisting\clickwatcher.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\blacklisting\elementchain.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\blacklisting\overlay.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\blacklisting\rightclick_hook.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\load_jquery_ui.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\send_content_to_back.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\top_open_blacklist_ui.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\uiscripts\top_open_whitelist_ui.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.49_0\ytchannel.js c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage-journal c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage c:\users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Preferences c:\users\Keanu\AppData\Roaming\Microsoft\Windows\Recent\Your Software Deals.url c:\windows\system32\drivers\SETD431.tmp c:\users\Keanu\AppData\Local\Temp\RarSFX1\additional.dll . . . . Failed to delete c:\users\Keanu\AppData\Local\Temp\RarSFX1\avcheck.exe . . . . Failed to delete c:\users\Keanu\AppData\Local\Temp\RarSFX1\bdardrv.dll . . . . Failed to delete c:\users\Keanu\AppData\Local\Temp\RarSFX1\bdmetrics.dll . . . . Failed to delete c:\users\Keanu\AppData\Local\Temp\RarSFX1\bdnc.dll . . . . Failed to delete c:\users\Keanu\AppData\Local\Temp\RarSFX1\bdselfpr.sys . . . . Failed to delete c:\users\Keanu\AppData\Local\Temp\RarSFX1\core\bdcore.dll . . . . Failed to delete c:\users\Keanu\AppData\Local\Temp\RarSFX1\gzflt.sys . . . . Failed to delete c:\users\Keanu\AppData\Local\Temp\RarSFX1\gzfltum.dll . . . . Failed to delete c:\users\Keanu\AppData\Local\Temp\RarSFX1\htmlayout.dll . . . . Failed to delete c:\users\Keanu\AppData\Local\Temp\RarSFX1\Installer.exe . . . . Failed to delete c:\users\Keanu\AppData\Local\Temp\RarSFX1\installerpackage.exe . . . . Failed to delete c:\users\Keanu\AppData\Local\Temp\RarSFX1\lang\en-US.exe . . . . Failed to delete c:\users\Keanu\AppData\Local\Temp\RarSFX1\lang\it-IT.exe . . . . Failed to delete c:\users\Keanu\AppData\Local\Temp\RarSFX1\lang\pt-BR.exe . . . . Failed to delete c:\users\Keanu\AppData\Local\Temp\RarSFX1\lang\ro-RO.exe . . . . Failed to delete c:\users\Keanu\AppData\Local\Temp\RarSFX1\npcomm.dll . . . . Failed to delete c:\users\Keanu\AppData\Local\Temp\RarSFX1\setuplauncher.exe . . . . Failed to delete c:\users\Keanu\AppData\Local\Temp\RarSFX1\trufos.dll . . . . Failed to delete c:\users\Keanu\AppData\Local\Temp\RarSFX1\trufos.sys . . . . Failed to delete c:\users\Keanu\AppData\Local\Temp\RarSFX1\unrar.dll . . . . Failed to delete c:\users\Keanu\AppData\Local\Temp\RarSFX1\WPFKickstarter.exe . . . . Failed to delete c:\users\Keanu\AppData\Local\Temp\RarSFX1\WPFKickstarter4.exe . . . . Failed to delete c:\users\Keanu\AppData\Local\Temp\RarSFX1\wslib.dll . . . . Failed to delete c:\users\Keanu\AppData\Local\Temp\RarSFX1\wspack.dll . . . . Failed to delete c:\users\Keanu\AppData\Local\Temp\RarSFX1\wsutils.dll . . . . Failed to delete . . ((((((((((((((((((((((((( Files Created from 2016-01-08 to 2016-02-08 ))))))))))))))))))))))))))))))) . . 2016-02-08 06:30 . 2016-02-08 06:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2016-02-08 05:50 . 2016-02-08 05:50 -------- d-----w- c:\windows\Migration 2016-02-08 05:12 . 2016-02-08 05:12 -------- d-----w- c:\programdata\regid.1995-08.com.techsmith 2016-02-08 05:12 . 2016-02-08 05:12 -------- d-----w- c:\program files\QuickTime 2016-02-08 05:12 . 2016-02-08 05:12 -------- d-----w- c:\program files\Common Files\TechSmith Shared 2016-02-08 05:10 . 2016-02-08 05:10 -------- d-----w- c:\programdata\TechSmith 2016-02-08 05:10 . 2016-02-08 05:10 -------- d-----w- c:\program files\TechSmith 2016-02-08 00:55 . 2016-02-08 00:55 -------- d-----w- c:\programdata\VS Revo Group 2016-02-08 00:55 . 2009-12-30 18:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys 2016-02-08 00:55 . 2016-02-08 00:55 -------- d-----w- c:\program files\VS Revo Group 2016-02-08 00:48 . 2016-02-08 00:48 -------- d-----w- c:\programdata\Ashampoo 2016-02-07 21:14 . 2016-02-04 06:01 0 ----a-w- c:\windows\system32\drivers\avchv.sys 2016-02-07 21:04 . 2014-05-14 16:23 45536 ----a-w- c:\windows\system32\wups2.dll 2016-02-07 21:04 . 2014-05-14 16:23 54240 ----a-w- c:\windows\system32\wuauclt.exe 2016-02-07 21:04 . 2014-05-14 16:17 2425856 ----a-w- c:\windows\system32\wucltux.dll 2016-02-07 21:04 . 2014-05-14 16:23 1973728 ----a-w- c:\windows\system32\wuaueng.dll 2016-02-07 21:03 . 2014-05-14 16:23 36320 ----a-w- c:\windows\system32\wups.dll 2016-02-07 21:03 . 2014-05-14 16:23 581600 ----a-w- c:\windows\system32\wuapi.dll 2016-02-07 21:03 . 2014-05-14 16:17 92672 ----a-w- c:\windows\system32\wudriver.dll 2016-02-07 21:03 . 2014-05-14 17:23 179656 ----a-w- c:\windows\system32\wuwebv.dll 2016-02-07 21:03 . 2014-05-14 17:17 33792 ----a-w- c:\windows\system32\wuapp.exe 2016-02-07 08:24 . 2016-02-07 08:24 -------- d-----w- c:\programdata\Geevs 2016-02-07 08:23 . 2016-02-07 08:23 -------- d-----w- c:\programdata\Package Cache 2016-02-06 18:29 . 2016-02-06 18:29 -------- d-----w- c:\program files\Google 2016-02-06 17:23 . 2016-02-06 17:24 -------- d-----w- c:\programdata\Globe Tattoo Broadband 2016-02-06 17:23 . 2016-02-06 17:22 168960 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys 2016-02-06 17:23 . 2016-02-06 17:22 85248 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys 2016-02-06 17:23 . 2016-02-06 17:22 72576 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys 2016-02-06 17:23 . 2016-02-06 17:22 51456 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys 2016-02-06 17:23 . 2016-02-06 17:22 26496 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys 2016-02-06 17:23 . 2016-02-06 17:22 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll 2016-02-06 17:23 . 2016-02-06 17:22 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll 2016-02-06 17:22 . 2016-02-06 17:22 860928 ----a-w- c:\windows\system32\drivers\mod7700.sys 2016-02-06 17:22 . 2016-02-06 17:22 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys 2016-02-06 17:22 . 2016-02-06 17:22 27136 ----a-w- c:\windows\system32\drivers\ewdcsc.sys 2016-02-06 17:22 . 2016-02-06 17:22 208896 ----a-w- c:\windows\system32\drivers\ewusbnet.sys 2016-02-06 17:22 . 2016-02-06 17:22 106880 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys 2016-02-06 17:22 . 2016-02-06 17:22 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys 2016-02-06 17:21 . 2016-02-06 17:24 -------- d-----w- c:\program files\Globe Tattoo Broadband 2016-02-06 17:21 . 2016-02-06 17:25 -------- d-----w- c:\programdata\DatacardService 2016-02-06 05:27 . 2016-02-06 05:27 -------- d-----w- c:\program files\Microsoft.NET 2016-02-04 06:01 . 2013-04-17 22:59 633344 ----a-w- c:\windows\system32\drivers\avc3.sys 2016-02-04 06:01 . 2013-04-17 22:59 486536 ----a-w- c:\windows\system32\drivers\avckf.sys 2016-02-04 06:01 . 2016-02-04 06:01 -------- d-----w- c:\program files\Bitdefender 2016-02-04 06:01 . 2013-04-22 21:20 164952 ----a-w- c:\windows\system32\drivers\gzflt.sys 2016-02-04 06:00 . 2013-05-28 20:11 355744 ----a-w- c:\windows\system32\drivers\trufos.sys 2016-02-04 04:39 . 2016-02-08 03:45 -------- d-----w- c:\programdata\Malwarebytes Anti-Exploit 2016-02-04 04:39 . 2016-02-04 04:39 -------- d-----w- c:\program files\Malwarebytes Anti-Exploit 2016-02-01 21:14 . 2009-07-15 07:27 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2016-02-01 19:20 . 2016-02-06 03:41 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2016-02-01 19:20 . 2016-02-03 05:45 -------- d-----w- c:\program files\Malwarebytes Anti-Malware 2016-02-01 19:20 . 2016-02-01 19:20 -------- d-----w- c:\programdata\Malwarebytes 2016-02-01 19:20 . 2015-10-05 17:50 51928 ----a-w- c:\windows\system32\drivers\mwac.sys 2016-02-01 19:20 . 2015-10-05 17:50 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2016-02-01 19:20 . 2015-10-05 17:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys 2016-02-01 06:53 . 2016-02-01 06:53 -------- d--h--w- c:\program files\InstallJammer Registry 2016-01-30 22:34 . 2016-01-30 22:34 -------- d-----w- c:\windows\system32\SupportAppPBHostless Modem 2016-01-30 22:34 . 2016-01-30 22:34 -------- d-----w- c:\program files\Hostless Modem 2016-01-30 20:09 . 2016-02-08 05:16 -------- d-----w- c:\users\Keanu 2016-01-30 20:07 . 2016-01-30 20:12 -------- d-----w- c:\program files\IDT 2016-01-30 20:07 . 2010-04-01 07:06 139776 ----a-w- c:\windows\system32\aestacap.dll 2016-01-30 20:07 . 2009-10-09 17:45 380928 ----a-w- c:\windows\system32\aestecap.dll 2016-01-30 20:07 . 2009-03-02 18:57 61440 ----a-w- c:\windows\system32\aestaren.dll 2016-01-30 20:07 . 2010-03-23 15:53 536576 ----a-w- c:\windows\system32\idtmini1.exe 2016-01-30 20:07 . 2010-03-23 15:53 495708 ----a-w- c:\windows\sttray.exe 2016-01-30 20:07 . 2010-03-23 15:53 3354624 ----a-w- c:\windows\system32\stlang.dll 2016-01-30 20:07 . 2010-03-23 15:53 12628060 ----a-w- c:\windows\system32\idtcpl.cpl 2016-01-30 20:07 . 2009-03-02 18:47 86016 ----a-w- c:\windows\system32\AESTCom.dll 2016-01-30 20:07 . 2016-01-30 20:07 -------- d-----w- c:\windows\system32\SRSLabs 2016-01-30 06:21 . 2015-12-16 18:15 9014120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ADB45125-0B7A-4050-A88C-25D14CA4A3EC}\mpengine.dll 2016-01-30 06:21 . 2015-12-02 21:25 247976 ----a-w- c:\windows\system32\MpSigStub.exe 2016-01-30 05:34 . 2016-01-30 20:12 -------- d-----w- c:\program files\VideoLAN 2016-01-30 04:58 . 2016-01-30 04:58 -------- d-----w- c:\programdata\IDM 2016-01-30 04:57 . 2016-01-30 20:12 -------- d-----w- c:\program files\Internet Download Manager 2016-01-30 04:30 . 2016-01-30 23:15 -------- d-----w- c:\program files\CCleaner 2016-01-30 03:31 . 2016-01-30 20:12 -------- d-----w- c:\program files\Unlocker 2016-01-30 02:37 . 2016-01-30 20:12 -------- d-----w- c:\program files\Intel 2016-01-30 02:37 . 2012-11-23 02:57 70248 ----a-w- c:\windows\system32\PrxerDrv.dll 2016-01-30 02:37 . 2012-11-23 02:57 56424 ----a-w- c:\windows\system32\PrxerNsp.dll 2016-01-30 02:37 . 2012-11-23 02:57 91240 ----a-w- c:\windows\system32\ProxifierShellExt.dll 2016-01-30 02:35 . 2016-01-30 20:12 -------- d--h--w- c:\program files\InstallShield Installation Information 2016-01-30 01:31 . 2016-01-30 20:12 -------- d-----w- c:\programdata\BlueStacks 2016-01-30 00:40 . 1997-06-06 23:52 11264 ----a-w- c:\windows\system32\SPORDER.DLL 2016-01-30 00:40 . 2016-01-30 20:12 -------- d-----w- c:\program files\Proxifier 2016-01-30 00:34 . 2016-01-30 20:12 -------- d-----w- c:\program files\BlueStacks 2016-01-30 00:33 . 2016-02-08 05:56 -------- d-sh--w- c:\windows\Installer 2016-01-30 00:30 . 2016-01-30 00:30 796864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2016-01-30 00:30 . 2016-01-30 00:30 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2016-01-30 00:30 . 2016-01-30 20:13 -------- d-----w- c:\windows\system32\Macromed 2016-01-30 00:29 . 2016-02-08 05:38 -------- d-----w- c:\program files\Opera 2016-01-30 00:22 . 2010-03-23 15:53 940544 ----a-w- c:\windows\system32\stapo.dll 2016-01-30 00:22 . 2010-03-23 15:53 527872 ------w- c:\windows\system32\stapi32.dll 2016-01-30 00:22 . 2010-03-23 15:53 423424 ----a-w- c:\windows\system32\drivers\stwrt.sys 2016-01-30 00:22 . 2010-03-23 15:53 405504 ----a-w- c:\windows\system32\stcplx.dll 2016-01-30 00:22 . 2010-03-23 15:53 175616 ----a-w- c:\windows\system32\staco.dll 2016-01-29 00:11 . 2016-01-29 00:11 -------- d-----w- C:\Intel 2016-01-28 14:47 . 2016-01-28 09:20 134248 ----a-w- c:\windows\system32\drivers\idmwfp.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2016-02-01 06:53 . 2016-02-01 06:53 1486076 ----a-w- c:\windows\cursors\uninstall.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2015-08-14 12:52 23520 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2016-01-30 3931728] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-11-13 138784] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-11-13 172064] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-11-13 173600] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-23 495708] "Malwarebytes Anti-Exploit"="c:\program files\Malwarebytes Anti-Exploit\mbae.exe" [2016-01-29 2622432] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent] 2016-01-07 16:52 888344 ----a-w- c:\program files\BlueStacks\HD-Agent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CancelAutoPlay_df] 2014-11-03 08:41 447744 ----a-w- c:\program files\Hostless Modem\SMART BRO\CancelAutoPlay_df.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring] 2016-01-15 20:43 6628056 ----a-w- c:\program files\CCleaner\CCleaner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CheckNDISPort51ac05] 2014-11-03 08:41 468736 ----a-w- c:\program files\Hostless Modem\SMART BRO\CheckNDISPort_df.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] 2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe . R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x] R3 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [2016-01-07 413208] R3 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files\BlueStacks\HD-UpdaterService.exe [2016-01-07 859672] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2016-02-06 102784] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264] R4 Globe Tattoo Broadband. RunOuc;Globe Tattoo Broadband. OUC;c:\program files\Globe Tattoo Broadband\UpdateDog\ouc.exe [2016-02-06 218624] R4 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [2010-11-16 264704] S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2013-04-17 633344] S1 bdfwfpf;bdfwfpf;c:\program files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [2013-07-02 108008] S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files\Malwarebytes Anti-Exploit\mbae.sys [2016-01-29 50016] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1f4e5527ca660a3d\aestsrv.exe [2009-03-02 81920] S2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [2016-01-07 140856] S2 gzserv;Bitdefender Antivirus Free Edition;c:\program files\Bitdefender\Antivirus Free Edition\gzserv.exe [2013-10-24 57520] S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2016-01-28 134248] S2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files\Malwarebytes Anti-Exploit\mbae-svc.exe [2016-01-29 740832] S3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2013-04-17 486536] S3 CFcatchme;CFcatchme;c:\users\Keanu\AppData\Local\Temp\CFcatchme.sys [x] S3 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [2013-04-22 164952] S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2016-02-06 72576] S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-15 127488] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776] . . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2016-02-06 18:29 1090376 ----a-w- c:\program files\Google\Chrome\Application\48.0.2564.103\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2016-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2016-02-06 18:29] . 2016-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2016-02-06 18:29] . . ------- Supplementary Scan ------- . IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm LSP: %SystemRoot%\system32\PrxerDrv.dll TCP: DhcpNameServer = 8.8.8.8 . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-ProxyCap - c:\program files\Proxy Labs\ProxyCap\pcapui.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(1092) c:\windows\system32\cscapi.dll c:\windows\system32\thumbcache.dll c:\windows\system32\wdmaud.drv c:\windows\system32\stobject.dll c:\windows\system32\BatMeter.dll c:\windows\system32\prnfldr.dll c:\windows\system32\dxp.dll c:\windows\System32\netshell.dll c:\windows\System32\AltTab.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\taskschd.dll c:\windows\System32\QUtil.dll c:\windows\System32\srchadmin.dll c:\windows\system32\Wlanapi.dll c:\windows\system32\wwapi.dll c:\windows\system32\OLEACC.dll c:\windows\System32\drprov.dll c:\windows\System32\DAVHLPR.dll c:\windows\System32\MFPlat.DLL . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_1f4e5527ca660a3d\STacSV.exe c:\windows\system32\taskhost.exe c:\program files\Bitdefender\Antivirus Free Edition\gziface.exe c:\windows\system32\conhost.exe c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe c:\windows\system32\sppsvc.exe c:\program files\VideoLAN\VLC\vlc.exe . ************************************************************************** . Completion time: 2016-02-07 22:37:03 - machine was rebooted ComboFix-quarantined-files.txt 2016-02-08 06:37 . Pre-Run: 18,286,440,448 bytes free Post-Run: 18,101,448,704 bytes free . - - End Of File - - 740CBC607DA1B6F8894CAF272389BE07 A36C5E4F47E84449FF07ED3517B43A31 [/SPOILER] PS. Sorry that I put the log file in a spoiler; I can't upload the file :oops: [/QUOTE]
Insert quotes…
Verification
Post reply
Top