Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-04-2017 Ran by Owner (administrator) on ZAKARIA007 (19-04-2017 16:08:49) Running from C:\Documents and Settings\Owner\My Documents\Downloads\Programs Loaded Profiles: Owner (Available Profiles: Owner) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe (Intel Corporation) C:\Program Files\Intel\AMT\atchksrv.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Zhuhai Kingsoft Office Software Co.,Ltd) C:\Documents and Settings\Owner\Local Settings\Application Data\Kingsoft\WPS Office\10.1.0.5656\wtoolex\wpsupdatesvr.exe (Intel) C:\Program Files\Intel\AMT\LMS.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe (Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaRegistry.exe (Intel) C:\Program Files\Intel\AMT\UNS.exe (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe (Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation) HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2650576 2017-04-12] (Malwarebytes Corporation) HKLM\...\Winlogon: [LegalNoticeCaption] 81u3f4nt45y - 24.01.2007 - Surabaya HKLM\...\Winlogon: [LegalNoticeText] Surabaya in my birthday Don't kill me, i'm just send message from your computer Terima kasih telah menemaniku walaupun hanya sesaat, tapi bagiku sangat berarti Maafkan jika kebahagiaan yang kuminta adalah teman sepanjang hidupku Seharusnya aku mengerti bahwa keberadaanku bukanlah disisimu, hanyalah lamunan dalam sesal Untuk kekasih yang tak kan pernah kumiliki 3r1k1m0 HKLM\...\Policies\Explorer: [NoDesktopCleanupWizard] 1 HKLM\...\Policies\Explorer: [NoSharedDocuments] 1 HKLM\...\Policies\Explorer: [MaxRecentDocs] 18 HKLM\...\Policies\Explorer: [NoSMConfigurePrograms] 1 HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 1 HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1 HKU\S-1-5-19\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N HKU\S-1-5-20\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N HKU\S-1-5-21-329068152-2052111302-1801674531-1003\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3911248 2015-10-09] (Tonec Inc.) HKU\S-1-5-21-329068152-2052111302-1801674531-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6602152 2015-12-08] (Piriform Ltd) HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N IFEO\Your Image File Name Here without a path: [Debugger] SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, credssp.dll ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.) ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\..\Interfaces\{8E5FF20D-A2F9-4E15-A056-5E9B11382A14}: [NameServer] 8.8.8.8,8.8.4.4 Internet Explorer: ================== HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-329068152-2052111302-1801674531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = URLSearchHook: [S-1-5-21-329068152-2052111302-1801674531-1003] ATTENTION => Default URLSearchHook is missing HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://google.com" <======= ATTENTION BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-26] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-26] (Oracle Corporation) FireFox: ======== FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja6hpi6g.default-1480125638993 [2017-04-19] FF Homepage: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja6hpi6g.default-1480125638993 -> hxxps://www.google.com FF NetworkProxy: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja6hpi6g.default-1480125638993 -> proxy_over_tls", false FF NetworkProxy: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja6hpi6g.default-1480125638993 -> type", 0 FF Extension: (Hoxx VPN Proxy) - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja6hpi6g.default-1480125638993\Extensions\@hoxx-vpn.xpi [2017-03-27] FF Extension: (MEGA) - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja6hpi6g.default-1480125638993\Extensions\firefox@mega.co.nz.xpi [2017-04-16] FF Extension: (Tags for YouTube™) - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja6hpi6g.default-1480125638993\Extensions\jid0-cBh0nRMLV5BY1dlp33s3g7dFXLY@jetpack.xpi [2017-04-13] FF Extension: (Keywords Everywhere - Keyword Tool) - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja6hpi6g.default-1480125638993\Extensions\jid1-PmuMUcuMey5ABw@jetpack.xpi [2017-04-05] FF Extension: (LastPass: Free Password Manager) - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja6hpi6g.default-1480125638993\Extensions\support@lastpass.com [2017-04-10] FF Extension: (BrowserStack) - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja6hpi6g.default-1480125638993\Extensions\{6cc0f0f7-a6e2-4834-9682-24de2229b51e}.xpi [2017-01-07] FF Extension: (Adblock Plus) - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ja6hpi6g.default-1480125638993\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-26] FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2017-01-26] FF HKU\S-1-5-21-329068152-2052111302-1801674531-1003\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi FF HKU\S-1-5-21-329068152-2052111302-1801674531-1003\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Documents and Settings\Owner\Application Data\IDM\idmmzcc5 FF Extension: (IDM CC) - C:\Documents and Settings\Owner\Application Data\IDM\idmmzcc5 [2017-04-19] [not signed] FF HKU\S-1-5-21-329068152-2052111302-1801674531-1003\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-18] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-26] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-26] (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> C:\Program Files\SumatraPDF\npPdfViewer.dll [2013-01-13] (Simon Bünzli) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.) FF Plugin HKU\S-1-5-21-329068152-2052111302-1801674531-1003: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> C:\Program Files\SumatraPDF\npPdfViewer.dll [2013-01-13] (Simon Bünzli) FF Plugin HKU\S-1-5-21-329068152-2052111302-1801674531-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-04-19] CHR Extension: (Adblock Plus) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-23] CHR Extension: (Mobile/Responsive Web Design Tester) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elmekokodcohlommfikpmojheggnbelo [2017-04-15] CHR Extension: (Hoxx VPN Proxy) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nbcojefnccbanplpoffopkoepjmhgdgh [2017-03-23] CHR Extension: (IDM Integration Module) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-04-14] CHR Extension: (MultiLogin) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nknfhhmhoflkcijaodalbncnmidocced [2017-03-08] CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-12] CHR Extension: (Social Media Toolkit For Facebook) - C:\Documents and Settings\Owner\Desktop\Facebook_Social_Toolkit_v2.3.7\Facebook_Social_Toolkit_v2.3.7\Facebook_Social_Toolkit_v2.3.7 [2016-05-12] CHR Profile: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Profile 3 [2017-04-19] CHR Profile: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\System Profile [2017-04-19] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2017-01-26] Opera: ======= OPR Extension: (Adblock Plus) - C:\Documents and Settings\Owner\Application Data\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-03-16] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 atchksrv; C:\Program Files\Intel\AMT\atchksrv.exe [176128 2000-01-01] (Intel Corporation) [File not signed] S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed] R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2241992 2016-12-14] (ESET) R2 Kingsoft_WPS_UpdateService; C:\Documents and Settings\Owner\Local Settings\Application Data\Kingsoft\WPS Office\10.1.0.5656\wtoolex\wpsupdatesvr.exe [133376 2016-07-26] (Zhuhai Kingsoft Office Software Co.,Ltd) R2 LMS; C:\Program Files\Intel\AMT\LMS.exe [102400 2000-01-01] (Intel) [File not signed] R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [155088 2017-04-12] (Malwarebytes Corporation) R2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [374112 2010-11-11] (Ralink Technology, Corp.) R2 UNS; C:\Program Files\Intel\AMT\UNS.exe [2519040 2000-01-01] (Intel) [File not signed] S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913408 2009-01-30] (Microsoft Corporation) [File not signed] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [799744 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed] R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [113544 2016-12-05] (ESET) R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [91104 2016-12-05] (ESET) R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [140984 2016-12-05] (ESET) R2 ekbdflt; C:\WINDOWS\System32\DRIVERS\ekbdflt.sys [43920 2016-12-05] (ESET) R1 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [69304 2016-12-05] (ESET) S3 Epfwndis; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [56832 2016-12-05] (ESET) R1 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [77616 2016-12-05] (ESET) R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [59896 2017-04-12] () R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2016-08-07] (REALiX(tm)) R1 IDMTDI; C:\WINDOWS\System32\DRIVERS\idmtdi.sys [140936 2016-09-21] (Tonec Inc.) S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes) R0 mv61xxmm; C:\WINDOWS\system32\Drivers\mv61xxmm.sys [14184 2013-05-22] (Marvell Semiconductor Inc.) R0 mv64xxmm; C:\WINDOWS\system32\Drivers\mv64xxmm.sys [5632 2013-05-22] (Marvell Semiconductor Inc.) [File not signed] R0 mvxxmm; C:\WINDOWS\system32\Drivers\mvxxmm.sys [14184 2013-05-22] (Marvell Semiconductor Inc.) R2 Scutum50; C:\WINDOWS\System32\Drivers\Scutum50.sys [19072 2009-04-21] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] R0 SFAUDIO; C:\WINDOWS\System32\drivers\sfaudio.sys [24064 2008-03-28] (Sonic Focus, Inc) S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2014-09-24] (The OpenVPN Project) R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2013-05-22] (Microsoft Corporation) [File not signed] S3 rt2870; system32\DRIVERS\rt2870.sys [X] S3 taphss; system32\DRIVERS\taphss.sys [X] U3 wampapache; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-04-19 16:08 - 2017-04-19 16:08 - 00000000 ____D C:\FRST 2017-04-18 21:15 - 2017-04-18 21:15 - 00000000 ____D C:\Program Files\RogueKiller 2017-04-18 16:32 - 2017-04-18 16:32 - 00802904 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2017-04-18 16:32 - 2017-04-18 16:32 - 00144472 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2017-04-17 16:07 - 2017-04-17 16:58 - 00000000 ____D C:\Program Files\NCH Software 2017-04-17 15:27 - 2017-04-17 15:27 - 00000000 ____D C:\FlashFXP 2017-04-17 13:55 - 2017-04-17 13:55 - 00000000 ____D C:\Program Files\Globalscape 2017-04-17 13:48 - 2017-04-17 13:48 - 00000000 ____D C:\MSI96f8b.tmp 2017-04-17 02:17 - 2017-04-17 02:17 - 00000000 ____D C:\MSI904b4.tmp 2017-04-17 02:14 - 2017-04-17 02:14 - 00000000 ____D C:\MSI591f3.tmp 2017-04-17 02:13 - 2017-04-17 02:13 - 00000000 ____D C:\MSI56cb8.tmp 2017-04-17 02:10 - 2017-04-17 02:10 - 00000000 ____D C:\MSI1eefa.tmp 2017-04-17 02:09 - 2017-04-17 02:09 - 00000000 ____D C:\MSI11bbd.tmp 2017-04-17 02:07 - 2017-04-17 02:07 - 00000000 ____D C:\MSIf9e15.tmp 2017-04-17 02:06 - 2017-04-17 02:06 - 00000000 ____D C:\MSIf05be.tmp 2017-04-17 02:06 - 2017-04-17 02:06 - 00000000 ____D C:\MSIe7517.tmp 2017-04-17 01:47 - 2017-04-17 01:47 - 00000000 ____D C:\MSId38d9.tmp 2017-04-17 01:32 - 2017-04-17 01:32 - 00000000 ____D C:\MSIfc001.tmp 2017-04-17 01:27 - 2017-04-17 01:27 - 00000000 ____D C:\MSIb540a.tmp 2017-04-17 01:13 - 2017-04-17 01:13 - 00000000 ____D C:\MSIdfd21.tmp 2017-04-17 01:03 - 2017-04-17 01:03 - 00000000 ____D C:\MSI4f933.tmp 2017-04-17 00:43 - 2017-04-17 00:43 - 00000000 ____D C:\MSI27de2.tmp 2017-04-17 00:35 - 2017-04-17 00:35 - 00000000 ____D C:\MSIb9f66.tmp 2017-04-17 00:30 - 2017-04-17 00:30 - 00000000 ____D C:\MSI65297.tmp 2017-04-16 19:47 - 2017-04-16 19:47 - 00000000 ____D C:\MSI37211.tmp 2017-04-16 19:36 - 2017-04-16 19:36 - 00000000 ____D C:\MSI96697.tmp 2017-04-16 19:04 - 2017-04-16 19:04 - 00000000 ____D C:\MSIbea03.tmp 2017-04-16 19:00 - 2017-04-16 19:00 - 00000000 ____D C:\MSI8c7c2.tmp 2017-04-14 17:37 - 2017-04-14 17:37 - 00000000 ____D C:\Program Files\WinHTTrack 2017-04-13 12:23 - 2016-10-12 12:57 - 00043976 _____ (Mozilla Foundation) C:\WINDOWS\system32\mozglue.dll 2017-04-12 12:55 - 2017-04-12 12:55 - 00000000 ____D C:\MSIf5188.tmp 2017-04-12 12:16 - 2017-04-12 12:16 - 00000000 ____D C:\MSI2f701.tmp 2017-04-12 12:14 - 2017-04-12 12:14 - 00000000 ____D C:\MSI2f348.tmp 2017-04-12 12:07 - 2017-04-12 12:07 - 00000000 ____D C:\MSI2f342.tmp 2017-04-11 19:53 - 2017-04-11 19:53 - 00000000 ____D C:\MSI6c819.tmp 2017-03-30 20:19 - 2017-03-30 20:19 - 00000000 ____D C:\Program Files\iLovePage1 2017-03-30 15:08 - 2017-03-30 15:08 - 00000000 ____D C:\MSI2c80f.tmp 2017-03-30 15:04 - 2017-03-30 15:04 - 00000000 ____D C:\MSIfced4.tmp 2017-03-26 00:28 - 2017-03-26 00:28 - 00000000 ____D C:\UsbFix 2017-03-20 19:28 - 2017-03-20 19:28 - 00000000 ____D C:\MSI91b8f.tmp ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-04-19 15:53 - 2016-12-16 23:41 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2017-04-19 15:29 - 2017-03-14 18:40 - 00000000 ____D C:\Program Files\CherryPlayer 2017-04-19 15:21 - 2016-01-26 20:53 - 00065536 _____ C:\WINDOWS\system32\config\Doctor Web.evt 2017-04-19 15:21 - 2015-12-25 23:47 - 00000000 ____D C:\Documents and Settings\Owner 2017-04-19 15:21 - 2015-12-25 23:43 - 00065536 _____ C:\WINDOWS\system32\config\Internet.evt 2017-04-19 12:44 - 2015-12-25 17:25 - 00590374 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-04-19 12:41 - 2016-12-16 23:41 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2017-04-19 12:40 - 2015-12-25 23:47 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-04-19 12:25 - 2008-04-14 13:00 - 00002184 _____ C:\WINDOWS\system32\wpa.dbl 2017-04-19 03:17 - 2015-12-25 23:47 - 00032562 ____N C:\WINDOWS\SchedLgU.Txt 2017-04-18 22:16 - 2016-11-26 19:46 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys 2017-04-18 16:32 - 2015-12-25 17:18 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-04-17 22:59 - 2016-04-01 02:02 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit 2017-04-17 16:57 - 2016-08-16 03:09 - 00000000 ____D C:\AdwCleaner 2017-04-17 13:55 - 2015-12-25 23:56 - 00000000 ____D C:\Program Files\Common Files\InstallShield 2017-04-17 13:55 - 2015-12-25 23:52 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2017-03-31 12:14 - 2016-05-02 12:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2017-03-30 15:04 - 2016-10-31 17:02 - 00000000 ____D C:\Program Files\Mozilla Firefox ==================== Files in the root of some directories ======= 2016-08-16 02:17 - 2016-08-16 02:17 - 0000068 ___SH () C:\Documents and Settings\Owner\Application Data\.Identifier 2016-08-16 02:17 - 2016-08-16 02:17 - 0003584 _____ () C:\Documents and Settings\Owner\Application Data\FXvPQWnzcgrfBtxz 2016-07-22 12:28 - 2016-07-22 12:28 - 0000374 _____ () C:\Documents and Settings\Owner\Application Data\groinup.outsourcing.youtubetool_state.xml 2016-08-16 02:17 - 2016-08-16 02:17 - 0086016 _____ () C:\Documents and Settings\Owner\Application Data\VvKkIsaTynXg ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of FRST.txt ============================