CreateRestorePoint: () C:\Program Files (x86)\Ncmanthicisinessibias\Ncmanthicisinessibias.exe HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-21-2005915866-3535303436-4220142520-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No FileHKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2005915866-3535303436-4220142520-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyEnable: [S-1-5-21-2005915866-3535303436-4220142520-1000] => Internet Explorer proxy is enabled. ProxyServer: [S-1-5-21-2005915866-3535303436-4220142520-1000] => http=127.0.0.1:9880 HKU\S-1-5-21-2005915866-3535303436-4220142520-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE11ENUS/MCM_WCP FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File FF Plugin HKU\S-1-5-21-2005915866-3535303436-4220142520-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Mom\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File FF Plugin HKU\S-1-5-21-2005915866-3535303436-4220142520-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Mom\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File CHR HomePage: Default -> hxxp://www.google.com/ CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Mom\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.758\_platform_specific\win_x86\widevinecdmadapter.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\internal-nacl-plugin No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll No File CHR HKU\S-1-5-21-2005915866-3535303436-4220142520-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Mom\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-08-19] R2 Ncmanthicisinessibias; C:\Program Files (x86)\Ncmanthicisinessibias\Ncmanthicisinessibias.exe [256512 2015-03-19] () [File not signed] <==== ATTENTION S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [X] 2015-03-22 17:56 - 2015-03-22 17:56 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\WebplayerRemote 2015-03-22 17:47 - 2015-03-22 17:47 - 00000000 __SHD () C:\Program Files (x86)\Ncmanthicisinessibias 2015-03-22 17:32 - 2015-03-22 17:32 - 01315328 _____ () C:\Users\Mom\AppData\Roaming\JLS.exe 2015-03-22 17:31 - 2015-03-23 16:59 - 00000000 ___HD () C:\Users\Public\Temp 2015-03-22 17:30 - 2015-03-22 17:31 - 00000000 ____D () C:\Program Files (x86)\75f58658-1636-481b-bb93-681528a7e956 2015-03-22 17:30 - 2015-03-22 17:30 - 00003278 _____ () C:\Windows\System32\Tasks\xOyz777ub8w9gWE 2015-03-22 17:30 - 2015-03-22 17:30 - 00003236 _____ () C:\Windows\System32\Tasks\vhSk5fGmqffH4XR 2015-03-22 17:30 - 2015-03-22 17:30 - 00003234 _____ () C:\Windows\System32\Tasks\QV7WrfASweRbfs0 2015-03-22 17:30 - 2015-03-22 17:30 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\PsjDFS8 2015-03-22 17:30 - 2015-03-22 17:30 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\Cd23RUL 2015-03-22 17:30 - 2015-03-22 17:30 - 00000000 ____D () C:\ProgramData\atjs 2015-03-22 17:29 - 2015-03-22 17:30 - 00000000 ____D () C:\Users\Mom\AppData\Roaming\Shafelo 2015-03-22 17:29 - 2015-03-22 17:30 - 00000000 ____D () C:\ProgramData\NVSMpxS 2015-03-22 17:28 - 2015-03-23 20:54 - 00000000 ____D () C:\Program Files (x86)\globalUpdate 2015-03-22 17:28 - 2015-03-22 17:28 - 01945600 _____ () C:\Users\Mom\AppData\Roaming\TNGJRWN.exe 2015-03-22 17:28 - 2015-03-22 17:28 - 00000000 ____D () C:\Users\Mom\AppData\Local\globalUpdate 2015-03-22 17:28 - 2015-03-12 02:40 - 04687360 _____ () C:\Windows\rcore.exe 2015-03-22 17:27 - 2015-03-22 17:27 - 00000000 ____D () C:\ProgramData\10a33e9e6bdb4696920e1858a4196f36 2015-03-20 17:56 - 2015-03-20 17:57 - 03894696 _____ (solvusoft Corporation ) C:\Users\Mom\Desktop\Tsusbhub.sys_Error_Repair_Tool-WinThruster.exe 2015-01-25 12:12 - 2015-01-25 12:12 - 0002086 _____ () C:\Users\Mom\AppData\Roaming\JLS 2015-03-22 17:32 - 2015-03-22 17:32 - 1315328 _____ () C:\Users\Mom\AppData\Roaming\JLS.exe 2015-03-09 17:30 - 2015-03-09 17:30 - 0005487 _____ () C:\Users\Mom\AppData\Roaming\TNGJRWN 2015-03-22 17:28 - 2015-03-22 17:28 - 1945600 _____ () C:\Users\Mom\AppData\Roaming\TNGJRWN.exe C:\Users\Mom\jobq.dat Task: {08AEE9B9-7DAE-427D-8853-93288ED79AF6} - System32\Tasks\xOyz777ub8w9gWE => C:\Users\Mom\AppData\Roaming\PsjDFS8\tPXFXtg.exe [2015-03-22] () Task: {137C7262-0DF3-4489-9F0E-FC84A6C0857E} - \CIMT_S-1-5-21-2005915866-3535303436-4220142520-1000 No Task File <==== ATTENTION Task: {28BEF8B8-3CBD-47CE-A17D-538434CDFC89} - \9202acc2-e6ac-4b14-b5c4-24e28cf25bdb-5 No Task File <==== ATTENTION Task: {297CC9FC-A122-46D2-B3E0-D2FDEF3A4DCA} - System32\Tasks\vhSk5fGmqffH4XR => C:\Users\Mom\AppData\Roaming\Cd23RUL\4mdbvfy.exe [2015-03-22] ( ) Task: {2CD2E74C-8DE7-4AA4-9B2A-8515C9B33570} - \Startup Time Check No Task File <==== ATTENTION Task: {34A9A280-F251-4877-B32A-D7967E245BEE} - \9202acc2-e6ac-4b14-b5c4-24e28cf25bdb-7 No Task File <==== ATTENTION Task: {350C4730-87B0-44E5-8FF2-D180098D64DB} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION Task: {36ED84F4-18D5-4156-9974-196CE15BF211} - \CIMT_daily_S-1-5-21-2005915866-3535303436-4220142520-1000 No Task File <==== ATTENTION Task: {4BE93E40-334C-4A04-A40F-0252AF58B0A2} - \9202acc2-e6ac-4b14-b5c4-24e28cf25bdb-10_user No Task File <==== ATTENTION Task: {6E0DC5F9-984F-483F-949D-AF6C41C961EA} - System32\Tasks\{75C18BE2-499E-466E-BFCD-75CEC0390CC0} => pcalua.exe -a "C:\Users\vin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H7D3XJTX\PlayerSetup[1].exe" -d C:\Users\vin\Desktop Task: {8B0DA266-5086-4271-8FCE-1CE626019856} - \9202acc2-e6ac-4b14-b5c4-24e28cf25bdb-6 No Task File <==== ATTENTION Task: {9FB5E7F8-28A6-43F1-8BC4-23B57C269DD6} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION Task: {A5678122-6EE9-4E63-9EC6-FFF16CEEE6ED} - \9202acc2-e6ac-4b14-b5c4-24e28cf25bdb-5_user No Task File <==== ATTENTION Task: {B2BF22C8-D6DD-47CC-A046-7CEB168E98EB} - \9202acc2-e6ac-4b14-b5c4-24e28cf25bdb-4 No Task File <==== ATTENTION Task: {BEE727AA-AF36-4766-A6E7-75640C848D11} - \ObronaCleanerUacSkip No Task File <==== ATTENTION Task: {D764DC59-8EA6-4521-959E-F6426A047AA6} - \9202acc2-e6ac-4b14-b5c4-24e28cf25bdb-1-7 No Task File <==== ATTENTION Task: {DBA01E38-CA1B-4131-B0B9-69D6320BB468} - System32\Tasks\QV7WrfASweRbfs0 => C:\Users\Mom\AppData\Roaming\Shafelo\5BqPNyx.exe [2015-03-22] () 2015-03-22 17:47 - 2015-03-19 13:01 - 00256512 ___SH () C:\Program Files (x86)\Ncmanthicisinessibias\Ncmanthicisinessibias.exe AlternateDataStreams: C:\ProgramData\TEMP:27790C06 AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F AlternateDataStreams: C:\ProgramData\TEMP:D987CB43 HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service" HKU\S-1-5-21-2005915866-3535303436-4220142520-1000\Software\Classes\.exe: => <===== ATTENTION! cmd: ipconfig /release cmd: ipconfig /renew cmd: ipconfig /flushdns cmd: netsh winsock reset all cmd: netsh int ip reset all cmd: netsh advfirewall reset cmd: netsh advfirewall set allprofiles state on CMD: bitsadmin /reset /allusers Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: