Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

When trying delete or stop virus/malware process, it causes blue screen .


  • This topic is locked This topic is locked
15 replies to this topic

#1 DaftOdyssey

DaftOdyssey

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 17 April 2015 - 11:00 PM

Hi guys, I keep getting this high amount of ram usage, so I open up task manager and I see the C# command line compiler running which is odd because I'm not compiling anything at this moment. What's even more odd is that the process of the compiler (csc.exe) last about a sec and it closes automatically when opening task manager, but opens up again once I close task manager. I believe that this executable has a function that once task manager open terminate the process. I also see this other process I'm not familiar with called fin.exe (32 bit) with the description of "ComboFix NSIS Installer" and it's file location is at the temp folder (C:\Users\root\AppData\Local\Temp). I can't end the process, as it gives me this error http://i.imgur.com/AFiJCbK.jpg, or will blue screen my computer if I do. When I open up the temp folder I don't see it there, and there's also some files moving around and it seems that I'm not able to select the files inside the folder in order to delete them, so I tried temp file cleaner but no success it blue screened. So I have malwarebytes, and tried to open the file shortcut to it but windows gave me an error http://i.imgur.com/WPuf29X.jpg which is weird because I can still click on the open file location option and go there. So clearly malwarebytes wasn't going open to the virus preventing that. So I tried chameleon, a work around to open malwarbytes, and it did open and scanned as well. At the end I got 130+ items found, most of them hijack. Although if I try to remove all of them, a blue screen will show up. Also I had some Microsoft SQL 2014 programs installed without me knowing the same day the virus was created, but I don't know it has to do with anything as I uninstalled them and still have he problem. Hope this is enough info.
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/17/2015
Scan Time: 10:11:39 PM
Logfile: mal.txt
Administrator: Yes
 
Version: 2.01.4.1018
Malware Database: v2015.04.18.01
Rootkit Database: v2015.03.31.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Enabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: root
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 427581
Time Elapsed: 34 min, 12 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 58
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTSVC.EXE, , [9a6f05690684f343add8ff8ccd37d62a], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVCENTER.EXE, , [c049a8c6e6a45bdbc1c8513ae1235ca4], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVCONFIG.EXE, , [be4bcba3cac0e452d5b75f2c887c38c8], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGCSRVX.EXE, , [65a44e204c3e1b1b67372269d2326c94], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGNT.EXE, , [7099a2ccfa90dd59dccb38532bd98b75], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGRSX.EXE, , [a36609659cee9d992980b0db877d7888], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGUARD.EXE, , [d13896d896f47cba664c751635cf47b9], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGUI.EXE, , [a36698d6fa90d462466d94f7bb49a15f], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGWDSVC.EXE, , [6d9cc8a63753ea4ce1d86a2127ddf60a], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE, , [43c6a0ceee9c12245f76eaa159ab857b], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVSCAN.EXE, , [97722e401f6bd85ec023b4d7ec1850b0], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BLINDMAN.EXE, , [9871b4ba7d0d7fb711c8d11ebe45bd43], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CCUAC.EXE, , [69a0cda1137761d5c034b0815da847b9], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\COMBOFIX.EXE, , [e92076f88a006dc9b1dd6824a85c44bc], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\HIJACKTHIS.EXE, , [b6536e001f6b82b40779533aba4a12ee], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KEYSCRAMBLER.EXE, , [e227115d3e4c4fe736bd3ef356af6a96], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MBAMPT.EXE, , [e8213539206a87afe07cdc5fcb3a27d9], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MBAMSCHEDULER.EXE, , [d23708664f3bd561dc9ce52a61a3857b], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MPCMDRUN.EXE, , [8386ff6f890174c205939ef056ae24dc], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSASCUI.EXE, , [66a3066886046fc796147e10af55ad53], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSMPENG.EXE, , [df2a254932582214b30a2c62ed17b050], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSSECES.EXE, , [52b75618bccefd397251ccc2ba4aa15f], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RSTRUI.EXE, , [16f378f6ef9b0e28b790385842c244bc], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SDFILES.EXE, , [6d9cb7b73d4df640815dfc0042c1ff01], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SDMAIN.EXE, , [8386b4ba2d5d43f3ce1130cc50b38b75], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SDWINSEC.EXE, , [35d4531b42485dd90fd1a05c38cb3cc4], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SPYBOTSD.EXE, , [46c30d616c1e62d4fd08b35d897cae52], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WIRESHARK.EXE, , [13f6a7c7c3c73600807571c0c441738d], 
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ZLCLIENT.EXE, , [1eeb1b537b0fa98d997f058d1ee6817f], 
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTSVC.EXE, , [1eeb0a647d0d1b1b9aeb8b0033d1cc34], 
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVCENTER.EXE, , [06034529f496ae88c1c8bad153b130d0], 
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVCONFIG.EXE, , [36d3ed813e4c50e6c1cb4942b54f3cc4], 
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGCSRVX.EXE, , [ad5c86e8b3d7c274009eb6d50ef6b54b], 
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGNT.EXE, , [838682ecb7d363d39b0c5e2d37cd649c], 
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGRSX.EXE, , [de2bd896662474c2e7c298f39e6602fe], 
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGUARD.EXE, , [0009e48adab04de9446e414a947037c9], 
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGUI.EXE, , [67a2c8a6e5a5ad89d3e0f19abd4711ef], 
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGWDSVC.EXE, , [bf4a8be3e0aa7abc56634a418c78ae52], 
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE, , [d633b6b876144aec587df497ad57d22e], 
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVSCAN.EXE, , [74956608a2e8aa8cf5eed4b78084de22], 
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BLINDMAN.EXE, , [b75298d6ec9e1d197e5b18d75da657a9], 
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CCUAC.EXE, , [41c8c4aa5a306bcb0fe5b97806ffe719], 
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\COMBOFIX.EXE, , [7b8edc924f3bb086aae4a3e9f0144eb2], 
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\HIJACKTHIS.EXE, , [8d7cfa742763d95d7b0554396a9a5ba5], 
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KEYSCRAMBLER.EXE, , [f019dc9251399a9cb0438fa2679e44bc], 
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MBAMPT.EXE, , [e524f777fc8e51e52b3166d57b8a916f], 
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MBAMSCHEDULER.EXE, , [b653620ca8e2280efc7cb25d16ee21df], 
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MPCMDRUN.EXE, , [25e478f6c0ca3501a4f4cbc38d7736ca], 
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSASCUI.EXE, , [5baeaac46a203ff76644d4bab64e6e92], 
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSMPENG.EXE, , [81886e003e4c290da716e5a946be7888], 
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSSECES.EXE, , [15f4a2cc800af145caf9048ae81c1fe1], 
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RSTRUI.EXE, , [36d3ec828dfd72c4c97e127ea0649c64], 
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SDFILES.EXE, , [2bde224c711952e42eb03ac2c43ff010], 
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SDMAIN.EXE, , [917815592b5f89adcf106b916d96758b], 
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SDWINSEC.EXE, , [12f73d310882f73ff7e9f3095ba8c040], 
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SPYBOTSD.EXE, , [8c7d0b63afdb6ec8ec19c54b50b519e7], 
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WIRESHARK.EXE, , [7e8b0767ddadf442599c9c950cf92dd3], 
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ZLCLIENT.EXE, , [aa5f70febdcd31051503d5bd2ada0df3], 
 
Registry Values: 74
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTSVC.EXE|Debugger, nqij.exe, , [9a6f05690684f343add8ff8ccd37d62a]
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTUI.EXE|Debugger, nqij.exe, , [24e5b0be008a999db2d568236b9925db]
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVCENTER.EXE|Debugger, nqij.exe, , [c049a8c6e6a45bdbc1c8513ae1235ca4]
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVCONFIG.EXE|Debugger, nqij.exe, , [be4bcba3cac0e452d5b75f2c887c38c8]
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGCSRVX.EXE|Debugger, nqij.exe, , [65a44e204c3e1b1b67372269d2326c94]
Hijack.Security, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGIDSAGENT.EXE|Debugger, nqij.exe, , [22e7d39babdfe2543c0b38d1956f966a]
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGNT.EXE|Debugger, nqij.exe, , [7099a2ccfa90dd59dccb38532bd98b75]
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGRSX.EXE|Debugger, nqij.exe, , [a36609659cee9d992980b0db877d7888]
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGUARD.EXE|Debugger, nqij.exe, , [d13896d896f47cba664c751635cf47b9]
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGUI.EXE|Debugger, nqij.exe, , [a36698d6fa90d462466d94f7bb49a15f]
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGWDSVC.EXE|Debugger, nqij.exe, , [6d9cc8a63753ea4ce1d86a2127ddf60a]
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE|Debugger, nqij.exe, , [43c6a0ceee9c12245f76eaa159ab857b]
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVSCAN.EXE|Debugger, nqij.exe, , [97722e401f6bd85ec023b4d7ec1850b0]
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BDAGENT.EXE|Debugger, nqij.exe, , [a8619fcfb3d785b196750a82cc38a858]
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BLINDMAN.EXE|Debugger, nqij.exe, , [9871b4ba7d0d7fb711c8d11ebe45bd43]
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CCUAC.EXE|Debugger, nqij.exe, , [69a0cda1137761d5c034b0815da847b9]
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\COMBOFIX.EXE|Debugger, nqij.exe, , [e92076f88a006dc9b1dd6824a85c44bc]
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EGUI.EXE|Debugger, nqij.exe, , [64a54f1f97f3c07610dcf498798b639d]
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\HIJACKTHIS.EXE|Debugger, nqij.exe, , [b6536e001f6b82b40779533aba4a12ee]
Hijack.Security, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\INSTUP.EXE|Debugger, nqij.exe, , [62a769053f4bc86ea99fd7326b993bc5]
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KEYSCRAMBLER.EXE|Debugger, nqij.exe, , [e227115d3e4c4fe736bd3ef356af6a96]
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MBAMPT.EXE|Debugger, nqij.exe, , [e8213539206a87afe07cdc5fcb3a27d9]
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MBAMSCHEDULER.EXE|Debugger, nqij.exe, , [d23708664f3bd561dc9ce52a61a3857b]
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MPCMDRUN.EXE|Debugger, nqij.exe, , [8386ff6f890174c205939ef056ae24dc]
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSASCUI.EXE|Debugger, nqij.exe, , [66a3066886046fc796147e10af55ad53]
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSMPENG.EXE|Debugger, nqij.exe, , [df2a254932582214b30a2c62ed17b050]
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSSECES.EXE|Debugger, nqij.exe, , [52b75618bccefd397251ccc2ba4aa15f]
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RSTRUI.EXE|Debugger, nqij.exe, , [16f378f6ef9b0e28b790385842c244bc]
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SDFILES.EXE|Debugger, nqij.exe, , [6d9cb7b73d4df640815dfc0042c1ff01]
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SDMAIN.EXE|Debugger, nqij.exe, , [8386b4ba2d5d43f3ce1130cc50b38b75]
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SDWINSEC.EXE|Debugger, nqij.exe, , [35d4531b42485dd90fd1a05c38cb3cc4]
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SPYBOTSD.EXE|Debugger, nqij.exe, , [46c30d616c1e62d4fd08b35d897cae52]
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WIRESHARK.EXE|Debugger, nqij.exe, , [13f6a7c7c3c73600807571c0c441738d]
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ZLCLIENT.EXE|Debugger, nqij.exe, , [1eeb1b537b0fa98d997f058d1ee6817f]
Backdoor.Agent.PGen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN|Policies, C:\Windows\system32\system32\winhost.exe, , [6e9b3e3017738ea8281e9847b54fc040]
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTSVC.EXE|Debugger, nqij.exe, , [1eeb0a647d0d1b1b9aeb8b0033d1cc34]
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVASTUI.EXE|Debugger, nqij.exe, , [0cfd640a0288fe38daad91fa9a6a847c]
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVCENTER.EXE|Debugger, nqij.exe, , [06034529f496ae88c1c8bad153b130d0]
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVCONFIG.EXE|Debugger, nqij.exe, , [36d3ed813e4c50e6c1cb4942b54f3cc4]
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGCSRVX.EXE|Debugger, nqij.exe, , [ad5c86e8b3d7c274009eb6d50ef6b54b]
Hijack.Security, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGIDSAGENT.EXE|Debugger, nqij.exe, , [8485105e8efc191d82c55dac58acd030]
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGNT.EXE|Debugger, nqij.exe, , [838682ecb7d363d39b0c5e2d37cd649c]
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGRSX.EXE|Debugger, nqij.exe, , [de2bd896662474c2e7c298f39e6602fe]
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGUARD.EXE|Debugger, nqij.exe, , [0009e48adab04de9446e414a947037c9]
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGUI.EXE|Debugger, nqij.exe, , [67a2c8a6e5a5ad89d3e0f19abd4711ef]
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVGWDSVC.EXE|Debugger, nqij.exe, , [bf4a8be3e0aa7abc56634a418c78ae52]
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE|Debugger, nqij.exe, , [d633b6b876144aec587df497ad57d22e]
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVSCAN.EXE|Debugger, nqij.exe, , [74956608a2e8aa8cf5eed4b78084de22]
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BDAGENT.EXE|Debugger, nqij.exe, , [db2e98d64c3e2f075caf3b510cf87c84]
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BLINDMAN.EXE|Debugger, nqij.exe, , [b75298d6ec9e1d197e5b18d75da657a9]
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CCUAC.EXE|Debugger, nqij.exe, , [41c8c4aa5a306bcb0fe5b97806ffe719]
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\COMBOFIX.EXE|Debugger, nqij.exe, , [7b8edc924f3bb086aae4a3e9f0144eb2]
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EGUI.EXE|Debugger, nqij.exe, , [9a6fc9a50d7d65d188645834bf45a45c]
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\HIJACKTHIS.EXE|Debugger, nqij.exe, , [8d7cfa742763d95d7b0554396a9a5ba5]
Hijack.Security, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\INSTUP.EXE|Debugger, nqij.exe, , [789166088505a492ee5ae32663a1a858]
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\KEYSCRAMBLER.EXE|Debugger, nqij.exe, , [f019dc9251399a9cb0438fa2679e44bc]
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MBAMPT.EXE|Debugger, nqij.exe, , [e524f777fc8e51e52b3166d57b8a916f]
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MBAMSCHEDULER.EXE|Debugger, nqij.exe, , [b653620ca8e2280efc7cb25d16ee21df]
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MPCMDRUN.EXE|Debugger, nqij.exe, , [25e478f6c0ca3501a4f4cbc38d7736ca]
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSASCUI.EXE|Debugger, nqij.exe, , [5baeaac46a203ff76644d4bab64e6e92]
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSMPENG.EXE|Debugger, nqij.exe, , [81886e003e4c290da716e5a946be7888]
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSSECES.EXE|Debugger, nqij.exe, , [15f4a2cc800af145caf9048ae81c1fe1]
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RSTRUI.EXE|Debugger, nqij.exe, , [36d3ec828dfd72c4c97e127ea0649c64]
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SDFILES.EXE|Debugger, nqij.exe, , [2bde224c711952e42eb03ac2c43ff010]
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SDMAIN.EXE|Debugger, nqij.exe, , [917815592b5f89adcf106b916d96758b]
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SDWINSEC.EXE|Debugger, nqij.exe, , [12f73d310882f73ff7e9f3095ba8c040]
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SPYBOTSD.EXE|Debugger, nqij.exe, , [8c7d0b63afdb6ec8ec19c54b50b519e7]
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WIRESHARK.EXE|Debugger, nqij.exe, , [7e8b0767ddadf442599c9c950cf92dd3]
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ZLCLIENT.EXE|Debugger, nqij.exe, , [aa5f70febdcd31051503d5bd2ada0df3]
Backdoor.Agent.PGen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN|Policies, C:\Windows\system32\system32\winhost.exe, , [19f03d314446f6409aac825dca3a54ac]
Backdoor.HMCPol.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|HKLM, C:\Windows\system32\system32\winhost.exe, , [44c5c5a9b0daf14560c7526482823ac6]
Hijack.ShellA.Gen, HKU\S-1-5-21-1390843022-1499049480-1858506-1005\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|shell, explorer.exe,"C:\Users\root\AppData\Local\Temp\fin.exe", , [51b8d09ed6b41323137920aa5ca77090]
Backdoor.Agent.PGen, HKU\S-1-5-21-1390843022-1499049480-1858506-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN|Policies, C:\Windows\system32\system32\winhost.exe, , [10f9fb73c2c80234ab9a0ed111f3de22]
Backdoor.HMCPol.Gen, HKU\S-1-5-21-1390843022-1499049480-1858506-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|HKCU, C:\Windows\system32\system32\winhost.exe, , [9772f47a3e4cd264b4749323f80cbc44]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
Trojan.Agent, C:\Users\root\AppData\Roaming\msconfig.ini, , [8b7e8be37e0c330357042bd5858044bc], 
Trojan.Agent.Gen, C:\Users\root\AppData\Roaming\root-wchelper.dll, , [5bae71fd06842e080defcb36c1443bc5], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015 04
Ran by root (administrator) on 001-LISD142058 on 17-04-2015 21:22:46
Running from C:\Users\root\Videos
Loaded Profiles: root (Available profiles: adminlisd & admin & root)
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(FileZilla Project) C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Swearware) C:\Users\root\AppData\Local\Temp\fin.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Flux Software LLC) C:\Users\root\AppData\Local\FluxSoftware\Flux\flux.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Users\root\AppData\Roaming\system32\winhost.exe
() C:\Users\root\AppData\Roaming\system32\winhost.exe
() C:\Users\root\AppData\Roaming\system32\winhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-12-19] (IDT, Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-30] (Synaptics Incorporated)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [334240 2012-08-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HKLM] => C:\Windows\SysWOW64\system32\winhost.exe [670208 2005-11-09] ()
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer\Run: [Policies] => C:\Windows\system32\system32\winhost.exe No File
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-1390843022-1499049480-1858506-1005\...\Run: [Remote Mouse] => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
HKU\S-1-5-21-1390843022-1499049480-1858506-1005\...\Run: [f.lux] => C:\Users\root\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1390843022-1499049480-1858506-1005\...\Run: [WindowsFixer] => C:\Users\root\AppData\Local\Temp\Winfix.exe [670208 2005-11-09] () <===== ATTENTION
HKU\S-1-5-21-1390843022-1499049480-1858506-1005\...\Run: [HKCU] => C:\Windows\system32\system32\winhost.exe
HKU\S-1-5-21-1390843022-1499049480-1858506-1005\...\Policies\Explorer\Run: [Policies] => C:\Windows\system32\system32\winhost.exe
HKU\S-1-5-21-1390843022-1499049480-1858506-1005\...\MountPoints2: {54ba2672-1d89-11e4-a6a8-eba39a72b6db} - E:\Windows\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-1390843022-1499049480-1858506-1005\...\MountPoints2: {7cd952cb-13d0-11e4-8b03-b4b52f7a674a} - E:\N8000_ZTE.exe
HKU\S-1-5-21-1390843022-1499049480-1858506-1005\...\MountPoints2: {7cd952d0-13d0-11e4-8b03-b4b52f7a674a} - E:\N8000_ZTE.exe
HKU\S-1-5-21-1390843022-1499049480-1858506-1005\...\MountPoints2: {da500fb2-6c79-11e4-97e6-b4b52f7a674a} - F:\Windows\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-1390843022-1499049480-1858506-1005\...\Winlogon: [Shell] C:\Users\root\AppData\Local\Temp\fin.exe [155648 2015-04-14] (Swearware) <==== ATTENTION 
IFEO\AVASTSVC.EXE: [Debugger] nqij.exe
IFEO\AvastUI.exe: [Debugger] nqij.exe
IFEO\AVCENTER.EXE: [Debugger] nqij.exe
IFEO\AVCONFIG.EXE: [Debugger] nqij.exe
IFEO\AVGCSRVX.EXE: [Debugger] nqij.exe
IFEO\avgidsagent.exe: [Debugger] nqij.exe
IFEO\AVGNT.EXE: [Debugger] nqij.exe
IFEO\AVGRSX.EXE: [Debugger] nqij.exe
IFEO\AVGUARD.EXE: [Debugger] nqij.exe
IFEO\AVGUI.EXE: [Debugger] nqij.exe
IFEO\AVGWDSVC.EXE: [Debugger] nqij.exe
IFEO\AVP.EXE: [Debugger] nqij.exe
IFEO\AVSCAN.EXE: [Debugger] nqij.exe
IFEO\bdagent.exe: [Debugger] nqij.exe
IFEO\BLINDMAN.EXE: [Debugger] nqij.exe
IFEO\CCUAC.EXE: [Debugger] nqij.exe
IFEO\COMBOFIX.EXE: [Debugger] nqij.exe
IFEO\egui.exe: [Debugger] nqij.exe
IFEO\HIJACKTHIS.EXE: [Debugger] nqij.exe
IFEO\instup.exe: [Debugger] nqij.exe
IFEO\KEYSCRAMBLER.EXE: [Debugger] nqij.exe
IFEO\mbam.exe: [Debugger] nqij.exe
IFEO\mbamgui.exe: [Debugger] nqij.exe
IFEO\MBAMPT.EXE: [Debugger] nqij.exe
IFEO\MBAMSCHEDULER.EXE: [Debugger] nqij.exe
IFEO\mbamservice.exe: [Debugger] nqij.exe
IFEO\MPCMDRUN.EXE: [Debugger] nqij.exe
IFEO\MSASCUI.EXE: [Debugger] nqij.exe
IFEO\MSMPENG.EXE: [Debugger] nqij.exe
IFEO\MSSECES.EXE: [Debugger] nqij.exe
IFEO\RSTRUI.EXE: [Debugger] nqij.exe
IFEO\SDFILES.EXE: [Debugger] nqij.exe
IFEO\SDMAIN.EXE: [Debugger] nqij.exe
IFEO\SDWINSEC.EXE: [Debugger] nqij.exe
IFEO\SPYBOTSD.EXE: [Debugger] nqij.exe
IFEO\WIRESHARK.EXE: [Debugger] nqij.exe
IFEO\ZLCLIENT.EXE: [Debugger] nqij.exe
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\root\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\root\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\root\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\root\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\root\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\root\AppData\Local\MEGAsync\ShellExtX32.dll No File
BootExecute: autocheck autochk * SmartDefragBootTime.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1390843022-1499049480-1858506-1005\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1390843022-1499049480-1858506-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-27] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-27] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1390843022-1499049480-1858506-1005 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {0249ED44-B640-45BD-8066-17F81BFDC050} http://vbrick.laredoisd.org/STREAMPLAYER1.cab
DPF: HKLM-x32 {15B782AF-55D8-11D1-B477-006097098764} http://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {5459BAF4-09A9-422A-AB5C-5F114A7287B5} http://vbrick.laredoisd.org/VBPLAYER.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab
DPF: HKLM-x32 {85887165-031A-4297-BC4E-6B246C120B9C} http://vbrick.laredoisd.org/STREAMPLAYER4.cab
DPF: HKLM-x32 {F50B3F13-19C4-11CF-AA9A-02608C9BABA2} http://vbrick.laredoisd.org/STREAMPLAYER2.cab
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{5C00EB1A-AEEC-4479-9E43-97784B8EBB5D}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{C87841FE-E8CE-4CEE-8398-51F36EC21E6E}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\sx3thk7y.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF NetworkProxy: "user_pref("extensions.charles.settings.disabled.network.proxy.http", "");
FF NetworkProxy: "user_pref("extensions.charles.settings.disabled.network.proxy.http_port", 0);
FF NetworkProxy: "user_pref("extensions.charles.settings.disabled.network.proxy.no_proxies_on", "localhost, 127.0.0.1");
FF NetworkProxy: "user_pref("extensions.charles.settings.disabled.network.proxy.share_proxy_settings", false);
FF NetworkProxy: "user_pref("extensions.charles.settings.disabled.network.proxy.socks", "");
FF NetworkProxy: "user_pref("extensions.charles.settings.disabled.network.proxy.socks_port", 0);
FF NetworkProxy: "user_pref("extensions.charles.settings.disabled.network.proxy.ssl", "");
FF NetworkProxy: "user_pref("extensions.charles.settings.disabled.network.proxy.ssl_port", 0);
FF NetworkProxy: "user_pref("extensions.charles.settings.disabled.network.proxy.type", 5);
FF NetworkProxy: "user_pref("extensions.charles.settings.enabled.network.proxy.http", "127.0.0.1");
FF NetworkProxy: "user_pref("extensions.charles.settings.enabled.network.proxy.http_port", 8888);
FF NetworkProxy: "user_pref("extensions.charles.settings.enabled.network.proxy.no_proxies_on", "");
FF NetworkProxy: "user_pref("extensions.charles.settings.enabled.network.proxy.share_proxy_settings", false);
FF NetworkProxy: "user_pref("extensions.charles.settings.enabled.network.proxy.socks", "");
FF NetworkProxy: "user_pref("extensions.charles.settings.enabled.network.proxy.socks_port", 0);
FF NetworkProxy: "user_pref("extensions.charles.settings.enabled.network.proxy.ssl", "127.0.0.1");
FF NetworkProxy: "user_pref("extensions.charles.settings.enabled.network.proxy.ssl_port", 8888);
FF NetworkProxy: "user_pref("extensions.charles.settings.enabled.network.proxy.type", 1);
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-29] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-29] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-26] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-10-31] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-10-31] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1390843022-1499049480-1858506-1005: @citrixonline.com/appdetectorplugin -> C:\Users\root\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-25] (Citrix Online)
FF Plugin HKU\S-1-5-21-1390843022-1499049480-1858506-1005: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\root\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-07] (Unity Technologies ApS)
FF Extension: No Name - C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\sx3thk7y.default\Extensions\autorefresh@plugin [2015-03-28]
FF Extension: IPFlood - C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\sx3thk7y.default\Extensions\ipbleep@p4ul.info [2015-03-28]
FF Extension: No Name - C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\sx3thk7y.default\Extensions\autopagerfixed@mozilla.org.xpi [2015-04-01]
FF Extension: Adblock Plus - C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\sx3thk7y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-28]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-11-29]
 
Chrome: 
=======
CHR Profile: C:\Users\root\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-12]
CHR Extension: (MEGA) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2015-04-09]
CHR Extension: (YouTube) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-12]
CHR Extension: (Google Search) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-12]
CHR Extension: (Coloring Pages) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\foniidelkdlapcpngdpcchdemnemdbnf [2014-11-15]
CHR Extension: (AdBlock) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Chrome RDP for Google Cloud Platform) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbbnannobiobpnfblimoapbephgifkm [2015-04-15]
CHR Extension: (Google Wallet) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-12]
CHR Extension: (Browsec) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2015-04-15]
CHR Extension: (Gmail) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-12]
CHR Profile: C:\Users\root\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Docs) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-12]
CHR Extension: (Google Drive) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-12]
CHR Extension: (YouTube) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-12]
CHR Extension: (Google Search) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-12]
CHR Extension: (Google Sheets) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-12]
CHR Extension: (Google Wallet) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-12]
CHR Extension: (Gmail) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-12]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-02] (Microsoft Corporation)
S2 Ds3Service; C:\Users\root\Desktop\ScpServer\bin\ScpService.exe [381952 2014-04-02] (Scarlet.Crush Productions) [File not signed]
R2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [779736 2015-03-19] (FileZilla Project)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [523680 2012-08-28] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-12-04] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-10-31] (Intel Corporation)
S2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-10-31] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [323072 2012-12-19] (IDT, Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [35328 2013-10-11] (Validity Sensors, Inc.)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [X]
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [X]
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [X]
S2 FA_Scheduler; "C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe" [X]
S4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [X]
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X]
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X]
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 FAFileMon; C:\Windows\System32\drivers\fortimon2.sys [52328 2012-01-30] (Fortinet Inc)
S3 FARegMon; C:\Windows\System32\drivers\FortiRmon.sys [49768 2012-01-30] (Fortinet Inc)
S3 fortiapd; C:\Windows\System32\drivers\fortiapd.sys [14952 2012-01-30] (Fortinet Inc)
R1 FortiFilter; C:\Windows\System32\DRIVERS\FortiFilter.sys [23928 2011-06-24] (Fortinet Inc)
S3 FortiPFW; C:\Windows\System32\drivers\FortiPFW2.sys [115304 2012-01-30] (Fortinet Inc)
S3 Fortips; C:\Windows\System32\drivers\fortips.sys [126056 2012-01-30] (Fortinet Inc)
S3 FortiRdr; C:\Windows\System32\drivers\FortiRdr2.sys [45672 2012-01-30] (Fortinet Inc)
R1 FortiShield; C:\Windows\System32\drivers\FortiShield.sys [42088 2012-01-30] (Fortinet Inc)
S3 ft_vnic; C:\Windows\System32\DRIVERS\ftvnic.sys [16928 2009-02-16] (Fortinet Inc.)
S3 HP8107Fltr; C:\Windows\system32\drivers\HP8107.sys [13824 2010-02-04] (Windows ® Win 7 DDK provider)
S3 HP8207_8307; C:\Windows\system32\drivers\HP8207_8307.sys [15360 2010-02-04] (Windows ® Win 7 DDK provider)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49264 2014-07-28] (Visicom Media Inc.)
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-03-17] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [136408 2015-04-16] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35440 2014-05-13] (Visicom Media Inc.)
S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows ® Win 7 DDK provider)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-28] ()
S3 tap0901cn; C:\Windows\System32\DRIVERS\tap0901cn.sys [39616 2014-12-29] (Connectify)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-17 21:22 - 2015-04-17 21:22 - 00000000 ____D () C:\FRST
2015-04-17 20:29 - 2015-04-17 20:29 - 00000000 ____D () C:\Users\root\AppData\Local\CrashDumps
2015-04-17 20:28 - 2015-04-17 20:28 - 00280120 _____ () C:\Windows\Minidump\041715-47205-01.dmp
2015-04-17 03:02 - 2015-04-17 03:02 - 00000000 ____D () C:\ca7b927c5a0f42bedac7eb
2015-04-17 03:01 - 2015-04-17 03:02 - 00000000 ____D () C:\f5dc458f949eca76247d5e1d60c7
2015-04-17 03:01 - 2015-04-17 03:01 - 00000000 ____D () C:\b83323924e73892cb5
2015-04-17 03:00 - 2015-04-17 03:01 - 00000000 ____D () C:\b033a9c7c9418bb5b4
2015-04-17 03:00 - 2015-04-17 03:00 - 00000000 ____D () C:\12e95cc8a2ed35754401ba
2015-04-16 23:50 - 2015-04-14 23:57 - 09789041 _____ () C:\Users\root\Documents\Sentry CC.rar
2015-04-16 23:50 - 2015-04-14 23:33 - 10019451 _____ () C:\Users\root\Documents\Sentry tools.rar
2015-04-16 23:50 - 2015-04-14 18:59 - 02955372 _____ () C:\Users\root\Documents\vCRACK[0x22 Nulled.IO].rar
2015-04-16 23:50 - 2015-04-14 18:39 - 00494481 _____ () C:\Users\root\Documents\Sentry.rar
2015-04-16 23:49 - 2015-04-16 23:49 - 00000000 ____D () C:\Users\root\Documents\Cracking Guide
2015-04-16 23:49 - 2015-04-12 22:04 - 175519040 _____ () C:\Users\root\Documents\7StepsToA720CreditScore-PhilipTirone.rar
2015-04-16 23:48 - 2010-09-05 17:58 - 716441107 _____ () C:\Users\root\Documents\realhuman_phill.txt
2015-04-16 23:44 - 2014-10-12 21:54 - 00000000 ____D () C:\Users\root\Documents\SQL Injection Master Course
2015-04-16 23:35 - 2015-04-17 21:23 - 00021144 _____ () C:\Users\root\AppData\Roaming\msconfig.ini
2015-04-16 23:34 - 2015-04-16 23:34 - 00154283 ____H () C:\Users\root\AppData\Roaming\root-wchelper.dll
2015-04-16 23:32 - 2015-04-16 23:33 - 00271072 _____ () C:\Windows\Minidump\041615-22838-01.dmp
2015-04-16 20:34 - 2015-04-16 20:34 - 00280176 _____ () C:\Windows\Minidump\041615-19546-01.dmp
2015-04-16 20:19 - 2015-04-16 20:21 - 00000000 ____D () C:\AdwCleaner
2015-04-16 18:32 - 2015-04-16 18:32 - 00271016 _____ () C:\Windows\Minidump\041615-21793-01.dmp
2015-04-16 06:35 - 2015-04-16 06:35 - 00271016 _____ () C:\Windows\Minidump\041615-23696-01.dmp
2015-04-16 06:32 - 2015-04-16 06:32 - 00280176 _____ () C:\Windows\Minidump\041615-45817-01.dmp
2015-04-16 06:28 - 2015-04-16 06:28 - 00079064 _____ () C:\Windows\system32\Drivers\xedklgte.sys
2015-04-15 22:25 - 2015-04-15 22:25 - 00271072 _____ () C:\Windows\Minidump\041515-20295-01.dmp
2015-04-15 22:18 - 2015-04-15 22:18 - 00280176 _____ () C:\Windows\Minidump\041515-23368-01.dmp
2015-04-15 21:44 - 2015-04-15 21:44 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 21:44 - 2015-04-15 21:44 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 21:40 - 2015-01-08 18:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-04-15 21:40 - 2015-01-08 18:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-04-15 21:19 - 2015-03-22 22:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 21:19 - 2015-03-22 22:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 21:19 - 2015-03-22 22:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 21:19 - 2015-03-22 22:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 21:19 - 2015-03-22 22:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 21:19 - 2015-03-22 22:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 21:19 - 2015-03-22 22:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 21:19 - 2015-03-22 22:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 21:19 - 2015-01-27 18:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-04-15 04:57 - 2015-03-24 22:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 04:57 - 2015-03-24 22:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 04:57 - 2015-03-24 22:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 04:57 - 2015-03-24 22:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 04:57 - 2015-03-24 22:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 04:57 - 2015-03-24 22:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 04:57 - 2015-03-24 22:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 04:57 - 2015-03-24 22:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 04:57 - 2015-03-24 22:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 04:57 - 2015-03-24 22:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 04:57 - 2015-03-24 22:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 04:57 - 2015-03-24 22:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 04:57 - 2015-03-24 22:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 04:57 - 2015-03-24 22:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 04:57 - 2015-03-24 22:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 04:57 - 2015-03-24 22:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 04:57 - 2015-03-09 22:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 04:57 - 2015-03-09 22:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 04:57 - 2015-03-09 22:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 04:57 - 2015-03-09 22:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 04:57 - 2015-03-05 00:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 04:57 - 2015-03-04 23:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 04:57 - 2015-02-24 22:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 04:54 - 2015-03-03 23:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 04:54 - 2015-03-03 23:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 04:54 - 2015-03-03 23:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 00:46 - 2015-04-15 00:47 - 00000000 ____D () C:\Users\root\Desktop\New folder
2015-04-14 23:04 - 2015-04-14 23:05 - 00280176 _____ () C:\Windows\Minidump\041415-81853-01.dmp
2015-04-14 23:03 - 2015-04-17 20:28 - 584629330 _____ () C:\Windows\MEMORY.DMP
2015-04-14 22:49 - 2015-04-17 20:29 - 00000000 __SHD () C:\Windows\SysWOW64\Windows Server
2015-04-14 22:47 - 2015-04-14 22:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone SDK 8.1
2015-04-14 22:44 - 2015-04-14 22:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft XDE
2015-04-14 22:33 - 2015-04-14 22:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Web Tools
2015-04-14 22:29 - 2015-04-14 22:29 - 00000000 ____D () C:\ProgramData\NuGet
2015-04-14 22:29 - 2015-04-14 22:29 - 00000000 ____D () C:\Program Files (x86)\ReleaseManagement
2015-04-14 22:29 - 2015-04-14 22:29 - 00000000 ____D () C:\Program Files (x86)\NuGet
2015-04-14 22:28 - 2015-04-14 22:28 - 00000000 ____D () C:\Program Files (x86)\AppInsights
2015-04-13 21:06 - 2015-04-13 21:07 - 00000000 ____D () C:\Users\root\Downloads\Cities Skylines - Update v1.0.7c [RezMar]
2015-04-13 18:54 - 2015-04-13 21:39 - 00000000 ____D () C:\Users\root\Downloads\Grand Theft Auto V
2015-04-13 18:48 - 2015-04-13 18:49 - 20193999 _____ () C:\Users\root\Desktop\GTA-5-PC-Game-Downloader-Crack.rar
2015-04-13 02:03 - 2015-04-13 02:03 - 00000000 ____D () C:\ProgramData\SystemRequirementsLab
2015-04-13 01:26 - 2015-04-13 01:26 - 00000000 ____D () C:\Program Files (x86)\My-Proxy
2015-04-13 00:50 - 2015-04-13 00:54 - 00000000 ____D () C:\Users\root\Downloads\kali-linux-1.1.0a-amd64
2015-04-13 00:35 - 2015-04-13 00:35 - 00001076 _____ () C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2015-04-13 00:35 - 2015-04-13 00:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-04-13 00:35 - 2015-03-16 17:36 - 00922704 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2015-04-13 00:35 - 2015-03-16 17:35 - 00128592 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2015-04-12 13:02 - 2015-04-12 13:02 - 00000055 _____ () C:\Users\root\Desktop\instance-1.rdp
2015-04-12 12:41 - 2015-04-17 21:16 - 00000000 ____D () C:\Program Files\Rockstar Games
2015-04-12 12:41 - 2015-04-17 21:16 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2015-04-12 10:19 - 2015-04-12 10:21 - 00002296 ____H () C:\Users\root\Documents\Default.rdp
2015-04-11 22:07 - 2015-04-11 22:11 - 257973006 ____R () C:\Users\root\Downloads\crackstation-human-only.txt.gz
2015-04-10 23:32 - 2015-04-10 23:32 - 00000000 ____D () C:\Users\root\AppData\Local\Chromium
2015-04-10 21:02 - 2015-04-10 21:02 - 00000000 ____D () C:\Users\root\AppData\Local\Rockstar Games
2015-04-10 21:01 - 2015-04-12 12:41 - 00000000 ____D () C:\Users\root\Documents\Rockstar Games
2015-04-08 22:16 - 2015-04-08 22:29 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-04-08 22:16 - 2015-03-30 02:02 - 00035112 _____ (TeamViewer GmbH) C:\Windows\system32\Drivers\teamviewervpn.sys
2015-04-08 22:03 - 2015-04-08 22:19 - 00000000 ____D () C:\Users\root\AppData\Roaming\TeamViewer
2015-04-08 21:45 - 2015-04-09 17:51 - 00000000 ____D () C:\Program Files (x86)\FileZilla Server
2015-04-08 19:53 - 2015-04-08 19:53 - 00000000 ____D () C:\Users\root\AppData\Roaming\FileZilla Server
2015-04-08 18:17 - 2015-04-08 18:17 - 00000000 _____ () C:\Windows\SysWOW64\serial.txt
2015-04-06 22:08 - 2015-04-06 22:08 - 00002101 _____ () C:\Users\root\Desktop\Isoplex.lnk
2015-04-06 22:08 - 2015-04-06 22:08 - 00000000 ____D () C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Isoplex
2015-04-06 21:58 - 2015-04-16 23:42 - 00000000 ____D () C:\Users\root\AppData\Local\Isoplex
2015-04-06 21:58 - 2015-04-06 21:58 - 00000000 ____D () C:\Users\root\AppData\Local\Caphyon
2015-04-06 21:58 - 2015-04-06 21:58 - 00000000 ____D () C:\Program Files (x86)\Isoplex
2015-04-06 21:57 - 2015-04-06 21:57 - 00000000 ____D () C:\Users\root\AppData\Roaming\Isoplex
2015-04-05 16:15 - 2015-04-05 17:20 - 00000000 ____D () C:\Users\root\.gimp-2.8
2015-04-05 16:15 - 2015-04-05 16:15 - 00000894 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-04-05 16:15 - 2015-04-05 16:15 - 00000000 ____D () C:\Users\root\AppData\Local\gegl-0.2
2015-04-05 16:14 - 2015-04-05 16:15 - 00000000 ____D () C:\Program Files\GIMP 2
2015-04-04 15:54 - 2015-04-04 15:54 - 00000126 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2015-04-04 15:52 - 2015-04-04 15:52 - 00000000 ____D () C:\Users\root\AppData\Local\DangKyHotmail
2015-04-04 04:33 - 2015-04-04 04:35 - 00000000 ____D () C:\Users\root\Desktop\www
2015-04-04 03:59 - 2015-04-04 03:59 - 00000053 _____ () C:\Users\root\Desktop\google3773d9bcf338067d.html
2015-04-03 19:27 - 2015-04-03 19:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-02 13:39 - 2015-04-17 20:28 - 00002026 _____ () C:\Windows\setupact.log
2015-04-02 13:39 - 2015-04-16 20:34 - 00010214 _____ () C:\Windows\PFRO.log
2015-04-02 13:39 - 2015-04-02 13:39 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-01 00:43 - 2015-04-01 00:43 - 01662129 _____ () C:\Users\root\Downloads\YouTube PVA Account Creator.rar
2015-03-29 10:47 - 2015-03-29 10:47 - 00000000 ____D () C:\Users\root\AppData\Local\Geckofx
2015-03-29 10:46 - 2015-04-04 14:06 - 00000056 _____ () C:\Windows\SysWOW64\T2setMS1p2.dbf
2015-03-29 10:27 - 2015-03-29 10:28 - 45599729 _____ () C:\Users\root\Desktop\CoinAd_Bot v3.1.rar
2015-03-28 14:02 - 2015-03-28 14:06 - 00000000 ____D () C:\Users\root\Downloads\Robert Greene - Mastery
2015-03-28 13:59 - 2015-03-28 14:14 - 00000000 ____D () C:\Users\root\Downloads\The 33 Strategies of War by Robert Greene
2015-03-28 13:59 - 2015-03-28 14:10 - 00000000 ____D () C:\Users\root\Downloads\Robert Greene - The Art of Seduction
2015-03-28 13:57 - 2015-03-28 14:02 - 00000000 ____D () C:\Users\root\Downloads\48 Laws Of Power - Robert Greene
2015-03-28 11:35 - 2015-03-28 11:35 - 00001082 _____ () C:\Users\root\Desktop\isaac-ng.exe - Shortcut.lnk
2015-03-28 11:32 - 2014-12-30 02:27 - 00000000 ____D () C:\Users\root\Desktop\IGG-The.Binding.of.Isaac.Rebirth.v1.041
2015-03-25 23:34 - 2015-03-25 23:34 - 38167461 _____ () C:\Users\root\Desktop\Cracking Guide.rar
2015-03-25 21:39 - 2015-03-25 21:39 - 00002307 _____ () C:\Users\root\Desktop\cookie.php
2015-03-25 20:27 - 2015-04-02 10:25 - 00000000 ____D () C:\Program Files (x86)\Citrix
2015-03-25 20:25 - 2015-04-02 10:25 - 00000000 ____D () C:\Users\root\AppData\Local\Citrix
2015-03-24 21:10 - 2015-03-24 21:10 - 00000000 ____D () C:\Users\root\AppData\Roaming\.mono
2015-03-24 21:10 - 2015-03-24 21:10 - 00000000 ____D () C:\ProgramData\.mono
2015-03-24 21:07 - 2015-03-24 21:07 - 00001687 _____ () C:\Users\root\Desktop\Cities Skylines.lnk
2015-03-24 21:07 - 2015-03-24 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Catalyst
2015-03-24 21:05 - 2015-03-24 21:05 - 00000000 ____D () C:\R.G. Catalyst
2015-03-24 19:46 - 2015-03-24 20:41 - 00000000 ____D () C:\Users\root\Downloads\Cities Skylines Mod Pack
2015-03-23 20:07 - 2015-03-23 20:07 - 00001062 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-03-22 15:17 - 2014-06-04 15:17 - 00021184 _____ (IObit) C:\Windows\system32\Drivers\SmartDefragDriver.sys
2015-03-22 14:34 - 2014-12-29 14:17 - 00039616 _____ (Connectify) C:\Windows\system32\Drivers\tap0901cn.sys
2015-03-21 22:25 - 2015-03-21 22:26 - 00000000 ____D () C:\Users\root\Downloads\Interstellar.2014.1080p.BluRay.x264.DTS-RARBG
2015-03-18 19:45 - 2015-03-18 19:45 - 00000000 ____D () C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-17 21:20 - 2014-11-24 14:14 - 00000000 ____D () C:\Users\root\AppData\Roaming\uTorrent
2015-04-17 21:20 - 2014-07-13 01:27 - 00000000 ____D () C:\Users\root\AppData\Roaming\BitTorrent
2015-04-17 21:18 - 2014-08-09 07:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-04-17 20:36 - 2009-07-13 23:45 - 00027680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-17 20:36 - 2009-07-13 23:45 - 00027680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-17 20:31 - 2014-06-09 16:48 - 01645685 _____ () C:\Windows\WindowsUpdate.log
2015-04-17 20:28 - 2014-06-09 17:15 - 00000000 ____D () C:\Windows\Minidump
2015-04-16 22:47 - 2014-07-17 12:55 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-16 21:00 - 2014-07-17 12:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-15 21:47 - 2014-12-23 15:17 - 00000000 ____D () C:\Users\Default
2015-04-15 21:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-15 21:39 - 2014-07-13 13:29 - 01599792 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 21:39 - 2012-11-08 12:08 - 00697280 _____ () C:\Windows\system32\perfh007.dat
2015-04-15 21:39 - 2012-11-08 12:08 - 00149216 _____ () C:\Windows\system32\perfc007.dat
2015-04-15 21:39 - 2009-07-14 00:13 - 01599792 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-15 21:38 - 2014-06-09 16:50 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 21:22 - 2012-10-17 14:41 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 00:42 - 2014-07-12 17:32 - 00000000 ____D () C:\Users\root\AppData\Roaming\vlc
2015-04-14 23:05 - 2009-07-13 23:45 - 05330296 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-14 23:01 - 2014-07-14 00:39 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-14 22:56 - 2014-08-09 07:39 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-04-14 22:55 - 2014-07-12 10:29 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-14 22:53 - 2014-07-12 00:03 - 00118880 _____ () C:\Users\root\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-14 22:52 - 2014-08-09 07:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2015-04-14 22:28 - 2012-11-08 10:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-14 22:26 - 2014-08-09 07:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2013
2015-04-14 22:14 - 2014-08-09 07:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2015-04-14 21:56 - 2014-08-09 08:18 - 00000000 ____D () C:\Users\root\Documents\Visual Studio 2013
2015-04-14 19:55 - 2014-07-12 10:29 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-14 09:31 - 2015-02-07 18:09 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{15ADF491-2E0B-40D9-8560-B15CED2A7F0A}
2015-04-14 02:00 - 2014-07-15 12:56 - 00000000 ____D () C:\Users\root\AppData\Local\Adobe
2015-04-13 02:03 - 2014-07-30 23:27 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2015-04-11 15:06 - 2014-07-17 07:58 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForroot
2015-04-11 15:06 - 2014-07-17 07:58 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForroot.job
2015-04-11 03:17 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-09 18:03 - 2012-10-17 11:43 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-04-05 16:15 - 2014-07-12 00:02 - 00000000 ____D () C:\Users\root
2015-04-03 19:33 - 2014-07-13 22:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-02 12:14 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-02 10:51 - 2012-10-17 11:01 - 00000000 ____D () C:\Intel
2015-04-02 10:38 - 2014-08-04 04:13 - 00000000 ____D () C:\Users\root\Documents\Hands In The Cookie Jar
2015-04-02 10:27 - 2015-02-08 17:05 - 00000000 ____D () C:\ProgramData\Bohemia Interactive
2015-04-02 10:27 - 2015-02-07 17:36 - 00000000 ____D () C:\Program Files (x86)\R.G. Mechanics
2015-04-02 10:25 - 2014-11-24 23:24 - 00000000 ____D () C:\Users\root\AppData\Roaming\JAM Software
2015-03-29 14:09 - 2012-11-08 10:41 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-29 14:09 - 2012-11-08 10:41 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-29 14:09 - 2012-11-08 10:41 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-25 21:38 - 2014-07-27 16:17 - 00000000 ____D () C:\Users\root\AppData\Roaming\Notepad++
2015-03-24 20:27 - 2014-07-17 12:55 - 00001098 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-24 20:27 - 2014-07-17 12:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-23 20:07 - 2012-11-29 17:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-03-22 15:17 - 2015-02-09 23:23 - 00001166 _____ () C:\Users\Public\Desktop\Smart Defrag 4.lnk
2015-03-22 15:17 - 2015-02-09 23:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 4
2015-03-18 21:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-03-18 19:45 - 2014-12-29 21:21 - 00000000 ____D () C:\Users\root\AppData\Local\FluxSoftware
 
==================== Files in the root of some directories =======
 
2014-08-05 03:58 - 2014-08-05 03:58 - 0000132 _____ () C:\Users\root\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-08-09 15:13 - 2014-08-09 15:13 - 0000046 _____ () C:\Users\root\AppData\Roaming\Camdata.ini
2014-08-09 15:13 - 2014-08-09 15:13 - 0000408 _____ () C:\Users\root\AppData\Roaming\CamLayout.ini
2014-08-09 15:13 - 2014-08-09 15:13 - 0000408 _____ () C:\Users\root\AppData\Roaming\CamShapes.ini
2014-08-09 15:13 - 2014-08-09 15:13 - 0004521 _____ () C:\Users\root\AppData\Roaming\CamStudio.cfg
2015-04-16 23:35 - 2015-04-17 21:23 - 0021144 _____ () C:\Users\root\AppData\Roaming\msconfig.ini
2015-04-16 23:34 - 2015-04-16 23:34 - 0154283 ____H () C:\Users\root\AppData\Roaming\root-wchelper.dll
2005-04-07 21:16 - 2014-07-14 01:02 - 0006446 ____H () C:\Users\root\AppData\Roaming\rootlog.dat
2015-03-15 03:02 - 2015-03-15 03:03 - 0000600 _____ () C:\Users\root\AppData\Local\PUTTY.RND
2014-08-18 20:13 - 2015-03-03 22:39 - 0007670 _____ () C:\Users\root\AppData\Local\Resmon.ResmonCfg
2015-02-12 23:07 - 2015-02-12 23:07 - 0262657 _____ () C:\ProgramData\1423800334.bdinstall.bin
2015-04-04 15:54 - 2015-04-04 15:54 - 0000126 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
 
Files to move or delete:
====================
C:\Users\root\AppData\Local\Temp\Winfix.exe
C:\Users\root\apps.js
C:\Users\root\AppData\Roaming\msconfig.ini
 
 
Some content of TEMP:
====================
C:\Users\root\AppData\Local\Temp\fin.exe
C:\Users\root\AppData\Local\Temp\Quarantine.exe
C:\Users\root\AppData\Local\Temp\sqlite3.dll
C:\Users\root\AppData\Local\Temp\Winfix.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-14 01:35
 
==================== End Of Log ============================

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:04 PM

Posted 22 April 2015 - 09:29 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please run the MBAM tool and remove everyghing that was identified.

===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
CloseProcesses:

() C:\Users\root\AppData\Roaming\system32\winhost.exe
() C:\Users\root\AppData\Roaming\system32\winhost.exe
() C:\Users\root\AppData\Roaming\system32\winhost.exe
HKLM-x32\...\Run: [HKLM] => C:\Windows\SysWOW64\system32\winhost.exe [670208 2005-11-09] ()
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer\Run: [Policies] => C:\Windows\system32\system32\winhost.exe No File
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-1390843022-1499049480-1858506-1005\...\Run: [WindowsFixer] => C:\Users\root\AppData\Local\Temp\Winfix.exe [670208 2005-11-09] () <===== ATTENTION
HKU\S-1-5-21-1390843022-1499049480-1858506-1005\...\Run: [HKCU] => C:\Windows\system32\system32\winhost.exe
HKU\S-1-5-21-1390843022-1499049480-1858506-1005\...\Policies\Explorer\Run: [Policies] => C:\Windows\system32\system32\winhost.exe
HKU\S-1-5-21-1390843022-1499049480-1858506-1005\...\Winlogon: [Shell] C:\Users\root\AppData\Local\Temp\fin.exe [155648 2015-04-14] (Swearware) <==== ATTENTION
IFEO\AVASTSVC.EXE: [Debugger] nqij.exe
IFEO\AvastUI.exe: [Debugger] nqij.exe
IFEO\AVCENTER.EXE: [Debugger] nqij.exe
IFEO\AVCONFIG.EXE: [Debugger] nqij.exe
IFEO\AVGCSRVX.EXE: [Debugger] nqij.exe
IFEO\avgidsagent.exe: [Debugger] nqij.exe
IFEO\AVGNT.EXE: [Debugger] nqij.exe
IFEO\AVGRSX.EXE: [Debugger] nqij.exe
IFEO\AVGUARD.EXE: [Debugger] nqij.exe
IFEO\AVGUI.EXE: [Debugger] nqij.exe
IFEO\AVGWDSVC.EXE: [Debugger] nqij.exe
IFEO\AVP.EXE: [Debugger] nqij.exe
IFEO\AVSCAN.EXE: [Debugger] nqij.exe
IFEO\bdagent.exe: [Debugger] nqij.exe
IFEO\BLINDMAN.EXE: [Debugger] nqij.exe
IFEO\CCUAC.EXE: [Debugger] nqij.exe
IFEO\COMBOFIX.EXE: [Debugger] nqij.exe
IFEO\egui.exe: [Debugger] nqij.exe
IFEO\HIJACKTHIS.EXE: [Debugger] nqij.exe
IFEO\instup.exe: [Debugger] nqij.exe
IFEO\KEYSCRAMBLER.EXE: [Debugger] nqij.exe
IFEO\mbam.exe: [Debugger] nqij.exe
IFEO\mbamgui.exe: [Debugger] nqij.exe
IFEO\MBAMPT.EXE: [Debugger] nqij.exe
IFEO\MBAMSCHEDULER.EXE: [Debugger] nqij.exe
IFEO\mbamservice.exe: [Debugger] nqij.exe
IFEO\MPCMDRUN.EXE: [Debugger] nqij.exe
IFEO\MSASCUI.EXE: [Debugger] nqij.exe
IFEO\MSMPENG.EXE: [Debugger] nqij.exe
IFEO\MSSECES.EXE: [Debugger] nqij.exe
IFEO\RSTRUI.EXE: [Debugger] nqij.exe
IFEO\SDFILES.EXE: [Debugger] nqij.exe
IFEO\SDMAIN.EXE: [Debugger] nqij.exe
IFEO\SDWINSEC.EXE: [Debugger] nqij.exe
IFEO\SPYBOTSD.EXE: [Debugger] nqij.exe
IFEO\WIRESHARK.EXE: [Debugger] nqij.exe
IFEO\ZLCLIENT.EXE: [Debugger] nqij.exe
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\root\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\root\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\root\AppData\Local\MEGAsync\ShellExtX64.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\root\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\root\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\root\AppData\Local\MEGAsync\ShellExtX32.dll No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-1390843022-1499049480-1858506-1005 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]
S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [X]
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [X]
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [X]
S2 FA_Scheduler; "C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe" [X]
S4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [X]
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X]
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X]
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\root\AppData\Roaming\system32\winhost.exe
C:\Users\root\AppData\Local\Temp\Winfix.exe
C:\Users\root\AppData\Local\Temp\fin.exe
C:\Users\root\AppData\Local\Temp\sqlite3.dll
C:\Users\root\AppData\Local\Temp\Winfix.exe

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

#3 DaftOdyssey

DaftOdyssey
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 22 April 2015 - 06:45 PM

Well I got the same blue screen once I pressed the fix button. And also a black fixlog file. I also did a virus scan on the fin.exe process using process explorer and I got this https://www.virustotal.com/en/file/caf1b4786a383eaf536e79618d49d7f7caf6108cc09be9d6256817378c747fe0/analysis/ What was interesting was that under the file detail tab, it has the same info as the combofix by swearware. Also regarding the c# command line compiler, I believe that it's a bitcoin mining software running in the background because if you see the threads of the process http://i.imgur.com/4ojfT6i.jpg you'll see a clear adress name with "Bitcoin Miner" on it, so that's why it's using a lot of ram.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:04 PM

Posted 23 April 2015 - 07:33 AM

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

When completed run my previous fix with the Farbar tool.

Keep me posted.

#5 DaftOdyssey

DaftOdyssey
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 23 April 2015 - 06:12 PM

I tried to run RogueKiller on normal and safemode but it blue screened once it was starting to initialize on the fin.exe process. No log was created and I tried Farbar tool again but got the same results.

 

Edit: I suspended(freeze) the fin.exe process using process explorer and then closed the task manager. So no csc.exe process was created which is awesome because no ram is being wasted. Should I try the tools again even though the process is suspended?

 

Edit2: Tried with the suspended process and got the same results.


Edited by DaftOdyssey, 23 April 2015 - 09:44 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:04 PM

Posted 24 April 2015 - 09:12 AM

Try this tool.

Please Download and run the ComboFix tool.

How to use ComboFix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Follow the instructions on the page.

Post the content of the C:\ComboFix.txt file for my review.

p.s.
When all is well you can remove the tool by following the Uninstall instructions on the same page.

====

#7 DaftOdyssey

DaftOdyssey
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 24 April 2015 - 11:51 PM

Had to rename the file for it to run because of the malware

 

ComboFix 15-04-19.01 - root 04/24/2015  23:30:43.1.4 - x64
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.1.1033.18.3978.2752 [GMT -5:00]
Running from: c:\users\root\Desktop\fix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\1423800334.bdinstall.bin
c:\users\root\AppData\Local\Adobe\gccheck.exe
c:\users\root\AppData\Local\Adobe\gtbcheck.exe
c:\users\root\AppData\Local\assembly\tmp
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\_locales\ar\messages.json
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\_locales\bg\messages.json
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\_locales\ca\messages.json
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\_locales\cs\messages.json
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\_locales\da\messages.json
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\_locales\de\messages.json
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\_locales\el\messages.json
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\_locales\en\messages.json
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\_locales\es\messages.json
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\_locales\fi\messages.json
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\_locales\fr\messages.json
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\_locales\he\messages.json
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\_locales\hr\messages.json
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\_locales\hu\messages.json
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\_locales\id\messages.json
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\_locales\it\messages.json
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\_locales\ja\messages.json
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\_locales\ko\messages.json
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\_locales\nb\messages.json
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\_locales\nl\messages.json
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\_locales\pl\messages.json
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\_locales\pt_BR\messages.json
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\_locales\pt_PT\messages.json
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\_locales\ro\messages.json
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\_locales\ru\messages.json
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\_locales\sk\messages.json
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\_locales\sl\messages.json
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\_locales\sr\messages.json
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\_locales\sv\messages.json
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\_locales\te\messages.json
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\_locales\tr\messages.json
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\_locales\uk\messages.json
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\_locales\vi\messages.json
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\_locales\zh_CN\messages.json
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\_locales\zh_TW\messages.json
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\_metadata\computed_hashes.json
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\_metadata\verified_contents.json
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\adblock_start_chrome.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\adblock_start_common.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\background.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\bandaids.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\button\popup.css
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\button\popup.html
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\button\popup.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\button\search\search.css
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\button\search\search.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\CHANGELOG.txt
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\checkupdates.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\chrome_oauth_receiver.html
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\chrome_oauth_receiver.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\dropbox-datastores.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\filtering\domainset.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\filtering\filternormalizer.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\filtering\filteroptions.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\filtering\filterset.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\filtering\filtertypes.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\filtering\myfilters.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\functions.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\idlehandler.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\img\delete.gif
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\img\dropbox1.png
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\img\dropbox2.png
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\img\dropbox3.png
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\img\facebook-sprite.png
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\img\gifloader.gif
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\img\gplus-sprite.png
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\img\icon128.png
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\img\icon16.png
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\img\icon16_grayscale.png
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\img\icon16_grayscale@2x.png
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\img\icon19-grayscale.png
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\img\icon19-whitelisted.png
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\img\icon19.png
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\img\icon24.png
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\img\icon32.png
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\img\icon38-grayscale.png
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\img\icon38-whitelisted.png
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\img\icon38.png
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\img\icon48.png
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\img\logo.png
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\img\search\check.png
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\img\search\magnifying_glass.png
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\img\search\search-engine-card_no-shadow.png
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\img\search\search-engine-icons.png
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\img\search\search-omnibox-card_no-shadow.png
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\img\search\search_engine_select_arrow.png
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\img\twitter-sprite.png
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\jquery\css\images\ui-bg_flat_55_999999_40x100.png
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\jquery\css\images\ui-bg_flat_75_aaaaaa_40x100.png
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\jquery\css\images\ui-bg_glass_45_0078ae_1x400.png
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\jquery\css\images\ui-bg_glass_55_f8da4e_1x400.png
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\jquery\css\images\ui-bg_glass_75_79c9ec_1x400.png
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\jquery\css\images\ui-bg_gloss-wave_50_38cfff_500x100.png
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\jquery\css\images\ui-bg_gloss-wave_75_2191c0_500x100.png
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\jquery\css\images\ui-bg_inset-hard_100_fcfdfd_1x100.png
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\jquery\css\images\ui-icons_056b93_256x240.png
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\jquery\css\images\ui-icons_d8e7f3_256x240.png
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\jquery\css\jquery-ui.custom.css
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\jquery\css\override-page.css
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\jquery\jquery-ui.custom.min.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\jquery\jquery.cookie.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\jquery\jquery.min.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\LICENSE
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\manifest.json
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\notificationoverlay.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\options\customize.html
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\options\customize.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\options\filters.html
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\options\filters.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\options\general.html
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\options\general.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\options\index.html
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\options\index.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\options\options.css
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\options\support.html
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\options\support.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\pages\adreport.html
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\pages\adreport.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\pages\resourceblock.html
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\pages\resourceblock.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\pages\subscribe.html
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\pages\subscribe.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\port.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\README.markdown
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\search\focus.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\search\incognito.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\search\pitchpage.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\search\search-plus-one.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\search\secure_reminder.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\search\serp.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\stats.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\survey.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\translators.json
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\uiscripts\blacklisting\blacklistui.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\uiscripts\blacklisting\clickwatcher.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\uiscripts\blacklisting\elementchain.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\uiscripts\blacklisting\overlay.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\uiscripts\blacklisting\rightclick_hook.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\uiscripts\load_jquery_ui.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\uiscripts\send_content_to_back.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\uiscripts\top_open_blacklist_ui.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\uiscripts\top_open_whitelist_ui.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.29_0\ytchannel.js
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage-journal
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage
c:\users\root\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\root\AppData\Local\Temp\_av4_\ashBase.dll
c:\users\root\AppData\Local\Temp\_av4_\ashSSqlt.dll
c:\users\root\AppData\Local\Temp\_av4_\ashSXML.dll
c:\users\root\AppData\Local\Temp\_av4_\ashTask.dll
c:\users\root\AppData\Local\Temp\_av4_\aswAux.dll
c:\users\root\AppData\Local\Temp\_av4_\aswCmnB.dll
c:\users\root\AppData\Local\Temp\_av4_\aswCmnOS.dll
c:\users\root\AppData\Local\Temp\_av4_\aswCmnS.dll
c:\users\root\AppData\Local\Temp\_av4_\aswEngin.dll
c:\users\root\AppData\Local\Temp\_av4_\aswRes.dll
c:\users\root\AppData\Local\Temp\_av4_\aswScan.dll
c:\users\root\AppData\Local\Temp\_av4_\data\aswar0.dll
c:\users\root\AppData\Local\Temp\_av4_\data\clnr0.dll
c:\users\root\AppData\Local\Temp\_av4_\data\exts0.dll
c:\users\root\AppData\Local\Temp\_av4_\data\uiaux0.dll
c:\users\root\AppData\Local\Temp\_av4_\data\updldr0.bin
c:\users\root\AppData\Local\Temp\_av4_\english\Base.dll
c:\users\root\AppData\Local\Temp\_av4_\msvcp71.dll
c:\users\root\AppData\Local\Temp\_av4_\msvcr71.dll
c:\users\root\AppData\Local\Temp\fin.exe
c:\users\root\AppData\Local\Temp\nsk8186.tmp\nsExec.dll
c:\users\root\AppData\Local\Temp\nsk8186.tmp\nsisdl.dll
c:\users\root\AppData\Local\Temp\nsk8186.tmp\System.dll
c:\users\root\AppData\Local\Temp\nsk8186.tmp\UserInfo.dll
c:\users\root\AppData\Local\Temp\nsn8123.tmp
c:\users\root\AppData\Local\Temp\nsvD8CC.tmp
c:\users\root\AppData\Local\Temp\procexp64.exe
c:\users\root\AppData\Local\Temp\Quarantine.exe
c:\users\root\AppData\Local\Temp\sqlite3.dll
c:\users\root\AppData\Roaming\Microsoft\msconfig.exe
c:\users\root\AppData\Roaming\root-wchelper.dll
c:\users\root\AppData\Roaming\rootlog.dat
c:\users\root\AppData\Roaming\system32
c:\users\root\AppData\Roaming\system32\winhost.exe
c:\users\root\videos\adwcleaner_4.201.exe
c:\users\root\videos\BitTorrent.exe
c:\users\root\videos\EmsisoftEmergencyKit.exe
c:\users\root\videos\FRST64.exe
c:\users\root\videos\rkill.exe
c:\users\root\videos\rkill64.exe
c:\users\root\videos\system.exe
c:\users\root\videos\TFC.exe
c:\users\root\videos\uSeRiNiT.exe
c:\users\root\videos\WiNlOgOn.exe
.
.
(((((((((((((((((((((((((   Files Created from 2015-03-25 to 2015-04-25  )))))))))))))))))))))))))))))))
.
.
2015-04-25 04:22 . 2015-04-25 04:37 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{41D29ECA-721D-44E7-9E68-4FC907C01D19}\offreg.dll
2015-04-24 06:20 . 2015-03-17 05:22 5557696 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-04-24 03:22 . 2015-04-24 03:22 -------- d-----w- c:\users\root\AppData\Local\pip
2015-04-24 03:21 . 2015-04-24 03:22 -------- d-----w- C:\Python34
2015-04-24 00:04 . 2015-04-24 00:04 -------- d-----w- C:\TDSSKiller_Quarantine
2015-04-23 22:20 . 2015-04-23 23:32 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-04-23 22:20 . 2015-04-23 22:20 -------- d-----w- c:\programdata\RogueKiller
2015-04-22 15:42 . 2015-04-23 01:55 -------- d--h--w- c:\users\root\AppData\Roaming\P0U4M118-N5L3-V331-B1K8-X2U3O6B7B2P6
2015-04-20 08:04 . 2015-04-20 08:04 -------- d-----w- c:\users\root\AppData\Roaming\New Technology Studio
2015-04-20 08:04 . 2015-04-20 08:04 -------- d-----w- c:\users\root\AppData\Local\New Technology Studio
2015-04-20 03:18 . 2015-04-20 03:18 -------- d-----w- c:\program files (x86)\Rockstar Games
2015-04-20 03:18 . 2015-04-20 03:18 -------- d-----w- c:\program files\Rockstar Games
2015-04-20 01:48 . 2015-04-20 01:48 -------- d-----w- c:\program files\7-Zip
2015-04-18 08:02 . 2015-04-18 08:02 -------- d-----w- C:\979f08df1cf64f26383ea3989ad6a5b9
2015-04-18 08:01 . 2015-04-18 08:02 -------- d-----w- C:\b8761b764194381cb1
2015-04-18 08:01 . 2015-04-18 08:01 -------- d-----w- C:\8de311ad7f90d42085a1f3fc1b3a
2015-04-18 08:00 . 2015-04-18 08:01 -------- d-----w- C:\ed26a4dee7346de7adc9053898d0
2015-04-18 08:00 . 2015-04-18 08:00 -------- d-----w- C:\c853f5503fc4d4aba2
2015-04-18 02:22 . 2015-04-23 22:55 -------- d-----w- C:\FRST
2015-04-18 01:29 . 2015-04-23 23:35 -------- d-----w- c:\users\root\AppData\Local\CrashDumps
2015-04-17 08:02 . 2015-04-17 08:02 -------- d-----w- C:\ca7b927c5a0f42bedac7eb
2015-04-17 08:01 . 2015-04-17 08:02 -------- d-----w- C:\f5dc458f949eca76247d5e1d60c7
2015-04-17 08:01 . 2015-04-17 08:01 -------- d-----w- C:\b83323924e73892cb5
2015-04-17 08:00 . 2015-04-17 08:01 -------- d-----w- C:\b033a9c7c9418bb5b4
2015-04-17 08:00 . 2015-04-17 08:00 -------- d-----w- C:\12e95cc8a2ed35754401ba
2015-04-17 01:19 . 2015-04-17 01:21 -------- d-----w- C:\AdwCleaner
2015-04-16 11:28 . 2015-04-16 11:28 79064 ----a-w- c:\windows\system32\drivers\xedklgte.sys
2015-04-16 02:44 . 2015-04-16 02:44 -------- d-s---w- c:\windows\system32\CompatTel
2015-04-16 02:44 . 2015-04-16 02:44 -------- d-----w- c:\windows\system32\appraiser
2015-04-16 02:19 . 2015-01-27 23:36 1239720 ----a-w- c:\windows\system32\aitstatic.exe
2015-04-16 02:19 . 2015-03-23 03:25 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-04-16 02:19 . 2015-03-23 03:25 769536 ----a-w- c:\windows\system32\invagent.dll
2015-04-16 02:19 . 2015-03-23 03:24 419840 ----a-w- c:\windows\system32\devinv.dll
2015-04-16 02:19 . 2015-03-23 03:24 30720 ----a-w- c:\windows\system32\acmigration.dll
2015-04-16 02:19 . 2015-03-23 03:24 192000 ----a-w- c:\windows\system32\aepic.dll
2015-04-16 02:19 . 2015-03-23 03:17 1111552 ----a-w- c:\windows\system32\aeinv.dll
2015-04-16 02:19 . 2015-03-23 03:24 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-04-15 09:54 . 2015-03-04 04:55 367552 ----a-w- c:\windows\system32\clfs.sys
2015-04-15 09:54 . 2015-03-04 04:41 79360 ----a-w- c:\windows\system32\clfsw32.dll
2015-04-15 09:54 . 2015-03-04 04:10 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-04-15 03:49 . 2015-04-25 04:15 -------- d-sh--w- c:\windows\SysWow64\Windows Server
2015-04-15 03:44 . 2015-04-15 03:44 -------- d-----w- c:\program files (x86)\Microsoft XDE
2015-04-15 03:33 . 2015-04-15 03:34 -------- d-----w- c:\program files (x86)\Microsoft Web Tools
2015-04-15 03:29 . 2015-04-15 03:29 -------- d-----w- c:\program files (x86)\ReleaseManagement
2015-04-15 03:29 . 2015-04-15 03:29 -------- d-----w- c:\programdata\NuGet
2015-04-15 03:29 . 2015-04-15 03:29 -------- d-----w- c:\program files (x86)\NuGet
2015-04-15 03:28 . 2015-04-15 03:28 -------- d-----w- c:\program files (x86)\AppInsights
2015-04-13 07:03 . 2015-04-13 07:03 -------- d-----w- c:\programdata\SystemRequirementsLab
2015-04-13 06:26 . 2015-04-13 06:26 -------- d-----w- c:\program files (x86)\My-Proxy
2015-04-13 05:35 . 2015-03-16 22:36 922704 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2015-04-13 05:35 . 2015-03-16 22:35 128592 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2015-04-11 04:32 . 2015-04-11 04:32 -------- d-----w- c:\users\root\AppData\Local\Chromium
2015-04-11 02:02 . 2015-04-11 02:02 -------- d-----w- c:\users\root\AppData\Local\Rockstar Games
2015-04-09 03:16 . 2015-03-30 07:02 35112 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys
2015-04-09 03:16 . 2015-04-09 03:29 -------- d-----w- c:\program files (x86)\TeamViewer
2015-04-09 03:03 . 2015-04-09 03:19 -------- d-----w- c:\users\root\AppData\Roaming\TeamViewer
2015-04-09 02:45 . 2015-04-09 22:51 -------- d-----w- c:\program files (x86)\FileZilla Server
2015-04-09 00:53 . 2015-04-09 00:53 -------- d-----w- c:\users\root\AppData\Roaming\FileZilla Server
2015-04-07 02:58 . 2015-04-17 04:42 -------- d-----w- c:\users\root\AppData\Local\Isoplex
2015-04-07 02:58 . 2015-04-07 02:58 -------- d-----w- c:\users\root\AppData\Local\Caphyon
2015-04-07 02:58 . 2015-04-07 02:58 -------- d-----w- c:\program files (x86)\Isoplex
2015-04-07 02:57 . 2015-04-07 02:57 -------- d-----w- c:\users\root\AppData\Roaming\Isoplex
2015-04-05 21:15 . 2015-04-05 21:15 -------- d-----w- c:\users\root\AppData\Local\fontconfig
2015-04-05 21:15 . 2015-04-05 22:20 -------- d-----w- c:\users\root\.gimp-2.8
2015-04-05 21:15 . 2015-04-05 21:15 -------- d-----w- c:\users\root\AppData\Local\gegl-0.2
2015-04-05 21:14 . 2015-04-05 21:15 -------- d-----w- c:\program files\GIMP 2
2015-04-04 20:52 . 2015-04-04 20:52 -------- d-----w- c:\users\root\AppData\Local\DangKyHotmail
2015-03-31 08:22 . 2015-03-31 08:22 5132888 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
2015-03-31 08:22 . 2015-03-31 08:22 2230360 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL
2015-03-31 08:22 . 2015-03-31 08:22 204376 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL
2015-03-31 08:22 . 2015-03-31 08:22 189128 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\LICLUA.EXE
2015-03-31 08:22 . 2015-03-31 08:22 1833560 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL
2015-03-31 08:22 . 2015-03-31 08:22 179800 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL
2015-03-31 08:22 . 2015-03-31 08:22 1653336 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL
2015-03-31 08:22 . 2015-03-31 08:22 147032 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL
2015-03-31 08:22 . 2015-03-31 08:22 14432 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\pkeyconfig.companion.dll
2015-03-31 08:22 . 2015-03-31 08:22 1274456 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\pidgenx.dll
2015-03-29 15:47 . 2015-03-29 15:47 -------- d-----w- c:\users\root\AppData\Local\Geckofx
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-23 23:23 . 2014-07-17 17:55 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-21 01:26 . 2014-09-12 04:11 627920 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2015-04-16 02:22 . 2012-10-17 19:41 128913832 ----a-w- c:\windows\system32\MRT.exe
2015-04-15 04:01 . 2014-08-09 13:21 3031968 ----a-w- c:\programdata\Microsoft\VisualStudio\12.0\1033\ResourceCache.dll
2015-04-14 14:37 . 2014-07-17 17:55 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-14 14:37 . 2014-07-17 17:55 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 14:37 . 2014-07-17 17:55 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-03-29 19:09 . 2012-11-08 15:41 778928 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-03-29 19:09 . 2012-11-08 15:41 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-17 04:56 . 2015-04-24 06:20 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-03-16 22:35 . 2015-03-16 22:35 204264 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2015-03-16 22:35 . 2015-03-16 22:35 156360 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2015-03-16 22:35 . 2015-03-16 22:35 141440 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2015-02-26 03:25 . 2015-03-11 07:55 3204096 ----a-w- c:\windows\system32\win32k.sys
2015-02-25 03:44 . 2015-02-25 03:44 4057600 ----a-w- c:\windows\system32\python34.dll
2015-02-25 03:42 . 2015-02-25 03:42 102912 ----a-w- c:\windows\pyw.exe
2015-02-25 03:42 . 2015-02-25 03:42 102400 ----a-w- c:\windows\py.exe
2015-02-24 09:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-20 04:41 . 2015-03-11 07:56 41984 ----a-w- c:\windows\system32\lpk.dll
2015-02-20 04:40 . 2015-03-11 07:56 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-02-20 04:40 . 2015-03-11 07:56 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-02-20 04:40 . 2015-03-11 07:56 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-02-20 04:13 . 2015-03-11 07:56 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-02-20 04:13 . 2015-03-11 07:56 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-02-20 04:13 . 2015-03-11 07:56 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-02-20 04:12 . 2015-03-11 07:56 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-02-20 03:29 . 2015-03-11 07:56 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-02-20 03:09 . 2015-03-11 07:56 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-02-14 05:22 . 2015-02-14 05:22 129752 ----a-w- c:\windows\system32\drivers\449946DA.sys
2015-02-13 05:22 . 2015-03-11 07:55 14177280 ----a-w- c:\windows\system32\shell32.dll
2015-02-11 04:09 . 2015-02-11 04:09 74000 ----a-w- c:\windows\system32\bdsandboxuiskin32.dll
2015-02-11 04:09 . 2015-02-11 04:09 84848 ----a-w- c:\windows\system32\bdsandboxuiskin.dll
2015-02-11 04:08 . 2015-02-10 03:19 33360 ----a-w- c:\windows\system32\bdsandboxuh.dll
2015-02-04 17:23 . 2015-02-04 17:23 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2015-02-04 17:13 . 2015-02-04 17:13 869536 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-02-04 03:16 . 2015-03-11 07:55 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-02-04 02:54 . 2015-03-11 07:55 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-02-03 03:34 . 2015-03-11 07:56 693176 ----a-w- c:\windows\system32\winload.efi
2015-02-03 03:34 . 2015-03-11 07:56 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-02-03 03:33 . 2015-03-11 07:56 616360 ----a-w- c:\windows\system32\winresume.efi
2015-02-03 03:31 . 2015-03-11 07:56 14632960 ----a-w- c:\windows\system32\wmp.dll
2015-02-03 03:31 . 2015-03-11 07:56 782848 ----a-w- c:\windows\system32\wmdrmsdk.dll
2015-02-03 03:31 . 2015-03-11 07:56 229376 ----a-w- c:\windows\system32\wintrust.dll
2015-02-03 03:31 . 2015-03-12 01:40 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-03 03:31 . 2015-03-11 07:55 215552 ----a-w- c:\windows\system32\ubpm.dll
2015-02-03 03:31 . 2015-03-11 07:56 5120 ----a-w- c:\windows\system32\msdxm.ocx
2015-02-03 03:31 . 2015-03-11 07:56 5120 ----a-w- c:\windows\system32\dxmasf.dll
2015-02-03 03:31 . 2015-03-11 07:56 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-02-03 03:31 . 2015-03-11 07:56 1574400 ----a-w- c:\windows\system32\quartz.dll
2015-02-03 03:31 . 2015-03-11 07:56 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll
2015-02-03 03:31 . 2015-03-11 07:56 371712 ----a-w- c:\windows\system32\qdvd.dll
2015-02-03 03:31 . 2015-03-11 07:56 188416 ----a-w- c:\windows\system32\pcasvc.dll
2015-02-03 03:31 . 2015-03-11 07:56 37376 ----a-w- c:\windows\system32\pcadm.dll
2015-02-03 03:31 . 2015-03-11 07:56 9728 ----a-w- c:\windows\system32\spwmp.dll
2015-02-03 03:31 . 2015-03-11 07:56 641024 ----a-w- c:\windows\system32\msscp.dll
2015-02-03 03:31 . 2015-03-11 07:56 325632 ----a-w- c:\windows\system32\msnetobj.dll
2015-02-03 03:31 . 2015-03-11 07:56 11264 ----a-w- c:\windows\system32\msmmsp.dll
2015-02-03 03:31 . 2015-03-11 07:56 432128 ----a-w- c:\windows\system32\mfplat.dll
2015-02-03 03:31 . 2015-03-11 07:56 4121600 ----a-w- c:\windows\system32\mf.dll
2015-02-03 03:31 . 2015-03-11 07:56 206848 ----a-w- c:\windows\system32\mfps.dll
2015-02-03 03:30 . 2015-03-11 07:56 631808 ----a-w- c:\windows\system32\evr.dll
2015-02-03 03:30 . 2015-03-11 07:56 284672 ----a-w- c:\windows\system32\EncDump.dll
2015-02-03 03:30 . 2015-03-11 07:56 1202176 ----a-w- c:\windows\system32\drmv2clt.dll
2015-02-03 03:30 . 2015-03-11 07:56 497664 ----a-w- c:\windows\system32\drmmgrtn.dll
2015-02-03 03:30 . 2015-03-11 07:56 1480192 ----a-w- c:\windows\system32\crypt32.dll
2015-02-03 03:30 . 2015-03-11 07:56 1069056 ----a-w- c:\windows\system32\cryptui.dll
2015-02-03 03:30 . 2015-03-11 07:56 82432 ----a-w- c:\windows\system32\cryptsp.dll
2015-02-03 03:30 . 2015-03-11 07:56 187904 ----a-w- c:\windows\system32\cryptsvc.dll
2015-02-03 03:30 . 2015-03-11 07:56 140288 ----a-w- c:\windows\system32\cryptnet.dll
2015-02-03 03:30 . 2015-03-11 07:56 842240 ----a-w- c:\windows\system32\blackbox.dll
2015-02-03 03:30 . 2015-03-11 07:56 680960 ----a-w- c:\windows\system32\audiosrv.dll
2015-02-03 03:30 . 2015-03-11 07:56 440832 ----a-w- c:\windows\system32\AudioEng.dll
2015-02-03 03:30 . 2015-03-11 07:56 296448 ----a-w- c:\windows\system32\AudioSes.dll
2015-02-03 03:30 . 2015-03-11 07:56 32256 ----a-w- c:\windows\system32\appidsvc.dll
2015-02-03 03:30 . 2015-03-11 07:56 58880 ----a-w- c:\windows\system32\appidapi.dll
2015-02-03 03:30 . 2015-03-11 07:56 55808 ----a-w- c:\windows\system32\rrinstaller.exe
2015-02-03 03:30 . 2015-03-11 07:56 9728 ----a-w- c:\windows\system32\pcalua.exe
2015-02-03 03:30 . 2015-03-11 07:56 11264 ----a-w- c:\windows\system32\pcawrk.exe
2015-02-03 03:30 . 2015-03-11 07:56 24576 ----a-w- c:\windows\system32\mfpmp.exe
2015-02-03 03:30 . 2015-03-11 07:56 146944 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-02-03 03:30 . 2015-03-11 07:56 126464 ----a-w- c:\windows\system32\audiodg.exe
2015-02-03 03:30 . 2015-03-11 07:56 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-02-03 03:30 . 2015-03-11 07:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2015-02-03 03:29 . 2015-03-11 07:56 8704 ----a-w- c:\windows\system32\pcaevts.dll
2015-02-03 03:28 . 2015-03-11 07:56 2048 ----a-w- c:\windows\system32\mferror.dll
2015-02-03 03:19 . 2015-03-11 07:56 663552 ----a-w- c:\windows\system32\drivers\PEAuth.sys
2015-02-03 03:12 . 2015-03-11 07:56 617984 ----a-w- c:\windows\SysWow64\wmdrmsdk.dll
2015-02-03 03:12 . 2015-03-11 07:56 179200 ----a-w- c:\windows\SysWow64\wintrust.dll
2015-02-03 03:12 . 2015-03-12 01:40 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-02-03 03:12 . 2015-03-11 07:55 171520 ----a-w- c:\windows\SysWow64\ubpm.dll
2015-02-03 03:12 . 2015-03-11 07:56 4096 ----a-w- c:\windows\SysWow64\msdxm.ocx
2015-02-03 03:12 . 2015-03-11 07:56 4096 ----a-w- c:\windows\SysWow64\dxmasf.dll
2015-02-03 03:12 . 2015-03-11 07:56 1329664 ----a-w- c:\windows\SysWow64\quartz.dll
2015-02-03 03:12 . 2015-03-11 07:56 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2015-02-03 03:12 . 2015-03-11 07:56 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
2015-02-03 03:12 . 2015-03-11 07:56 8192 ----a-w- c:\windows\SysWow64\spwmp.dll
2015-02-03 03:12 . 2015-03-11 07:56 504320 ----a-w- c:\windows\SysWow64\msscp.dll
2015-02-03 03:12 . 2015-03-11 07:56 265216 ----a-w- c:\windows\SysWow64\msnetobj.dll
2015-02-03 03:12 . 2015-03-11 07:56 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2015-02-03 03:12 . 2015-03-11 07:56 354816 ----a-w- c:\windows\SysWow64\mfplat.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"f.lux"="c:\users\root\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" [2012-08-28 334240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0SmartDefragBootTime.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 c2wts;Claims to Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 FARegMon;FARegMon;c:\windows\system32\drivers\FortiRmon.sys;c:\windows\SYSNATIVE\drivers\FortiRmon.sys [x]
R3 fortiapd;fortiapd;c:\windows\system32\drivers\fortiapd.sys;c:\windows\SYSNATIVE\drivers\fortiapd.sys [x]
R3 FortiPFW;FortiPFW;c:\windows\system32\drivers\FortiPFW2.sys;c:\windows\SYSNATIVE\drivers\FortiPFW2.sys [x]
R3 Fortips;Fortips;c:\windows\system32\drivers\fortips.sys;c:\windows\SYSNATIVE\drivers\fortips.sys [x]
R3 FortiRdr;FortiRdr;c:\windows\system32\drivers\FortiRdr2.sys;c:\windows\SYSNATIVE\drivers\FortiRdr2.sys [x]
R3 ft_vnic;Fortinet network virtual adapter;c:\windows\system32\DRIVERS\ftvnic.sys;c:\windows\SYSNATIVE\DRIVERS\ftvnic.sys [x]
R3 HP8107Fltr;HP-HP8107;c:\windows\system32\drivers\HP8107.sys;c:\windows\SYSNATIVE\drivers\HP8107.sys [x]
R3 HP8207_8307;HP-HP8207_8307;c:\windows\system32\drivers\HP8207_8307.sys;c:\windows\SYSNATIVE\drivers\HP8207_8307.sys [x]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv.sys [x]
R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys;c:\windows\SYSNATIVE\drivers\massfilter_hs.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;c:\windows\system32\drivers\RzMaelstromVAD.sys;c:\windows\SYSNATIVE\drivers\RzMaelstromVAD.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 tap0901cn;Speedify Virtual Adapter;c:\windows\system32\DRIVERS\tap0901cn.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901cn.sys [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys;c:\windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S1 FAFileMon;FAFileMon;c:\windows\system32\drivers\fortimon2.sys;c:\windows\SYSNATIVE\drivers\fortimon2.sys [x]
S1 FortiFilter;Fortinet NDIS6 Packet Filter Service;c:\windows\system32\DRIVERS\FortiFilter.sys;c:\windows\SYSNATIVE\DRIVERS\FortiFilter.sys [x]
S1 FortiShield;FortiShield;c:\windows\system32\drivers\FortiShield.sys;c:\windows\SYSNATIVE\drivers\FortiShield.sys [x]
S1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 igfxCUIService1.0.0.0;Intel® HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 IpOverUsbSvc;Windows Phone IP over USB Transport (IpOverUsbSvc);c:\program files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe;c:\program files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 valWBFPolicyService;Validity WBF Policy Service;c:\windows\system32\valWBFPolicyService.exe;c:\windows\SYSNATIVE\valWBFPolicyService.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 ScpVBus;Scp Virtual Bus Driver;c:\windows\system32\DRIVERS\ScpVBus.sys;c:\windows\SYSNATIVE\DRIVERS\ScpVBus.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-18 06:42 988488 ----a-w- c:\program files (x86)\Google\Chrome\Application\42.0.2311.90\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-08 19:09]
.
2015-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-12 15:29]
.
2015-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-12 15:29]
.
2015-04-11 c:\windows\Tasks\HPCeeScheduleForroot.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-12-19 1664000]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{5C00EB1A-AEEC-4479-9E43-97784B8EBB5D}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C87841FE-E8CE-4CEE-8398-51F36EC21E6E}: NameServer = 8.8.8.8,8.8.4.4
DPF: {0249ED44-B640-45BD-8066-17F81BFDC050} - hxxp://vbrick.laredoisd.org/STREAMPLAYER1.cab
DPF: {5459BAF4-09A9-422A-AB5C-5F114A7287B5} - hxxp://vbrick.laredoisd.org/VBPLAYER.cab
DPF: {85887165-031A-4297-BC4E-6B246C120B9C} - hxxp://vbrick.laredoisd.org/STREAMPLAYER4.cab
DPF: {F50B3F13-19C4-11CF-AA9A-02608C9BABA2} - hxxp://vbrick.laredoisd.org/STREAMPLAYER2.cab
FF - ProfilePath - c:\users\root\AppData\Roaming\Mozilla\Firefox\Profiles\sx3thk7y.default\
.
.
------- File Associations -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
ShellIconOverlayIdentifiers-{056D528D-CE28-4194-9BA3-BA2E9197FF8C} - c:\users\root\AppData\Local\MEGAsync\ShellExtX32.dll
ShellIconOverlayIdentifiers-{05B38830-F4E9-4329-978B-1DD28605D202} - c:\users\root\AppData\Local\MEGAsync\ShellExtX32.dll
ShellIconOverlayIdentifiers-{0596C850-7BDD-4C9D-AFDF-873BE6890637} - c:\users\root\AppData\Local\MEGAsync\ShellExtX32.dll
Wow6432Node-HKCU-Run-Remote Mouse - c:\program files (x86)\Remote Mouse\RemoteMouse.exe
Wow6432Node-HKCU-Run-P0U4M118-N5L3-V331-B1K8-X2U3O6B7B2P6 - c:\users\root\AppData\Roaming\P0U4M118-N5L3-V331-B1K8-X2U3O6B7B2P6\P0U4M118-N5L3-V331-B1K8-X2U3O6B7B2P6.exe
Wow6432Node-HKLM-Run-HKLM - c:\windows\system32\system32\winhost.exe
SafeBoot-71848496.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{3806F0QL-XJBN-68D1-1UCX-1C6UYP02G042} - c:\program files (x86)\system32\winhost.exe
HKLM_Wow6432Node-ActiveSetup-{NK16DIKO-855R-U608-78WW-1XYOFOM1GF7O} - c:\windows\system32\system32\winhost.exe
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
ShellIconOverlayIdentifiers-{056D528D-CE28-4194-9BA3-BA2E9197FF8C} - c:\users\root\AppData\Local\MEGAsync\ShellExtX64.dll
ShellIconOverlayIdentifiers-{05B38830-F4E9-4329-978B-1DD28605D202} - c:\users\root\AppData\Local\MEGAsync\ShellExtX64.dll
ShellIconOverlayIdentifiers-{0596C850-7BDD-4C9D-AFDF-873BE6890637} - c:\users\root\AppData\Local\MEGAsync\ShellExtX64.dll
HKLM-Run-InstallerLauncher - c:\program files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Malwarebytes Anti-Malware_is1 - c:\program files (x86)\Malwarebytes Anti-Malware\unins000.exe
AddRemove-Smart Defrag 4_is1 - c:\program files (x86)\IObit\Smart Defrag 4\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-04-24  23:47:02
ComboFix-quarantined-files.txt  2015-04-25 04:47
.
Pre-Run: 159,743,451,136 bytes free
Post-Run: 159,843,995,648 bytes free
.
- - End Of File - - F08D37E3623422A7A3EE750A564AACE4


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:04 PM

Posted 25 April 2015 - 07:37 AM

Can you please run the Farbar tool and post a fresh log for my review.

Let me know how the computer is performing.

#9 DaftOdyssey

DaftOdyssey
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 25 April 2015 - 03:17 PM

It was weird that I did noticed the fin.exe was not running before the Combofix tool but anyways here's the result

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2015
Ran by root (administrator) on 001-LISD142058 on 25-04-2015 15:12:15
Running from C:\Users\root\Desktop
Loaded Profiles: root (Available profiles: adminlisd & admin & root)
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-12-19] (IDT, Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-30] (Synaptics Incorporated)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [334240 2012-08-28] (Hewlett-Packard Company)
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1390843022-1499049480-1858506-1005\...\Run: [f.lux] => C:\Users\root\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  No File
BootExecute: autocheck autochk * SmartDefragBootTime.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1390843022-1499049480-1858506-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1390843022-1499049480-1858506-1005\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1390843022-1499049480-1858506-1005\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-27] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-27] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1390843022-1499049480-1858506-1005 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {0249ED44-B640-45BD-8066-17F81BFDC050} http://vbrick.laredoisd.org/STREAMPLAYER1.cab
DPF: HKLM-x32 {15B782AF-55D8-11D1-B477-006097098764} http://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {5459BAF4-09A9-422A-AB5C-5F114A7287B5} http://vbrick.laredoisd.org/VBPLAYER.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab
DPF: HKLM-x32 {85887165-031A-4297-BC4E-6B246C120B9C} http://vbrick.laredoisd.org/STREAMPLAYER4.cab
DPF: HKLM-x32 {F50B3F13-19C4-11CF-AA9A-02608C9BABA2} http://vbrick.laredoisd.org/STREAMPLAYER2.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-04-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{5C00EB1A-AEEC-4479-9E43-97784B8EBB5D}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{C87841FE-E8CE-4CEE-8398-51F36EC21E6E}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\sx3thk7y.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF NetworkProxy: "user_pref("extensions.charles.settings.disabled.network.proxy.http", "");
FF NetworkProxy: "user_pref("extensions.charles.settings.disabled.network.proxy.http_port", 0);
FF NetworkProxy: "user_pref("extensions.charles.settings.disabled.network.proxy.no_proxies_on", "localhost, 127.0.0.1");
FF NetworkProxy: "user_pref("extensions.charles.settings.disabled.network.proxy.share_proxy_settings", false);
FF NetworkProxy: "user_pref("extensions.charles.settings.disabled.network.proxy.socks", "");
FF NetworkProxy: "user_pref("extensions.charles.settings.disabled.network.proxy.socks_port", 0);
FF NetworkProxy: "user_pref("extensions.charles.settings.disabled.network.proxy.ssl", "");
FF NetworkProxy: "user_pref("extensions.charles.settings.disabled.network.proxy.ssl_port", 0);
FF NetworkProxy: "user_pref("extensions.charles.settings.disabled.network.proxy.type", 5);
FF NetworkProxy: "user_pref("extensions.charles.settings.enabled.network.proxy.http", "127.0.0.1");
FF NetworkProxy: "user_pref("extensions.charles.settings.enabled.network.proxy.http_port", 8888);
FF NetworkProxy: "user_pref("extensions.charles.settings.enabled.network.proxy.no_proxies_on", "");
FF NetworkProxy: "user_pref("extensions.charles.settings.enabled.network.proxy.share_proxy_settings", false);
FF NetworkProxy: "user_pref("extensions.charles.settings.enabled.network.proxy.socks", "");
FF NetworkProxy: "user_pref("extensions.charles.settings.enabled.network.proxy.socks_port", 0);
FF NetworkProxy: "user_pref("extensions.charles.settings.enabled.network.proxy.ssl", "127.0.0.1");
FF NetworkProxy: "user_pref("extensions.charles.settings.enabled.network.proxy.ssl_port", 8888);
FF NetworkProxy: "user_pref("extensions.charles.settings.enabled.network.proxy.type", 1);
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-29] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-29] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll [2014-11-26] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-10-31] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-10-31] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-20] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1390843022-1499049480-1858506-1005: @citrixonline.com/appdetectorplugin -> C:\Users\root\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-25] (Citrix Online)
FF Plugin HKU\S-1-5-21-1390843022-1499049480-1858506-1005: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\root\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-07] (Unity Technologies ApS)
FF Extension: Auto Refresh - C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\sx3thk7y.default\Extensions\autorefresh@plugin [2015-03-28]
FF Extension: IPFlood - C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\sx3thk7y.default\Extensions\ipbleep@p4ul.info [2015-03-28]
FF Extension: AutoPager Fixed - C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\sx3thk7y.default\Extensions\autopagerfixed@mozilla.org.xpi [2015-04-01]
FF Extension: Adblock Plus - C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\sx3thk7y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-28]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-11-29]
 
Chrome: 
=======
CHR Profile: C:\Users\root\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-24]
CHR Extension: (Google Docs) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-24]
CHR Extension: (Google Drive) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-12]
CHR Extension: (YouTube) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-12]
CHR Extension: (Google Search) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-12]
CHR Extension: (Google Sheets) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-24]
CHR Extension: (Bookmark Manager) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Google Wallet) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-12]
CHR Extension: (Gmail) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-12]
CHR Profile: C:\Users\root\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Docs) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-12]
CHR Extension: (Google Drive) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-12]
CHR Extension: (YouTube) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-12]
CHR Extension: (Google Search) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-12]
CHR Extension: (Google Sheets) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-12]
CHR Extension: (Google Wallet) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-12]
CHR Extension: (Gmail) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-12]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-02] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-03-18] (Microsoft Corporation)
S2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [779736 2015-03-19] (FileZilla Project)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [523680 2012-08-28] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [318568 2014-12-04] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-10-31] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-10-31] (Intel Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [323072 2012-12-19] (IDT, Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [35328 2013-10-11] (Validity Sensors, Inc.)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 FA_Scheduler; "C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe" [X]
S2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe" [X]
S2 MBAMService; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 FAFileMon; C:\Windows\System32\drivers\fortimon2.sys [52328 2012-01-30] (Fortinet Inc)
S3 FARegMon; C:\Windows\System32\drivers\FortiRmon.sys [49768 2012-01-30] (Fortinet Inc)
S3 fortiapd; C:\Windows\System32\drivers\fortiapd.sys [14952 2012-01-30] (Fortinet Inc)
R1 FortiFilter; C:\Windows\System32\DRIVERS\FortiFilter.sys [23928 2011-06-24] (Fortinet Inc)
S3 FortiPFW; C:\Windows\System32\drivers\FortiPFW2.sys [115304 2012-01-30] (Fortinet Inc)
S3 Fortips; C:\Windows\System32\drivers\fortips.sys [126056 2012-01-30] (Fortinet Inc)
S3 FortiRdr; C:\Windows\System32\drivers\FortiRdr2.sys [45672 2012-01-30] (Fortinet Inc)
R1 FortiShield; C:\Windows\System32\drivers\FortiShield.sys [42088 2012-01-30] (Fortinet Inc)
S3 ft_vnic; C:\Windows\System32\DRIVERS\ftvnic.sys [16928 2009-02-16] (Fortinet Inc.)
S3 HP8107Fltr; C:\Windows\system32\drivers\HP8107.sys [13824 2010-02-04] (Windows ® Win 7 DDK provider)
S3 HP8207_8307; C:\Windows\system32\drivers\HP8207_8307.sys [15360 2010-02-04] (Windows ® Win 7 DDK provider)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49264 2014-07-28] (Visicom Media Inc.)
S3 massfilter_hs; C:\Windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-23] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35440 2014-05-13] (Visicom Media Inc.)
S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows ® Win 7 DDK provider)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-28] ()
S3 tap0901cn; C:\Windows\System32\DRIVERS\tap0901cn.sys [39616 2014-12-29] (Connectify)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-04-23] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
U3 catchme; \??\C:\fix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-25 15:12 - 2015-04-25 15:12 - 00025258 _____ () C:\Users\root\Desktop\FRST.txt
2015-04-25 15:11 - 2015-04-25 15:11 - 02099712 _____ (Farbar) C:\Users\root\Desktop\FRST64.exe
2015-04-24 23:47 - 2015-04-24 23:47 - 00061876 _____ () C:\ComboFix.txt
2015-04-24 23:28 - 2015-04-24 23:47 - 00000000 ____D () C:\Qoobox
2015-04-24 23:28 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-24 23:28 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-24 23:28 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-24 23:28 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-24 23:28 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-24 23:28 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-24 23:28 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-24 23:28 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-24 23:25 - 2015-04-24 23:26 - 00280176 _____ () C:\Windows\Minidump\042415-25974-01.dmp
2015-04-24 23:24 - 2015-04-24 23:45 - 00000000 ____D () C:\Windows\erdnt
2015-04-24 23:19 - 2015-04-24 23:21 - 05619466 ____R (Swearware) C:\Users\root\Desktop\fix.exe
2015-04-24 01:30 - 2015-04-24 01:31 - 00280120 _____ () C:\Windows\Minidump\042415-49748-01.dmp
2015-04-24 01:26 - 2015-04-01 19:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-24 01:26 - 2015-04-01 18:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-24 01:26 - 2015-03-12 23:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-24 01:26 - 2015-03-12 23:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-24 01:26 - 2015-03-12 23:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-24 01:26 - 2015-03-12 23:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-24 01:26 - 2015-03-12 23:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-24 01:26 - 2015-03-12 23:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-24 01:26 - 2015-03-12 23:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-24 01:26 - 2015-03-12 23:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-24 01:26 - 2015-03-12 23:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-24 01:26 - 2015-03-12 23:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-24 01:26 - 2015-03-12 22:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-24 01:26 - 2015-03-12 22:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-24 01:26 - 2015-03-12 22:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-24 01:26 - 2015-03-12 22:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-24 01:26 - 2015-03-12 22:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-24 01:26 - 2015-03-12 22:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-24 01:26 - 2015-03-12 22:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-24 01:26 - 2015-03-12 22:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-24 01:26 - 2015-03-12 22:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-24 01:26 - 2015-03-12 22:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-24 01:26 - 2015-03-12 22:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-24 01:26 - 2015-03-12 22:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-24 01:26 - 2015-03-12 22:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-24 01:26 - 2015-03-12 22:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-24 01:26 - 2015-03-12 22:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-24 01:26 - 2015-03-12 22:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-24 01:26 - 2015-03-12 22:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-24 01:26 - 2015-03-12 22:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-24 01:26 - 2015-03-12 22:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-24 01:26 - 2015-03-12 22:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-24 01:26 - 2015-03-12 22:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-24 01:26 - 2015-03-12 22:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-24 01:26 - 2015-03-12 22:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-24 01:26 - 2015-03-12 22:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-24 01:26 - 2015-03-12 22:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-24 01:26 - 2015-03-12 22:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-24 01:26 - 2015-03-12 22:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-24 01:26 - 2015-03-12 22:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-24 01:26 - 2015-03-12 22:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-24 01:26 - 2015-03-12 22:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-24 01:26 - 2015-03-12 22:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-24 01:26 - 2015-03-12 22:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-24 01:26 - 2015-03-12 21:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-24 01:26 - 2015-03-12 21:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-24 01:26 - 2015-03-12 21:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-24 01:26 - 2015-03-12 21:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-24 01:26 - 2015-03-12 21:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-24 01:26 - 2015-03-12 21:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-24 01:26 - 2015-03-12 21:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-24 01:26 - 2015-03-12 21:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-24 01:26 - 2015-03-12 21:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-24 01:26 - 2015-03-12 21:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-24 01:26 - 2015-03-12 21:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-24 01:26 - 2015-03-12 21:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-24 01:26 - 2015-03-12 21:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-24 01:26 - 2015-03-12 21:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-24 01:20 - 2015-03-17 00:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-24 01:20 - 2015-03-17 00:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-24 01:20 - 2015-03-17 00:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-24 01:20 - 2015-03-17 00:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-24 01:20 - 2015-03-17 00:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-24 01:20 - 2015-03-17 00:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-24 01:20 - 2015-03-17 00:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-24 01:20 - 2015-03-17 00:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-24 01:20 - 2015-03-17 00:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-24 01:20 - 2015-03-17 00:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-24 01:20 - 2015-03-17 00:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-24 01:20 - 2015-03-17 00:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-24 01:20 - 2015-03-17 00:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-24 01:20 - 2015-03-17 00:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-24 01:20 - 2015-03-17 00:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-24 01:20 - 2015-03-17 00:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-24 01:20 - 2015-03-17 00:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-24 01:20 - 2015-03-17 00:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-24 01:20 - 2015-03-17 00:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-24 01:20 - 2015-03-17 00:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-24 01:20 - 2015-03-17 00:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-24 01:20 - 2015-03-17 00:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-24 01:20 - 2015-03-17 00:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-24 01:20 - 2015-03-17 00:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-24 01:20 - 2015-03-17 00:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-24 01:20 - 2015-03-17 00:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-24 01:20 - 2015-03-17 00:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-24 01:20 - 2015-03-17 00:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-24 01:20 - 2015-03-17 00:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-24 01:20 - 2015-03-17 00:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-24 01:20 - 2015-03-17 00:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-24 01:20 - 2015-03-17 00:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-24 01:20 - 2015-03-17 00:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-24 01:20 - 2015-03-17 00:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-24 01:20 - 2015-03-17 00:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-24 01:20 - 2015-03-17 00:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-24 01:20 - 2015-03-17 00:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-24 01:20 - 2015-03-17 00:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-24 01:20 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-24 01:20 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-24 01:20 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-24 01:20 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-24 01:20 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-24 01:20 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-24 01:20 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-24 01:20 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-24 01:20 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-24 01:20 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-24 01:20 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-24 01:20 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-24 01:20 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-24 01:20 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-24 01:20 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-24 01:20 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-24 01:20 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-24 01:20 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-24 01:20 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-24 01:20 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-24 01:20 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-24 01:20 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-24 01:20 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-24 01:20 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-24 01:20 - 2015-03-17 00:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-24 01:20 - 2015-03-17 00:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-24 01:20 - 2015-03-16 23:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-24 01:20 - 2015-03-16 23:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-24 01:20 - 2015-03-16 23:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-24 01:20 - 2015-03-16 23:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-24 01:20 - 2015-03-16 23:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-24 01:20 - 2015-03-16 23:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-24 01:20 - 2015-03-16 23:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-24 01:20 - 2015-03-16 23:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-24 01:20 - 2015-03-16 23:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-24 01:20 - 2015-03-16 23:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-24 01:20 - 2015-03-16 23:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-24 01:20 - 2015-03-16 23:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-24 01:20 - 2015-03-16 23:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-24 01:20 - 2015-03-16 23:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-24 01:20 - 2015-03-16 23:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-24 01:20 - 2015-03-16 23:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-24 01:20 - 2015-03-16 23:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-24 01:20 - 2015-03-16 23:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-24 01:20 - 2015-03-16 23:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-24 01:20 - 2015-03-16 23:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-24 01:20 - 2015-03-16 23:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-24 01:20 - 2015-03-16 23:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-24 01:20 - 2015-03-16 23:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-24 01:20 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-24 01:20 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-24 01:20 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-24 01:20 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-24 01:20 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-24 01:20 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-24 01:20 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-24 01:20 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-24 01:20 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-24 01:20 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-24 01:20 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-24 01:20 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-24 01:20 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-24 01:20 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-24 01:20 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-24 01:20 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-24 01:20 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-24 01:20 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-24 01:20 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-24 01:20 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-24 01:20 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-24 01:20 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-24 01:20 - 2015-03-16 22:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-24 01:20 - 2015-03-16 22:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-24 01:20 - 2015-03-16 22:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-24 01:20 - 2015-03-16 22:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-24 01:20 - 2015-03-16 22:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-24 01:20 - 2015-03-16 22:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-23 22:26 - 2015-04-23 22:26 - 00000000 ____D () C:\Users\root\Desktop\dnspython3-1.12.0
2015-04-23 22:22 - 2015-04-23 22:22 - 00000000 ____D () C:\Users\root\AppData\Local\pip
2015-04-23 22:22 - 2015-04-23 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.4
2015-04-23 22:21 - 2015-04-23 22:22 - 00000000 ____D () C:\Python34
2015-04-23 22:10 - 2015-04-23 10:20 - 00000000 ____D () C:\Users\root\Desktop\subbrute-master
2015-04-23 22:08 - 2015-04-23 22:08 - 00000740 _____ () C:\Users\root\Desktop\python_crawler.py
2015-04-23 22:06 - 2015-04-23 22:06 - 04777877 _____ () C:\Users\root\Desktop\subbrute-master.zip
2015-04-23 19:04 - 2015-04-23 19:04 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-04-23 18:56 - 2015-04-23 18:57 - 05198336 _____ (AVAST Software) C:\Users\root\Desktop\aswMBR.exe
2015-04-23 18:54 - 2015-04-23 18:54 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\root\Desktop\tdsskiller.exe
2015-04-23 18:43 - 2015-04-23 18:43 - 00085380 _____ () C:\Users\root\Desktop\bluescreenview-x64.zip
2015-04-23 18:22 - 2015-04-23 18:22 - 00280176 _____ () C:\Windows\Minidump\042315-23212-01.dmp
2015-04-23 18:03 - 2015-04-23 18:03 - 06289130 _____ () C:\Users\root\Desktop\mbam-chameleon-3.1.16.0.zip
2015-04-23 17:56 - 2015-04-23 17:56 - 00262144 _____ () C:\Windows\Minidump\042315-32183-01.dmp
2015-04-23 17:38 - 2015-04-23 17:39 - 00271072 _____ () C:\Windows\Minidump\042315-47315-01.dmp
2015-04-23 17:28 - 2015-04-23 17:28 - 00271072 _____ () C:\Windows\Minidump\042315-43524-01.dmp
2015-04-23 17:23 - 2015-04-23 17:23 - 00280176 _____ () C:\Windows\Minidump\042315-47939-01.dmp
2015-04-23 17:20 - 2015-04-23 18:32 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-04-23 17:20 - 2015-04-23 17:20 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-23 17:19 - 2015-04-23 17:19 - 16884312 _____ () C:\Users\root\Desktop\RogueKiller.exe
2015-04-22 18:15 - 2015-04-22 18:17 - 00280176 _____ () C:\Windows\Minidump\042215-63726-01.dmp
2015-04-22 10:42 - 2015-04-22 20:55 - 00000000 ___HD () C:\Users\root\AppData\Roaming\P0U4M118-N5L3-V331-B1K8-X2U3O6B7B2P6
2015-04-20 20:49 - 2015-04-20 20:50 - 748254841 _____ () C:\Users\root\Desktop\csc.txt
2015-04-20 20:35 - 2015-03-09 14:48 - 02508440 _____ (Sysinternals - www.sysinternals.com) C:\Users\root\Documents\procexp.exe
2015-04-20 20:34 - 2015-04-20 20:34 - 01190415 _____ () C:\Users\root\Desktop\ProcessExplorer.zip
2015-04-20 20:26 - 2015-04-20 20:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-04-20 20:18 - 2015-04-20 20:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-04-20 20:12 - 2015-04-20 20:12 - 01076408 _____ (Microsoft Corporation) C:\Users\root\Desktop\Setup.X86.en-US_O365ProPlusRetail_30b384a2-f429-480b-b285-349baefbf2c6_TX_PR_b_0_.exe
2015-04-20 19:45 - 2015-04-20 19:45 - 00000215 _____ () C:\Users\root\Desktop\method.txt
2015-04-20 18:11 - 2015-04-20 18:11 - 00280120 _____ () C:\Windows\Minidump\042015-62384-01.dmp
2015-04-20 03:04 - 2015-04-20 03:04 - 00000000 ____D () C:\Users\root\AppData\Roaming\New Technology Studio
2015-04-20 03:04 - 2015-04-20 03:04 - 00000000 ____D () C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenIV
2015-04-20 03:04 - 2015-04-20 03:04 - 00000000 ____D () C:\Users\root\AppData\Local\New Technology Studio
2015-04-19 22:20 - 2015-04-19 22:23 - 00000000 ____D () C:\Users\root\Documents\Rockstar Games
2015-04-19 22:18 - 2015-04-19 22:18 - 00000000 ____D () C:\Program Files\Rockstar Games
2015-04-19 22:18 - 2015-04-19 22:18 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2015-04-19 21:58 - 2015-04-19 21:59 - 06895654 _____ (Rockstar Games.) C:\Users\root\Downloads\GTA_V_Patch_1_0_331_1.exe.part
2015-04-19 21:58 - 2015-04-19 21:58 - 00000000 _____ () C:\Users\root\Downloads\GTA_V_Patch_1_0_331_1.exe
2015-04-19 20:48 - 2015-04-19 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-04-19 20:48 - 2015-04-19 20:48 - 00000000 ____D () C:\Program Files\7-Zip
2015-04-19 14:30 - 2015-04-19 14:30 - 00000832 _____ () C:\Users\root\Desktop\BitTorrent.lnk
2015-04-19 14:30 - 2015-04-19 14:30 - 00000812 _____ () C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2015-04-18 03:02 - 2015-04-18 03:02 - 00000000 ____D () C:\979f08df1cf64f26383ea3989ad6a5b9
2015-04-18 03:01 - 2015-04-18 03:02 - 00000000 ____D () C:\b8761b764194381cb1
2015-04-18 03:01 - 2015-04-18 03:01 - 00000000 ____D () C:\8de311ad7f90d42085a1f3fc1b3a
2015-04-18 03:00 - 2015-04-18 03:01 - 00000000 ____D () C:\ed26a4dee7346de7adc9053898d0
2015-04-18 03:00 - 2015-04-18 03:00 - 00000000 ____D () C:\c853f5503fc4d4aba2
2015-04-17 22:46 - 2015-04-17 22:46 - 00023095 _____ () C:\Users\root\Desktop\mal.txt
2015-04-17 22:11 - 2015-04-17 22:11 - 00055443 _____ () C:\Users\root\Desktop\text.txt
2015-04-17 21:22 - 2015-04-25 15:12 - 00000000 ____D () C:\FRST
2015-04-17 20:29 - 2015-04-23 18:35 - 00000000 ____D () C:\Users\root\AppData\Local\CrashDumps
2015-04-17 20:28 - 2015-04-17 20:28 - 00280120 _____ () C:\Windows\Minidump\041715-47205-01.dmp
2015-04-17 03:02 - 2015-04-17 03:02 - 00000000 ____D () C:\ca7b927c5a0f42bedac7eb
2015-04-17 03:01 - 2015-04-17 03:02 - 00000000 ____D () C:\f5dc458f949eca76247d5e1d60c7
2015-04-17 03:01 - 2015-04-17 03:01 - 00000000 ____D () C:\b83323924e73892cb5
2015-04-17 03:00 - 2015-04-17 03:01 - 00000000 ____D () C:\b033a9c7c9418bb5b4
2015-04-17 03:00 - 2015-04-17 03:00 - 00000000 ____D () C:\12e95cc8a2ed35754401ba
2015-04-16 23:50 - 2015-04-14 23:57 - 09789041 _____ () C:\Users\root\Documents\Sentry CC.rar
2015-04-16 23:50 - 2015-04-14 23:33 - 10019451 _____ () C:\Users\root\Documents\Sentry tools.rar
2015-04-16 23:50 - 2015-04-14 18:59 - 02955372 _____ () C:\Users\root\Documents\vCRACK[0x22 Nulled.IO].rar
2015-04-16 23:50 - 2015-04-14 18:39 - 00494481 _____ () C:\Users\root\Documents\Sentry.rar
2015-04-16 23:49 - 2015-04-16 23:49 - 00000000 ____D () C:\Users\root\Documents\Cracking Guide
2015-04-16 23:49 - 2015-04-12 22:04 - 175519040 _____ () C:\Users\root\Documents\7StepsToA720CreditScore-PhilipTirone.rar
2015-04-16 23:48 - 2010-09-05 17:58 - 716441107 _____ () C:\Users\root\Documents\realhuman_phill.txt
2015-04-16 23:44 - 2014-10-12 21:54 - 00000000 ____D () C:\Users\root\Documents\SQL Injection Master Course
2015-04-16 23:35 - 2015-04-24 23:19 - 00030336 _____ () C:\Users\root\AppData\Roaming\msconfig.ini
2015-04-16 23:32 - 2015-04-16 23:33 - 00271072 _____ () C:\Windows\Minidump\041615-22838-01.dmp
2015-04-16 20:34 - 2015-04-16 20:34 - 00280176 _____ () C:\Windows\Minidump\041615-19546-01.dmp
2015-04-16 20:19 - 2015-04-16 20:21 - 00000000 ____D () C:\AdwCleaner
2015-04-16 18:32 - 2015-04-16 18:32 - 00271016 _____ () C:\Windows\Minidump\041615-21793-01.dmp
2015-04-16 06:35 - 2015-04-16 06:35 - 00271016 _____ () C:\Windows\Minidump\041615-23696-01.dmp
2015-04-16 06:32 - 2015-04-16 06:32 - 00280176 _____ () C:\Windows\Minidump\041615-45817-01.dmp
2015-04-16 06:28 - 2015-04-16 06:28 - 00079064 _____ () C:\Windows\system32\Drivers\xedklgte.sys
2015-04-15 22:25 - 2015-04-15 22:25 - 00271072 _____ () C:\Windows\Minidump\041515-20295-01.dmp
2015-04-15 22:18 - 2015-04-15 22:18 - 00280176 _____ () C:\Windows\Minidump\041515-23368-01.dmp
2015-04-15 21:44 - 2015-04-15 21:44 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 21:44 - 2015-04-15 21:44 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 21:40 - 2015-01-08 18:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-04-15 21:40 - 2015-01-08 18:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-04-15 21:19 - 2015-03-22 22:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 21:19 - 2015-03-22 22:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 21:19 - 2015-03-22 22:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 21:19 - 2015-03-22 22:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 21:19 - 2015-03-22 22:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 21:19 - 2015-03-22 22:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 21:19 - 2015-03-22 22:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 21:19 - 2015-03-22 22:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 21:19 - 2015-01-27 18:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-04-15 04:57 - 2015-03-24 22:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 04:57 - 2015-03-24 22:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 04:57 - 2015-03-24 22:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 04:57 - 2015-03-24 22:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 04:57 - 2015-03-24 22:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 04:57 - 2015-03-24 22:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 04:57 - 2015-03-24 22:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 04:57 - 2015-03-24 22:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 04:57 - 2015-03-24 22:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 04:57 - 2015-03-24 22:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 04:57 - 2015-03-24 22:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 04:57 - 2015-03-24 22:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 04:57 - 2015-03-24 22:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 04:57 - 2015-03-24 22:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 04:57 - 2015-03-24 22:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 04:57 - 2015-03-24 22:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 04:57 - 2015-03-09 22:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 04:57 - 2015-03-09 22:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 04:57 - 2015-03-09 22:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 04:57 - 2015-03-09 22:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 04:57 - 2015-03-05 00:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 04:57 - 2015-03-04 23:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 04:57 - 2015-02-24 22:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 04:54 - 2015-03-03 23:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 04:54 - 2015-03-03 23:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 04:54 - 2015-03-03 23:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 00:46 - 2015-04-15 00:47 - 00000000 ____D () C:\Users\root\Desktop\New folder
2015-04-14 23:04 - 2015-04-14 23:05 - 00280176 _____ () C:\Windows\Minidump\041415-81853-01.dmp
2015-04-14 23:03 - 2015-04-24 23:25 - 616234186 _____ () C:\Windows\MEMORY.DMP
2015-04-14 22:49 - 2015-04-24 23:15 - 00000000 __SHD () C:\Windows\SysWOW64\Windows Server
2015-04-14 22:47 - 2015-04-14 22:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone SDK 8.1
2015-04-14 22:44 - 2015-04-14 22:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft XDE
2015-04-14 22:33 - 2015-04-14 22:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Web Tools
2015-04-14 22:29 - 2015-04-14 22:29 - 00000000 ____D () C:\ProgramData\NuGet
2015-04-14 22:29 - 2015-04-14 22:29 - 00000000 ____D () C:\Program Files (x86)\ReleaseManagement
2015-04-14 22:29 - 2015-04-14 22:29 - 00000000 ____D () C:\Program Files (x86)\NuGet
2015-04-14 22:28 - 2015-04-14 22:28 - 00000000 ____D () C:\Program Files (x86)\AppInsights
2015-04-13 21:06 - 2015-04-13 21:07 - 00000000 ____D () C:\Users\root\Downloads\Cities Skylines - Update v1.0.7c [RezMar]
2015-04-13 18:54 - 2015-04-21 21:27 - 00000000 ____D () C:\Users\root\Downloads\Grand Theft Auto V
2015-04-13 02:03 - 2015-04-13 02:03 - 00000000 ____D () C:\ProgramData\SystemRequirementsLab
2015-04-13 01:26 - 2015-04-13 01:26 - 00000000 ____D () C:\Program Files (x86)\My-Proxy
2015-04-13 00:50 - 2015-04-13 00:54 - 00000000 ____D () C:\Users\root\Downloads\kali-linux-1.1.0a-amd64
2015-04-13 00:35 - 2015-04-13 00:35 - 00001076 _____ () C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2015-04-13 00:35 - 2015-04-13 00:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-04-13 00:35 - 2015-03-16 17:36 - 00922704 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2015-04-13 00:35 - 2015-03-16 17:35 - 00128592 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2015-04-12 13:02 - 2015-04-12 13:02 - 00000055 _____ () C:\Users\root\Desktop\instance-1.rdp
2015-04-12 10:19 - 2015-04-12 10:21 - 00002296 ____H () C:\Users\root\Documents\Default.rdp
2015-04-11 22:07 - 2015-04-11 22:11 - 257973006 ____R () C:\Users\root\Downloads\crackstation-human-only.txt.gz
2015-04-10 23:32 - 2015-04-10 23:32 - 00000000 ____D () C:\Users\root\AppData\Local\Chromium
2015-04-10 21:02 - 2015-04-10 21:02 - 00000000 ____D () C:\Users\root\AppData\Local\Rockstar Games
2015-04-08 22:16 - 2015-04-08 22:29 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-04-08 22:16 - 2015-03-30 02:02 - 00035112 _____ (TeamViewer GmbH) C:\Windows\system32\Drivers\teamviewervpn.sys
2015-04-08 22:03 - 2015-04-08 22:19 - 00000000 ____D () C:\Users\root\AppData\Roaming\TeamViewer
2015-04-08 21:45 - 2015-04-09 17:51 - 00000000 ____D () C:\Program Files (x86)\FileZilla Server
2015-04-08 19:53 - 2015-04-08 19:53 - 00000000 ____D () C:\Users\root\AppData\Roaming\FileZilla Server
2015-04-08 18:17 - 2015-04-08 18:17 - 00000000 _____ () C:\Windows\SysWOW64\serial.txt
2015-04-06 22:08 - 2015-04-06 22:08 - 00002101 _____ () C:\Users\root\Desktop\Isoplex.lnk
2015-04-06 22:08 - 2015-04-06 22:08 - 00000000 ____D () C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Isoplex
2015-04-06 21:58 - 2015-04-16 23:42 - 00000000 ____D () C:\Users\root\AppData\Local\Isoplex
2015-04-06 21:58 - 2015-04-06 21:58 - 00000000 ____D () C:\Users\root\AppData\Local\Caphyon
2015-04-06 21:58 - 2015-04-06 21:58 - 00000000 ____D () C:\Program Files (x86)\Isoplex
2015-04-06 21:57 - 2015-04-06 21:57 - 00000000 ____D () C:\Users\root\AppData\Roaming\Isoplex
2015-04-05 16:15 - 2015-04-05 17:20 - 00000000 ____D () C:\Users\root\.gimp-2.8
2015-04-05 16:15 - 2015-04-05 16:15 - 00000894 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-04-05 16:15 - 2015-04-05 16:15 - 00000000 ____D () C:\Users\root\AppData\Local\gegl-0.2
2015-04-05 16:14 - 2015-04-05 16:15 - 00000000 ____D () C:\Program Files\GIMP 2
2015-04-04 15:54 - 2015-04-04 15:54 - 00000126 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2015-04-04 15:52 - 2015-04-04 15:52 - 00000000 ____D () C:\Users\root\AppData\Local\DangKyHotmail
2015-04-04 04:33 - 2015-04-04 04:35 - 00000000 ____D () C:\Users\root\Desktop\www
2015-04-04 03:59 - 2015-04-04 03:59 - 00000053 _____ () C:\Users\root\Desktop\google3773d9bcf338067d.html
2015-04-03 19:27 - 2015-04-03 19:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-02 13:39 - 2015-04-24 23:25 - 00002810 _____ () C:\Windows\setupact.log
2015-04-02 13:39 - 2015-04-23 18:26 - 00011632 _____ () C:\Windows\PFRO.log
2015-04-02 13:39 - 2015-04-02 13:39 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-01 00:43 - 2015-04-01 00:43 - 01662129 _____ () C:\Users\root\Downloads\YouTube PVA Account Creator.rar
2015-03-29 10:47 - 2015-03-29 10:47 - 00000000 ____D () C:\Users\root\AppData\Local\Geckofx
2015-03-29 10:46 - 2015-04-04 14:06 - 00000056 _____ () C:\Windows\SysWOW64\T2setMS1p2.dbf
2015-03-29 10:27 - 2015-03-29 10:28 - 45599729 _____ () C:\Users\root\Desktop\CoinAd_Bot v3.1.rar
2015-03-28 14:02 - 2015-03-28 14:06 - 00000000 ____D () C:\Users\root\Downloads\Robert Greene - Mastery
2015-03-28 13:59 - 2015-03-28 14:14 - 00000000 ____D () C:\Users\root\Downloads\The 33 Strategies of War by Robert Greene
2015-03-28 13:59 - 2015-03-28 14:10 - 00000000 ____D () C:\Users\root\Downloads\Robert Greene - The Art of Seduction
2015-03-28 13:57 - 2015-03-28 14:02 - 00000000 ____D () C:\Users\root\Downloads\48 Laws Of Power - Robert Greene
2015-03-28 11:35 - 2015-03-28 11:35 - 00001082 _____ () C:\Users\root\Desktop\isaac-ng.exe - Shortcut.lnk
2015-03-28 11:32 - 2014-12-30 02:27 - 00000000 ____D () C:\Users\root\Desktop\IGG-The.Binding.of.Isaac.Rebirth.v1.041
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-25 03:00 - 2014-06-09 16:48 - 01419324 _____ () C:\Windows\WindowsUpdate.log
2015-04-24 23:43 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-24 23:42 - 2014-07-15 12:56 - 00000000 ____D () C:\Users\root\AppData\Local\Adobe
2015-04-24 23:37 - 2009-07-13 23:45 - 00027680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-24 23:37 - 2009-07-13 23:45 - 00027680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-24 23:25 - 2014-06-09 17:15 - 00000000 ____D () C:\Windows\Minidump
2015-04-24 03:02 - 2014-08-06 23:47 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-24 03:02 - 2014-07-13 18:07 - 00000000 ____D () C:\ProgramData\Skype
2015-04-23 18:25 - 2014-07-17 12:55 - 00001098 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-23 18:25 - 2014-07-17 12:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-23 18:25 - 2014-07-17 12:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-23 18:23 - 2014-07-17 12:55 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-22 20:56 - 2014-07-13 01:27 - 00000000 ____D () C:\Users\root\AppData\Roaming\BitTorrent
2015-04-22 20:55 - 2009-07-13 23:45 - 05330296 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-20 20:26 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-04-20 20:13 - 2014-09-11 23:05 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-04-19 22:43 - 2014-07-13 13:29 - 01599792 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-19 22:43 - 2012-11-08 12:08 - 00697280 _____ () C:\Windows\system32\perfh007.dat
2015-04-19 22:43 - 2012-11-08 12:08 - 00149216 _____ () C:\Windows\system32\perfc007.dat
2015-04-19 22:43 - 2009-07-14 00:13 - 01599792 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-17 23:54 - 2014-07-13 18:07 - 00000000 ____D () C:\Users\root\AppData\Roaming\Skype
2015-04-17 21:20 - 2014-11-24 14:14 - 00000000 ____D () C:\Users\root\AppData\Roaming\uTorrent
2015-04-17 21:18 - 2014-08-09 07:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-04-15 21:47 - 2014-12-23 15:17 - 00000000 ____D () C:\Users\Default
2015-04-15 21:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-15 21:38 - 2014-06-09 16:50 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 21:22 - 2012-10-17 14:41 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 00:42 - 2014-07-12 17:32 - 00000000 ____D () C:\Users\root\AppData\Roaming\vlc
2015-04-14 23:01 - 2014-07-14 00:39 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-14 22:56 - 2014-08-09 07:39 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-04-14 22:55 - 2014-07-12 10:29 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-14 22:53 - 2014-07-12 00:03 - 00118880 _____ () C:\Users\root\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-14 22:52 - 2014-08-09 07:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2015-04-14 22:28 - 2012-11-08 10:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-14 22:26 - 2014-08-09 07:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2013
2015-04-14 22:14 - 2014-08-09 07:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2015-04-14 21:56 - 2014-08-09 08:18 - 00000000 ____D () C:\Users\root\Documents\Visual Studio 2013
2015-04-14 19:55 - 2014-07-12 10:29 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-14 09:37 - 2014-07-17 12:55 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2014-07-17 12:55 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2014-07-17 12:55 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-14 09:31 - 2015-02-07 18:09 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{15ADF491-2E0B-40D9-8560-B15CED2A7F0A}
2015-04-13 02:03 - 2014-07-30 23:27 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2015-04-11 15:06 - 2014-07-17 07:58 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForroot
2015-04-11 15:06 - 2014-07-17 07:58 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForroot.job
2015-04-11 03:17 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-09 18:03 - 2012-10-17 11:43 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-04-05 16:15 - 2014-07-12 00:02 - 00000000 ____D () C:\Users\root
2015-04-03 19:33 - 2014-07-13 22:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-02 12:14 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-02 10:51 - 2012-10-17 11:01 - 00000000 ____D () C:\Intel
2015-04-02 10:38 - 2014-08-04 04:13 - 00000000 ____D () C:\Users\root\Documents\Hands In The Cookie Jar
2015-04-02 10:27 - 2015-02-08 17:05 - 00000000 ____D () C:\ProgramData\Bohemia Interactive
2015-04-02 10:27 - 2015-02-07 17:36 - 00000000 ____D () C:\Program Files (x86)\R.G. Mechanics
2015-04-02 10:25 - 2015-03-25 20:27 - 00000000 ____D () C:\Program Files (x86)\Citrix
2015-04-02 10:25 - 2015-03-25 20:25 - 00000000 ____D () C:\Users\root\AppData\Local\Citrix
2015-04-02 10:25 - 2014-11-24 23:24 - 00000000 ____D () C:\Users\root\AppData\Roaming\JAM Software
2015-03-29 14:09 - 2012-11-08 10:41 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-29 14:09 - 2012-11-08 10:41 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-29 14:09 - 2012-11-08 10:41 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
 
==================== Files in the root of some directories =======
 
2014-08-05 03:58 - 2014-08-05 03:58 - 0000132 _____ () C:\Users\root\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-08-09 15:13 - 2014-08-09 15:13 - 0000046 _____ () C:\Users\root\AppData\Roaming\Camdata.ini
2014-08-09 15:13 - 2014-08-09 15:13 - 0000408 _____ () C:\Users\root\AppData\Roaming\CamLayout.ini
2014-08-09 15:13 - 2014-08-09 15:13 - 0000408 _____ () C:\Users\root\AppData\Roaming\CamShapes.ini
2014-08-09 15:13 - 2014-08-09 15:13 - 0004521 _____ () C:\Users\root\AppData\Roaming\CamStudio.cfg
2015-04-16 23:35 - 2015-04-24 23:19 - 0030336 _____ () C:\Users\root\AppData\Roaming\msconfig.ini
2015-03-15 03:02 - 2015-03-15 03:03 - 0000600 _____ () C:\Users\root\AppData\Local\PUTTY.RND
2014-08-18 20:13 - 2015-03-03 22:39 - 0007670 _____ () C:\Users\root\AppData\Local\Resmon.ResmonCfg
2015-04-04 15:54 - 2015-04-04 15:54 - 0000126 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
 
Files to move or delete:
====================
C:\Users\root\apps.js
C:\Users\root\AppData\Roaming\msconfig.ini
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-14 01:35
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-04-2015
Ran by root at 2015-04-25 15:13:02
Running from C:\Users\root\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
admin (S-1-5-21-1390843022-1499049480-1858506-1004 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-1390843022-1499049480-1858506-500 - Administrator - Disabled)
adminlisd (S-1-5-21-1390843022-1499049480-1858506-1000 - Administrator - Enabled) => C:\Users\adminlisd
Guest (S-1-5-21-1390843022-1499049480-1858506-501 - Limited - Disabled)
root (S-1-5-21-1390843022-1499049480-1858506-1005 - Administrator - Enabled) => C:\Users\root
tech (S-1-5-21-1390843022-1499049480-1858506-1001 - Administrator - Enabled)
trainer (S-1-5-21-1390843022-1499049480-1858506-1002 - Administrator - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
«Cities Skylines» 5.0.0.59127 (HKLM-x32\...\«Cities Skylines»_is1) (Version: 5.0.0.59127 - Paradox Interactive)
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.4 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Amazon Discount Search (HKLM-x32\...\{BC77935F-24FC-492F-914F-2BD8CDC277B9}) (Version: 1.0.0 - Amazon Discount Search)
AMD Catalyst Install Manager (HKLM\...\{818912C6-BD97-B888-53F1-1C64148A754F}) (Version: 3.0.868.0 - Advanced Micro Devices, Inc.)
Andy OS (HKLM-x32\...\Andy OS) (Version: 0.41 - Andy OS, Inc)
Application Insights Tools for Visual Studio 2013 (x32 Version: 2.4 - Microsoft Corporation) Hidden
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
AzureTools.Notifications (x32 Version: 2.4.20730.1601 - Microsoft Corporation) Hidden
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
BitTorrent (HKU\S-1-5-21-1390843022-1499049480-1858506-1005\...\BitTorrent) (Version: 7.9.3.39947 - BitTorrent Inc.)
BitTorrent Sync (HKLM-x32\...\BitTorrent Sync) (Version: 1.4.103 - BitTorrent Inc.)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Build Tools - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Entity Framework 6.1.1 Tools  for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
f.lux (HKU\S-1-5-21-1390843022-1499049480-1858506-1005\...\Flux) (Version:  - )
FortiClient Endpoint Security (HKLM\...\{34D6AD5A-C03D-45FF-AA8A-8B306E01B96D}) (Version: 4.2.7.0302 - Fortinet Inc)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2088.1.A01B06 - )
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{C35A147C-5037-443A-9BF8-A5E7C2154CE4}) (Version: 5.1.7.1 - Hewlett-Packard Company)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{6357258D-2BF9-49E7-A9EF-0C609D52C46D}) (Version: 2.0.6.1 - Hewlett-Packard Company)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Product Detection (HKLM-x32\...\{4F38594F-2C4A-4C42-B2C4-505E225F6F80}) (Version: 11.14.0004 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6428.0 - IDT)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Install Finalizer (x32 Version: 2.4.20730.1601 - Microsoft Corporation) Hidden
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{AA67D612-0BE5-44D6-9A91-592958F754A1}) (Version: 13.0.198 - Intel Corporation)
Intel® Chipset Device Software (x32 Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3993 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Isoplex (HKU\S-1-5-21-1390843022-1499049480-1858506-1005\...\Isoplex 2.6.0) (Version: 2.6.0 - Isoplex)
Isoplex (x32 Version: 2.6.0 - Isoplex) Hidden
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.72.4 - JMicron Technology Corp.)
Kingo Android ROOT version 1.2.2.1915 (HKLM-x32\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.2.2.1915 - Kingosoft Technology Ltd.)
Kit SDK de vérification de Visual Studio 2012 - fra (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Memory Profiler (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Azure Authoring Tools - v2.4 (HKLM\...\{50D4178A-C2E6-4F95-9C54-8A31DFA68F32}) (Version: 2.4.6489.2 - Microsoft Corporation)
Microsoft Azure Compute Emulator - v2.4 (HKLM\...\Microsoft Azure Compute Emulator - v2.4) (Version: 2.4.6489.2 - Microsoft Corporation)
Microsoft Azure Libraries for .NET – v2.4 (HKLM\...\{D6B04ED9-386E-4157-AF50-64A43700FADC}) (Version: 2.4.0724.110 - Microsoft Corporation)
Microsoft Azure Storage Tools - v2.4.1 (HKLM-x32\...\{25049FD2-0D5A-473F-8F84-76E75952C934}) (Version: 2.4.1.0 - Microsoft Corporation)
Microsoft Azure Tools for Microsoft Visual Studio 2013 - v2.4 (HKLM-x32\...\{59c9b964-1162-4063-886e-8410aa0fcbc8}) (Version: 2.4.20730.1601 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4711.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2013 with Update 3 (HKLM-x32\...\{71688083-99e8-4e10-9522-8e98a130c438}) (Version: 12.0.30723 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Microsoft Web Platform Installer 5.0 (HKLM\...\{4D84C195-86F0-4B34-8FDE-4A17EB41306A}) (Version: 5.0.50430.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
NBA 2K15 (HKLM-x32\...\TkJBMksxNQ==_is1) (Version: 1 - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4711.1002 - Microsoft Corporation) Hidden
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 4.3.26 (HKLM\...\{5771F59A-BFC9-4FAF-A883-7642EF4BA3C3}) (Version: 4.3.26 - Oracle Corporation)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PowreShellIntegration.Notifications (x32 Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Python 2.7.6 (64-bit) (HKLM\...\{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E3}) (Version: 2.7.6150 - Python Software Foundation)
Python 3.4.3 (64-bit) (HKLM\...\{9529565f-e693-3f11-b3bf-8cd545f5f9a0}) (Version: 3.4.3150 - Python Software Foundation)
Python Tools Redirection Template (x32 Version: 1.3 - Microsoft Corporation) Hidden
Ralink RT5390R 802.11b/g/n Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.58.411.2012 - Realtek)
Release Management for Visual Studio 2013 (x32 Version: 1.0 - Microsoft Corporation) Hidden
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
SDK de comprobación de Visual Studio 2012 - esn (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
SharePoint Client Components (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
SharePoint Client Components (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.0 - IObit)
Spotify (HKU\S-1-5-21-1390843022-1499049480-1858506-1005\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated)
System Requirements Lab (HKLM-x32\...\{0F659036-14C7-4622-9505-35A0DC93526A}) (Version: 6.1.3.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Tether (HKLM-x32\...\{C5C67EA4-16FA-473C-B274-904A71162DE4}) (Version: 1.0.1 - ClockworkMod)
TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
Uninstall Finalizer (x32 Version: 2.4.20730.1601 - Microsoft Corporation) Hidden
Unity Web Player (HKU\S-1-5-21-1390843022-1499049480-1858506-1005\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VS Update core components (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Warframe (HKLM-x32\...\{781C9ED7-5AFE-42A0-AFA8-8603C68447AF}) (Version: 1.0.0 - Digital Extremes)
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Windows Azure Storage Emulator - v3.3 (HKLM-x32\...\Windows Azure Storage Emulator - v3.3) (Version: 3.3.6848.17 - Microsoft Corporation)
Windows Driver Package - Hewlett - Packard (HidUsb) HIDClass  (01/26/2010 1.12.7600.16385) (HKLM\...\63AD5694BB6DAB8863713F85AE50BA9F539D7A3E) (Version: 01/26/2010 1.12.7600.16385 - Hewlett - Packard)
Windows Driver Package - Hewlett-Packard (HidUsb) HIDClass  (01/26/2010 1.12.7600.16385) (HKLM\...\90B012BF3F529E820A22374831C4C7D340A4CD3D) (Version: 01/26/2010 1.12.7600.16385 - Hewlett-Packard)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Workflow Manager Client 1.0 (Version: 2.0.40131.0 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.40326.0 - Microsoft Corporation) Hidden
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version:  - ZTE Corporation)
Пакет Visual Studio 2012 Verification SDK - rus (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1390843022-1499049480-1858506-1005_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
 
==================== Restore Points  =========================
 
ATTENTION: System Restore is disabled.
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2015-04-24 23:43 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0A4ED95E-D5F5-4C6A-BDE5-880FEE3245AF} - System32\Tasks\SmartDefrag4_Defrag => C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe
Task: {11FEDEA9-192C-40BA-BCA5-0B82692EEC9C} - System32\Tasks\HPCeeScheduleForroot => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {1A79D8C0-ED12-4B08-8AE2-437B5B689C40} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {2DCB77B4-D726-4D6E-881E-6C2476891A2A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-29] (Adobe Systems Incorporated)
Task: {38C28011-C58F-4ECB-9640-083F3BD73206} - System32\Tasks\SmartDefrag4_Startup => C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe
Task: {3DA0B77F-6230-45B1-A0FC-F80F0FBABA07} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {8C053CDA-9B1D-44F4-95FC-DEFB3C9D2C87} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-12] (Google Inc.)
Task: {BE7C97EA-75AD-4962-B195-D8606C6B1ECF} - System32\Tasks\{1738B587-F79D-433A-822D-265D9C30C8A9} => pcalua.exe -a "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W9KG6VP4\sp58039.exe" -d C:\Users\admin\Desktop
Task: {C510CADC-57F4-479C-BA1E-864455621508} - System32\Tasks\{39029459-43F1-4A47-999C-FDE7A20D3EB5} => pcalua.exe -a C:\Users\admin\Downloads\Drivers\BlueTooth\bluetooth.exe -d C:\Users\admin\Desktop
Task: {CB43072D-7E11-4552-878D-6E103111638B} - System32\Tasks\AdobeAAMUpdater-1.0-001-LISD142058-root => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {D013F487-C7EF-42AE-8F4C-4E4A1F68B211} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-12] (Google Inc.)
Task: {D2002D19-62E3-4B3D-B6A6-D25473A075EE} - System32\Tasks\Origin => C:\Users\root\AppData\Roaming\Origin\update.vbe <==== ATTENTION
Task: {D2C8F01F-B213-43D2-9593-18D621E12A3A} - \WPD\SqmUpload_S-1-5-21-1390843022-1499049480-1858506-1000 No Task File <==== ATTENTION
Task: {DF8889A6-31E5-422A-B64B-C2DA2BF15EAF} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe
Task: {F1993C66-DEDB-4DAA-8AB0-81679C3C561D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F7DE0792-E251-48B1-BD9F-5DD48109D365} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {FE03B477-720C-4BF8-A0FD-8D0CB11FCA0A} - System32\Tasks\AdobeAAMUpdater-1.0-LAREDOISD0-Ruben.G135 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForroot.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-04-20 20:13 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-01-01 04:45 - 2015-01-01 04:45 - 00102912 _____ () C:\Program Files (x86)\BitTorrent Sync\SyncShellContextMenu.dll
2014-05-12 04:49 - 2014-05-12 04:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-02-09 19:24 - 2015-02-09 19:24 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2012-11-08 11:33 - 2012-02-01 18:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-10-17 12:13 - 2012-10-31 16:04 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-1390843022-1499049480-1858506-1005\...\sony.com -> sony.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1390843022-1499049480-1858506-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\root\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Andy => 
MSCONFIG\startupreg: APSDaemon => 
MSCONFIG\startupreg: BCSSync => 
MSCONFIG\startupreg: BlueStacks Agent => 
MSCONFIG\startupreg: f.lux => 
MSCONFIG\startupreg: QuickTime Task => 
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/24/2015 11:26:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/24/2015 03:07:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/24/2015 01:31:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/23/2015 10:20:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/23/2015 07:07:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/23/2015 07:01:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/23/2015 06:35:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/23/2015 06:35:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winhost.exe, version: 1.0.0.0, time stamp: 0x552e2f93
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x104192f2
Faulting process id: 0xaf4
Faulting application start time: 0xwinhost.exe0
Faulting application path: winhost.exe1
Faulting module path: winhost.exe2
Report Id: winhost.exe3
 
Error: (04/23/2015 06:35:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winhost.exe, version: 1.0.0.0, time stamp: 0x552e2f93
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x104192f2
Faulting process id: 0xb14
Faulting application start time: 0xwinhost.exe0
Faulting application path: winhost.exe1
Faulting module path: winhost.exe2
Report Id: winhost.exe3
 
Error: (04/23/2015 06:35:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Winfix.exe, version: 1.0.0.0, time stamp: 0x552e2f93
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x104192f2
Faulting process id: 0xb04
Faulting application start time: 0xWinfix.exe0
Faulting application path: Winfix.exe1
Faulting module path: Winfix.exe2
Report Id: Winfix.exe3
 
 
System errors:
=============
Error: (04/25/2015 11:29:57 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain LAREDOISD0 due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (04/25/2015 07:28:43 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain LAREDOISD0 due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (04/25/2015 03:27:29 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain LAREDOISD0 due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (04/25/2015 00:03:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The FileZilla Server FTP server service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/24/2015 11:43:36 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (04/24/2015 11:42:27 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\fix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (04/24/2015 11:37:34 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (04/24/2015 11:28:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error: 
%%31
 
Error: (04/24/2015 11:26:47 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (04/24/2015 11:26:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMService service failed to start due to the following error: 
%%5
 
 
Microsoft Office Sessions:
=========================
Error: (04/24/2015 11:26:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/24/2015 03:07:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/24/2015 01:31:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/23/2015 10:20:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/23/2015 07:07:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/23/2015 07:01:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/23/2015 06:35:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/23/2015 06:35:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: winhost.exe1.0.0.0552e2f93unknown0.0.0.000000000c0000005104192f2af401d07e1e1824ba61C:\Users\root\AppData\Roaming\system32\winhost.exeunknown65307d16-ea11-11e4-94c1-b4b52f7a674a
 
Error: (04/23/2015 06:35:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: winhost.exe1.0.0.0552e2f93unknown0.0.0.000000000c0000005104192f2b1401d07e1e182bde82C:\Users\root\AppData\Roaming\system32\winhost.exeunknown65305606-ea11-11e4-94c1-b4b52f7a674a
 
Error: (04/23/2015 06:35:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Winfix.exe1.0.0.0552e2f93unknown0.0.0.000000000c0000005104192f2b0401d07e1e18297d22C:\Users\root\AppData\Local\Temp\Winfix.exeunknown65302ef6-ea11-11e4-94c1-b4b52f7a674a
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-04-24 23:42:27.229
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\fix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-04-24 23:42:27.197
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\fix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 43%
Total physical RAM: 3977.51 MB
Available physical RAM: 2257.65 MB
Total Pagefile: 7953.21 MB
Available Pagefile: 6348.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:149.04 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9EF7E8BA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:04 PM

Posted 26 April 2015 - 07:26 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\igfxcui: igfxdev.dll [X]
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1390843022-1499049480-1858506-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-1390843022-1499049480-1858506-1005 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]
S2 FA_Scheduler; "C:\Program Files (x86)\Fortinet\FortiClient\scheduler.exe" [X]
S2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe" [X]
S2 MBAMService; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe" [X]
U3 catchme; \??\C:\fix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

How is the computer running now?

#11 DaftOdyssey

DaftOdyssey
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 26 April 2015 - 08:24 AM

Well everything seems good. No more bluescreen after shutdown/restart. Although I still can't access the malwerbytes folder.

It gives me this error:

EIHXlD1.jpg

 

 

An this is when I press continue:

aVphkrq.jpg

 

And this is when I tried to have full permissions:

tCe7edQ.jpg   

 

 

Also when I'm trying to put myself as the owner, I get access denied as well. 



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:04 PM

Posted 26 April 2015 - 08:32 AM

Remove Malwabytes using their uninstaller.
https://support.malwarebytes.org/customer/portal/articles/1835311-how-do-i-uninstall-malwarebytes-anti-malware-?b_id=6438

When done restart the computer normally.

Re-install the application.

#13 DaftOdyssey

DaftOdyssey
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 29 April 2015 - 08:31 PM

How come I get the "DNS server not authoritative for zone" error when trying to use the command prompt. I tried searching online and people say it's based on a malware.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:04 PM

Posted 30 April 2015 - 07:28 AM

Try the fixes on this page.

http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_programs/dns-server-not-authoritative-for-zone-on-command/5b3eaab4-57ac-4099-a2d4-606a5e9e3f9b

Start with this.
Check the integrity of the operating system files.
How to run sfc /Scannow
http://support.microsoft.com/kb/929833
<<<>>>

If no joy see the other recommendations.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:04 PM

Posted 06 May 2015 - 10:48 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users