Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

xoti.exe virus


  • This topic is locked This topic is locked
10 replies to this topic

#1 Ethorax

Ethorax

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 02 May 2015 - 07:03 AM

Hello

I have been infected with this virus, xoti,exe i think thats the name. I dont know how i got it and i am not able to remove it. It keeps poping up in my task manager and the main file located in appdata/roaming also reappears after i delete it. Few weeks ago a similar virus named Sea Monkey popped up in my task manager and it turned out to be a new variant of PClock. Please help on how to remove it.

 

https://www.virustotal.com/en/file/cf4e4498105fbdb4b751531b4fdd7c7e3fd067b5c4fe591793057c9abfa1edb6/analysis/

 

That is the file.

Thank you!



BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,084 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:43 PM

Posted 02 May 2015 - 07:26 AM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now :thumbup2:

==========================
 
Hi Ethorax,
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • FRST.txt
  • Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 Ethorax

Ethorax
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 02 May 2015 - 07:47 AM

Thank you for replying :)

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2015
Ran by dell (administrator) on USER on 02-05-2015 18:28:44
Running from C:\Users\dell\Desktop
Loaded Profiles: dell (Available profiles: dell & Guest)
Platform: Windows 8 Pro (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(HEX-RAyS sa) C:\Users\dell\AppData\Roaming\rok\nuxoqu.exe
(SornSoft) C:\Program Files (x86)\Common Files\alg.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(ESET) C:\Users\dell\Downloads\esetsmartinstaller_enu.exe
(Microsoft Corporation) C:\Windows\System32\efsui.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\dell\AppData\Roaming\zopuga\xoti.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2014-10-31] (LogMeIn, Inc.)
HKLM-x32\...\Run: [Application Layer Gateway] => C:\Program Files (x86)\Common Files\alg.exe [33792 2010-01-26] (SornSoft)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132224 2013-03-01] (Qualcomm Atheros Commnucations)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-762288394-4164711344-2628299096-1001\...\Run: [Facebook Update] => C:\Users\dell\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-06-19] (Facebook Inc.)
HKU\S-1-5-21-762288394-4164711344-2628299096-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-21-762288394-4164711344-2628299096-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2888896 2015-03-24] (Valve Corporation)
HKU\S-1-5-21-762288394-4164711344-2628299096-1001\...\Run: [Uwwxmedia] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\dell\AppData\Local\Ezktion\Uncprt24.dll
HKU\S-1-5-21-762288394-4164711344-2628299096-1001\...\Run: [Anzdworks] => regsvr32.exe C:\Users\dell\AppData\Local\Anzdworks\acltraceapi.dll <===== ATTENTION
HKU\S-1-5-21-762288394-4164711344-2628299096-1001\...\Run: [hodo] => C:\Users\dell\AppData\Roaming\zopuga\xoti.exe [323072 2015-05-02] ()
HKU\S-1-5-21-762288394-4164711344-2628299096-1001\...\Run: [gug] => C:\Users\dell\AppData\Roaming\rok\nuxoqu.exe [300544 2015-04-29] (HEX-RAyS sa)
HKU\S-1-5-21-762288394-4164711344-2628299096-1001\...\Run: [wincl] => C:\Users\dell\AppData\Roaming\WinNew\winnew.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2014-05-09]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download game of thrones season 5 Torrents - KickassTorrents.lnk [2015-04-13]
ShortcutTarget: Download game of thrones season 5 Torrents - KickassTorrents.lnk -> C:\ProgramData\{f4cd5723-67bb-40a7-f4cd-d572367b5c8d}\Download game of thrones season 5 Torrents - KickassTorrents.exe (No File)
BootExecute: autocheck autochk /m /P \Device\HarddiskVolume19autocheck autochk * 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-762288394-4164711344-2628299096-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2013-03-01] (Qualcomm Atheros Commnucations)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-04-08] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-08] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-08] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 202.63.240.5 110.34.24.5
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll [2014-04-08] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-08] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-02-17] (VideoLAN)
FF Plugin HKU\S-1-5-21-762288394-4164711344-2628299096-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\dell\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
 
Chrome: 
=======
CHR Profile: C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (XKit) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2014-12-16]
CHR Extension: (Bookmark Manager) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-06]
CHR Extension: (Windows 8 App Store) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcofehgfaeaakklkbahafjoifnaagecj [2014-05-19]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [227968 2013-03-01] (Qualcomm Atheros Commnucations) [File not signed]
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-14] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-14] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-21] (Intel Corporation)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-03-30] (LogMeIn, Inc.)
S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2014-10-31] (LogMeIn, Inc.)
S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2014-10-31] (LogMeIn, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [564736 2013-10-26] () [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-03-02] (Atheros) [File not signed]
S2 Mobizen plugin; C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-03-01] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-03-30] (LogMeIn Inc.)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2014-10-31] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [49776 2014-07-25] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35440 2014-05-13] (Visicom Media Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-28] (NVIDIA Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-03-06] (Synaptics Incorporated)
S3 CEDRIVER60; \??\F:\Desktop\Cheat Engine\dbk64.sys [X]
S1 qnklgitu; \??\C:\Windows\system32\drivers\qnklgitu.sys [X]
S3 VSPerfDrv110; \??\F:\New folder\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-02 18:28 - 2015-05-02 18:29 - 00016462 _____ () C:\Users\dell\Desktop\FRST.txt
2015-05-02 18:28 - 2015-05-02 18:28 - 00000000 ____D () C:\FRST
2015-05-02 18:25 - 2015-05-02 18:27 - 02101248 _____ (Farbar) C:\Users\dell\Desktop\FRST64.exe
2015-05-02 18:11 - 2015-05-02 18:16 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-02 18:11 - 2015-05-02 18:11 - 00000000 ____D () C:\Users\dell\AppData\Local\MFAData
2015-05-02 18:11 - 2015-05-02 18:11 - 00000000 ____D () C:\Users\dell\AppData\Local\Avg2015
2015-05-02 17:59 - 2015-05-02 18:00 - 04578040 _____ (AVG Technologies) C:\Users\dell\Downloads\avg_free_stb_all_2015_5315_ppc1.exe
2015-05-02 17:58 - 2015-05-02 17:58 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-02 17:56 - 2015-05-02 17:58 - 02347384 _____ (ESET) C:\Users\dell\Downloads\esetsmartinstaller_enu.exe
2015-05-02 17:49 - 2015-05-02 17:54 - 05619691 _____ (Swearware) C:\Users\dell\Downloads\ComboFix.exe
2015-05-02 17:39 - 2015-05-02 18:14 - 00000000 ____D () C:\Users\dell\AppData\Roaming\zopuga
2015-05-01 14:00 - 2015-05-01 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GMT-MAX.ORG
2015-04-30 16:55 - 2015-04-30 16:55 - 00000000 ____D () C:\Users\dell\AppData\Roaming\www.shadowexplorer.com
2015-04-29 20:59 - 2015-04-30 15:10 - 01945604 _____ () C:\Users\dell\enc_files.txt
2015-04-29 10:18 - 2015-04-29 10:18 - 00000000 ____D () C:\Users\dell\AppData\Roaming\rok
2015-04-28 18:25 - 2012-08-28 14:35 - 15453832 _____ (Microsoft Corporation) C:\Windows\system32\xlive.dll
2015-04-28 17:55 - 2015-04-28 17:55 - 00000000 ____D () C:\ProgramData\Orbit
2015-04-28 17:53 - 2015-04-28 17:56 - 00000000 ____D () C:\Users\dell\Documents\Assassin's Creed IV Black Flag
2015-04-28 17:52 - 2015-04-28 17:52 - 00339456 _____ (RAD Game Tools, Inc.) C:\Windows\system32\bink2w32.dll
2015-04-25 11:42 - 2015-04-25 11:42 - 00000000 ___RD () C:\Users\dell\Creative Cloud Files
2015-04-25 08:39 - 2015-04-25 08:39 - 00003062 _____ () C:\Windows\System32\Tasks\{811CA1FF-5576-4870-9B0F-A6CEC69B4FDE}
2015-04-24 09:34 - 2015-04-24 09:34 - 00000000 ____D () C:\Users\dell\AppData\Local\Anzdworks
2015-04-23 21:19 - 2015-04-25 08:47 - 00000000 ____D () C:\Users\dell\AppData\Local\Ezktion
2015-04-23 17:10 - 2015-04-23 17:10 - 00344064 _____ () C:\Windows\Minidump\042315-25359-01.dmp
2015-04-21 17:15 - 2015-04-21 17:15 - 00000000 ____D () C:\Users\dell\Documents\KONAMI
2015-04-21 17:15 - 2015-04-21 17:15 - 00000000 ____D () C:\ProgramData\KONAMI
2015-04-20 21:36 - 2015-05-02 17:30 - 00000468 _____ () C:\Windows\Tasks\Bidaily Synchronize Task.job
2015-04-20 16:15 - 2015-04-20 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-04-20 16:15 - 2015-04-20 16:15 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2015-04-13 09:53 - 2015-04-13 09:54 - 00000000 ____D () C:\Users\dell\Desktop\Game.of.Thrones.HDTV.[Season 5 Ep 1-4]~kaugip~
2015-04-07 15:17 - 2015-04-07 15:17 - 00000000 ____D () C:\Users\dell\Desktop\CF-Auto-Root-m0-m0xx-gti9300
2015-04-07 15:17 - 2015-04-07 14:37 - 16596480 ____N () C:\Users\dell\Desktop\CF-Auto-Root-m0-m0xx-gti9300.zip
2015-04-07 13:56 - 2015-04-28 18:04 - 01001472 _____ (Samsung Electronics Co., Ltd.) C:\Users\dell\Desktop\Odin3 v3.07.exe
2015-04-07 13:56 - 2015-04-07 13:56 - 00463736 ____N () C:\Users\dell\Desktop\Odin3_v3.07.zip
2015-04-04 20:12 - 2015-04-04 20:12 - 00000000 _____ () C:\Users\dell\Desktop\Shiginima Launcher SE v1.602.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-02 18:13 - 2014-04-22 14:28 - 00000000 ____D () C:\Users\dell\AppData\Local\CrashDumps
2015-05-02 17:50 - 2014-05-04 11:15 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-02 17:47 - 2012-07-26 13:57 - 00000000 ____D () C:\Windows\system32\sru
2015-05-02 17:37 - 2014-04-07 12:46 - 01855583 _____ () C:\Windows\WindowsUpdate.log
2015-05-02 17:36 - 2015-02-24 16:41 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-02 17:36 - 2015-01-12 20:51 - 00000000 ____D () C:\Users\dell\AppData\Local\LogMeIn Hamachi
2015-05-02 17:36 - 2014-08-04 12:48 - 00000000 ____D () C:\Users\dell\Tracing
2015-05-02 17:34 - 2014-05-04 11:15 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-02 17:30 - 2014-04-07 12:42 - 00021770 _____ () C:\Windows\PFRO.log
2015-05-02 17:30 - 2012-07-26 13:07 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-02 17:29 - 2014-11-03 19:09 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-02 17:29 - 2012-07-26 13:57 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-05-02 17:29 - 2012-07-26 11:11 - 00786432 ___SH () C:\Windows\system32\config\BBI
2015-05-02 17:28 - 2012-07-26 11:11 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-05-02 17:18 - 2014-05-17 23:23 - 00000000 ____D () C:\Users\dell\AppData\Roaming\vlc
2015-05-02 16:36 - 2015-04-01 14:36 - 00000000 ____D () C:\Users\dell\Desktop\Untitled Exportshrsh
2015-05-02 16:30 - 2014-04-19 08:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-02 15:44 - 2014-06-19 18:39 - 00000934 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-762288394-4164711344-2628299096-1001UA.job
2015-05-02 12:43 - 2014-04-07 13:48 - 00000000 ____D () C:\ProgramData\Adobe
2015-05-02 12:43 - 2014-04-07 12:47 - 00000000 ____D () C:\Users\dell\AppData\Roaming\Adobe
2015-05-01 17:27 - 2014-04-07 12:58 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-762288394-4164711344-2628299096-1001
2015-05-01 13:27 - 2014-04-07 13:48 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-05-01 13:26 - 2014-04-07 12:46 - 00000000 ____D () C:\Users\dell
2015-04-30 14:59 - 2014-04-29 00:09 - 00000000 ____D () C:\Users\dell\AppData\Local\Adobe
2015-04-29 18:44 - 2014-06-19 18:39 - 00000912 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-762288394-4164711344-2628299096-1001Core.job
2015-04-29 09:37 - 2012-07-26 13:57 - 00000000 ____D () C:\Windows\AUInstallAgent
2015-04-28 17:04 - 2015-01-08 12:08 - 00000000 ____D () C:\Users\dell\AppData\Local\DOSBox
2015-04-28 17:04 - 2015-01-08 12:08 - 00000000 ____D () C:\Program Files (x86)\DOSBox-0.74
2015-04-26 07:05 - 2012-07-26 13:57 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-25 11:35 - 2014-08-15 20:07 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-23 19:44 - 2014-07-14 10:07 - 00000000 ____D () C:\Users\dell\AppData\Local\31171
2015-04-23 19:24 - 2012-07-26 13:13 - 00898288 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-23 17:10 - 2014-11-11 20:19 - 00000000 ____D () C:\Windows\Minidump
2015-04-21 17:15 - 2014-05-17 13:33 - 00000000 ____D () C:\ProgramData\Steam
2015-04-21 17:15 - 2014-04-11 16:14 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-04-14 22:33 - 2014-04-19 08:45 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-07 22:52 - 2014-05-16 17:35 - 00000000 ____D () C:\Users\dell\Documents\FIFA 14
2015-04-07 12:48 - 2012-07-26 13:06 - 00044488 _____ () C:\Windows\setupact.log
2015-04-06 00:14 - 2012-07-26 13:57 - 00000000 ____D () C:\Windows\rescache
 
==================== Files in the root of some directories =======
 
2010-01-26 19:26 - 2010-01-26 19:09 - 0033792 _____ (SornSoft) C:\Program Files (x86)\Common Files\alg.exe
2012-05-03 16:57 - 2012-05-03 16:57 - 0000532 _____ () C:\Users\dell\AppData\Local\datos.txt
2014-08-14 17:43 - 2015-03-06 23:45 - 0004608 _____ () C:\Users\dell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-05 08:14 - 2014-05-05 08:14 - 0007599 _____ () C:\Users\dell\AppData\Local\Resmon.ResmonCfg
 
Some content of TEMP:
====================
C:\Users\dell\AppData\Local\Temp\1383237328.exe
C:\Users\dell\AppData\Local\Temp\6628.exe
C:\Users\dell\AppData\Local\Temp\AcroRd32.exe
C:\Users\dell\AppData\Local\Temp\ActivationUI.exe
C:\Users\dell\AppData\Local\Temp\Adobe Gamma Loader.exe
C:\Users\dell\AppData\Local\Temp\AdobeARM.exe
C:\Users\dell\AppData\Local\Temp\appshat_generic.exe
C:\Users\dell\AppData\Local\Temp\berkelium.exe
C:\Users\dell\AppData\Local\Temp\BlueStacks-SplitInstaller_native_c.exe
C:\Users\dell\AppData\Local\Temp\CamtasiaStudio.exe
C:\Users\dell\AppData\Local\Temp\chrmstp.exe
C:\Users\dell\AppData\Local\Temp\chrome.exe
C:\Users\dell\AppData\Local\Temp\counter-strike source - full 07-07-2005.exe
C:\Users\dell\AppData\Local\Temp\delegate_execute.exe
C:\Users\dell\AppData\Local\Temp\dynamiclinkmanager.exe
C:\Users\dell\AppData\Local\Temp\dynamiclinkmediaserver.exe
C:\Users\dell\AppData\Local\Temp\FacebookUpdate.exe
C:\Users\dell\AppData\Local\Temp\fifa13.exe
C:\Users\dell\AppData\Local\Temp\fifa14-3dm.exe
C:\Users\dell\AppData\Local\Temp\fifa14.exe
C:\Users\dell\AppData\Local\Temp\firefox.exe
C:\Users\dell\AppData\Local\Temp\FlashPlayerApp.exe
C:\Users\dell\AppData\Local\Temp\fm.exe
C:\Users\dell\AppData\Local\Temp\GFExperience.exe
C:\Users\dell\AppData\Local\Temp\GoogleUpdate.exe
C:\Users\dell\AppData\Local\Temp\GROOVE.EXE
C:\Users\dell\AppData\Local\Temp\helper.exe
C:\Users\dell\AppData\Local\Temp\javaw.exe
C:\Users\dell\AppData\Local\Temp\javaws.exe
C:\Users\dell\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\dell\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\dell\AppData\Local\Temp\jusched.exe
C:\Users\dell\AppData\Local\Temp\NO$GBA.EXE
C:\Users\dell\AppData\Local\Temp\NvBackend.exe
C:\Users\dell\AppData\Local\Temp\OIS.EXE
C:\Users\dell\AppData\Local\Temp\old_chrome.exe
C:\Users\dell\AppData\Local\Temp\Patriots_Installer.EXE
C:\Users\dell\AppData\Local\Temp\Picasa3.exe
C:\Users\dell\AppData\Local\Temp\PicasaUpdater.exe
C:\Users\dell\AppData\Local\Temp\POWERPNT.EXE
C:\Users\dell\AppData\Local\Temp\SETUP.EXE
C:\Users\dell\AppData\Local\Temp\setup32.exe
C:\Users\dell\AppData\Local\Temp\Skype.exe
C:\Users\dell\AppData\Local\Temp\Uninstall.exe
C:\Users\dell\AppData\Local\Temp\vlc.exe
C:\Users\dell\AppData\Local\Temp\WinRAR.exe
C:\Users\dell\AppData\Local\Temp\WINWORD.EXE
C:\Users\Guest\AppData\Local\Temp\Adobe Gamma Loader.exe
C:\Users\Guest\AppData\Local\Temp\chrmstp.exe
C:\Users\Guest\AppData\Local\Temp\delegate_execute.exe
C:\Users\Guest\AppData\Local\Temp\jusched.exe
C:\Users\Guest\AppData\Local\Temp\NvBackend.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-29 19:10
 
==================== End Of Log ============================
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2015
Ran by dell at 2015-05-02 18:29:51
Running from C:\Users\dell\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-762288394-4164711344-2628299096-500 - Administrator - Disabled)
dell (S-1-5-21-762288394-4164711344-2628299096-1001 - Administrator - Enabled) => C:\Users\dell
Guest (S-1-5-21-762288394-4164711344-2628299096-501 - Limited - Enabled) => C:\Users\Guest
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Adobe Photoshop Lightroom 5.3 (HKLM-x32\...\{6F86810F-BE5B-4FB1-BA5A-EFD8F65F5EE4}) (Version: 5.3.1 - Adobe Systems Incorporated)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Blend for Visual Studio 2012 (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2012 ENU resources (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{152E0B21-19D5-4772-9EF8-8E76074B0C0A}) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
Counter-Strike 1.6 (HKLM-x32\...\Counter-Strike 1.6_is1) (Version: Counter-Strike 1.6 No Steam - KingSOFT DVD)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.3.13.5 - Synaptics Incorporated)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{0A1A1D48-DB23-443A-BC7B-49255D138020}) (Version: 11.1.20702.00 - Microsoft Corporation)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FIFA 14 (HKLM-x32\...\{81D6AF80-A5A7-489C-BAA6-CB6220654368}) (Version: 6.0 - Black Box)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google SketchUp Pro 8 (HKLM-x32\...\{E0A160F1-127B-43AC-AF96-EBB6319B01C7}) (Version: 3.0.4811 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.0.1428 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.710 - Oracle)
Java™ 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417000FF}) (Version: 7.0.0 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
KMSpico v9.0.2.20131025 (Beta) (HKLM\...\KMSpico_is1) (Version: 9.0.2.20131025 - )
LocalESPC (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden
LocalESPCui for en-us (x32 Version: 8.59.25584 - Microsoft) Hidden
LogMeIn (HKLM-x32\...\{F93EE340-3735-4032-8B74-0A3E489017A0}) (Version: 4.1.4670 - LogMeIn, Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.328 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.328 - LogMeIn, Inc.) Hidden
ManyCam 4.0.110 (HKLM-x32\...\ManyCam) (Version: 4.0.110 - Visicom Media Inc.)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}) (Version: 3.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-762288394-4164711344-2628299096-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM-x32\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM-x32\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31125 - Microsoft Corporation)
Microsoft Visual Studio Professional 2012 (HKLM-x32\...\{17c2e197-cf26-443b-8beb-53151940df3f}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{E2B8249D-895C-4685-8C83-00F3B1A13028}) (Version: 4.0.1622 - Microsoft Corporation)
Minecraft1.7.9 (HKLM-x32\...\Minecraft1.7.9) (Version:  - )
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.0.2180.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
Pro Evolution Soccer 2015 version 1.01 (HKLM-x32\...\Pro Evolution Soccer 2015_is1) (Version: 1.01 - GMT-MAX.ORG)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.222 - Qualcomm Atheros Communications)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.13.314.2013 - Realtek)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
V-Ray for 3dsmax 2014 for x64 (HKLM\...\V-Ray for 3dsmax 2014 for x64) (Version: 3.00.03 - Chaos Software Ltd)
WCF Data Services 5.0 (for OData v3) Primary Components (x32 Version: 5.0.50628.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2012 (x32 Version: 5.0.50710.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-762288394-4164711344-2628299096-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-762288394-4164711344-2628299096-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\dell\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-762288394-4164711344-2628299096-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\dell\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-762288394-4164711344-2628299096-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\dell\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-762288394-4164711344-2628299096-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\dell\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-762288394-4164711344-2628299096-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\dell\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
30-04-2015 16:32:37 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 11:11 - 2012-07-26 11:11 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0295BCA5-E6AB-4C1C-9A38-704CEBC2D848} - System32\Tasks\{5A903153-5717-49ED-A9A5-FD6A102D09E4} => pcalua.exe -a C:\Users\dell\AppData\Roaming\uTorrent\uTorrent.exe -c /UNINSTALL
Task: {13A02711-A87B-4CC8-ADFD-3F43D6D58958} - System32\Tasks\{811CA1FF-5576-4870-9B0F-A6CEC69B4FDE} => pcalua.exe -a D:\Office15\FIRSTRUN.EXE -d D:\Office15
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask
Task: {307D8C75-FDA3-49D3-AA9F-DB79F405FB59} - System32\Tasks\Microsoft\Windows\Autochk\Proxy
Task: {48E77DAA-D8F2-4197-B960-5E86A674B18C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-762288394-4164711344-2628299096-1001UA => C:\Users\dell\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-19] (Facebook Inc.)
Task: {510B6DF2-99B4-4AB1-86B0-3C392B45C935} - System32\Tasks\{8737028A-9DA1-42EF-9587-CE6743CA424B} => Iexplore.exe http://ui.skype.com/ui/0/5.9.0.115/en/abandoninstall?page=tsProgressBar
Task: {53547DE2-E8AA-4D59-938F-DE021ABA85D1} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-03-06] (Synaptics Incorporated)
Task: {613D288A-8B49-4F8F-A558-5EA702797D2C} - System32\Tasks\WPD\SqmUpload_S-1-5-21-762288394-4164711344-2628299096-1001
Task: {67229DF8-B971-4F31-933D-0FD466D45DE1} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater
Task: {7AEA3123-A7FE-4BE0-826B-8701378F4C46} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-762288394-4164711344-2628299096-1001Core => C:\Users\dell\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-19] (Facebook Inc.)
Task: {834A80AD-DE20-461F-AD02-4F79D550D9D6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-04] (Google Inc.)
Task: {8C8184C3-F939-49C4-8CB7-E1FEBF08D0C0} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2013-10-26] ()
Task: {935E4650-E99D-45BF-A79B-89F64F7AED88} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {9D2E05E6-3480-4995-9E75-3002294FE651} - System32\Tasks\{D0E3A2E0-55F3-4866-8E5E-5FF943368B15} => pcalua.exe -a "C:\Program Files (x86)\Google\Picasa3\Uninstall.exe"
Task: {9EA21C2F-DA3E-4E07-9C39-658114C1E3FD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-04] (Google Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation
Task: {A7A7C176-5B19-443C-A0BE-499DCDD6CD8E} - System32\Tasks\{5F1B2F61-DD61-40D1-8C21-1DCA462D8425} => pcalua.exe -a "C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe"
Task: {A8FCF37F-766C-4A04-99A4-5C443B8E0F2F} - \Bidaily Synchronize Task No Task File <==== ATTENTION
Task: {ABA7256B-A1FF-4959-AB78-00003CC1404D} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Uploader
Task: {B3F09249-F5EF-4D95-BBF9-CD977D7F462D} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
Task: {C84F8A44-9FD3-4273-930B-E488674D2812} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent
Task: {DE366315-0909-4CA8-989D-D74D0D1A2671} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask
Task: {F6EEB348-4FCE-484C-B5EE-7FDB5F66360C} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Bidaily Synchronize Task.job => C:\ProgramData\{2b692d0c-1b9a-a5a0-2b69-92d0c1b9b430}\Download Adobe Flash Professional CC 2014+Crack Torrent - KickassTorrents.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-762288394-4164711344-2628299096-1001Core.job => C:\Users\dell\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-762288394-4164711344-2628299096-1001UA.job => C:\Users\dell\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-04-07 13:51 - 2014-03-04 18:50 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2006-12-04 01:26 - 2006-12-04 01:26 - 00022016 _____ () C:\Windows\System32\sugs2l6.dll
2013-03-01 07:59 - 2013-03-01 07:59 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-03-01 07:56 - 2013-03-01 07:56 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2013-03-01 08:00 - 2013-03-01 08:00 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
2014-05-31 21:03 - 2014-05-31 21:04 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2015-05-02 17:39 - 2015-05-02 17:39 - 00323072 _____ () C:\Users\dell\AppData\Roaming\zopuga\xoti.exe
2014-04-07 13:45 - 2013-03-21 04:32 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-04-23 21:19 - 2015-04-23 21:19 - 00050688 _____ () C:\Users\dell\AppData\Local\Ezktion\Uncprt24.dll
2015-04-24 09:34 - 2015-04-24 09:34 - 00055808 _____ () C:\Users\dell\AppData\Local\Anzdworks\acltraceapi.dll
2015-04-30 16:51 - 2015-04-28 07:52 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libglesv2.dll
2015-04-30 16:51 - 2015-04-28 07:52 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-762288394-4164711344-2628299096-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\dell\Desktop\maxresdefault.jpg
DNS Servers: 202.63.240.5 - 110.34.24.5
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-762288394-4164711344-2628299096-1001\...\StartupApproved\StartupFolder: => "Download game of thrones season 5 Torrents - KickassTorrents.lnk"
HKU\S-1-5-21-762288394-4164711344-2628299096-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-762288394-4164711344-2628299096-1001\...\StartupApproved\Run: => "Facebook Update"
HKU\S-1-5-21-762288394-4164711344-2628299096-1001\...\StartupApproved\Run: => "gug"
HKU\S-1-5-21-762288394-4164711344-2628299096-1001\...\StartupApproved\Run: => "wincl"
 
==================== FirewallRules (whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [TCP Query User{28FF36D7-E8BA-4C72-B1FF-5E62C21EEE7B}D:\sgg\e\counter strike source 2012\hl2.exe] => (Block) D:\sgg\e\counter strike source 2012\hl2.exe
FirewallRules: [UDP Query User{5FF4CEDC-79B7-4282-B494-533A1183A65C}D:\sgg\e\counter strike source 2012\hl2.exe] => (Block) D:\sgg\e\counter strike source 2012\hl2.exe
FirewallRules: [TCP Query User{721710E8-67E7-420F-9710-F400E4CFB51E}C:\users\sazit\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\sazit\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{8070BDF0-3EBD-4770-968E-E8663AEF0815}C:\users\sazit\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\sazit\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{6A44EEE6-9E04-450D-9AB8-A83CD3F45801}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{94BAB5D0-7AF4-4D55-8C18-9F7D5DC5398C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{389AA145-D6D8-42AA-A55C-98A012E20290}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{48A35A0D-96A4-4BDD-A235-AEBAF6A48934}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{6A450D44-4DA1-42BB-A1E5-E80148C5CE0E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{05197C71-0EC6-40BF-879F-CCE382AE6EF0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{C906D22B-C22B-4979-BE02-CAE6BE5242B1}C:\program files (x86)\fifa 13\game\fifa13.exe] => (Allow) C:\program files (x86)\fifa 13\game\fifa13.exe
FirewallRules: [UDP Query User{19DA8AC4-16B2-4295-87EB-F4126EBDF55D}C:\program files (x86)\fifa 13\game\fifa13.exe] => (Allow) C:\program files (x86)\fifa 13\game\fifa13.exe
FirewallRules: [TCP Query User{B8EF4DE2-E814-4E5C-AC11-D930A9A02AAA}C:\users\dell\appdata\local\temp\fifa13.exe] => (Allow) C:\users\dell\appdata\local\temp\fifa13.exe
FirewallRules: [UDP Query User{12A59DEC-7D58-4682-BF75-407C0746D009}C:\users\dell\appdata\local\temp\fifa13.exe] => (Allow) C:\users\dell\appdata\local\temp\fifa13.exe
FirewallRules: [TCP Query User{14195774-F93D-4EDC-980E-13F3F5FC24C7}C:\program files (x86)\zonecs.net counter-strike 1.6 full\hl.exe] => (Allow) C:\program files (x86)\zonecs.net counter-strike 1.6 full\hl.exe
FirewallRules: [UDP Query User{9B30F151-89BB-40EF-860D-A03F26ABFC7B}C:\program files (x86)\zonecs.net counter-strike 1.6 full\hl.exe] => (Allow) C:\program files (x86)\zonecs.net counter-strike 1.6 full\hl.exe
FirewallRules: [TCP Query User{4C0E31A8-1CE2-45EA-88A1-6DD5996BC94C}C:\program files (x86)\fifa 14\game\fifa14.exe] => (Allow) C:\program files (x86)\fifa 14\game\fifa14.exe
FirewallRules: [UDP Query User{D8AF79CF-CA77-4482-B468-669E1F203E7B}C:\program files (x86)\fifa 14\game\fifa14.exe] => (Allow) C:\program files (x86)\fifa 14\game\fifa14.exe
FirewallRules: [TCP Query User{B397BA40-C557-41A1-B1D8-60B41371D1F2}C:\program files (x86)\counter-strike 1.6\hl.exe] => (Allow) C:\program files (x86)\counter-strike 1.6\hl.exe
FirewallRules: [UDP Query User{ADDB53A8-CDB2-42D9-AB5A-C9DCF63F403C}C:\program files (x86)\counter-strike 1.6\hl.exe] => (Allow) C:\program files (x86)\counter-strike 1.6\hl.exe
FirewallRules: [TCP Query User{C7BFCCB1-3EAC-4C55-A35A-AB3A57C86238}C:\program files (x86)\patriots\patriots.exe] => (Allow) C:\program files (x86)\patriots\patriots.exe
FirewallRules: [UDP Query User{8433D4A8-4D4F-4B4B-B49B-68A3767F1604}C:\program files (x86)\patriots\patriots.exe] => (Allow) C:\program files (x86)\patriots\patriots.exe
FirewallRules: [{49E1E8DF-E53A-4299-8CD6-A53DBA5DAC30}] => (Allow) C:\Users\dell\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{54B58C83-9D69-468A-85BC-662809EF2019}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A852405F-2230-407E-8257-ABDC29E56060}] => (Allow) LPort=2869
FirewallRules: [{81EF771E-888E-427D-878F-1D58AB2EE37F}] => (Allow) LPort=1900
FirewallRules: [{025FA372-D8A7-4B89-83B5-0A8B69A1A236}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{4EA72D05-EECB-4A08-94E8-D59DD94981E6}] => (Allow) C:\Users\dell\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{E421B785-8B68-4CEE-89CC-F5559006CEE9}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe
FirewallRules: [{97AB1B60-69F1-47E9-9E5C-C8DDEC496CFF}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe
FirewallRules: [{8D5C2796-22D4-47F9-891D-A37DA94DFF59}] => (Allow) C:\Users\dell\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{11B4C79C-94EC-4754-8C2A-746FF26B7334}] => (Allow) C:\Users\dell\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{C4B86C92-0A06-40CE-A056-BE29AE900C01}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{F6D166AB-A076-4FAD-8BB6-E5EC92B35243}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{71405B61-3D75-4541-9CEE-046774153446}C:\program files (x86)\google\google sketchup 8\sketchup.exe] => (Block) C:\program files (x86)\google\google sketchup 8\sketchup.exe
FirewallRules: [UDP Query User{6E463A2F-2E34-4FB0-AA4D-F36DA2E90EB4}C:\program files (x86)\google\google sketchup 8\sketchup.exe] => (Block) C:\program files (x86)\google\google sketchup 8\sketchup.exe
FirewallRules: [{A5D64DFA-D8D6-41F4-9868-13CABA915E6D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4669A0B7-8B3E-4D33-BBE9-A193A2BB9B3F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CBE3BF3E-8266-42C2-8E91-3CF2EE15ABE2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C5444B81-B099-4292-99A1-D9E5E729683F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{0CC847A8-2934-45AE-A9AB-3D6C17EF3C51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{DA8F46BD-827A-4075-AD09-17062E63E7A1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [TCP Query User{0A89018A-3229-4233-9766-D29368E91BDA}D:\new folder\new folder\counter-strike global offensive\csgo.exe] => (Block) D:\new folder\new folder\counter-strike global offensive\csgo.exe
FirewallRules: [UDP Query User{D1029494-05C9-4199-8543-EA5BF6AB5CA6}D:\new folder\new folder\counter-strike global offensive\csgo.exe] => (Block) D:\new folder\new folder\counter-strike global offensive\csgo.exe
FirewallRules: [TCP Query User{D35509A6-A40F-4220-ADA1-DFE52B56DBFB}C:\program files (x86)\steam\backups\counter-strike global offensive\csgo.exe] => (Allow) C:\program files (x86)\steam\backups\counter-strike global offensive\csgo.exe
FirewallRules: [UDP Query User{7DE6D914-EF60-4809-8D5E-6345A4EBB2CC}C:\program files (x86)\steam\backups\counter-strike global offensive\csgo.exe] => (Allow) C:\program files (x86)\steam\backups\counter-strike global offensive\csgo.exe
FirewallRules: [{D8DC0CD2-E096-4721-933A-5E4BB8D63428}] => (Allow) F:\New folder\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{451ED1EF-2EEA-4C78-907D-9E27C100EEF7}F:\pro evolution soccer 2015\pes2015.exe] => (Allow) F:\pro evolution soccer 2015\pes2015.exe
FirewallRules: [UDP Query User{DE4DD5FA-3FFA-4A32-8587-D1D55E7F9827}F:\pro evolution soccer 2015\pes2015.exe] => (Allow) F:\pro evolution soccer 2015\pes2015.exe
FirewallRules: [{D9F19108-BF22-48D3-BD51-1850975B999A}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{2AC575DB-1C59-4EBF-AB40-3C025FA75BB3}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{FA445908-56B7-4554-AC5D-FFEF0015CBBD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{F31CCC5A-8D8F-4363-A6C4-C702166A28C0}D:\pro evolution soccer 2015\pes2015.exe] => (Allow) D:\pro evolution soccer 2015\pes2015.exe
FirewallRules: [UDP Query User{57C7A234-E9F0-4E0A-9FF9-318201991C3D}D:\pro evolution soccer 2015\pes2015.exe] => (Allow) D:\pro evolution soccer 2015\pes2015.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Dell Wireless 1705 Bluetooth
Description: Dell Wireless 1705 Bluetooth
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/02/2015 06:29:51 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2015-06-01T11:45:51Z. Error Code: 0x80070005.
 
Error: (05/02/2015 06:29:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvBackend.exe, version: 11.10.13.1, time stamp: 0x52f202d0
Faulting module name: nvspcap.dll_unloaded, version: 0.0.0.0, time stamp: 0x52f20257
Exception code: 0xc0000005
Fault offset: 0x063ac292
Faulting process id: 0x15c0
Faulting application start time: 0xNvBackend.exe0
Faulting application path: NvBackend.exe1
Faulting module path: NvBackend.exe2
Report Id: NvBackend.exe3
Faulting package full name: NvBackend.exe4
Faulting package-relative application ID: NvBackend.exe5
 
Error: (05/02/2015 06:29:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvBackend.exe, version: 11.10.13.1, time stamp: 0x52f202d0
Faulting module name: nvspcap.dll_unloaded, version: 0.0.0.0, time stamp: 0x52f20257
Exception code: 0xc00001a5
Fault offset: 0x06469860
Faulting process id: 0x15c0
Faulting application start time: 0xNvBackend.exe0
Faulting application path: NvBackend.exe1
Faulting module path: NvBackend.exe2
Report Id: NvBackend.exe3
Faulting package full name: NvBackend.exe4
Faulting package-relative application ID: NvBackend.exe5
 
Error: (05/02/2015 06:29:21 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2015-06-01T11:45:21Z. Error Code: 0x80070005.
 
Error: (05/02/2015 06:28:51 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2015-06-01T11:45:51Z. Error Code: 0x80070005.
 
Error: (05/02/2015 06:28:21 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2015-06-01T11:45:21Z. Error Code: 0x80070005.
 
Error: (05/02/2015 06:27:51 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2015-06-01T11:45:51Z. Error Code: 0x80070005.
 
Error: (05/02/2015 06:27:48 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
 
Error: (05/02/2015 06:27:21 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2015-06-01T11:45:21Z. Error Code: 0x80070005.
 
Error: (05/02/2015 06:26:51 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2015-06-01T11:45:51Z. Error Code: 0x80070005.
 
 
System errors:
=============
Error: (05/02/2015 06:29:39 PM) (Source: DCOM) (EventID: 10010) (User: USER)
Description: {5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C}
 
Error: (05/02/2015 06:13:31 PM) (Source: DCOM) (EventID: 10010) (User: USER)
Description: {5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C}
 
Error: (05/02/2015 06:00:17 PM) (Source: DCOM) (EventID: 10010) (User: USER)
Description: {5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C}
 
Error: (05/02/2015 05:41:57 PM) (Source: DCOM) (EventID: 10010) (User: USER)
Description: {5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C}
 
Error: (05/02/2015 05:38:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LMIGuardianSvc service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/02/2015 05:36:52 PM) (Source: DCOM) (EventID: 10010) (User: USER)
Description: {5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C}
 
Error: (05/02/2015 05:36:25 PM) (Source: DCOM) (EventID: 10010) (User: USER)
Description: {515980C3-57FE-4C1E-A561-730DD256AB98}
 
Error: (05/02/2015 05:31:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/02/2015 05:30:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (05/02/2015 05:30:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mobizen plugin service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (05/02/2015 06:29:51 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800700052015-06-01T11:45:51Z
 
Error: (05/02/2015 06:29:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvBackend.exe11.10.13.152f202d0nvspcap.dll_unloaded0.0.0.052f20257c0000005063ac29215c001d084d589b6f972C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exenvspcap.dll03e30fa1-f0c9-11e4-beb3-e0db55c2230c
 
Error: (05/02/2015 06:29:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NvBackend.exe11.10.13.152f202d0nvspcap.dll_unloaded0.0.0.052f20257c00001a50646986015c001d084d589b6f972C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exenvspcap.dllff0558fb-f0c8-11e4-beb3-e0db55c2230c
 
Error: (05/02/2015 06:29:21 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800700052015-06-01T11:45:21Z
 
Error: (05/02/2015 06:28:51 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800700052015-06-01T11:45:51Z
 
Error: (05/02/2015 06:28:21 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800700052015-06-01T11:45:21Z
 
Error: (05/02/2015 06:27:51 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800700052015-06-01T11:45:51Z
 
Error: (05/02/2015 06:27:48 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\dell\Downloads\esetsmartinstaller_enu.exe
 
Error: (05/02/2015 06:27:21 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800700052015-06-01T11:45:21Z
 
Error: (05/02/2015 06:26:51 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800700052015-06-01T11:45:51Z
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-05-16 18:04:05.968
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.
 
  Date: 2014-05-13 20:29:24.502
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.
 
  Date: 2014-05-12 16:13:08.268
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.
 
  Date: 2014-05-11 10:09:41.580
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\smss.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level Windows or better to load.
 
  Date: 2014-05-10 14:53:50.600
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level 6 or better to load.
 
  Date: 2014-05-10 14:53:50.475
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level 6 or better to load.
 
  Date: 2014-05-10 14:53:50.350
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level 6 or better to load.
 
  Date: 2014-05-10 14:53:50.194
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level 6 or better to load.
 
  Date: 2014-05-10 14:53:50.022
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level 6 or better to load.
 
  Date: 2014-05-10 14:53:49.882
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\shell32.dll with signing level Unsigned while the system requires signing level 6 or better to load.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 45%
Total physical RAM: 4000.63 MB
Available physical RAM: 2192.29 MB
Total Pagefile: 8096.63 MB
Available Pagefile: 5990.83 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:99.76 GB) (Free:13.32 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:182.83 GB) (Free:170.6 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:182.83 GB) (Free:164.55 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: AA6A23A2)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=99.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=182.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=182.8 GB) - (Type=OF Extended)
 
==================== End Of Log ============================


#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,084 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:43 PM

Posted 02 May 2015 - 10:42 AM

Hi Ethorax,
 
I must give you this warning:
 
Looking through your logs, one or more of your infections has been identified as a Backdoor Trojan. These threats have backdoor functionality which allows hackers to remotely control your computer, steal critical system information, and download and execute files.
 
I highly suggest you to disconnect this PC from the Internet immediately, and if possible use a clean computer and a flash drive to transfer the programs I request for you to run. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. It would be wise to contact those same financial institutions to notify them of your situation.
 
Due to the nature of this trojan, your computer is very likely to be compromised. There is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
 
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
 
We can still clean this machine, but I can't guarantee that it will be 100% secure afterwards. If you decide to continue cleaning this machine, follow on with the rest of the steps posted below. If you do not want to clean this machine, please let me know.
 
--------------
 
I see lines in your log which are related to torrents. I shall provide this warning:
 
The practice of using keygenshacking toolscracking toolswareztorrents or any pirated software is not only considered illegal activity, but it is a serious security risk which can turn a computer into a virus honeypot or zombie.
 
When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible, and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.
 
If you want to read on then the full post is here.

--------------

We need to remove programs using "Programs and Features"
 
Open Computer and click on the "Computer" tab, then click on Uninstall or Change a Program.
 
A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking the below entries and selecting "Remove":

Minecraft1.7.9

Additional instructions can be found here if needed

--------------

We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
(HEX-RAyS sa) C:\Users\dell\AppData\Roaming\rok\nuxoqu.exe
() C:\Users\dell\AppData\Roaming\zopuga\xoti.exe
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-762288394-4164711344-2628299096-1001\...\Run: [Uwwxmedia] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\dell\AppData\Local\Ezktion\Uncprt24.dll
C:\Users\dell\AppData\Local\Ezktion
HKU\S-1-5-21-762288394-4164711344-2628299096-1001\...\Run: [Anzdworks] => regsvr32.exe C:\Users\dell\AppData\Local\Anzdworks\acltraceapi.dll <===== ATTENTION
C:\Users\dell\AppData\Local\Anzdworks
HKU\S-1-5-21-762288394-4164711344-2628299096-1001\...\Run: [hodo] => C:\Users\dell\AppData\Roaming\zopuga\xoti.exe [323072 2015-05-02] ()
C:\Users\dell\AppData\Roaming\zopuga
HKU\S-1-5-21-762288394-4164711344-2628299096-1001\...\Run: [gug] => C:\Users\dell\AppData\Roaming\rok\nuxoqu.exe [300544 2015-04-29] (HEX-RAyS sa)
C:\Users\dell\AppData\Roaming\rok
HKU\S-1-5-21-762288394-4164711344-2628299096-1001\...\Run: [wincl] => C:\Users\dell\AppData\Roaming\WinNew\winnew.exe
C:\Users\dell\AppData\Roaming\WinNew
Startup: C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download game of thrones season 5 Torrents - KickassTorrents.lnk [2015-04-13]
ShortcutTarget: Download game of thrones season 5 Torrents - KickassTorrents.lnk -> C:\ProgramData\{f4cd5723-67bb-40a7-f4cd-d572367b5c8d}\Download game of thrones season 5 Torrents - KickassTorrents.exe (No File)
C:\ProgramData\{f4cd5723-67bb-40a7-f4cd-d572367b5c8d}
S4 LMIRfsClientNP; No ImagePath
Task: {A8FCF37F-766C-4A04-99A4-5C443B8E0F2F} - \Bidaily Synchronize Task No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Bidaily Synchronize Task.job => C:\ProgramData\{2b692d0c-1b9a-a5a0-2b69-92d0c1b9b430}\Download Adobe Flash Professional CC 2014+Crack Torrent - KickassTorrents.exe
C:\ProgramData\{2b692d0c-1b9a-a5a0-2b69-92d0c1b9b430}
EmptyTemp:
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 Ethorax

Ethorax
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 02 May 2015 - 12:16 PM

Thank you for your reply xXtoffeeXx! :)

 

Oh man I didn't know it was this serious.

I didn't have financial transactions of any sort but are my email and other online accounts at threat too?
I do wish to re install the OS but is it possible as some of my dell drivers, NVIDIA drivers and personal files are stored in this PC it self and transferring it again to the new installed OS would again infect the system? Also I know the windows that came with this PC isn't genuine at all because here in Nepal everything is pirated and also I was told to not update windows by the retailer. So if it is not possible for me to re install the OS, then i have no choice but to clean my computer. 

Therefore i have done what you instructed me to do.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-05-2015
Ran by dell at 2015-05-02 22:31:51 Run:1
Running from C:\Users\dell\Desktop
Loaded Profiles: dell (Available profiles: dell & Guest)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
(HEX-RAyS sa) C:\Users\dell\AppData\Roaming\rok\nuxoqu.exe
() C:\Users\dell\AppData\Roaming\zopuga\xoti.exe
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-762288394-4164711344-2628299096-1001\...\Run: [Uwwxmedia] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\dell\AppData\Local\Ezktion\Uncprt24.dll
C:\Users\dell\AppData\Local\Ezktion
HKU\S-1-5-21-762288394-4164711344-2628299096-1001\...\Run: [Anzdworks] => regsvr32.exe C:\Users\dell\AppData\Local\Anzdworks\acltraceapi.dll <===== ATTENTION
C:\Users\dell\AppData\Local\Anzdworks
HKU\S-1-5-21-762288394-4164711344-2628299096-1001\...\Run: [hodo] => C:\Users\dell\AppData\Roaming\zopuga\xoti.exe [323072 2015-05-02] ()
C:\Users\dell\AppData\Roaming\zopuga
HKU\S-1-5-21-762288394-4164711344-2628299096-1001\...\Run: [gug] => C:\Users\dell\AppData\Roaming\rok\nuxoqu.exe [300544 2015-04-29] (HEX-RAyS sa)
C:\Users\dell\AppData\Roaming\rok
HKU\S-1-5-21-762288394-4164711344-2628299096-1001\...\Run: [wincl] => C:\Users\dell\AppData\Roaming\WinNew\winnew.exe
C:\Users\dell\AppData\Roaming\WinNew
Startup: C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download game of thrones season 5 Torrents - KickassTorrents.lnk [2015-04-13]
ShortcutTarget: Download game of thrones season 5 Torrents - KickassTorrents.lnk -> C:\ProgramData\{f4cd5723-67bb-40a7-f4cd-d572367b5c8d}\Download game of thrones season 5 Torrents - KickassTorrents.exe (No File)
C:\ProgramData\{f4cd5723-67bb-40a7-f4cd-d572367b5c8d}
S4 LMIRfsClientNP; No ImagePath
Task: {A8FCF37F-766C-4A04-99A4-5C443B8E0F2F} - \Bidaily Synchronize Task No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Bidaily Synchronize Task.job => C:\ProgramData\{2b692d0c-1b9a-a5a0-2b69-92d0c1b9b430}\Download Adobe Flash Professional CC 2014+Crack Torrent - KickassTorrents.exe
C:\ProgramData\{2b692d0c-1b9a-a5a0-2b69-92d0c1b9b430}
EmptyTemp:
*****************
 
C:\Users\dell\AppData\Roaming\rok\nuxoqu.exe => No running process found
[4452] C:\Users\dell\AppData\Roaming\zopuga\xoti.exe => Process closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => Key deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully.
HKU\S-1-5-21-762288394-4164711344-2628299096-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Uwwxmedia => value deleted successfully.
C:\Users\dell\AppData\Local\Ezktion => Moved successfully.
HKU\S-1-5-21-762288394-4164711344-2628299096-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Anzdworks => value deleted successfully.
C:\Users\dell\AppData\Local\Anzdworks => Moved successfully.
HKU\S-1-5-21-762288394-4164711344-2628299096-1001\Software\Microsoft\Windows\CurrentVersion\Run\\hodo => value deleted successfully.
C:\Users\dell\AppData\Roaming\zopuga => Moved successfully.
HKU\S-1-5-21-762288394-4164711344-2628299096-1001\Software\Microsoft\Windows\CurrentVersion\Run\\gug => value deleted successfully.
"C:\Users\dell\AppData\Roaming\rok" => File/Directory not found.
HKU\S-1-5-21-762288394-4164711344-2628299096-1001\Software\Microsoft\Windows\CurrentVersion\Run\\wincl => value deleted successfully.
"C:\Users\dell\AppData\Roaming\WinNew" => File/Directory not found.
C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download game of thrones season 5 Torrents - KickassTorrents.lnk => Moved successfully.
C:\ProgramData\{f4cd5723-67bb-40a7-f4cd-d572367b5c8d}\Download game of thrones season 5 Torrents - KickassTorrents.exe not found.
"C:\ProgramData\{f4cd5723-67bb-40a7-f4cd-d572367b5c8d}" => File/Directory not found.
LMIRfsClientNP => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8FCF37F-766C-4A04-99A4-5C443B8E0F2F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8FCF37F-766C-4A04-99A4-5C443B8E0F2F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bidaily Synchronize Task" => Key deleted successfully.
C:\Windows\Tasks\Bidaily Synchronize Task.job => Moved successfully.
"C:\ProgramData\{2b692d0c-1b9a-a5a0-2b69-92d0c1b9b430}" => File/Directory not found.
EmptyTemp: => Removed 4.4 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 22:32:21 ====
 
Also, is there a way to know since when my PC was this badly infected? Thank you once again.


#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,084 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:43 PM

Posted 02 May 2015 - 02:24 PM

Hi Ethorax,
 

Oh man I didn't know it was this serious.
I didn't have financial transactions of any sort but are my email and other online accounts at threat too?
I do wish to re install the OS but is it possible as some of my dell drivers, NVIDIA drivers and personal files are stored in this PC it self and transferring it again to the new installed OS would again infect the system? Also I know the windows that came with this PC isn't genuine at all because here in Nepal everything is pirated and also I was told to not update windows by the retailer. So if it is not possible for me to re install the OS, then i have no choice but to clean my computer.

I suggest you change the passwords to your email and other accounts to a strong password, this way they cannot be hacked.
Since the OS is pirated, they have probably made changes so it does not complain about not being genuine. This means that reinstalling would not be a good option as you do not have a legitimate key. I can clean this computer, the warning just tells you that malware could have made some changes, but as long as your passwords are changed then you should be fine.
 

Also, is there a way to know since when my PC was this badly infected? Thank you once again.

It may be a torrent you downloaded, or an email you opened or an exploit running on an ad or hacked website. I cannot say for sure without all the information about what this computer has done :)
 
Please re-run FRST from the desktop (like you did before) and press the scan button. It will produce a FRST.txt log located on the desktop. Please copy and paste the log into your next reply.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 Ethorax

Ethorax
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 02 May 2015 - 02:44 PM

Thank you for replying xXToffeeXx! :)

And thank you for your suggestions as well

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2015

Ran by dell (administrator) on USER on 03-05-2015 01:13:52
Running from C:\Users\dell\Desktop
Loaded Profiles: dell (Available profiles: dell & Guest)
Platform: Windows 8 Pro (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Users\dell\AppData\Roaming\zopuga\xoti.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2014-10-31] (LogMeIn, Inc.)
HKLM-x32\...\Run: [Application Layer Gateway] => C:\Program Files (x86)\Common Files\alg.exe [33792 2010-01-26] (SornSoft)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132224 2013-03-01] (Qualcomm Atheros Commnucations)
HKU\S-1-5-21-762288394-4164711344-2628299096-1001\...\Run: [Facebook Update] => C:\Users\dell\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-06-19] (Facebook Inc.)
HKU\S-1-5-21-762288394-4164711344-2628299096-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-21-762288394-4164711344-2628299096-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-14] (Valve Corporation)
HKU\S-1-5-21-762288394-4164711344-2628299096-1001\...\Run: [hodo] => C:\Users\dell\AppData\Roaming\zopuga\xoti.exe [323072 2015-05-02] ()
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2014-05-09]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
BootExecute: autocheck autochk /m /P \Device\HarddiskVolume19autocheck autochk * 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-762288394-4164711344-2628299096-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2013-03-01] (Qualcomm Atheros Commnucations)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-02] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-02] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-02] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_45\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-02] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-02-17] (VideoLAN)
FF Plugin HKU\S-1-5-21-762288394-4164711344-2628299096-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\dell\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
 
Chrome: 
=======
CHR Profile: C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (XKit) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2014-12-16]
CHR Extension: (Bookmark Manager) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Google Wallet) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-06]
CHR Extension: (Windows 8 App Store) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcofehgfaeaakklkbahafjoifnaagecj [2014-05-19]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [227968 2013-03-01] (Qualcomm Atheros Commnucations) [File not signed]
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-14] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-14] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-21] (Intel Corporation)
S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2014-10-31] (LogMeIn, Inc.)
S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2014-10-31] (LogMeIn, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [564736 2013-10-26] () [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-03-02] (Atheros) [File not signed]
S2 Mobizen plugin; C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-03-01] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-03-30] (LogMeIn Inc.)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2014-10-31] (LogMeIn, Inc.)
R3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [49776 2014-07-25] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35440 2014-05-13] (Visicom Media Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-28] (NVIDIA Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-03-06] (Synaptics Incorporated)
S3 CEDRIVER60; \??\F:\Desktop\Cheat Engine\dbk64.sys [X]
S1 qnklgitu; \??\C:\Windows\system32\drivers\qnklgitu.sys [X]
S3 VSPerfDrv110; \??\F:\New folder\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-02 22:31 - 2015-05-02 22:31 - 00000000 ____D () C:\Users\dell\AppData\Roaming\zopuga
2015-05-02 22:15 - 2015-05-02 22:31 - 30451062 _____ (Rockstar Games) C:\Users\dell\Downloads\Unconfirmed 867692.crdownload
2015-05-02 22:01 - 2015-05-02 22:01 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-05-02 21:19 - 2015-05-02 22:30 - 283201840 _____ (NVIDIA Corporation) C:\Users\dell\Downloads\350.12-notebook-win8-win7-64bit-international-whql.exe
2015-05-02 20:24 - 2015-05-02 20:25 - 00284528 _____ (setupprocess) C:\Users\dell\Downloads\Setup installer.exe
2015-05-02 19:55 - 2015-05-02 19:55 - 00022796 _____ () C:\Users\dell\Downloads\SUPER PHISHER.rar
2015-05-02 19:17 - 2015-05-02 19:17 - 00178348 _____ () C:\Users\dell\Downloads\bink2w32.zip
2015-05-02 19:00 - 2015-05-02 21:27 - 00000000 ____D () C:\Program Files (x86)\Assassins Creed IV Black Flag
2015-05-02 18:29 - 2015-05-02 18:30 - 00045055 _____ () C:\Users\dell\Desktop\Addition.txt
2015-05-02 18:28 - 2015-05-03 01:13 - 00014655 _____ () C:\Users\dell\Desktop\FRST.txt
2015-05-02 18:28 - 2015-05-03 01:13 - 00000000 ____D () C:\FRST
2015-05-02 18:25 - 2015-05-02 18:27 - 02101248 _____ (Farbar) C:\Users\dell\Desktop\FRST64.exe
2015-05-02 18:11 - 2015-05-02 18:16 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-02 18:11 - 2015-05-02 18:11 - 00000000 ____D () C:\Users\dell\AppData\Local\MFAData
2015-05-02 18:11 - 2015-05-02 18:11 - 00000000 ____D () C:\Users\dell\AppData\Local\Avg2015
2015-05-02 17:59 - 2015-05-02 18:00 - 04578040 _____ (AVG Technologies) C:\Users\dell\Downloads\avg_free_stb_all_2015_5315_ppc1.exe
2015-05-02 17:58 - 2015-05-02 17:58 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-02 17:56 - 2015-05-02 17:58 - 02347384 _____ (ESET) C:\Users\dell\Downloads\esetsmartinstaller_enu.exe
2015-05-02 17:49 - 2015-05-02 17:54 - 05619691 _____ (Swearware) C:\Users\dell\Downloads\ComboFix.exe
2015-05-01 14:00 - 2015-05-01 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GMT-MAX.ORG
2015-04-30 16:55 - 2015-04-30 16:55 - 00000000 ____D () C:\Users\dell\AppData\Roaming\www.shadowexplorer.com
2015-04-29 20:59 - 2015-04-30 15:10 - 01945604 _____ () C:\Users\dell\enc_files.txt
2015-04-28 18:25 - 2012-08-28 14:35 - 15453832 _____ (Microsoft Corporation) C:\Windows\system32\xlive.dll
2015-04-28 17:55 - 2015-04-28 17:55 - 00000000 ____D () C:\ProgramData\Orbit
2015-04-28 17:53 - 2015-04-28 17:56 - 00000000 ____D () C:\Users\dell\Documents\Assassin's Creed IV Black Flag
2015-04-28 17:52 - 2015-04-28 17:52 - 00339456 _____ (RAD Game Tools, Inc.) C:\Windows\system32\bink2w32.dll
2015-04-25 11:42 - 2015-04-25 11:42 - 00000000 ___RD () C:\Users\dell\Creative Cloud Files
2015-04-25 08:39 - 2015-04-25 08:39 - 00003062 _____ () C:\Windows\System32\Tasks\{811CA1FF-5576-4870-9B0F-A6CEC69B4FDE}
2015-04-23 17:10 - 2015-04-23 17:10 - 00344064 _____ () C:\Windows\Minidump\042315-25359-01.dmp
2015-04-21 17:15 - 2015-04-21 17:15 - 00000000 ____D () C:\Users\dell\Documents\KONAMI
2015-04-21 17:15 - 2015-04-21 17:15 - 00000000 ____D () C:\ProgramData\KONAMI
2015-04-13 09:53 - 2015-04-13 09:54 - 00000000 ____D () C:\Users\dell\Desktop\Game.of.Thrones.HDTV.[Season 5 Ep 1-4]~kaugip~
2015-04-07 15:17 - 2015-04-07 15:17 - 00000000 ____D () C:\Users\dell\Desktop\CF-Auto-Root-m0-m0xx-gti9300
2015-04-07 15:17 - 2015-04-07 14:37 - 16596480 ____N () C:\Users\dell\Desktop\CF-Auto-Root-m0-m0xx-gti9300.zip
2015-04-07 13:56 - 2015-04-28 18:04 - 01001472 _____ (Samsung Electronics Co., Ltd.) C:\Users\dell\Desktop\Odin3 v3.07.exe
2015-04-07 13:56 - 2015-04-07 13:56 - 00463736 ____N () C:\Users\dell\Desktop\Odin3_v3.07.zip
2015-04-04 20:12 - 2015-04-04 20:12 - 00000000 _____ () C:\Users\dell\Desktop\Shiginima Launcher SE v1.602.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-03 01:13 - 2012-07-26 13:57 - 00000000 ____D () C:\Windows\system32\sru
2015-05-02 23:39 - 2014-04-22 14:28 - 00000000 ____D () C:\Users\dell\AppData\Local\CrashDumps
2015-05-02 22:50 - 2014-05-04 11:15 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-02 22:34 - 2015-02-24 16:41 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-02 22:34 - 2014-08-04 12:48 - 00000000 ____D () C:\Users\dell\Tracing
2015-05-02 22:34 - 2014-05-04 11:15 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-02 22:33 - 2014-04-07 12:42 - 00022104 _____ () C:\Windows\PFRO.log
2015-05-02 22:33 - 2012-07-26 13:07 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-02 22:33 - 2012-07-26 11:11 - 00786432 ___SH () C:\Windows\system32\config\BBI
2015-05-02 22:32 - 2014-04-07 12:46 - 01927749 _____ () C:\Windows\WindowsUpdate.log
2015-05-02 22:30 - 2014-04-19 08:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-02 22:28 - 2014-04-08 07:56 - 00000000 ____D () C:\Users\dell\AppData\Roaming\.minecraft
2015-05-02 22:01 - 2014-04-08 09:46 - 00319584 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-05-02 22:01 - 2014-04-08 09:46 - 00206944 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-05-02 22:01 - 2014-04-08 09:46 - 00206432 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-05-02 22:01 - 2014-04-08 08:14 - 00000000 ____D () C:\ProgramData\Oracle
2015-05-02 22:01 - 2014-04-08 08:13 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-02 22:00 - 2014-11-16 22:35 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-05-02 22:00 - 2014-04-08 09:46 - 00000000 ____D () C:\Program Files\Java
2015-05-02 21:44 - 2014-06-19 18:39 - 00000934 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-762288394-4164711344-2628299096-1001UA.job
2015-05-02 21:38 - 2014-04-07 12:58 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-762288394-4164711344-2628299096-1001
2015-05-02 20:18 - 2014-04-11 16:53 - 00289008 _____ () C:\Windows\DirectX.log
2015-05-02 19:05 - 2014-04-07 13:48 - 00000000 ____D () C:\ProgramData\Adobe
2015-05-02 19:05 - 2014-04-07 12:47 - 00000000 ____D () C:\Users\dell\AppData\Roaming\Adobe
2015-05-02 18:44 - 2014-06-19 18:39 - 00000912 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-762288394-4164711344-2628299096-1001Core.job
2015-05-02 17:29 - 2014-11-03 19:09 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-05-02 17:29 - 2012-07-26 13:57 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-05-02 17:28 - 2012-07-26 11:11 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-05-02 17:18 - 2014-05-17 23:23 - 00000000 ____D () C:\Users\dell\AppData\Roaming\vlc
2015-05-02 16:36 - 2015-04-01 14:36 - 00000000 ____D () C:\Users\dell\Desktop\Untitled Exportshrsh
2015-05-01 13:27 - 2014-04-07 13:48 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-05-01 13:26 - 2014-04-07 12:46 - 00000000 ____D () C:\Users\dell
2015-04-30 14:59 - 2014-04-29 00:09 - 00000000 ____D () C:\Users\dell\AppData\Local\Adobe
2015-04-29 09:37 - 2012-07-26 13:57 - 00000000 ____D () C:\Windows\AUInstallAgent
2015-04-28 17:04 - 2015-01-08 12:08 - 00000000 ____D () C:\Users\dell\AppData\Local\DOSBox
2015-04-28 17:04 - 2015-01-08 12:08 - 00000000 ____D () C:\Program Files (x86)\DOSBox-0.74
2015-04-26 07:05 - 2012-07-26 13:57 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-25 11:35 - 2014-08-15 20:07 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-23 19:44 - 2014-07-14 10:07 - 00000000 ____D () C:\Users\dell\AppData\Local\31171
2015-04-23 19:24 - 2012-07-26 13:13 - 00898288 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-23 17:10 - 2014-11-11 20:19 - 00000000 ____D () C:\Windows\Minidump
2015-04-21 17:15 - 2014-05-17 13:33 - 00000000 ____D () C:\ProgramData\Steam
2015-04-21 17:15 - 2014-04-11 16:14 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-04-14 22:33 - 2014-04-19 08:45 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-07 22:52 - 2014-05-16 17:35 - 00000000 ____D () C:\Users\dell\Documents\FIFA 14
2015-04-07 12:48 - 2012-07-26 13:06 - 00044488 _____ () C:\Windows\setupact.log
2015-04-06 00:14 - 2012-07-26 13:57 - 00000000 ____D () C:\Windows\rescache
 
==================== Files in the root of some directories =======
 
2010-01-26 19:26 - 2010-01-26 19:09 - 0033792 _____ (SornSoft) C:\Program Files (x86)\Common Files\alg.exe
2012-05-03 16:57 - 2012-05-03 16:57 - 0000532 _____ () C:\Users\dell\AppData\Local\datos.txt
2014-08-14 17:43 - 2015-03-06 23:45 - 0004608 _____ () C:\Users\dell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-05 08:14 - 2014-05-05 08:14 - 0007599 _____ () C:\Users\dell\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-29 19:10
 
==================== End Of Log ============================
 
An inquiry please, is there any way of knowing if my drivers or other personal files are infected before transferring them to a clean computer without anti virus?
 
Also here in Nepal pirated OS  can be bought for ~100 RS, about $1 with working serial so re installing shouldn't be much of a problem if drivers and files can be safely transferred, and you can't really get a legit 100% genuine OS without buy a new PC with one built in it. This one had ubuntu at the beginning then the retailers put Win 8 in it  :tophat:


#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,084 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:43 PM

Posted 03 May 2015 - 08:56 AM

Hi Ethorax,
 

An inquiry please, is there any way of knowing if my drivers or other personal files are infected before transferring them to a clean computer without anti virus?

I don't believe your personal files will be infected. You should really install only the drivers you need, often you can get them from the manufacturer's website.
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
() C:\Users\dell\AppData\Roaming\zopuga\xoti.exe
HKU\S-1-5-21-762288394-4164711344-2628299096-1001\...\Run: [hodo] => C:\Users\dell\AppData\Roaming\zopuga\xoti.exe [323072 2015-05-02] ()
2015-05-02 22:31 - 2015-05-02 22:31 - 00000000 ____D () C:\Users\dell\AppData\Roaming\zopuga
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 Ethorax

Ethorax
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 04 May 2015 - 09:25 AM

Thank you so much for you help till now xXToffeeXx, very much appreciated!

I decided to take your advice and re-install the whole OS and format all drives in the process.

Erasing personal files wasn't much of a pain because PClock variant Winnew had already encrypted half of my files.

The file you mentioned above "zopuga" was indeed the file that contained a deadly virus. It reappeared even after I deleted it several times and enabled it self in the startup process even after I disabled it, also it disabled the anti-virus itself. 

I will take your advice and stop using torrents and only download form verified sources from now on.

Once again, thank you for your time and help! Good bye for now and have a wonderful day!  

Cheers! :)


Edited by Ethorax, 04 May 2015 - 09:27 AM.


#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,084 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:43 PM

Posted 06 May 2015 - 01:14 PM

Hi Ethorax,

 

You are welcome for the help, hope the reinstalling process goes well. I'll leave this open for a little more.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#11 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,084 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:43 PM

Posted 12 May 2015 - 11:08 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users