Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with "DNS Unlocker" removal!!


  • This topic is locked This topic is locked
16 replies to this topic

#1 Sasukemystery

Sasukemystery

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 26 December 2015 - 09:28 AM

I need help in removing DNS Unlocker, for example when I'm on a page and I click something it will first create a new tape to some Reimage repair or casino ad, then I close it and go back to my original tab, click again and it will open up a new window... Also some words on the website are always capitalized and highlighted with a hyperlink so when I hover my mouse over it, it shows an ad with the small text "Ads by DNS Unlocker" on the bottom right corner. I've tried various removal methods such as clearing caches, cookies, browsing history, used Anti Malwarebytes, Adwcleaner, Zemana Antimalware and HitmanPro to no avail.

 

Please help!!

 

Thank you!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-12-2015
Ran by Admin (administrator) on WIN-6ROB1ELVTRH (26-12-2015 21:34:16)
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
() C:\Program Files\Garena Plus\ggdllhost.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(AnchorFree Inc.) C:\Program Files\Hotspot Shield\bin\cmw_srv.exe
() C:\Program Files\Hotspot Shield\bin\hsswd.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\Razer\Razer Services\GSS\GameScannerService.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Razer Inc.) C:\Program Files\Razer\Synapse\RzSynapse.exe
(Skillbrains) C:\Program Files\Skillbrains\lightshot\5.3.0.0\Lightshot.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\UniKey Vista 2.0\UniKeyVista2.0.exe
(PC Remote) C:\Program Files\PC Remote\PC Remote\PCRemote.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(© 2015 Microsoft Corporation) C:\Users\Admin\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe
(Mega Limited) C:\Users\Admin\AppData\Local\MEGAsync\MEGAsync.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Razer, Inc.) C:\Program Files\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Admin\AppData\Local\Razer\InGameEngine\cache\RzSynapse\rzcefrenderprocess.exe
(Zemana Ltd.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Zemana Ltd.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-07-18] (Intel Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [748256 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [832272 2014-06-23] (BlueStack Systems, Inc.)
HKLM\...\Run: [Lightshot] => C:\Program Files\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM\...\Run: [Razer Synapse] => C:\Program Files\Razer\Synapse\RzSynapse.exe [592704 2015-07-08] (Razer Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [12902304 2015-12-14] (Zemana Ltd.)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2616320 2010-11-21] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2616320 2010-11-21] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Run: [UniKey] => C:\Program Files\UniKey Vista 2.0\UniKeyVista2.0.exe [675840 2006-04-19] ()
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Run: [Google Update] => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Run: [GarenaPlus] => C:\Program Files\Garena Plus\GarenaMessenger.exe [10016704 2015-09-03] ()
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Run: [PC Remote Server] => C:\Program Files\PC Remote\PC Remote\PCRemote.exe [1190648 2014-10-12] (PC Remote)
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-13] (Piriform Ltd)
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Run: [BingSvc] => C:\Users\Admin\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Run: [Sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Run: [YWPack] => C:\Windows\System32\regsvr32.exe C:\Users\Admin\AppData\Local\Idsoft\a3dMouseHid.dll
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\RunOnce: [Application Restart #1] => C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe [741704 2015-12-11] (Google Inc.)
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\MountPoints2: {7a661dfe-e354-11e4-9cca-685d43d0d8a5} - G:\Startme.exe
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2616320 2010-11-21] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\Admin\AppData\Local\Idsoft\a3dMouseHid.dll ATTENTION
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2616320 2010-11-21] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Admin\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Admin\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Admin\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2015-12-24]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Admin\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-12-24]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.11.1
Tcpip\..\Interfaces\{77F0F9B0-9826-494A-A74E-ECEA6F9203C6}: [DhcpNameServer] 199.203.131.151
Tcpip\..\Interfaces\{EBA1A423-55F7-42FF-8BD2-7D3431A11272}: [DhcpNameServer] 192.168.11.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1755497312-2144431535-1462801618-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-18] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-18] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1755497312-2144431535-1462801618-1000 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0060-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://42.112.1.101/videoplayer/swflash.cab?ich_u_r_i=92e814a45392f036c20633f3d79dfece&ich_s_t_a_r_t=0&ich_e_n_d=0&ich_k_e_y=1245038917750863292468&ich_t_y_p_e=1&ich_u_n_i_t=1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\96ghf148.default
FF SearchEngineOrder.3: Bing 
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q=
FF NetworkProxy: "type", 5
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [2012-03-17] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Windows\system32\npdeployJava1.dll [2015-09-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-01-16] ( Garena)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1755497312-2144431535-1462801618-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Admin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1755497312-2144431535-1462801618-1000: @talk.google.com/O1DPlugin -> C:\Users\Admin\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1755497312-2144431535-1462801618-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-1755497312-2144431535-1462801618-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-1755497312-2144431535-1462801618-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Admin\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Admin\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: ReloadEvery - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\96ghf148.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2015-08-08]
FF Extension: IPFlood - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\96ghf148.default\extensions\ipbleep@p4ul.info.xpi [2015-08-08]
FF Extension: iMacros for Firefox - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\96ghf148.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2015-10-18]
FF Extension: Bing Search - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\96ghf148.default\Extensions\bingsearch.full@microsoft.com [2015-08-28] [not signed]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08] [not signed]
FF HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Admin\AppData\Roaming\IDM\idmmzcc5 => not found
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-23]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-23]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-23]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-23]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-23]
CHR Extension: (Bing) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-12-23]
CHR Extension: (Google Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-23]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-24]
CHR Extension: (Little Alchemy) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2015-12-26]
CHR Extension: (Skype) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-23]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-23]
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
CHR HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - chrome.exe
StartMenuInternet: Google Chrome.7PQPS23MUPF4CCWMZG2OSP2JEE - C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
 
Opera: 
=======
OPR Extension: (2048 AI - bitcoin) - C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\chfnopmklmpinabemlmldefhbhgkglmc [2015-12-21]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [406288 2014-06-23] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [385808 2014-06-23] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [774928 2014-06-23] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [280680 2015-09-16] (Intel Corporation)
S3 EasyAntiCheat; C:\Windows\system32\EasyAntiCheat.exe [245544 2015-12-18] (EasyAntiCheat Ltd)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2015-12-26] (SurfRight B.V.)
R2 hshld; C:\Program Files\Hotspot Shield\bin\cmw_srv.exe [1873616 2015-10-13] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [96600 2015-10-13] ()
R2 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe [589520 2015-06-04] ()
S3 ICCS; C:\Program Files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [169752 2012-04-24] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [274024 2015-09-16] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [235696 2015-12-02] (McAfee, Inc.)
R2 Razer Game Scanner Service; C:\Program Files\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-24] ()
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155520 2015-06-10] (Avanquest Software)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [12902304 2015-12-14] (Zemana Ltd.)
S2 szserver; "C:\Program Files\iS3\STOPzilla AntiMalware\SZServer.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [24832 2013-12-14] (Advanced Micro Devices, Inc.)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [113424 2014-06-23] (BlueStack Systems)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [26328 2015-04-15] (Sony Mobile Communications)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [39528 2015-06-04] (AnchorFree Inc.)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16880 2013-07-18] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [352752 2013-07-18] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [801776 2013-07-18] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2015-12-26] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [10299904 2011-12-01] (Intel Corporation)
R3 RSUSBVSTOR; C:\Windows\System32\Drivers\RtsUVStor.sys [246488 2014-01-03] (Realtek Semiconductor Corp.)
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [30120 2014-12-30] (Razer Inc)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [35624 2014-12-30] (Razer Inc)
S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [25088 2014-05-23] (Windows ® Win 7 DDK provider)
R3 rzmpos; C:\Windows\System32\DRIVERS\rzmpos.sys [32680 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [20288 2015-06-12] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [97088 2015-06-27] (Razer, Inc.)
R3 rzudd; C:\Windows\System32\DRIVERS\rzudd.sys [151336 2014-12-30] (Razer Inc)
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [29224 2014-12-30] (Razer Inc)
R0 szkg5; C:\Windows\System32\drivers\szkg.sys [61328 2015-05-20] (iS3 Inc.)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [36968 2015-06-04] (Anchorfree Inc.)
R1 ZAM; C:\Windows\System32\drivers\zam32.sys [179448 2015-12-26] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [179448 2015-12-26] (Zemana Ltd.)
S3 cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 EasyAntiCheatSys; \??\C:\Windows\system32\drivers\EasyAntiCheat.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [X]
S0 is3srv; system32\drivers\is3srv.sys [X]
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [359640 2014-01-03] (Realsil Semiconductor Corporation)
S0 szkgfs; system32\drivers\szkgfs.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-26 21:34 - 2015-12-26 21:34 - 00024851 _____ C:\Users\Admin\Downloads\FRST.txt
2015-12-26 21:33 - 2015-12-26 21:34 - 00000000 ____D C:\FRST
2015-12-26 21:33 - 2015-12-26 21:33 - 01721856 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2015-12-26 21:00 - 2015-12-26 21:15 - 00010230 _____ C:\Windows\ZAM.krnl.trace
2015-12-26 21:00 - 2015-12-26 21:00 - 00179448 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard32.sys
2015-12-26 21:00 - 2015-12-26 21:00 - 00179448 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam32.sys
2015-12-26 21:00 - 2015-12-26 21:00 - 00001900 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2015-12-26 21:00 - 2015-12-26 21:00 - 00000121 _____ C:\Windows\ZAM_Guard.krnl.trace
2015-12-26 21:00 - 2015-12-26 21:00 - 00000000 ____D C:\Users\Admin\AppData\Local\Zemana
2015-12-26 21:00 - 2015-12-26 21:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2015-12-26 21:00 - 2015-12-26 21:00 - 00000000 ____D C:\Program Files\Zemana AntiMalware
2015-12-26 20:59 - 2015-12-26 20:59 - 05298752 _____ ( ) C:\Users\Admin\Downloads\Zemana.AntiMalware.Setup.exe
2015-12-26 19:50 - 2015-12-26 19:50 - 00009240 _____ C:\Windows\system32\.crusader
2015-12-26 18:41 - 2015-12-26 19:51 - 00000000 ____D C:\ProgramData\HitmanPro
2015-12-26 18:41 - 2015-12-26 18:41 - 00001905 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-12-26 18:41 - 2015-12-26 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-12-26 18:41 - 2015-12-26 18:41 - 00000000 ____D C:\Program Files\HitmanPro
2015-12-26 18:40 - 2015-12-26 18:41 - 10344184 _____ (SurfRight B.V.) C:\Users\Admin\Downloads\HitmanPro.exe
2015-12-25 21:18 - 2015-12-25 21:17 - 00066174 _____ C:\Users\Admin\Desktop\received_10203628653995418.jpeg
2015-12-25 21:17 - 2015-12-25 21:17 - 00066174 _____ C:\Users\Admin\Downloads\received_10203628653995418.jpeg
2015-12-24 19:08 - 2015-12-24 19:08 - 01288108 _____ C:\Users\Admin\Downloads\Empire Revenue (1).pdf
2015-12-24 19:07 - 2015-12-24 19:08 - 01288108 _____ C:\Users\Admin\Downloads\Empire Revenue.pdf
2015-12-24 05:58 - 2015-12-24 05:58 - 00001058 _____ C:\Users\Admin\Desktop\malware.txt
2015-12-24 04:32 - 2015-12-24 04:33 - 00000000 ____D C:\Users\Admin\Downloads\Malwarebytes Anti-Malware Premium 2.2.0.1024 Final Multilingual incl Keygen-=TEAM OS=-
2015-12-24 04:32 - 2015-12-24 04:32 - 00007966 _____ C:\Users\Admin\Downloads\[kat.cr]malwarebytes.anti.malware.premium.2.2.0.1024.final.multilingual.incl.keygen.team.os.torrent
2015-12-24 04:30 - 2015-12-26 19:57 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-24 04:25 - 2015-12-24 18:16 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-12-24 04:21 - 2015-12-24 04:21 - 22908888 _____ (Malwarebytes ) C:\Users\Admin\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-24 04:19 - 2015-12-24 04:19 - 00000994 _____ C:\Users\Admin\Downloads\[kat.cr]malwarebytes.anti.malware.premium.latest.serials.14.11.15.4realtorrentz.torrent
2015-12-24 04:19 - 2015-12-24 04:19 - 00000735 ____R C:\Users\Admin\Downloads\Malwarebytes Anti-Malware Premium Latest Serials (14.11.15) [4realtorrentz].txt
2015-12-23 05:58 - 2015-12-23 06:23 - 00000000 ____D C:\Users\Admin\Desktop\BonusBitcoin
2015-12-22 21:50 - 2015-12-22 21:50 - 00000000 ____D C:\Users\Admin\AppData\Roaming\TuneUp Software
2015-12-22 21:50 - 2015-12-22 21:50 - 00000000 ____D C:\Users\Admin\AppData\Local\TuneUp Software
2015-12-22 21:46 - 2015-12-22 21:53 - 00000000 ____D C:\ProgramData\TuneUp Software
2015-12-22 21:45 - 2015-12-26 19:53 - 00000000 ____D C:\Users\Admin\AppData\Local\Idsoft
2015-12-22 21:45 - 2015-12-22 21:45 - 00067530 _____ C:\Users\Admin\Desktop\Setup_product_13224.exe
2015-12-22 21:41 - 2015-12-24 05:59 - 00000000 ____D C:\Program Files\KMSPico 10.0.6
2015-12-21 03:06 - 2015-12-21 03:06 - 01695352 _____ C:\Users\Admin\Downloads\MoneyBot www.ebookleaks.org.rar
2015-12-21 03:05 - 2015-12-21 03:06 - 01858819 _____ C:\Users\Admin\Downloads\INCREDIBLE INCOME www.ebookleaks.org.rar
2015-12-21 01:13 - 2015-12-21 01:13 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Opera Software
2015-12-21 01:13 - 2015-12-21 01:13 - 00000000 ____D C:\Users\Admin\AppData\Local\Opera Software
2015-12-21 01:12 - 2015-12-24 06:05 - 00001081 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-12-21 01:12 - 2015-12-24 06:05 - 00001075 _____ C:\Users\Public\Desktop\Opera.lnk
2015-12-21 01:12 - 2015-12-21 01:12 - 00017661 _____ C:\Users\Admin\Downloads\2048-BitcoinAutoplayer.nex
2015-12-21 01:11 - 2015-12-26 20:00 - 00000000 ____D C:\Program Files\Opera
2015-12-21 01:11 - 2015-12-21 01:11 - 00720336 _____ (Opera Software) C:\Users\Admin\Downloads\Opera_NI_stable.exe
2015-12-20 23:44 - 2015-12-20 23:44 - 00002632 _____ C:\Users\Admin\Downloads\legitcheck.hta
2015-12-20 23:40 - 2015-12-26 05:42 - 00001096 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-20 23:40 - 2015-12-24 04:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-20 23:40 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-20 23:40 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-20 23:40 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-20 23:33 - 2015-12-20 23:33 - 00053294 _____ C:\Users\Admin\Downloads\[kat.cr]kmspico.10.1.9.final.2015.portable.torrent
2015-12-20 23:33 - 2015-12-20 23:33 - 00000000 ____D C:\Users\Admin\Downloads\KMSpico 10.1.9 Final + Portable
2015-12-20 19:29 - 2015-12-26 19:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2015-12-20 19:29 - 2015-12-26 19:49 - 00000000 ____D C:\Program Files\KMSpico
2015-12-20 19:29 - 2010-12-06 09:16 - 00090112 _____ (Vestris Inc.) C:\Windows\system32\Vestris.ResourceLib.dll
2015-12-20 19:28 - 2015-12-20 19:28 - 03191776 _____ C:\Users\Admin\Downloads\KMSpico 10.1.9.zip
2015-12-20 19:25 - 2015-12-20 19:25 - 03186153 _____ C:\Users\Admin\Downloads\AppNee.com.KMSPico.v10.1.9.Setup.7z
2015-12-20 19:24 - 2015-12-20 19:24 - 00000000 ___RD C:\Users\Admin\Documents\MEGA
2015-12-20 19:21 - 2015-12-21 01:11 - 00000000 ____D C:\Users\Admin\Documents\MEGAsync Downloads
2015-12-20 19:18 - 2015-12-24 06:05 - 00001026 _____ C:\Users\Admin\Desktop\MEGAsync.lnk
2015-12-20 19:18 - 2015-12-20 19:18 - 10152576 _____ (MEGA Limited) C:\Users\Admin\Downloads\MEGAsyncSetup (2).exe
2015-12-20 19:18 - 2015-12-20 19:18 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2015-12-20 19:18 - 2015-12-20 19:18 - 00000000 ____D C:\Users\Admin\AppData\Local\Mega Limited
2015-12-20 19:17 - 2015-12-20 19:17 - 21545336 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-sem-2.1.6.1022.exe
2015-12-20 05:40 - 2015-12-18 01:16 - 00245544 _____ (EasyAntiCheat Ltd) C:\Windows\system32\EasyAntiCheat.exe
2015-12-20 05:20 - 2015-12-24 06:05 - 00001642 _____ C:\Users\Admin\Desktop\Robocraft Launcher.lnk
2015-12-20 05:20 - 2015-12-20 05:20 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Robocraft Launcher
2015-12-20 05:20 - 2015-12-20 05:20 - 00000000 ____D C:\Users\Admin\AppData\Local\Solid State Networks
2015-12-20 05:20 - 2015-12-20 05:20 - 00000000 ____D C:\Games
2015-12-20 05:17 - 2015-12-20 05:18 - 12397864 _____ (Freejam Games ) C:\Users\Admin\Downloads\RobocraftSetup.exe
2015-12-19 17:55 - 2015-12-19 17:55 - 00150780 _____ C:\Users\Admin\Downloads\easyaf.pdf
2015-12-17 03:47 - 2015-12-17 04:27 - 01619797 _____ C:\Users\Admin\Downloads\PPD RAPER V1.1 BOOK www.ebookleaks.org.rar
2015-12-17 03:45 - 2015-12-17 04:27 - 01234255 _____ C:\Users\Admin\Downloads\Bitcoin extreme www.ebookleaks.org.rar
2015-12-17 03:43 - 2015-12-17 04:27 - 01900472 _____ C:\Users\Admin\Downloads\CashBlanket www.ebookleaks.org.rar
2015-12-17 03:43 - 2015-12-17 03:43 - 01806892 _____ C:\Users\Admin\Downloads\Supreme PPD guide www.ebookleaks.org.rar
2015-12-17 03:24 - 2015-12-17 03:25 - 05869779 _____ C:\Users\Admin\Downloads\Rocket Revenue www.ebookleaks.org.rar
2015-12-15 00:04 - 2015-12-15 00:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-12-13 04:28 - 2015-12-13 04:28 - 47483942 _____ C:\Users\Admin\Downloads\MultiTool V2.0.1.9.rar
2015-12-12 19:24 - 2015-12-24 04:14 - 00000000 ____D C:\AdwCleaner
2015-12-11 22:29 - 2015-12-12 18:58 - 00000001 _____ C:\Windows\system32\vn.html
2015-12-10 18:48 - 2015-12-24 06:05 - 00001607 _____ C:\Users\Public\Desktop\League of Legends.lnk
2015-12-10 18:48 - 2015-12-10 18:48 - 00000000 ____D C:\Riot Games
2015-12-10 18:48 - 2015-12-10 18:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2015-12-10 18:39 - 2015-12-10 18:40 - 30668968 _____ (Riot Games) C:\Users\Admin\Downloads\LeagueofLegends_EUW_Installer_9_15_2014.exe
2015-12-10 03:51 - 2015-12-10 03:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-10 03:51 - 2015-12-10 03:51 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-12-10 02:36 - 2015-11-12 03:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-10 02:36 - 2015-11-11 23:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-10 02:36 - 2015-11-11 22:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-10 02:36 - 2015-11-11 22:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-10 02:36 - 2015-11-11 22:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-10 02:36 - 2015-11-11 21:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-10 02:36 - 2015-11-10 07:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-10 02:36 - 2015-11-10 07:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-10 02:36 - 2015-11-10 07:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-10 02:36 - 2015-11-10 07:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-10 02:36 - 2015-11-10 07:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-10 02:36 - 2015-11-10 07:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-10 02:36 - 2015-11-10 07:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-10 02:36 - 2015-11-10 07:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-10 02:36 - 2015-11-10 07:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-10 02:36 - 2015-11-10 07:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-10 02:36 - 2015-11-10 07:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-10 02:36 - 2015-11-10 07:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-10 02:36 - 2015-11-10 07:03 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-10 02:36 - 2015-11-10 07:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-10 02:36 - 2015-11-10 07:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-10 02:36 - 2015-11-10 06:57 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-10 02:36 - 2015-11-10 06:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-10 02:36 - 2015-11-10 06:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-10 02:36 - 2015-11-10 06:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-10 02:36 - 2015-11-10 06:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-10 02:36 - 2015-11-10 06:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-10 02:36 - 2015-11-10 06:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-10 02:36 - 2015-11-10 06:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-10 02:36 - 2015-11-10 06:36 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-10 02:36 - 2015-11-10 06:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-10 02:36 - 2015-11-10 06:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-10 02:36 - 2015-11-10 06:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-10 02:36 - 2015-11-10 06:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-10 02:34 - 2015-11-21 01:34 - 02956800 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-10 02:34 - 2015-11-21 01:34 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-10 02:34 - 2015-11-21 01:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-10 02:34 - 2015-11-21 01:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-10 02:34 - 2015-11-21 01:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-10 02:34 - 2015-11-21 01:34 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-10 02:34 - 2015-11-21 01:34 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-10 02:34 - 2015-11-21 01:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-10 02:34 - 2015-11-21 01:33 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-10 02:34 - 2015-11-21 01:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-10 02:34 - 2015-11-21 01:33 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-10 02:34 - 2015-11-12 01:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-10 02:34 - 2015-11-12 01:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-10 02:34 - 2015-11-11 01:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-10 02:34 - 2015-11-11 01:39 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-10 02:34 - 2015-11-11 01:39 - 00811520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-10 02:34 - 2015-11-11 00:40 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-10 02:34 - 2015-11-04 01:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-10 02:23 - 2015-11-06 02:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-10 02:23 - 2015-11-05 16:48 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-10 02:23 - 2015-11-04 01:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-09 04:54 - 2015-12-09 04:54 - 00000000 ____D C:\ProgramData\{113089a1-10c8-0}
2015-12-09 04:54 - 2015-12-09 04:54 - 00000000 ____D C:\ProgramData\{088dd182-50c8-1}
2015-12-08 22:15 - 2015-12-24 06:05 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-12-08 22:15 - 2015-12-24 06:05 - 00002019 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-12-08 22:08 - 2015-12-08 22:09 - 03981353 _____ C:\Users\Admin\Downloads\Sloth King V 1.0 www.ebookleaks.org.rar
2015-12-08 22:06 - 2015-12-08 22:06 - 01623613 _____ C:\Users\Admin\Downloads\IG likes www.ebookleaks.org.rar
2015-12-08 22:05 - 2015-12-08 22:05 - 01771484 _____ C:\Users\Admin\Downloads\Bitcoin Tap www.ebookleaks.org.rar
2015-12-08 04:16 - 2015-12-08 04:16 - 04155234 _____ C:\Users\Admin\Downloads\Adobe_Acrobat_11_Pro_11_0_keygen.exe.zip
2015-12-08 04:13 - 2015-12-08 04:14 - 10086222 _____ C:\Users\Admin\Downloads\Adobe Acrobat XI Pro CRACK License Key.rar
2015-12-08 03:23 - 2015-12-08 03:25 - 00000000 ____D C:\Users\Admin\Desktop\Adobe Acrobat XI
2015-12-08 03:13 - 2015-12-08 03:22 - 729936528 _____ (Adobe Systems Incorporated) C:\Users\Admin\Downloads\AcrobatPro_11_Web_WWMUI.exe
2015-12-08 03:04 - 2015-12-08 03:06 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-12-08 03:04 - 2015-12-08 03:04 - 00000040 ____H C:\CC94DF11CC12
2015-12-08 02:33 - 2015-12-08 02:33 - 02094184 _____ (Adobe) C:\Users\Admin\Downloads\acrobatproDC_00000000000000000000000409.exe
2015-12-07 01:35 - 2015-12-07 02:31 - 00000000 ____D C:\Users\Admin\Desktop\Romina Pack
2015-12-07 00:59 - 2015-12-07 01:02 - 210060559 _____ C:\Users\Admin\Downloads\Romina Pack.rar
2015-12-07 00:58 - 2015-12-07 01:00 - 32103329 _____ C:\Users\Admin\Downloads\Random Pics.rar
2015-12-05 17:06 - 2015-12-20 19:18 - 00000000 ____D C:\Users\Admin\AppData\Local\MEGAsync
2015-12-05 17:06 - 2015-12-05 17:06 - 10144904 _____ (MEGA Limited) C:\Users\Admin\Downloads\MEGAsyncSetup.exe
2015-12-05 17:06 - 2015-12-05 17:06 - 10144904 _____ (MEGA Limited) C:\Users\Admin\Downloads\MEGAsyncSetup (1).exe
2015-12-05 17:00 - 2015-12-05 02:00 - 01373013 _____ C:\Users\Admin\Desktop\Skype Ewhoring-Rat Spreading Bot V1.0.rar
2015-12-05 04:21 - 2015-12-07 02:32 - 00002020 _____ C:\Users\Admin\Desktop\ewhoring script.txt
2015-12-05 02:11 - 2015-12-24 06:05 - 00000977 _____ C:\Users\Admin\Desktop\IceChat.lnk
2015-12-05 02:11 - 2015-12-12 20:56 - 00000000 ____D C:\Users\Admin\AppData\Local\IceChat
2015-12-05 02:11 - 2015-12-05 02:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IceChat7
2015-12-05 02:11 - 2015-12-05 02:11 - 00000000 ____D C:\Program Files\IceChat7
2015-12-05 02:11 - 2000-12-06 00:00 - 00109248 _____ (Microsoft Corporation) C:\Windows\system32\mswinsck.ocx
2015-12-05 02:10 - 2015-12-05 02:10 - 02800545 _____ (IceChat Networks ) C:\Users\Admin\Downloads\icechat-setup.exe
2015-12-05 02:10 - 2015-12-05 02:10 - 02800545 _____ (IceChat Networks ) C:\Users\Admin\Downloads\icechat-setup (2).exe
2015-12-05 02:10 - 2015-12-05 02:10 - 02800545 _____ (IceChat Networks ) C:\Users\Admin\Downloads\icechat-setup (1).exe
2015-12-05 02:02 - 2015-12-05 02:02 - 00000000 ____D C:\Users\Admin\Documents\Skype Bot by SoFt
2015-12-05 02:00 - 2015-12-05 02:00 - 01373013 _____ C:\Users\Admin\Downloads\Skype Ewhoring-Rat Spreading Bot V1.0.rar
2015-12-04 04:26 - 2015-12-26 17:29 - 00000000 ____D C:\Users\Admin\AppData\LocalLow\BitTorrent
2015-12-04 02:25 - 2015-12-04 02:25 - 00000000 ____H C:\Users\Admin\Documents\Default.rdp
2015-12-01 02:16 - 2015-12-01 02:16 - 15026614 _____ C:\Users\Admin\Downloads\Free_Template_Feb-6-2015.psd
2015-12-01 01:03 - 2015-12-01 01:12 - 165923926 _____ C:\Users\Admin\Downloads\pyr0BANK2016.zip
2015-12-01 00:23 - 2015-12-01 00:23 - 03923562 _____ C:\Users\Admin\Desktop\Money Making Methods.zip
2015-12-01 00:21 - 2015-12-01 00:21 - 00000000 ____D C:\Users\Admin\Desktop\Money Making Methods
2015-11-28 23:08 - 2015-12-24 06:05 - 00001305 _____ C:\Users\Public\Desktop\Invision.lnk
2015-11-28 23:08 - 2015-12-05 02:08 - 00000000 ____D C:\Invision
2015-11-28 23:07 - 2015-11-28 23:08 - 06838718 _____ (Invision) C:\Users\Admin\Downloads\Invision3.3.November2011.exe
2015-11-28 23:03 - 2015-11-28 23:03 - 00000000 ____D C:\Users\Admin\AppData\Local\TeamViewer
2015-11-28 23:01 - 2015-12-24 06:05 - 00001001 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-11-28 23:01 - 2015-12-24 06:05 - 00000995 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-11-28 23:01 - 2015-11-28 23:01 - 00000000 ____D C:\Users\Admin\AppData\Roaming\TeamViewer
2015-11-28 23:00 - 2015-12-20 03:11 - 00000000 ____D C:\Program Files\TeamViewer
2015-11-28 23:00 - 2015-11-28 23:00 - 09509032 _____ (TeamViewer GmbH) C:\Users\Admin\Downloads\TeamViewer_Setup.exe
2015-11-28 22:54 - 2015-12-24 06:05 - 00000915 _____ C:\Users\Public\Desktop\mIRC.lnk
2015-11-28 22:54 - 2015-12-05 01:57 - 00000000 ____D C:\Users\Admin\AppData\Roaming\mIRC
2015-11-28 22:54 - 2015-12-05 01:57 - 00000000 ____D C:\Program Files\mIRC
2015-11-28 22:54 - 2015-11-28 22:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
2015-11-28 22:53 - 2015-11-28 22:53 - 02471168 _____ (mIRC Co. Ltd.) C:\Users\Admin\Downloads\mirc743.exe
2015-11-28 22:47 - 2015-11-28 22:47 - 12721313 _____ C:\Users\Admin\Downloads\Recording #1.mp4
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-26 21:34 - 2009-07-14 09:37 - 00000000 ____D C:\Windows
2015-12-26 21:23 - 2015-09-21 18:57 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2015-12-26 20:56 - 2009-07-14 11:34 - 00036480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-26 20:56 - 2009-07-14 11:34 - 00036480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-26 20:51 - 2015-03-02 18:22 - 00002338 _____ C:\Users\Admin\Desktop\Chrome App Launcher.lnk
2015-12-26 20:45 - 2014-05-08 19:39 - 00000996 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1755497312-2144431535-1462801618-1000UA.job
2015-12-26 20:11 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\system32\NDF
2015-12-26 19:57 - 2014-05-09 19:49 - 00000000 __SHD C:\Users\Admin\IntelGraphicsProfiles
2015-12-26 19:54 - 2009-07-14 11:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-26 19:50 - 2014-09-02 00:25 - 00000000 ____D C:\Users\Admin\AppData\Roaming\mgyun
2015-12-26 19:50 - 2014-05-09 19:00 - 00000000 ____D C:\Users\Admin\AppData\Roaming\BitTorrent
2015-12-26 04:45 - 2014-05-08 19:39 - 00000944 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1755497312-2144431535-1462801618-1000Core.job
2015-12-26 04:28 - 2014-05-29 20:29 - 00000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2015-12-26 04:03 - 2014-05-08 19:50 - 00000000 ____D C:\ProgramData\Skype
2015-12-25 05:42 - 2015-09-22 19:52 - 00000000 ____D C:\Users\Admin\AppData\Roaming\.minecraft
2015-12-25 04:31 - 2015-09-17 16:59 - 00001095 _____ C:\Users\Admin\Desktop\nativelog.txt
2015-12-25 04:24 - 2014-10-16 19:52 - 00000000 ____D C:\Program Files\Garena Plus
2015-12-25 04:03 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\system
2015-12-24 06:06 - 2015-08-05 06:56 - 00000775 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2015-12-24 06:06 - 2015-05-03 19:36 - 00002957 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HitLeap Viewer.lnk
2015-12-24 06:06 - 2012-03-17 14:48 - 00001130 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-24 06:05 - 2015-11-20 00:00 - 00001974 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-12-24 06:05 - 2015-11-17 22:28 - 00000977 _____ C:\Users\Admin\Desktop\Electrum.lnk
2015-12-24 06:05 - 2015-10-22 01:03 - 00001879 _____ C:\Users\Admin\Desktop\Razer Synapse.lnk
2015-12-24 06:05 - 2015-09-22 19:51 - 00000933 _____ C:\Users\Public\Desktop\Minecraft.lnk
2015-12-24 06:05 - 2015-09-21 23:12 - 00002007 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-12-24 06:05 - 2015-09-21 18:56 - 00002679 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-24 06:05 - 2015-08-08 01:55 - 00001019 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-12-24 06:05 - 2015-08-08 01:55 - 00001013 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-12-24 06:05 - 2015-08-05 06:56 - 00000751 _____ C:\Users\Admin\Desktop\Start Tor Browser.lnk
2015-12-24 06:05 - 2015-08-05 05:04 - 00001070 _____ C:\Users\Public\Desktop\Picasa 3.lnk
2015-12-24 06:05 - 2015-08-03 07:35 - 00002003 _____ C:\Users\Public\Desktop\STOPzilla AntiMalware.lnk
2015-12-24 06:05 - 2015-07-31 05:14 - 00001043 _____ C:\Users\Admin\Desktop\FitnessMost.lnk
2015-12-24 06:05 - 2015-07-24 04:49 - 00001008 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk
2015-12-24 06:05 - 2015-05-03 19:36 - 00002995 _____ C:\Users\Admin\Desktop\HitLeap Viewer.lnk
2015-12-24 06:05 - 2014-12-21 01:00 - 00001224 _____ C:\Users\Admin\Desktop\Paint.lnk
2015-12-24 06:05 - 2014-11-23 23:40 - 00001048 _____ C:\Users\Admin\Desktop\PC Remote Server.lnk
2015-12-24 06:05 - 2014-11-10 20:49 - 00000564 _____ C:\Users\Public\Desktop\Fraps.lnk
2015-12-24 06:05 - 2014-10-16 19:57 - 00001017 _____ C:\Users\Public\Desktop\FIFA ONLINE 3(Vietnam).lnk
2015-12-24 06:05 - 2014-10-16 19:52 - 00001027 _____ C:\Users\Public\Desktop\Garena+.lnk
2015-12-24 06:05 - 2014-09-07 19:53 - 00001190 _____ C:\Users\Admin\Desktop\Lightshot .lnk
2015-12-24 06:05 - 2014-07-09 23:56 - 00001767 _____ C:\Users\Public\Desktop\Start BlueStacks.lnk
2015-12-24 06:05 - 2014-07-02 22:44 - 00001975 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Free Auto Clicker.lnk
2015-12-24 06:05 - 2014-07-02 22:44 - 00001951 _____ C:\Users\Admin\Desktop\Free Auto Clicker.lnk
2015-12-24 06:05 - 2014-06-11 21:59 - 00001091 _____ C:\Users\Public\Desktop\Easy Auto Clicker.lnk
2015-12-24 06:05 - 2014-05-20 17:29 - 00000880 _____ C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk
2015-12-24 06:05 - 2014-05-10 17:47 - 00000857 _____ C:\Users\Public\Desktop\osu!.lnk
2015-12-24 06:05 - 2014-05-08 19:58 - 00001635 _____ C:\Users\Admin\Desktop\POWERPNT.lnk
2015-12-24 06:05 - 2014-05-08 19:58 - 00001624 _____ C:\Users\Admin\Desktop\WINWORD.lnk
2015-12-24 06:05 - 2014-05-08 19:58 - 00001604 _____ C:\Users\Admin\Desktop\EXCEL.lnk
2015-12-24 06:05 - 2012-03-17 17:39 - 00001065 _____ C:\Users\Admin\Desktop\UniKeyVista2.0.lnk
2015-12-24 06:05 - 2012-03-17 15:49 - 00000971 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-12-24 06:05 - 2012-03-17 14:46 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-12-24 06:05 - 2012-03-17 14:46 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-12-24 06:05 - 2009-07-14 11:46 - 00001479 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-24 06:05 - 2009-07-14 11:46 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2015-12-24 06:05 - 2009-07-14 11:42 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2015-12-24 06:05 - 2009-07-14 11:42 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2015-12-24 06:05 - 2009-07-14 11:42 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2015-12-24 06:05 - 2009-07-14 11:37 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2015-12-24 06:01 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\Web
2015-12-24 05:59 - 2014-05-08 20:00 - 00000000 ____D C:\Users\Admin\AppData\Roaming\x64
2015-12-23 06:03 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\inf
2015-12-20 18:20 - 2014-05-10 17:47 - 00000000 ____D C:\Program Files\osu!
2015-12-19 00:30 - 2012-03-17 17:06 - 00000000 ____D C:\Users\Admin\AppData\Local\ElevatedDiagnostics
2015-12-17 22:18 - 2015-11-20 00:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-12-17 22:16 - 2014-05-08 19:42 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-12-17 04:53 - 2015-04-21 17:10 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Mozilla
2015-12-15 00:04 - 2015-11-17 01:36 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-12-12 19:38 - 2010-11-21 04:01 - 00794034 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-12 19:28 - 2015-03-02 18:22 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2015-12-12 19:28 - 2012-03-17 17:23 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-12 19:27 - 2012-03-17 14:48 - 00000000 ____D C:\Users\Admin
2015-12-11 03:01 - 2015-04-19 01:54 - 00000000 ____D C:\Windows\rescache
2015-12-11 02:52 - 2014-10-16 19:51 - 00000000 ____D C:\ProgramData\GarenaMessenger
2015-12-11 00:12 - 2014-10-16 20:02 - 00000000 ____D C:\Users\Admin\AppData\Roaming\GarenaPlus
2015-12-10 18:45 - 2014-05-09 20:12 - 00000000 __SHD C:\Windows\system32\AI_RecycleBin
2015-12-10 18:45 - 2014-05-09 20:11 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Riot Games
2015-12-10 03:51 - 2015-09-21 18:56 - 00000000 ___RD C:\Program Files\Skype
2015-12-10 03:51 - 2014-05-08 19:50 - 00000000 ____D C:\Users\Admin\AppData\Local\Skype
2015-12-10 03:30 - 2009-07-14 11:33 - 00412040 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-08 22:20 - 2014-06-16 11:16 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2015-12-08 22:14 - 2015-07-25 04:01 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-12-08 22:14 - 2014-06-16 11:16 - 00000000 ____D C:\Program Files\Adobe
2015-12-08 04:14 - 2012-03-17 18:00 - 00110480 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-08 04:12 - 2014-06-16 11:16 - 00000000 ____D C:\ProgramData\Adobe
2015-12-08 03:03 - 2012-03-17 15:31 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Adobe
2015-12-08 02:30 - 2009-07-14 11:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-12-06 20:37 - 2015-11-17 22:19 - 00000000 ____D C:\Users\Admin\Desktop\electrum_data
 
==================== Files in the root of some directories =======
 
2014-06-17 03:32 - 2014-06-29 12:31 - 0000117 _____ () C:\Users\Admin\AppData\Roaming\D2Info0
2014-06-17 03:32 - 2014-06-29 00:27 - 0000008 _____ () C:\Users\Admin\AppData\Roaming\DofusAppId0_1
2014-06-17 03:32 - 2014-06-29 13:03 - 0000008 _____ () C:\Users\Admin\AppData\Roaming\DofusAppId0_2
2014-06-17 03:32 - 2014-06-27 10:37 - 0000008 _____ () C:\Users\Admin\AppData\Roaming\DofusAppId0_3
2014-06-23 10:15 - 2014-06-23 11:14 - 0000008 _____ () C:\Users\Admin\AppData\Roaming\DofusAppId0_4
2014-05-20 16:47 - 2014-05-19 10:48 - 0603763 _____ () C:\Users\Admin\AppData\Roaming\libcurl-4.dll
2014-05-20 16:47 - 2014-05-27 15:01 - 0626176 _____ (The cURL library, http://curl.haxx.se/) C:\Users\Admin\AppData\Roaming\libcurl.dll
2014-05-20 16:47 - 2014-05-27 15:01 - 1704448 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Admin\AppData\Roaming\libeay32.dll
2014-05-20 16:47 - 2014-05-27 15:01 - 0112142 _____ () C:\Users\Admin\AppData\Roaming\libgcc_s_dw2-1.dll
2014-05-20 16:47 - 2014-05-27 15:01 - 0279955 _____ () C:\Users\Admin\AppData\Roaming\libidn-11.dll
2014-05-20 16:47 - 2014-05-27 15:01 - 0148760 _____ () C:\Users\Admin\AppData\Roaming\libpdcurses.dll
2014-05-20 16:47 - 2014-05-27 15:07 - 0000091 _____ () C:\Users\Admin\AppData\Roaming\msdtca.bat
2014-05-20 16:47 - 2014-05-19 10:48 - 0042496 _____ (Open Source Software community project) C:\Users\Admin\AppData\Roaming\pthreadGC2-w64.dll
2014-05-20 16:47 - 2014-05-27 15:01 - 0119704 _____ (Open Source Software community LGPL) C:\Users\Admin\AppData\Roaming\pthreadGC2.dll
2014-05-20 16:47 - 2014-02-19 14:08 - 0015748 _____ () C:\Users\Admin\AppData\Roaming\README.md
2014-12-20 18:30 - 2014-12-20 18:30 - 0045270 _____ () C:\Users\Admin\AppData\Roaming\room_v3.dat
2014-05-28 16:54 - 2014-05-28 10:16 - 0000267 _____ () C:\Users\Admin\AppData\Roaming\sgminer.conf
2014-05-20 16:47 - 2014-05-27 15:01 - 0364544 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Admin\AppData\Roaming\ssleay32.dll
2014-05-19 00:20 - 2014-05-19 00:20 - 0000000 __RSH () C:\Users\Admin\AppData\Roaming\wuzsd.tmp~
2014-05-20 16:47 - 2014-05-27 15:01 - 0113166 _____ () C:\Users\Admin\AppData\Roaming\zlib1.dll
2014-09-07 19:52 - 2014-09-07 19:52 - 0000003 _____ () C:\Users\Admin\AppData\Local\updater.log
2014-09-07 19:52 - 2015-10-04 01:44 - 0000412 _____ () C:\Users\Admin\AppData\Local\UserProducts.xml
 
Some files in TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Admin\AppData\Local\Temp\nsu3E3A.exe
C:\Users\Admin\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-22 05:44
 
==================== End of FRST.txt ============================

Attached Files


Edited by Sasukemystery, 26 December 2015 - 10:47 AM.


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:27 AM

Posted 26 December 2015 - 11:24 AM

Hello 

Sasukemystery

,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

2.

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close

 

3.

Please run FRST again and post the new FRST.txt.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Sasukemystery

Sasukemystery
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 26 December 2015 - 12:58 PM

# AdwCleaner v5.026 - Logfile created 27/12/2015 at 00:24:16
# Updated 21/12/2015 by Xplode
# Database : 2015-12-23.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x86)
# Username : Admin - WIN-6ROB1ELVTRH
# Running from : C:\Users\Admin\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files\kmspico
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\kmspico
Folder Found : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd
 
***** [ Files ] *****
 
File Found : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage
File Found : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage-journal
File Found : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage
File Found : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage-journal
File Found : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
File Found : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
File Found : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
File Found : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
File Found : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
File Found : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal
File Found : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
File Found : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
File Found : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.re-markit00.re-markit.co_0.localstorage
File Found : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.re-markit00.re-markit.co_0.localstorage-journal
File Found : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage
File Found : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : fcfenmboojpjinhpgggodefccipikbpd
 
########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [3212 bytes] ##########
 
and
 
Emsisoft Emergency Kit - Version 10.0
Last update: 27/12/2015 12:48:15 SA
User account: WIN-6ROB1ELVTRH\Admin
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 27/12/2015 12:56:02 SA
C:\Users\Admin\AppData\Roaming\libcurl-4.dll detected: Trojan.Win32.BitCoinMiner (A)
C:\Users\Admin\AppData\Roaming\pthreadGC2.dll detected: Trojan.Win32.BitCoinMiner (A)
C:\Users\Admin\AppData\Roaming\pthreadGC2-w64.dll detected: Backdoor.Win32.Poison (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\WIN7ZIP -> UUID detected: Trojan.Win32.Injector (A)
 
Scanned 61666
Found 4
 
Scan end: 27/12/2015 12:57:35 SA
Scan time: 0:01:33
 
*** Scan aborted by user ***
 
For the Emsisoft one, I scanned it twice and it always stopped at exactly 61666 files scanned (80%) so I stopped it, quarantined and viewed the report. I don't know if that's okay.
 
 
 
FRST SCAN:
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-12-2015
Ran by Admin (administrator) on WIN-6ROB1ELVTRH (27-12-2015 00:59:49)
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
() C:\Program Files\Garena Plus\ggdllhost.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(AnchorFree Inc.) C:\Program Files\Hotspot Shield\bin\cmw_srv.exe
() C:\Program Files\Hotspot Shield\bin\hsswd.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\Razer\Razer Services\GSS\GameScannerService.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Zemana Ltd.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe
(Razer Inc.) C:\Program Files\Razer\Synapse\RzSynapse.exe
(Skillbrains) C:\Program Files\Skillbrains\lightshot\5.3.0.0\Lightshot.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Zemana Ltd.) C:\Program Files\Zemana AntiMalware\ZAM.exe
() C:\Program Files\UniKey Vista 2.0\UniKeyVista2.0.exe
(PC Remote) C:\Program Files\PC Remote\PC Remote\PCRemote.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(© 2015 Microsoft Corporation) C:\Users\Admin\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe
(Mega Limited) C:\Users\Admin\AppData\Local\MEGAsync\MEGAsync.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Razer, Inc.) C:\Program Files\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Admin\AppData\Local\Razer\InGameEngine\cache\RzSynapse\rzcefrenderprocess.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-07-18] (Intel Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [748256 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [832272 2014-06-23] (BlueStack Systems, Inc.)
HKLM\...\Run: [Lightshot] => C:\Program Files\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM\...\Run: [Razer Synapse] => C:\Program Files\Razer\Synapse\RzSynapse.exe [592704 2015-07-08] (Razer Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [12902304 2015-12-14] (Zemana Ltd.)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2616320 2010-11-21] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2616320 2010-11-21] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Run: [UniKey] => C:\Program Files\UniKey Vista 2.0\UniKeyVista2.0.exe [675840 2006-04-19] ()
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Run: [Google Update] => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Run: [GarenaPlus] => C:\Program Files\Garena Plus\GarenaMessenger.exe [10016704 2015-09-03] ()
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Run: [PC Remote Server] => C:\Program Files\PC Remote\PC Remote\PCRemote.exe [1190648 2014-10-12] (PC Remote)
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-13] (Piriform Ltd)
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Run: [BingSvc] => C:\Users\Admin\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Run: [Sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Run: [YWPack] => C:\Windows\System32\regsvr32.exe C:\Users\Admin\AppData\Local\Idsoft\a3dMouseHid.dll
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\RunOnce: [Application Restart #1] => C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe [741704 2015-12-11] (Google Inc.)
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\MountPoints2: {7a661dfe-e354-11e4-9cca-685d43d0d8a5} - G:\Startme.exe
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2616320 2010-11-21] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\Admin\AppData\Local\Idsoft\a3dMouseHid.dll ATTENTION
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2616320 2010-11-21] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Admin\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Admin\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Admin\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2015-12-24]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Admin\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-12-24]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.11.1
Tcpip\..\Interfaces\{77F0F9B0-9826-494A-A74E-ECEA6F9203C6}: [DhcpNameServer] 199.203.131.151
Tcpip\..\Interfaces\{EBA1A423-55F7-42FF-8BD2-7D3431A11272}: [DhcpNameServer] 192.168.11.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1755497312-2144431535-1462801618-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-18] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-18] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1755497312-2144431535-1462801618-1000 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0060-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://42.112.1.101/videoplayer/swflash.cab?ich_u_r_i=92e814a45392f036c20633f3d79dfece&ich_s_t_a_r_t=0&ich_e_n_d=0&ich_k_e_y=1245038917750863292468&ich_t_y_p_e=1&ich_u_n_i_t=1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\96ghf148.default
FF SearchEngineOrder.3: Bing 
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q=
FF NetworkProxy: "type", 5
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [2012-03-17] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Windows\system32\npdeployJava1.dll [2015-09-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-01-16] ( Garena)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1755497312-2144431535-1462801618-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Admin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1755497312-2144431535-1462801618-1000: @talk.google.com/O1DPlugin -> C:\Users\Admin\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1755497312-2144431535-1462801618-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-1755497312-2144431535-1462801618-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-1755497312-2144431535-1462801618-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Admin\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Admin\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: ReloadEvery - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\96ghf148.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2015-08-08]
FF Extension: IPFlood - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\96ghf148.default\extensions\ipbleep@p4ul.info.xpi [2015-08-08]
FF Extension: iMacros for Firefox - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\96ghf148.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2015-10-18]
FF Extension: Bing Search - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\96ghf148.default\Extensions\bingsearch.full@microsoft.com [2015-08-28] [not signed]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08] [not signed]
FF HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Admin\AppData\Roaming\IDM\idmmzcc5 => not found
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-23]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-23]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-23]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-23]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-23]
CHR Extension: (Bing) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-12-23]
CHR Extension: (Google Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-23]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-24]
CHR Extension: (Little Alchemy) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2015-12-26]
CHR Extension: (Skype) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-23]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-23]
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
CHR HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - chrome.exe
StartMenuInternet: Google Chrome.7PQPS23MUPF4CCWMZG2OSP2JEE - C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
 
Opera: 
=======
OPR Extension: (2048 AI - bitcoin) - C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\chfnopmklmpinabemlmldefhbhgkglmc [2015-12-21]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [406288 2014-06-23] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [385808 2014-06-23] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [774928 2014-06-23] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [280680 2015-09-16] (Intel Corporation)
S3 EasyAntiCheat; C:\Windows\system32\EasyAntiCheat.exe [245544 2015-12-18] (EasyAntiCheat Ltd)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2015-12-26] (SurfRight B.V.)
R2 hshld; C:\Program Files\Hotspot Shield\bin\cmw_srv.exe [1873616 2015-10-13] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [96600 2015-10-13] ()
R2 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe [589520 2015-06-04] ()
S3 ICCS; C:\Program Files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [169752 2012-04-24] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [274024 2015-09-16] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [235696 2015-12-02] (McAfee, Inc.)
R2 Razer Game Scanner Service; C:\Program Files\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-24] ()
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155520 2015-06-10] (Avanquest Software)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [12902304 2015-12-14] (Zemana Ltd.)
S2 szserver; "C:\Program Files\iS3\STOPzilla AntiMalware\SZServer.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [24832 2013-12-14] (Advanced Micro Devices, Inc.)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [113424 2014-06-23] (BlueStack Systems)
R1 epp32; C:\EEK\bin\epp32.sys [112408 2015-12-26] (Emsisoft GmbH)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [26328 2015-04-15] (Sony Mobile Communications)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [39528 2015-06-04] (AnchorFree Inc.)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16880 2013-07-18] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [352752 2013-07-18] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [801776 2013-07-18] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2015-12-27] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [10299904 2011-12-01] (Intel Corporation)
R3 RSUSBVSTOR; C:\Windows\System32\Drivers\RtsUVStor.sys [246488 2014-01-03] (Realtek Semiconductor Corp.)
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [30120 2014-12-30] (Razer Inc)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [35624 2014-12-30] (Razer Inc)
S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [25088 2014-05-23] (Windows ® Win 7 DDK provider)
R3 rzmpos; C:\Windows\System32\DRIVERS\rzmpos.sys [32680 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [20288 2015-06-12] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [97088 2015-06-27] (Razer, Inc.)
R3 rzudd; C:\Windows\System32\DRIVERS\rzudd.sys [151336 2014-12-30] (Razer Inc)
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [29224 2014-12-30] (Razer Inc)
R0 szkg5; C:\Windows\System32\drivers\szkg.sys [61328 2015-05-20] (iS3 Inc.)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [36968 2015-06-04] (Anchorfree Inc.)
R1 ZAM; C:\Windows\System32\drivers\zam32.sys [179448 2015-12-26] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [179448 2015-12-26] (Zemana Ltd.)
S3 cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 EasyAntiCheatSys; \??\C:\Windows\system32\drivers\EasyAntiCheat.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [X]
S0 is3srv; system32\drivers\is3srv.sys [X]
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [359640 2014-01-03] (Realsil Semiconductor Corporation)
S0 szkgfs; system32\drivers\szkgfs.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-27 00:39 - 2015-12-27 00:39 - 00000751 _____ C:\Users\Admin\Desktop\Start Emsisoft Emergency Kit.lnk
2015-12-27 00:38 - 2015-12-27 00:54 - 00000000 ____D C:\EEK
2015-12-27 00:32 - 2015-12-27 00:35 - 171136208 _____ C:\Users\Admin\Downloads\EmsisoftEmergencyKit.exe
2015-12-27 00:01 - 2015-12-27 00:01 - 01743360 _____ C:\Users\Admin\Downloads\AdwCleaner.exe
2015-12-27 00:00 - 2015-12-27 00:00 - 01743360 _____ C:\Users\Admin\Downloads\adwcleaner_5.026.exe
2015-12-26 23:58 - 2015-12-26 23:58 - 01743360 _____ C:\Users\Admin\Desktop\AdwCleaner.exe
2015-12-26 23:02 - 2015-12-26 23:04 - 00001125 _____ C:\Users\Public\Desktop\DigiEuro.exe.lnk
2015-12-26 23:02 - 2015-12-26 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DigiEuro (DEUR) Scrypt
2015-12-26 23:02 - 2015-12-26 23:04 - 00000000 ____D C:\Program Files\DigiEuro (DEUR) Scrypt
2015-12-26 23:00 - 2015-12-26 23:01 - 06377776 _____ C:\Users\Admin\Downloads\digieuro-scrypt-en-om.zip
2015-12-26 22:15 - 2015-12-26 22:15 - 00263765 _____ C:\Users\Admin\Downloads\4ZLOLZ EARNING GUIDE.pdf
2015-12-26 21:37 - 2015-12-26 21:37 - 00058501 _____ C:\Users\Admin\Desktop\FRST.txt
2015-12-26 21:37 - 2015-12-26 21:37 - 00029235 _____ C:\Users\Admin\Desktop\Addition.txt
2015-12-26 21:35 - 2015-12-26 21:36 - 00029235 _____ C:\Users\Admin\Downloads\Addition.txt
2015-12-26 21:35 - 2015-12-26 21:35 - 01721856 _____ (Farbar) C:\Users\Admin\Downloads\FRST (1).exe
2015-12-26 21:34 - 2015-12-27 00:59 - 00025219 _____ C:\Users\Admin\Downloads\FRST.txt
2015-12-26 21:33 - 2015-12-27 00:59 - 00000000 ____D C:\FRST
2015-12-26 21:33 - 2015-12-26 21:33 - 01721856 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2015-12-26 21:00 - 2015-12-27 00:06 - 00000391 _____ C:\Windows\ZAM_Guard.krnl.trace
2015-12-26 21:00 - 2015-12-27 00:03 - 00000620 _____ C:\Windows\ZAM.krnl.trace
2015-12-26 21:00 - 2015-12-26 21:00 - 00179448 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard32.sys
2015-12-26 21:00 - 2015-12-26 21:00 - 00179448 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam32.sys
2015-12-26 21:00 - 2015-12-26 21:00 - 00001900 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2015-12-26 21:00 - 2015-12-26 21:00 - 00000000 ____D C:\Users\Admin\AppData\Local\Zemana
2015-12-26 21:00 - 2015-12-26 21:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2015-12-26 21:00 - 2015-12-26 21:00 - 00000000 ____D C:\Program Files\Zemana AntiMalware
2015-12-26 20:59 - 2015-12-26 20:59 - 05298752 _____ ( ) C:\Users\Admin\Downloads\Zemana.AntiMalware.Setup.exe
2015-12-26 19:50 - 2015-12-26 19:50 - 00009240 _____ C:\Windows\system32\.crusader
2015-12-26 18:41 - 2015-12-26 19:51 - 00000000 ____D C:\ProgramData\HitmanPro
2015-12-26 18:41 - 2015-12-26 18:41 - 00001905 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-12-26 18:41 - 2015-12-26 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-12-26 18:41 - 2015-12-26 18:41 - 00000000 ____D C:\Program Files\HitmanPro
2015-12-26 18:40 - 2015-12-26 18:41 - 10344184 _____ (SurfRight B.V.) C:\Users\Admin\Downloads\HitmanPro.exe
2015-12-25 21:18 - 2015-12-25 21:17 - 00066174 _____ C:\Users\Admin\Desktop\received_10203628653995418.jpeg
2015-12-25 21:17 - 2015-12-25 21:17 - 00066174 _____ C:\Users\Admin\Downloads\received_10203628653995418.jpeg
2015-12-24 19:08 - 2015-12-24 19:08 - 01288108 _____ C:\Users\Admin\Downloads\Empire Revenue (1).pdf
2015-12-24 19:07 - 2015-12-24 19:08 - 01288108 _____ C:\Users\Admin\Downloads\Empire Revenue.pdf
2015-12-24 05:58 - 2015-12-24 05:58 - 00001058 _____ C:\Users\Admin\Desktop\malware.txt
2015-12-24 04:32 - 2015-12-24 04:33 - 00000000 ____D C:\Users\Admin\Downloads\Malwarebytes Anti-Malware Premium 2.2.0.1024 Final Multilingual incl Keygen-=TEAM OS=-
2015-12-24 04:32 - 2015-12-24 04:32 - 00007966 _____ C:\Users\Admin\Downloads\[kat.cr]malwarebytes.anti.malware.premium.2.2.0.1024.final.multilingual.incl.keygen.team.os.torrent
2015-12-24 04:30 - 2015-12-27 00:05 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-24 04:25 - 2015-12-24 18:16 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-12-24 04:21 - 2015-12-24 04:21 - 22908888 _____ (Malwarebytes ) C:\Users\Admin\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-24 04:19 - 2015-12-24 04:19 - 00000994 _____ C:\Users\Admin\Downloads\[kat.cr]malwarebytes.anti.malware.premium.latest.serials.14.11.15.4realtorrentz.torrent
2015-12-24 04:19 - 2015-12-24 04:19 - 00000735 ____R C:\Users\Admin\Downloads\Malwarebytes Anti-Malware Premium Latest Serials (14.11.15) [4realtorrentz].txt
2015-12-23 05:58 - 2015-12-23 06:23 - 00000000 ____D C:\Users\Admin\Desktop\BonusBitcoin
2015-12-22 21:50 - 2015-12-22 21:50 - 00000000 ____D C:\Users\Admin\AppData\Roaming\TuneUp Software
2015-12-22 21:50 - 2015-12-22 21:50 - 00000000 ____D C:\Users\Admin\AppData\Local\TuneUp Software
2015-12-22 21:46 - 2015-12-22 21:53 - 00000000 ____D C:\ProgramData\TuneUp Software
2015-12-22 21:45 - 2015-12-26 19:53 - 00000000 ____D C:\Users\Admin\AppData\Local\Idsoft
2015-12-22 21:45 - 2015-12-22 21:45 - 00067530 _____ C:\Users\Admin\Desktop\Setup_product_13224.exe
2015-12-22 21:41 - 2015-12-24 05:59 - 00000000 ____D C:\Program Files\KMSPico 10.0.6
2015-12-21 03:06 - 2015-12-21 03:06 - 01695352 _____ C:\Users\Admin\Downloads\MoneyBot www.ebookleaks.org.rar
2015-12-21 03:05 - 2015-12-21 03:06 - 01858819 _____ C:\Users\Admin\Downloads\INCREDIBLE INCOME www.ebookleaks.org.rar
2015-12-21 01:13 - 2015-12-21 01:13 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Opera Software
2015-12-21 01:13 - 2015-12-21 01:13 - 00000000 ____D C:\Users\Admin\AppData\Local\Opera Software
2015-12-21 01:12 - 2015-12-24 06:05 - 00001081 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-12-21 01:12 - 2015-12-24 06:05 - 00001075 _____ C:\Users\Public\Desktop\Opera.lnk
2015-12-21 01:12 - 2015-12-21 01:12 - 00017661 _____ C:\Users\Admin\Downloads\2048-BitcoinAutoplayer.nex
2015-12-21 01:11 - 2015-12-27 00:09 - 00000000 ____D C:\Program Files\Opera
2015-12-21 01:11 - 2015-12-21 01:11 - 00720336 _____ (Opera Software) C:\Users\Admin\Downloads\Opera_NI_stable.exe
2015-12-20 23:44 - 2015-12-20 23:44 - 00002632 _____ C:\Users\Admin\Downloads\legitcheck.hta
2015-12-20 23:40 - 2015-12-26 05:42 - 00001096 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-20 23:40 - 2015-12-24 04:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-20 23:40 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-20 23:40 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-20 23:40 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-20 23:33 - 2015-12-20 23:33 - 00053294 _____ C:\Users\Admin\Downloads\[kat.cr]kmspico.10.1.9.final.2015.portable.torrent
2015-12-20 23:33 - 2015-12-20 23:33 - 00000000 ____D C:\Users\Admin\Downloads\KMSpico 10.1.9 Final + Portable
2015-12-20 19:29 - 2015-12-26 19:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2015-12-20 19:29 - 2015-12-26 19:49 - 00000000 ____D C:\Program Files\KMSpico
2015-12-20 19:29 - 2010-12-06 09:16 - 00090112 _____ (Vestris Inc.) C:\Windows\system32\Vestris.ResourceLib.dll
2015-12-20 19:28 - 2015-12-20 19:28 - 03191776 _____ C:\Users\Admin\Downloads\KMSpico 10.1.9.zip
2015-12-20 19:25 - 2015-12-20 19:25 - 03186153 _____ C:\Users\Admin\Downloads\AppNee.com.KMSPico.v10.1.9.Setup.7z
2015-12-20 19:24 - 2015-12-20 19:24 - 00000000 ___RD C:\Users\Admin\Documents\MEGA
2015-12-20 19:21 - 2015-12-21 01:11 - 00000000 ____D C:\Users\Admin\Documents\MEGAsync Downloads
2015-12-20 19:18 - 2015-12-24 06:05 - 00001026 _____ C:\Users\Admin\Desktop\MEGAsync.lnk
2015-12-20 19:18 - 2015-12-20 19:18 - 10152576 _____ (MEGA Limited) C:\Users\Admin\Downloads\MEGAsyncSetup (2).exe
2015-12-20 19:18 - 2015-12-20 19:18 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2015-12-20 19:18 - 2015-12-20 19:18 - 00000000 ____D C:\Users\Admin\AppData\Local\Mega Limited
2015-12-20 19:17 - 2015-12-20 19:17 - 21545336 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-sem-2.1.6.1022.exe
2015-12-20 05:40 - 2015-12-18 01:16 - 00245544 _____ (EasyAntiCheat Ltd) C:\Windows\system32\EasyAntiCheat.exe
2015-12-20 05:20 - 2015-12-24 06:05 - 00001642 _____ C:\Users\Admin\Desktop\Robocraft Launcher.lnk
2015-12-20 05:20 - 2015-12-20 05:20 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Robocraft Launcher
2015-12-20 05:20 - 2015-12-20 05:20 - 00000000 ____D C:\Users\Admin\AppData\Local\Solid State Networks
2015-12-20 05:20 - 2015-12-20 05:20 - 00000000 ____D C:\Games
2015-12-20 05:17 - 2015-12-20 05:18 - 12397864 _____ (Freejam Games ) C:\Users\Admin\Downloads\RobocraftSetup.exe
2015-12-19 17:55 - 2015-12-19 17:55 - 00150780 _____ C:\Users\Admin\Downloads\easyaf.pdf
2015-12-17 03:47 - 2015-12-17 04:27 - 01619797 _____ C:\Users\Admin\Downloads\PPD RAPER V1.1 BOOK www.ebookleaks.org.rar
2015-12-17 03:45 - 2015-12-17 04:27 - 01234255 _____ C:\Users\Admin\Downloads\Bitcoin extreme www.ebookleaks.org.rar
2015-12-17 03:43 - 2015-12-17 04:27 - 01900472 _____ C:\Users\Admin\Downloads\CashBlanket www.ebookleaks.org.rar
2015-12-17 03:43 - 2015-12-17 03:43 - 01806892 _____ C:\Users\Admin\Downloads\Supreme PPD guide www.ebookleaks.org.rar
2015-12-17 03:24 - 2015-12-17 03:25 - 05869779 _____ C:\Users\Admin\Downloads\Rocket Revenue www.ebookleaks.org.rar
2015-12-15 00:04 - 2015-12-15 00:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-12-13 04:28 - 2015-12-13 04:28 - 47483942 _____ C:\Users\Admin\Downloads\MultiTool V2.0.1.9.rar
2015-12-12 19:24 - 2015-12-27 00:24 - 00000000 ____D C:\AdwCleaner
2015-12-11 22:29 - 2015-12-12 18:58 - 00000001 _____ C:\Windows\system32\vn.html
2015-12-10 18:48 - 2015-12-24 06:05 - 00001607 _____ C:\Users\Public\Desktop\League of Legends.lnk
2015-12-10 18:48 - 2015-12-10 18:48 - 00000000 ____D C:\Riot Games
2015-12-10 18:48 - 2015-12-10 18:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2015-12-10 18:39 - 2015-12-10 18:40 - 30668968 _____ (Riot Games) C:\Users\Admin\Downloads\LeagueofLegends_EUW_Installer_9_15_2014.exe
2015-12-10 03:51 - 2015-12-10 03:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-10 03:51 - 2015-12-10 03:51 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-12-10 02:36 - 2015-11-12 03:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-10 02:36 - 2015-11-11 23:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-10 02:36 - 2015-11-11 22:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-10 02:36 - 2015-11-11 22:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-10 02:36 - 2015-11-11 22:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-10 02:36 - 2015-11-11 21:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-10 02:36 - 2015-11-10 07:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-10 02:36 - 2015-11-10 07:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-10 02:36 - 2015-11-10 07:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-10 02:36 - 2015-11-10 07:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-10 02:36 - 2015-11-10 07:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-10 02:36 - 2015-11-10 07:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-10 02:36 - 2015-11-10 07:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-10 02:36 - 2015-11-10 07:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-10 02:36 - 2015-11-10 07:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-10 02:36 - 2015-11-10 07:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-10 02:36 - 2015-11-10 07:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-10 02:36 - 2015-11-10 07:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-10 02:36 - 2015-11-10 07:03 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-10 02:36 - 2015-11-10 07:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-10 02:36 - 2015-11-10 07:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-10 02:36 - 2015-11-10 06:57 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-10 02:36 - 2015-11-10 06:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-10 02:36 - 2015-11-10 06:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-10 02:36 - 2015-11-10 06:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-10 02:36 - 2015-11-10 06:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-10 02:36 - 2015-11-10 06:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-10 02:36 - 2015-11-10 06:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-10 02:36 - 2015-11-10 06:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-10 02:36 - 2015-11-10 06:36 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-10 02:36 - 2015-11-10 06:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-10 02:36 - 2015-11-10 06:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-10 02:36 - 2015-11-10 06:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-10 02:36 - 2015-11-10 06:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-10 02:34 - 2015-11-21 01:34 - 02956800 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-10 02:34 - 2015-11-21 01:34 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-10 02:34 - 2015-11-21 01:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-10 02:34 - 2015-11-21 01:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-10 02:34 - 2015-11-21 01:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-10 02:34 - 2015-11-21 01:34 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-10 02:34 - 2015-11-21 01:34 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-10 02:34 - 2015-11-21 01:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-10 02:34 - 2015-11-21 01:33 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-10 02:34 - 2015-11-21 01:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-10 02:34 - 2015-11-21 01:33 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-10 02:34 - 2015-11-12 01:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-10 02:34 - 2015-11-12 01:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-10 02:34 - 2015-11-11 01:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-10 02:34 - 2015-11-11 01:39 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-10 02:34 - 2015-11-11 01:39 - 00811520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-10 02:34 - 2015-11-11 00:40 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-10 02:34 - 2015-11-04 01:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-10 02:23 - 2015-11-06 02:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-10 02:23 - 2015-11-05 16:48 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-10 02:23 - 2015-11-04 01:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-09 04:54 - 2015-12-27 00:07 - 00000000 ____D C:\ProgramData\{113089a1-10c8-0}
2015-12-09 04:54 - 2015-12-27 00:07 - 00000000 ____D C:\ProgramData\{088dd182-50c8-1}
2015-12-08 22:15 - 2015-12-24 06:05 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-12-08 22:15 - 2015-12-24 06:05 - 00002019 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-12-08 22:08 - 2015-12-08 22:09 - 03981353 _____ C:\Users\Admin\Downloads\Sloth King V 1.0 www.ebookleaks.org.rar
2015-12-08 22:06 - 2015-12-08 22:06 - 01623613 _____ C:\Users\Admin\Downloads\IG likes www.ebookleaks.org.rar
2015-12-08 22:05 - 2015-12-08 22:05 - 01771484 _____ C:\Users\Admin\Downloads\Bitcoin Tap www.ebookleaks.org.rar
2015-12-08 04:16 - 2015-12-08 04:16 - 04155234 _____ C:\Users\Admin\Downloads\Adobe_Acrobat_11_Pro_11_0_keygen.exe.zip
2015-12-08 04:13 - 2015-12-08 04:14 - 10086222 _____ C:\Users\Admin\Downloads\Adobe Acrobat XI Pro CRACK License Key.rar
2015-12-08 03:23 - 2015-12-08 03:25 - 00000000 ____D C:\Users\Admin\Desktop\Adobe Acrobat XI
2015-12-08 03:13 - 2015-12-08 03:22 - 729936528 _____ (Adobe Systems Incorporated) C:\Users\Admin\Downloads\AcrobatPro_11_Web_WWMUI.exe
2015-12-08 03:04 - 2015-12-08 03:06 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-12-08 03:04 - 2015-12-08 03:04 - 00000040 ____H C:\CC94DF11CC12
2015-12-08 02:33 - 2015-12-08 02:33 - 02094184 _____ (Adobe) C:\Users\Admin\Downloads\acrobatproDC_00000000000000000000000409.exe
2015-12-07 01:35 - 2015-12-07 02:31 - 00000000 ____D C:\Users\Admin\Desktop\Romina Pack
2015-12-07 00:59 - 2015-12-07 01:02 - 210060559 _____ C:\Users\Admin\Downloads\Romina Pack.rar
2015-12-07 00:58 - 2015-12-07 01:00 - 32103329 _____ C:\Users\Admin\Downloads\Random Pics.rar
2015-12-05 17:06 - 2015-12-20 19:18 - 00000000 ____D C:\Users\Admin\AppData\Local\MEGAsync
2015-12-05 17:06 - 2015-12-05 17:06 - 10144904 _____ (MEGA Limited) C:\Users\Admin\Downloads\MEGAsyncSetup.exe
2015-12-05 17:06 - 2015-12-05 17:06 - 10144904 _____ (MEGA Limited) C:\Users\Admin\Downloads\MEGAsyncSetup (1).exe
2015-12-05 17:00 - 2015-12-05 02:00 - 01373013 _____ C:\Users\Admin\Desktop\Skype Ewhoring-Rat Spreading Bot V1.0.rar
2015-12-05 04:21 - 2015-12-07 02:32 - 00002020 _____ C:\Users\Admin\Desktop\ewhoring script.txt
2015-12-05 02:11 - 2015-12-24 06:05 - 00000977 _____ C:\Users\Admin\Desktop\IceChat.lnk
2015-12-05 02:11 - 2015-12-12 20:56 - 00000000 ____D C:\Users\Admin\AppData\Local\IceChat
2015-12-05 02:11 - 2015-12-05 02:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IceChat7
2015-12-05 02:11 - 2015-12-05 02:11 - 00000000 ____D C:\Program Files\IceChat7
2015-12-05 02:11 - 2000-12-06 00:00 - 00109248 _____ (Microsoft Corporation) C:\Windows\system32\mswinsck.ocx
2015-12-05 02:10 - 2015-12-05 02:10 - 02800545 _____ (IceChat Networks ) C:\Users\Admin\Downloads\icechat-setup.exe
2015-12-05 02:10 - 2015-12-05 02:10 - 02800545 _____ (IceChat Networks ) C:\Users\Admin\Downloads\icechat-setup (2).exe
2015-12-05 02:10 - 2015-12-05 02:10 - 02800545 _____ (IceChat Networks ) C:\Users\Admin\Downloads\icechat-setup (1).exe
2015-12-05 02:02 - 2015-12-05 02:02 - 00000000 ____D C:\Users\Admin\Documents\Skype Bot by SoFt
2015-12-05 02:00 - 2015-12-05 02:00 - 01373013 _____ C:\Users\Admin\Downloads\Skype Ewhoring-Rat Spreading Bot V1.0.rar
2015-12-04 04:26 - 2015-12-26 17:29 - 00000000 ____D C:\Users\Admin\AppData\LocalLow\BitTorrent
2015-12-04 02:25 - 2015-12-04 02:25 - 00000000 ____H C:\Users\Admin\Documents\Default.rdp
2015-12-01 02:16 - 2015-12-01 02:16 - 15026614 _____ C:\Users\Admin\Downloads\Free_Template_Feb-6-2015.psd
2015-12-01 01:03 - 2015-12-01 01:12 - 165923926 _____ C:\Users\Admin\Downloads\pyr0BANK2016.zip
2015-12-01 00:23 - 2015-12-01 00:23 - 03923562 _____ C:\Users\Admin\Desktop\Money Making Methods.zip
2015-12-01 00:21 - 2015-12-01 00:21 - 00000000 ____D C:\Users\Admin\Desktop\Money Making Methods
2015-11-28 23:08 - 2015-12-24 06:05 - 00001305 _____ C:\Users\Public\Desktop\Invision.lnk
2015-11-28 23:08 - 2015-12-05 02:08 - 00000000 ____D C:\Invision
2015-11-28 23:07 - 2015-11-28 23:08 - 06838718 _____ (Invision) C:\Users\Admin\Downloads\Invision3.3.November2011.exe
2015-11-28 23:03 - 2015-11-28 23:03 - 00000000 ____D C:\Users\Admin\AppData\Local\TeamViewer
2015-11-28 23:01 - 2015-12-24 06:05 - 00001001 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-11-28 23:01 - 2015-12-24 06:05 - 00000995 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-11-28 23:01 - 2015-11-28 23:01 - 00000000 ____D C:\Users\Admin\AppData\Roaming\TeamViewer
2015-11-28 23:00 - 2015-12-20 03:11 - 00000000 ____D C:\Program Files\TeamViewer
2015-11-28 23:00 - 2015-11-28 23:00 - 09509032 _____ (TeamViewer GmbH) C:\Users\Admin\Downloads\TeamViewer_Setup.exe
2015-11-28 22:54 - 2015-12-24 06:05 - 00000915 _____ C:\Users\Public\Desktop\mIRC.lnk
2015-11-28 22:54 - 2015-12-05 01:57 - 00000000 ____D C:\Users\Admin\AppData\Roaming\mIRC
2015-11-28 22:54 - 2015-12-05 01:57 - 00000000 ____D C:\Program Files\mIRC
2015-11-28 22:54 - 2015-11-28 22:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
2015-11-28 22:53 - 2015-11-28 22:53 - 02471168 _____ (mIRC Co. Ltd.) C:\Users\Admin\Downloads\mirc743.exe
2015-11-28 22:47 - 2015-11-28 22:47 - 12721313 _____ C:\Users\Admin\Downloads\Recording #1.mp4
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-27 00:55 - 2015-09-21 18:57 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2015-12-27 00:45 - 2014-05-08 19:39 - 00000996 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1755497312-2144431535-1462801618-1000UA.job
2015-12-27 00:06 - 2014-05-09 19:49 - 00000000 __SHD C:\Users\Admin\IntelGraphicsProfiles
2015-12-27 00:04 - 2009-07-14 11:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-27 00:03 - 2009-07-14 09:37 - 00000000 ____D C:\Windows
2015-12-26 23:56 - 2009-07-14 11:34 - 00036480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-26 23:56 - 2009-07-14 11:34 - 00036480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-26 20:51 - 2015-03-02 18:22 - 00002338 _____ C:\Users\Admin\Desktop\Chrome App Launcher.lnk
2015-12-26 20:11 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\system32\NDF
2015-12-26 19:50 - 2014-09-02 00:25 - 00000000 ____D C:\Users\Admin\AppData\Roaming\mgyun
2015-12-26 19:50 - 2014-05-09 19:00 - 00000000 ____D C:\Users\Admin\AppData\Roaming\BitTorrent
2015-12-26 04:45 - 2014-05-08 19:39 - 00000944 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1755497312-2144431535-1462801618-1000Core.job
2015-12-26 04:28 - 2014-05-29 20:29 - 00000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2015-12-26 04:03 - 2014-05-08 19:50 - 00000000 ____D C:\ProgramData\Skype
2015-12-25 05:42 - 2015-09-22 19:52 - 00000000 ____D C:\Users\Admin\AppData\Roaming\.minecraft
2015-12-25 04:31 - 2015-09-17 16:59 - 00001095 _____ C:\Users\Admin\Desktop\nativelog.txt
2015-12-25 04:24 - 2014-10-16 19:52 - 00000000 ____D C:\Program Files\Garena Plus
2015-12-25 04:03 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\system
2015-12-24 06:06 - 2015-08-05 06:56 - 00000775 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2015-12-24 06:06 - 2015-05-03 19:36 - 00002957 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HitLeap Viewer.lnk
2015-12-24 06:06 - 2012-03-17 14:48 - 00001130 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-24 06:05 - 2015-11-20 00:00 - 00001974 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-12-24 06:05 - 2015-11-17 22:28 - 00000977 _____ C:\Users\Admin\Desktop\Electrum.lnk
2015-12-24 06:05 - 2015-10-22 01:03 - 00001879 _____ C:\Users\Admin\Desktop\Razer Synapse.lnk
2015-12-24 06:05 - 2015-09-22 19:51 - 00000933 _____ C:\Users\Public\Desktop\Minecraft.lnk
2015-12-24 06:05 - 2015-09-21 23:12 - 00002007 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-12-24 06:05 - 2015-09-21 18:56 - 00002679 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-24 06:05 - 2015-08-08 01:55 - 00001019 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-12-24 06:05 - 2015-08-08 01:55 - 00001013 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-12-24 06:05 - 2015-08-05 06:56 - 00000751 _____ C:\Users\Admin\Desktop\Start Tor Browser.lnk
2015-12-24 06:05 - 2015-08-05 05:04 - 00001070 _____ C:\Users\Public\Desktop\Picasa 3.lnk
2015-12-24 06:05 - 2015-08-03 07:35 - 00002003 _____ C:\Users\Public\Desktop\STOPzilla AntiMalware.lnk
2015-12-24 06:05 - 2015-07-31 05:14 - 00001043 _____ C:\Users\Admin\Desktop\FitnessMost.lnk
2015-12-24 06:05 - 2015-07-24 04:49 - 00001008 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk
2015-12-24 06:05 - 2015-05-03 19:36 - 00002995 _____ C:\Users\Admin\Desktop\HitLeap Viewer.lnk
2015-12-24 06:05 - 2014-12-21 01:00 - 00001224 _____ C:\Users\Admin\Desktop\Paint.lnk
2015-12-24 06:05 - 2014-11-23 23:40 - 00001048 _____ C:\Users\Admin\Desktop\PC Remote Server.lnk
2015-12-24 06:05 - 2014-11-10 20:49 - 00000564 _____ C:\Users\Public\Desktop\Fraps.lnk
2015-12-24 06:05 - 2014-10-16 19:57 - 00001017 _____ C:\Users\Public\Desktop\FIFA ONLINE 3(Vietnam).lnk
2015-12-24 06:05 - 2014-10-16 19:52 - 00001027 _____ C:\Users\Public\Desktop\Garena+.lnk
2015-12-24 06:05 - 2014-09-07 19:53 - 00001190 _____ C:\Users\Admin\Desktop\Lightshot .lnk
2015-12-24 06:05 - 2014-07-09 23:56 - 00001767 _____ C:\Users\Public\Desktop\Start BlueStacks.lnk
2015-12-24 06:05 - 2014-07-02 22:44 - 00001975 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Free Auto Clicker.lnk
2015-12-24 06:05 - 2014-07-02 22:44 - 00001951 _____ C:\Users\Admin\Desktop\Free Auto Clicker.lnk
2015-12-24 06:05 - 2014-06-11 21:59 - 00001091 _____ C:\Users\Public\Desktop\Easy Auto Clicker.lnk
2015-12-24 06:05 - 2014-05-20 17:29 - 00000880 _____ C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk
2015-12-24 06:05 - 2014-05-10 17:47 - 00000857 _____ C:\Users\Public\Desktop\osu!.lnk
2015-12-24 06:05 - 2014-05-08 19:58 - 00001635 _____ C:\Users\Admin\Desktop\POWERPNT.lnk
2015-12-24 06:05 - 2014-05-08 19:58 - 00001624 _____ C:\Users\Admin\Desktop\WINWORD.lnk
2015-12-24 06:05 - 2014-05-08 19:58 - 00001604 _____ C:\Users\Admin\Desktop\EXCEL.lnk
2015-12-24 06:05 - 2012-03-17 17:39 - 00001065 _____ C:\Users\Admin\Desktop\UniKeyVista2.0.lnk
2015-12-24 06:05 - 2012-03-17 15:49 - 00000971 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-12-24 06:05 - 2012-03-17 14:46 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-12-24 06:05 - 2012-03-17 14:46 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-12-24 06:05 - 2009-07-14 11:46 - 00001479 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-24 06:05 - 2009-07-14 11:46 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2015-12-24 06:05 - 2009-07-14 11:42 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2015-12-24 06:05 - 2009-07-14 11:42 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2015-12-24 06:05 - 2009-07-14 11:42 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2015-12-24 06:05 - 2009-07-14 11:37 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2015-12-24 06:01 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\Web
2015-12-24 05:59 - 2014-05-08 20:00 - 00000000 ____D C:\Users\Admin\AppData\Roaming\x64
2015-12-23 06:03 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\inf
2015-12-20 18:20 - 2014-05-10 17:47 - 00000000 ____D C:\Program Files\osu!
2015-12-19 00:30 - 2012-03-17 17:06 - 00000000 ____D C:\Users\Admin\AppData\Local\ElevatedDiagnostics
2015-12-17 22:18 - 2015-11-20 00:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-12-17 22:16 - 2014-05-08 19:42 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-12-17 04:53 - 2015-04-21 17:10 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Mozilla
2015-12-15 00:04 - 2015-11-17 01:36 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-12-12 19:38 - 2010-11-21 04:01 - 00794034 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-12 19:28 - 2015-03-02 18:22 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2015-12-12 19:28 - 2012-03-17 17:23 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-12 19:27 - 2012-03-17 14:48 - 00000000 ____D C:\Users\Admin
2015-12-11 03:01 - 2015-04-19 01:54 - 00000000 ____D C:\Windows\rescache
2015-12-11 02:52 - 2014-10-16 19:51 - 00000000 ____D C:\ProgramData\GarenaMessenger
2015-12-11 00:12 - 2014-10-16 20:02 - 00000000 ____D C:\Users\Admin\AppData\Roaming\GarenaPlus
2015-12-10 18:45 - 2014-05-09 20:12 - 00000000 __SHD C:\Windows\system32\AI_RecycleBin
2015-12-10 18:45 - 2014-05-09 20:11 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Riot Games
2015-12-10 03:51 - 2015-09-21 18:56 - 00000000 ___RD C:\Program Files\Skype
2015-12-10 03:51 - 2014-05-08 19:50 - 00000000 ____D C:\Users\Admin\AppData\Local\Skype
2015-12-10 03:30 - 2009-07-14 11:33 - 00412040 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-08 22:20 - 2014-06-16 11:16 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2015-12-08 22:14 - 2015-07-25 04:01 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-12-08 22:14 - 2014-06-16 11:16 - 00000000 ____D C:\Program Files\Adobe
2015-12-08 04:14 - 2012-03-17 18:00 - 00110480 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-08 04:12 - 2014-06-16 11:16 - 00000000 ____D C:\ProgramData\Adobe
2015-12-08 03:03 - 2012-03-17 15:31 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Adobe
2015-12-08 02:30 - 2009-07-14 11:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-12-06 20:37 - 2015-11-17 22:19 - 00000000 ____D C:\Users\Admin\Desktop\electrum_data
 
==================== Files in the root of some directories =======
 
2014-06-17 03:32 - 2014-06-29 12:31 - 0000117 _____ () C:\Users\Admin\AppData\Roaming\D2Info0
2014-06-17 03:32 - 2014-06-29 00:27 - 0000008 _____ () C:\Users\Admin\AppData\Roaming\DofusAppId0_1
2014-06-17 03:32 - 2014-06-29 13:03 - 0000008 _____ () C:\Users\Admin\AppData\Roaming\DofusAppId0_2
2014-06-17 03:32 - 2014-06-27 10:37 - 0000008 _____ () C:\Users\Admin\AppData\Roaming\DofusAppId0_3
2014-06-23 10:15 - 2014-06-23 11:14 - 0000008 _____ () C:\Users\Admin\AppData\Roaming\DofusAppId0_4
2014-05-20 16:47 - 2014-05-27 15:01 - 0626176 _____ (The cURL library, http://curl.haxx.se/) C:\Users\Admin\AppData\Roaming\libcurl.dll
2014-05-20 16:47 - 2014-05-27 15:01 - 1704448 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Admin\AppData\Roaming\libeay32.dll
2014-05-20 16:47 - 2014-05-27 15:01 - 0112142 _____ () C:\Users\Admin\AppData\Roaming\libgcc_s_dw2-1.dll
2014-05-20 16:47 - 2014-05-27 15:01 - 0279955 _____ () C:\Users\Admin\AppData\Roaming\libidn-11.dll
2014-05-20 16:47 - 2014-05-27 15:01 - 0148760 _____ () C:\Users\Admin\AppData\Roaming\libpdcurses.dll
2014-05-20 16:47 - 2014-05-27 15:07 - 0000091 _____ () C:\Users\Admin\AppData\Roaming\msdtca.bat
2014-05-20 16:47 - 2014-02-19 14:08 - 0015748 _____ () C:\Users\Admin\AppData\Roaming\README.md
2014-12-20 18:30 - 2014-12-20 18:30 - 0045270 _____ () C:\Users\Admin\AppData\Roaming\room_v3.dat
2014-05-28 16:54 - 2014-05-28 10:16 - 0000267 _____ () C:\Users\Admin\AppData\Roaming\sgminer.conf
2014-05-20 16:47 - 2014-05-27 15:01 - 0364544 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Admin\AppData\Roaming\ssleay32.dll
2014-05-19 00:20 - 2014-05-19 00:20 - 0000000 __RSH () C:\Users\Admin\AppData\Roaming\wuzsd.tmp~
2014-05-20 16:47 - 2014-05-27 15:01 - 0113166 _____ () C:\Users\Admin\AppData\Roaming\zlib1.dll
2014-09-07 19:52 - 2014-09-07 19:52 - 0000003 _____ () C:\Users\Admin\AppData\Local\updater.log
2014-09-07 19:52 - 2015-10-04 01:44 - 0000412 _____ () C:\Users\Admin\AppData\Local\UserProducts.xml
 
Some files in TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Admin\AppData\Local\Temp\nsu3E3A.exe
C:\Users\Admin\AppData\Local\Temp\SDShelEx-win32.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-22 05:44
 
==================== End of FRST.txt ============================

Edited by Sasukemystery, 26 December 2015 - 01:02 PM.


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:27 AM

Posted 26 December 2015 - 02:06 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   2.5KB   2 downloads

 

 

Let me know how your machine is running after this fix.

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:27 AM

Posted 28 December 2015 - 09:25 AM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 Sasukemystery

Sasukemystery
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 28 December 2015 - 09:27 AM

Sorry I didn't reply!

 

The problem seems to be solved.

 

Thank you very much!



#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:27 AM

Posted 28 December 2015 - 09:43 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:27 AM

Posted 13 January 2016 - 05:05 PM

This topic has been re-opened at the request of the person who originally posted.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:27 AM

Posted 13 January 2016 - 05:06 PM

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 Sasukemystery

Sasukemystery
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 14 January 2016 - 11:18 AM

Ok, here. My computer has been very slow past few days =(

 

__________________________________________________________________________________________________________________________________

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-01-2015 01
Ran by Admin (administrator) on WIN-6ROB1ELVTRH (14-01-2016 23:05:43)
Running from C:\Users\Admin\Desktop\BonusBitcoin
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(AnchorFree Inc.) C:\Program Files\Hotspot Shield\bin\cmw_srv.exe
() C:\Program Files\Hotspot Shield\bin\hsswd.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Program Files\Razer\Razer Services\GSS\GameScannerService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Zemana Ltd.) C:\Program Files\Zemana AntiMalware\ZAM.exe
() C:\Program Files\Garena Plus\ggdllhost.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe
(Razer Inc.) C:\Program Files\Razer\Synapse\RzSynapse.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Zemana Ltd.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Skillbrains) C:\Program Files\Skillbrains\lightshot\5.3.0.0\Lightshot.exe
() C:\Program Files\UniKey Vista 2.0\UniKeyVista2.0.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe
(PC Remote) C:\Program Files\PC Remote\PC Remote\PCRemote.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(© 2015 Microsoft Corporation) C:\Users\Admin\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(ICQ) C:\Users\Admin\AppData\Roaming\ICQM\icq.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe
(Mega Limited) C:\Users\Admin\AppData\Local\MEGAsync\MEGAsync.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Update\Install\{BCECB821-2189-42CA-B417-DC524223EFB2}\47.0.2526.111_chrome_installer.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Temp\CR_312B0.tmp\setup.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Razer, Inc.) C:\Program Files\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\Admin\AppData\Local\Razer\InGameEngine\cache\RzSynapse\rzcefrenderprocess.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.1.6\deploy\LoLLauncher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.46\deploy\LoLPatcher.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.46\deploy\LoLPatcherUx.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.46\deploy\LoLPatcherUx.exe
(Google Inc.) C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Admin\Desktop\BonusBitcoin\FRST (2).exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-07-18] (Intel Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [748256 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe [832272 2014-06-23] (BlueStack Systems, Inc.)
HKLM\...\Run: [Lightshot] => C:\Program Files\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM\...\Run: [Razer Synapse] => C:\Program Files\Razer\Synapse\RzSynapse.exe [592704 2015-07-08] (Razer Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [12902304 2015-12-14] (Zemana Ltd.)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2616320 2010-11-21] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2616320 2010-11-21] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Run: [UniKey] => C:\Program Files\UniKey Vista 2.0\UniKeyVista2.0.exe [675840 2006-04-19] ()
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Run: [Google Update] => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Run: [GarenaPlus] => C:\Program Files\Garena Plus\GarenaMessenger.exe [10016704 2015-09-03] ()
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Run: [PC Remote Server] => C:\Program Files\PC Remote\PC Remote\PCRemote.exe [1190648 2014-10-12] (PC Remote)
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-13] (Piriform Ltd)
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Run: [BingSvc] => C:\Users\Admin\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Run: [Sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Run: [YWPack] => C:\Windows\System32\regsvr32.exe C:\Users\Admin\AppData\Local\Idsoft\a3dMouseHid.dll
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Run: [icq] => C:\Users\Admin\AppData\Roaming\ICQM\icq.exe [39738376 2015-12-29] (ICQ)
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\RunOnce: [Application Restart #1] => C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe [741704 2015-12-11] (Google Inc.)
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\MountPoints2: {7a661dfe-e354-11e4-9cca-685d43d0d8a5} - G:\Startme.exe
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2616320 2010-11-21] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\Admin\AppData\Local\Idsoft\a3dMouseHid.dll ATTENTION
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2616320 2010-11-21] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Admin\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Admin\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Admin\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2015-12-24]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Admin\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-12-24]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{77F0F9B0-9826-494A-A74E-ECEA6F9203C6}: [DhcpNameServer] 199.203.131.151
Tcpip\..\Interfaces\{AC00BCDA-5B4A-4116-8F94-EDAFC3CD19C3}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{EBA1A423-55F7-42FF-8BD2-7D3431A11272}: [NameServer] 199.203.131.151 82.163.143.181
Tcpip\..\Interfaces\{EBA1A423-55F7-42FF-8BD2-7D3431A11272}: [DhcpNameServer] 192.168.2.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1755497312-2144431535-1462801618-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-18] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-18] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1755497312-2144431535-1462801618-1000 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0060-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://42.112.1.101/videoplayer/swflash.cab?ich_u_r_i=92e814a45392f036c20633f3d79dfece&ich_s_t_a_r_t=0&ich_e_n_d=0&ich_k_e_y=1245038917750863292468&ich_t_y_p_e=1&ich_u_n_i_t=1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\96ghf148.default
FF SearchEngineOrder.3: Bing 
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [2012-03-17] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Windows\system32\npdeployJava1.dll [2015-09-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-01-16] ( Garena)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1755497312-2144431535-1462801618-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Admin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1755497312-2144431535-1462801618-1000: @talk.google.com/O1DPlugin -> C:\Users\Admin\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1755497312-2144431535-1462801618-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-1755497312-2144431535-1462801618-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-1755497312-2144431535-1462801618-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Admin\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Admin\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: ReloadEvery - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\96ghf148.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2015-08-08]
FF Extension: IPFlood - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\96ghf148.default\extensions\ipbleep@p4ul.info.xpi [2015-08-08]
FF Extension: iMacros for Firefox - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\96ghf148.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2015-10-18]
FF Extension: easySubmit - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\96ghf148.default\Extensions\@easysubmit.xpi [2016-01-08]
FF Extension: Bing Search - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\96ghf148.default\Extensions\bingsearch.full@microsoft.com [2015-08-28] [not signed]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Admin\AppData\Roaming\IDM\idmmzcc5 => not found
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-23]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-23]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-23]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-23]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-23]
CHR Extension: (Bing) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-12-23]
CHR Extension: (Google Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-23]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-24]
CHR Extension: (Little Alchemy) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2015-12-26]
CHR Extension: (Skype) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-23]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-23]
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
CHR HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - chrome.exe
StartMenuInternet: Google Chrome.7PQPS23MUPF4CCWMZG2OSP2JEE - C:\Users\Admin\AppData\Local\Google\Chrome\Application\chrome.exe
 
Opera: 
=======
OPR Extension: (2048 AI - bitcoin) - C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\chfnopmklmpinabemlmldefhbhgkglmc [2015-12-21]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [406288 2014-06-23] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [385808 2014-06-23] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [774928 2014-06-23] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [280680 2015-09-16] (Intel Corporation)
S3 EasyAntiCheat; C:\Windows\system32\EasyAntiCheat.exe [245544 2015-12-18] (EasyAntiCheat Ltd)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2015-12-26] (SurfRight B.V.)
R2 hshld; C:\Program Files\Hotspot Shield\bin\cmw_srv.exe [1873616 2015-10-13] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [96600 2015-10-13] ()
R2 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe [589520 2015-06-04] ()
S3 ICCS; C:\Program Files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [169752 2012-04-24] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [274024 2015-09-16] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [235696 2015-12-02] (McAfee, Inc.)
R2 Razer Game Scanner Service; C:\Program Files\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-24] ()
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155520 2015-06-10] (Avanquest Software)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [12902304 2015-12-14] (Zemana Ltd.)
S2 szserver; "C:\Program Files\iS3\STOPzilla AntiMalware\SZServer.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [24832 2013-12-14] (Advanced Micro Devices, Inc.)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [113424 2014-06-23] (BlueStack Systems)
R1 epp32; C:\EEK\bin\epp32.sys [112408 2015-12-26] (Emsisoft GmbH)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [26328 2015-04-15] (Sony Mobile Communications)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [39528 2015-06-04] (AnchorFree Inc.)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16880 2013-07-18] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [352752 2013-07-18] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [801776 2013-07-18] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-01-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [10299904 2011-12-01] (Intel Corporation)
R3 RSUSBVSTOR; C:\Windows\System32\Drivers\RtsUVStor.sys [246488 2014-01-03] (Realtek Semiconductor Corp.)
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [30120 2014-12-30] (Razer Inc)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [35624 2014-12-30] (Razer Inc)
S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [25088 2014-05-23] (Windows ® Win 7 DDK provider)
R3 rzmpos; C:\Windows\System32\DRIVERS\rzmpos.sys [32680 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [20288 2015-06-12] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [97088 2015-06-27] (Razer, Inc.)
R3 rzudd; C:\Windows\System32\DRIVERS\rzudd.sys [151336 2014-12-30] (Razer Inc)
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [29224 2014-12-30] (Razer Inc)
R0 szkg5; C:\Windows\System32\drivers\szkg.sys [61328 2015-05-20] (iS3 Inc.)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [36968 2015-06-04] (Anchorfree Inc.)
R1 ZAM; C:\Windows\System32\drivers\zam32.sys [179448 2015-12-26] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [179448 2015-12-26] (Zemana Ltd.)
S3 cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 EasyAntiCheatSys; \??\C:\Windows\system32\drivers\EasyAntiCheat.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [X]
S0 is3srv; system32\drivers\is3srv.sys [X]
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [359640 2014-01-03] (Realsil Semiconductor Corporation)
S0 szkgfs; system32\drivers\szkgfs.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-14 23:00 - 2016-01-14 23:01 - 00063003 _____ C:\Users\Admin\Desktop\FRST 2.txt
2016-01-13 23:33 - 2015-12-24 05:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-13 23:33 - 2015-12-13 01:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-13 23:33 - 2015-12-13 00:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-13 23:33 - 2015-12-13 00:49 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-01-13 23:33 - 2015-12-13 00:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-13 23:33 - 2015-12-13 00:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-13 23:33 - 2015-12-13 00:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-01-13 23:33 - 2015-12-13 00:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-13 23:33 - 2015-12-13 00:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-01-13 23:33 - 2015-12-13 00:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-13 23:33 - 2015-12-13 00:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-13 23:33 - 2015-12-13 00:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-13 23:33 - 2015-12-13 00:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-13 23:33 - 2015-12-13 00:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-13 23:33 - 2015-12-13 00:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-01-13 23:33 - 2015-12-13 00:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-13 23:33 - 2015-12-13 00:27 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-01-13 23:33 - 2015-12-13 00:22 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-01-13 23:33 - 2015-12-13 00:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-13 23:33 - 2015-12-13 00:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-01-13 23:33 - 2015-12-13 00:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-01-13 23:33 - 2015-12-13 00:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-13 23:33 - 2015-12-13 00:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-13 23:33 - 2015-12-13 00:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-13 23:33 - 2015-12-13 00:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-01-13 23:33 - 2015-12-13 00:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-01-13 23:33 - 2015-12-13 00:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-13 23:33 - 2015-12-13 00:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-13 23:33 - 2015-12-13 00:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-01-13 23:33 - 2015-12-13 00:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-13 23:33 - 2015-12-13 00:00 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-13 23:33 - 2015-12-12 23:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-13 23:33 - 2015-12-12 23:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-13 23:33 - 2015-12-12 23:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-13 23:33 - 2015-12-09 04:53 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-13 23:32 - 2015-12-31 01:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-01-13 23:32 - 2015-12-31 01:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-13 23:32 - 2015-12-31 01:47 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-13 23:32 - 2015-12-31 01:47 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-01-13 23:32 - 2015-12-31 01:44 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-13 23:32 - 2015-12-31 01:41 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-01-13 23:32 - 2015-12-31 01:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-01-13 23:32 - 2015-12-31 01:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-01-13 23:32 - 2015-12-31 01:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-01-13 23:32 - 2015-12-31 01:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-01-13 23:32 - 2015-12-31 01:40 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-01-13 23:32 - 2015-12-31 01:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-13 23:32 - 2015-12-31 01:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-01-13 23:32 - 2015-12-31 01:39 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-13 23:32 - 2015-12-31 01:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-01-13 23:32 - 2015-12-31 01:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-13 23:32 - 2015-12-31 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-01-13 23:32 - 2015-12-31 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-01-13 23:32 - 2015-12-31 01:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-13 23:32 - 2015-12-31 01:38 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-13 23:32 - 2015-12-31 01:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-01-13 23:32 - 2015-12-31 01:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-01-13 23:32 - 2015-12-31 01:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-01-13 23:32 - 2015-12-31 00:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-01-13 23:32 - 2015-12-31 00:38 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-01-13 23:32 - 2015-12-31 00:32 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-01-13 23:32 - 2015-12-31 00:32 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-13 23:32 - 2015-12-31 00:32 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-13 23:32 - 2015-12-31 00:30 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-13 23:32 - 2015-12-31 00:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-01-13 23:32 - 2015-12-31 00:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-01-13 23:32 - 2015-12-31 00:30 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-01-13 23:32 - 2015-12-09 04:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-13 23:32 - 2015-11-14 05:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-13 23:32 - 2015-11-14 05:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-13 23:32 - 2015-11-14 05:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-13 23:30 - 2015-12-09 04:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-13 23:30 - 2015-12-09 04:00 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-13 23:29 - 2015-12-09 04:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-13 23:29 - 2015-12-09 04:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-13 23:29 - 2015-12-09 04:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-13 23:29 - 2015-12-09 04:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-13 23:29 - 2015-12-09 04:54 - 01202688 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-01-13 23:29 - 2015-12-09 04:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-13 23:29 - 2015-12-09 04:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-13 23:29 - 2015-12-09 04:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-13 23:29 - 2015-12-09 04:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-13 23:29 - 2015-12-09 04:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-13 23:29 - 2015-12-09 04:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-13 23:29 - 2015-12-09 04:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-13 23:29 - 2015-12-09 04:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-13 23:29 - 2015-12-09 04:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-13 23:29 - 2015-12-09 04:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-13 23:29 - 2015-12-09 04:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-13 23:29 - 2015-12-09 04:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-13 23:29 - 2015-12-09 04:53 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-01-13 23:29 - 2015-12-09 04:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-13 23:29 - 2015-12-09 04:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-13 23:29 - 2015-12-09 04:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-13 23:29 - 2015-12-09 04:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-13 23:29 - 2015-12-09 04:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-13 23:29 - 2015-12-09 04:53 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-13 23:29 - 2015-12-09 04:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-13 23:29 - 2015-12-09 04:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-13 23:29 - 2015-12-09 04:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-13 23:29 - 2015-12-09 04:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-13 23:29 - 2015-12-09 04:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-13 23:29 - 2015-12-09 04:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-13 23:29 - 2015-12-09 04:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-13 23:29 - 2015-12-09 04:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-13 23:29 - 2015-12-09 04:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-13 23:29 - 2015-12-09 04:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-13 23:29 - 2015-12-09 04:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-01-13 23:29 - 2015-12-09 04:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-13 23:29 - 2015-12-09 04:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-01-13 23:29 - 2015-12-09 04:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-01-13 23:29 - 2015-12-09 04:43 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-13 23:29 - 2015-12-09 04:11 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-01-13 23:29 - 2015-12-09 04:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-08 06:21 - 2016-01-08 06:21 - 00336071 _____ C:\Users\Admin\Downloads\Abracadabra  Bitcoin.pdf
2016-01-08 06:20 - 2016-01-08 06:20 - 00215947 _____ C:\Users\Admin\Downloads\BTCExplosion.pdf
2016-01-08 03:11 - 2016-01-08 03:11 - 00000933 _____ C:\Users\Admin\Desktop\Minecraft.lnk
2016-01-02 05:40 - 2016-01-02 05:40 - 06377776 _____ C:\Users\Admin\Downloads\digieuro-scrypt-en-om (1).zip
2016-01-02 05:40 - 2016-01-02 05:40 - 00001125 _____ C:\Users\Public\Desktop\DigiEuro (DEUR) Scrypt.lnk
2016-01-02 05:37 - 2016-01-02 05:37 - 00053102 _____ C:\Users\Admin\Downloads\Grow your instagram.pdf
2015-12-29 22:10 - 2015-12-29 22:10 - 00001772 _____ C:\Users\Admin\Desktop\ICQ.lnk
2015-12-29 22:10 - 2015-12-29 22:10 - 00001630 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\ICQ.lnk
2015-12-29 22:10 - 2015-12-29 22:10 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ
2015-12-29 22:09 - 2015-12-29 22:12 - 00000000 ____D C:\Users\Admin\AppData\Roaming\ICQ-Profile
2015-12-29 22:09 - 2015-12-29 22:10 - 00000000 ____D C:\Users\Admin\AppData\Roaming\ICQM
2015-12-29 22:04 - 2015-12-29 22:04 - 37258248 _____ (ICQ) C:\Users\Admin\Downloads\icq_rfrset.exe
2015-12-27 06:00 - 2015-12-27 06:00 - 00731679 _____ C:\Users\Admin\Downloads\InstagramMoneyMethod.rar
2015-12-27 05:58 - 2015-12-27 05:58 - 00168811 _____ C:\Users\Admin\Downloads\SATOSHIMINES+STRATEGY+NO+EXPLOIT+MADE+1+BTC+PROOF.pdf
2015-12-27 05:51 - 2015-12-27 05:51 - 05995871 _____ C:\Users\Admin\Downloads\Overnight_Income (1).zip
2015-12-27 05:51 - 2015-12-27 05:51 - 05995871 _____ C:\Users\Admin\Downloads\Overnight_Income (1) (1).zip
2015-12-27 05:37 - 2015-12-27 05:37 - 00029696 _____ C:\Users\Admin\Downloads\SatoshiMines_Simplified_v1.01.xlsx
2015-12-27 05:30 - 2015-12-27 05:30 - 00079970 _____ C:\Users\Admin\Downloads\Insane Bitcoin.pdf
2015-12-27 00:39 - 2015-12-27 00:39 - 00000751 _____ C:\Users\Admin\Desktop\Start Emsisoft Emergency Kit.lnk
2015-12-27 00:38 - 2015-12-27 00:54 - 00000000 ____D C:\EEK
2015-12-27 00:32 - 2015-12-27 00:35 - 171136208 _____ C:\Users\Admin\Downloads\EmsisoftEmergencyKit.exe
2015-12-27 00:01 - 2015-12-27 00:01 - 01743360 _____ C:\Users\Admin\Downloads\AdwCleaner.exe
2015-12-27 00:00 - 2015-12-27 00:00 - 01743360 _____ C:\Users\Admin\Downloads\adwcleaner_5.026.exe
2015-12-26 23:58 - 2015-12-26 23:58 - 01743360 _____ C:\Users\Admin\Desktop\AdwCleaner.exe
2015-12-26 23:02 - 2016-01-02 05:41 - 00000000 ____D C:\Program Files\DigiEuro (DEUR) Scrypt
2015-12-26 23:02 - 2016-01-02 05:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DigiEuro (DEUR) Scrypt
2015-12-26 23:00 - 2015-12-26 23:01 - 06377776 _____ C:\Users\Admin\Downloads\digieuro-scrypt-en-om.zip
2015-12-26 22:15 - 2015-12-26 22:15 - 00263765 _____ C:\Users\Admin\Downloads\4ZLOLZ EARNING GUIDE.pdf
2015-12-26 21:37 - 2015-12-26 21:37 - 00058501 _____ C:\Users\Admin\Desktop\FRST.txt
2015-12-26 21:37 - 2015-12-26 21:37 - 00029235 _____ C:\Users\Admin\Desktop\Addition.txt
2015-12-26 21:35 - 2015-12-26 21:36 - 00029235 _____ C:\Users\Admin\Downloads\Addition.txt
2015-12-26 21:35 - 2015-12-26 21:35 - 01721856 _____ (Farbar) C:\Users\Admin\Downloads\FRST (1).exe
2015-12-26 21:34 - 2016-01-14 22:56 - 00063003 _____ C:\Users\Admin\Downloads\FRST.txt
2015-12-26 21:33 - 2016-01-14 23:05 - 00000000 ____D C:\FRST
2015-12-26 21:33 - 2015-12-26 21:33 - 01721856 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2015-12-26 21:00 - 2016-01-14 23:08 - 00791367 _____ C:\Windows\ZAM_Guard.krnl.trace
2015-12-26 21:00 - 2016-01-14 22:08 - 00000620 _____ C:\Windows\ZAM.krnl.trace
2015-12-26 21:00 - 2015-12-26 21:00 - 00179448 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard32.sys
2015-12-26 21:00 - 2015-12-26 21:00 - 00179448 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam32.sys
2015-12-26 21:00 - 2015-12-26 21:00 - 00001900 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2015-12-26 21:00 - 2015-12-26 21:00 - 00000000 ____D C:\Users\Admin\AppData\Local\Zemana
2015-12-26 21:00 - 2015-12-26 21:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2015-12-26 21:00 - 2015-12-26 21:00 - 00000000 ____D C:\Program Files\Zemana AntiMalware
2015-12-26 20:59 - 2015-12-26 20:59 - 05298752 _____ ( ) C:\Users\Admin\Downloads\Zemana.AntiMalware.Setup.exe
2015-12-26 19:50 - 2015-12-26 19:50 - 00009240 _____ C:\Windows\system32\.crusader
2015-12-26 18:41 - 2015-12-26 19:51 - 00000000 ____D C:\ProgramData\HitmanPro
2015-12-26 18:41 - 2015-12-26 18:41 - 00001905 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-12-26 18:41 - 2015-12-26 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-12-26 18:41 - 2015-12-26 18:41 - 00000000 ____D C:\Program Files\HitmanPro
2015-12-26 18:40 - 2015-12-26 18:41 - 10344184 _____ (SurfRight B.V.) C:\Users\Admin\Downloads\HitmanPro.exe
2015-12-25 21:18 - 2015-12-25 21:17 - 00066174 _____ C:\Users\Admin\Desktop\received_10203628653995418.jpeg
2015-12-25 21:17 - 2015-12-25 21:17 - 00066174 _____ C:\Users\Admin\Downloads\received_10203628653995418.jpeg
2015-12-24 19:08 - 2015-12-24 19:08 - 01288108 _____ C:\Users\Admin\Downloads\Empire Revenue (1).pdf
2015-12-24 19:07 - 2015-12-24 19:08 - 01288108 _____ C:\Users\Admin\Downloads\Empire Revenue.pdf
2015-12-24 05:58 - 2015-12-24 05:58 - 00001058 _____ C:\Users\Admin\Desktop\malware.txt
2015-12-24 04:32 - 2015-12-24 04:33 - 00000000 ____D C:\Users\Admin\Downloads\Malwarebytes Anti-Malware Premium 2.2.0.1024 Final Multilingual incl Keygen-=TEAM OS=-
2015-12-24 04:32 - 2015-12-24 04:32 - 00007966 _____ C:\Users\Admin\Downloads\[kat.cr]malwarebytes.anti.malware.premium.2.2.0.1024.final.multilingual.incl.keygen.team.os.torrent
2015-12-24 04:30 - 2016-01-10 22:24 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-24 04:25 - 2015-12-24 18:16 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-12-24 04:21 - 2015-12-24 04:21 - 22908888 _____ (Malwarebytes ) C:\Users\Admin\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-24 04:19 - 2015-12-24 04:19 - 00000994 _____ C:\Users\Admin\Downloads\[kat.cr]malwarebytes.anti.malware.premium.latest.serials.14.11.15.4realtorrentz.torrent
2015-12-24 04:19 - 2015-12-24 04:19 - 00000735 ____R C:\Users\Admin\Downloads\Malwarebytes Anti-Malware Premium Latest Serials (14.11.15) [4realtorrentz].txt
2015-12-23 05:58 - 2016-01-14 23:05 - 00000000 ____D C:\Users\Admin\Desktop\BonusBitcoin
2015-12-22 21:50 - 2015-12-22 21:50 - 00000000 ____D C:\Users\Admin\AppData\Roaming\TuneUp Software
2015-12-22 21:50 - 2015-12-22 21:50 - 00000000 ____D C:\Users\Admin\AppData\Local\TuneUp Software
2015-12-22 21:46 - 2015-12-22 21:53 - 00000000 ____D C:\ProgramData\TuneUp Software
2015-12-22 21:45 - 2015-12-26 19:53 - 00000000 ____D C:\Users\Admin\AppData\Local\Idsoft
2015-12-22 21:45 - 2015-12-22 21:45 - 00067530 _____ C:\Users\Admin\Desktop\Setup_product_13224.exe
2015-12-22 21:41 - 2015-12-24 05:59 - 00000000 ____D C:\Program Files\KMSPico 10.0.6
2015-12-21 03:06 - 2015-12-21 03:06 - 01695352 _____ C:\Users\Admin\Downloads\MoneyBot www.ebookleaks.org.rar
2015-12-21 03:05 - 2015-12-21 03:06 - 01858819 _____ C:\Users\Admin\Downloads\INCREDIBLE INCOME www.ebookleaks.org.rar
2015-12-21 01:13 - 2015-12-21 01:13 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Opera Software
2015-12-21 01:13 - 2015-12-21 01:13 - 00000000 ____D C:\Users\Admin\AppData\Local\Opera Software
2015-12-21 01:12 - 2015-12-24 06:05 - 00001081 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-12-21 01:12 - 2015-12-24 06:05 - 00001075 _____ C:\Users\Public\Desktop\Opera.lnk
2015-12-21 01:12 - 2015-12-21 01:12 - 00017661 _____ C:\Users\Admin\Downloads\2048-BitcoinAutoplayer.nex
2015-12-21 01:11 - 2016-01-11 01:50 - 00000000 ____D C:\Program Files\Opera
2015-12-21 01:11 - 2015-12-21 01:11 - 00720336 _____ (Opera Software) C:\Users\Admin\Downloads\Opera_NI_stable.exe
2015-12-20 23:44 - 2015-12-20 23:44 - 00002632 _____ C:\Users\Admin\Downloads\legitcheck.hta
2015-12-20 23:40 - 2015-12-26 05:42 - 00001096 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-20 23:40 - 2015-12-24 04:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-20 23:40 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-20 23:40 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-20 23:40 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-20 23:33 - 2015-12-20 23:33 - 00053294 _____ C:\Users\Admin\Downloads\[kat.cr]kmspico.10.1.9.final.2015.portable.torrent
2015-12-20 23:33 - 2015-12-20 23:33 - 00000000 ____D C:\Users\Admin\Downloads\KMSpico 10.1.9 Final + Portable
2015-12-20 19:29 - 2015-12-26 19:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2015-12-20 19:29 - 2015-12-26 19:49 - 00000000 ____D C:\Program Files\KMSpico
2015-12-20 19:29 - 2010-12-06 09:16 - 00090112 _____ (Vestris Inc.) C:\Windows\system32\Vestris.ResourceLib.dll
2015-12-20 19:28 - 2015-12-20 19:28 - 03191776 _____ C:\Users\Admin\Downloads\KMSpico 10.1.9.zip
2015-12-20 19:25 - 2015-12-20 19:25 - 03186153 _____ C:\Users\Admin\Downloads\AppNee.com.KMSPico.v10.1.9.Setup.7z
2015-12-20 19:24 - 2015-12-20 19:24 - 00000000 ___RD C:\Users\Admin\Documents\MEGA
2015-12-20 19:21 - 2015-12-21 01:11 - 00000000 ____D C:\Users\Admin\Documents\MEGAsync Downloads
2015-12-20 19:18 - 2015-12-24 06:05 - 00001026 _____ C:\Users\Admin\Desktop\MEGAsync.lnk
2015-12-20 19:18 - 2015-12-20 19:18 - 10152576 _____ (MEGA Limited) C:\Users\Admin\Downloads\MEGAsyncSetup (2).exe
2015-12-20 19:18 - 2015-12-20 19:18 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2015-12-20 19:18 - 2015-12-20 19:18 - 00000000 ____D C:\Users\Admin\AppData\Local\Mega Limited
2015-12-20 19:17 - 2015-12-20 19:17 - 21545336 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-sem-2.1.6.1022.exe
2015-12-20 05:40 - 2015-12-18 01:16 - 00245544 _____ (EasyAntiCheat Ltd) C:\Windows\system32\EasyAntiCheat.exe
2015-12-20 05:20 - 2015-12-24 06:05 - 00001642 _____ C:\Users\Admin\Desktop\Robocraft Launcher.lnk
2015-12-20 05:20 - 2015-12-20 05:20 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Robocraft Launcher
2015-12-20 05:20 - 2015-12-20 05:20 - 00000000 ____D C:\Users\Admin\AppData\Local\Solid State Networks
2015-12-20 05:20 - 2015-12-20 05:20 - 00000000 ____D C:\Games
2015-12-20 05:17 - 2015-12-20 05:18 - 12397864 _____ (Freejam Games ) C:\Users\Admin\Downloads\RobocraftSetup.exe
2015-12-19 17:55 - 2015-12-19 17:55 - 00150780 _____ C:\Users\Admin\Downloads\easyaf.pdf
2015-12-17 03:47 - 2015-12-17 04:27 - 01619797 _____ C:\Users\Admin\Downloads\PPD RAPER V1.1 BOOK www.ebookleaks.org.rar
2015-12-17 03:45 - 2015-12-17 04:27 - 01234255 _____ C:\Users\Admin\Downloads\Bitcoin extreme www.ebookleaks.org.rar
2015-12-17 03:43 - 2015-12-17 04:27 - 01900472 _____ C:\Users\Admin\Downloads\CashBlanket www.ebookleaks.org.rar
2015-12-17 03:43 - 2015-12-17 03:43 - 01806892 _____ C:\Users\Admin\Downloads\Supreme PPD guide www.ebookleaks.org.rar
2015-12-17 03:24 - 2015-12-17 03:25 - 05869779 _____ C:\Users\Admin\Downloads\Rocket Revenue www.ebookleaks.org.rar
2015-12-15 00:04 - 2015-12-15 00:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-14 22:54 - 2015-09-21 18:57 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2016-01-14 22:45 - 2014-05-08 19:39 - 00000996 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1755497312-2144431535-1462801618-1000UA.job
2016-01-14 22:11 - 2014-05-09 19:49 - 00000000 __SHD C:\Users\Admin\IntelGraphicsProfiles
2016-01-14 22:08 - 2009-07-14 11:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-14 22:08 - 2009-07-14 09:37 - 00000000 ____D C:\Windows
2016-01-14 04:52 - 2009-07-14 11:34 - 00036480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-14 04:52 - 2009-07-14 11:34 - 00036480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-14 04:45 - 2014-05-08 19:39 - 00000944 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1755497312-2144431535-1462801618-1000Core.job
2016-01-14 04:28 - 2015-04-19 01:54 - 00000000 ____D C:\Windows\rescache
2016-01-14 03:56 - 2010-11-21 04:01 - 00794034 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-14 03:56 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\inf
2016-01-14 03:51 - 2009-07-14 11:33 - 00412040 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-13 01:54 - 2015-12-08 22:15 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-10 22:30 - 2015-11-28 23:00 - 00000000 ____D C:\Program Files\TeamViewer
2016-01-10 21:11 - 2014-05-29 20:29 - 00000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2016-01-08 23:55 - 2015-09-22 19:52 - 00000000 ____D C:\Users\Admin\AppData\Roaming\.minecraft
2016-01-08 23:34 - 2015-09-17 16:59 - 00001095 _____ C:\Users\Admin\Desktop\nativelog.txt
2016-01-08 03:12 - 2015-09-17 16:58 - 00001095 _____ C:\Windows\system32\nativelog.txt
2015-12-28 20:51 - 2009-07-14 11:53 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-27 17:34 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\system32\NDF
2015-12-27 00:24 - 2015-12-12 19:24 - 00000000 ____D C:\AdwCleaner
2015-12-27 00:07 - 2015-12-09 04:54 - 00000000 ____D C:\ProgramData\{113089a1-10c8-0}
2015-12-27 00:07 - 2015-12-09 04:54 - 00000000 ____D C:\ProgramData\{088dd182-50c8-1}
2015-12-26 20:51 - 2015-03-02 18:22 - 00002338 _____ C:\Users\Admin\Desktop\Chrome App Launcher.lnk
2015-12-26 19:50 - 2014-09-02 00:25 - 00000000 ____D C:\Users\Admin\AppData\Roaming\mgyun
2015-12-26 19:50 - 2014-05-09 19:00 - 00000000 ____D C:\Users\Admin\AppData\Roaming\BitTorrent
2015-12-26 17:29 - 2015-12-04 04:26 - 00000000 ____D C:\Users\Admin\AppData\LocalLow\BitTorrent
2015-12-26 04:03 - 2014-05-08 19:50 - 00000000 ____D C:\ProgramData\Skype
2015-12-25 04:24 - 2014-10-16 19:52 - 00000000 ____D C:\Program Files\Garena Plus
2015-12-25 04:03 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\system
2015-12-24 06:06 - 2015-08-05 06:56 - 00000775 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2015-12-24 06:06 - 2015-05-03 19:36 - 00002957 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HitLeap Viewer.lnk
2015-12-24 06:06 - 2012-03-17 14:48 - 00001130 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-24 06:05 - 2015-12-10 18:48 - 00001607 _____ C:\Users\Public\Desktop\League of Legends.lnk
2015-12-24 06:05 - 2015-12-08 22:15 - 00002019 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-12-24 06:05 - 2015-12-05 02:11 - 00000977 _____ C:\Users\Admin\Desktop\IceChat.lnk
2015-12-24 06:05 - 2015-11-28 23:08 - 00001305 _____ C:\Users\Public\Desktop\Invision.lnk
2015-12-24 06:05 - 2015-11-28 23:01 - 00001001 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-12-24 06:05 - 2015-11-28 23:01 - 00000995 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-12-24 06:05 - 2015-11-28 22:54 - 00000915 _____ C:\Users\Public\Desktop\mIRC.lnk
2015-12-24 06:05 - 2015-11-20 00:00 - 00001974 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-12-24 06:05 - 2015-11-17 22:28 - 00000977 _____ C:\Users\Admin\Desktop\Electrum.lnk
2015-12-24 06:05 - 2015-10-22 01:03 - 00001879 _____ C:\Users\Admin\Desktop\Razer Synapse.lnk
2015-12-24 06:05 - 2015-09-22 19:51 - 00000933 _____ C:\Users\Public\Desktop\Minecraft.lnk
2015-12-24 06:05 - 2015-09-21 23:12 - 00002007 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-12-24 06:05 - 2015-09-21 18:56 - 00002679 _____ C:\Users\Public\Desktop\Skype.lnk
2015-12-24 06:05 - 2015-08-08 01:55 - 00001019 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-12-24 06:05 - 2015-08-08 01:55 - 00001013 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-12-24 06:05 - 2015-08-05 06:56 - 00000751 _____ C:\Users\Admin\Desktop\Start Tor Browser.lnk
2015-12-24 06:05 - 2015-08-05 05:04 - 00001070 _____ C:\Users\Public\Desktop\Picasa 3.lnk
2015-12-24 06:05 - 2015-08-03 07:35 - 00002003 _____ C:\Users\Public\Desktop\STOPzilla AntiMalware.lnk
2015-12-24 06:05 - 2015-07-31 05:14 - 00001043 _____ C:\Users\Admin\Desktop\FitnessMost.lnk
2015-12-24 06:05 - 2015-07-24 04:49 - 00001008 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk
2015-12-24 06:05 - 2015-05-03 19:36 - 00002995 _____ C:\Users\Admin\Desktop\HitLeap Viewer.lnk
2015-12-24 06:05 - 2014-12-21 01:00 - 00001224 _____ C:\Users\Admin\Desktop\Paint.lnk
2015-12-24 06:05 - 2014-11-23 23:40 - 00001048 _____ C:\Users\Admin\Desktop\PC Remote Server.lnk
2015-12-24 06:05 - 2014-11-10 20:49 - 00000564 _____ C:\Users\Public\Desktop\Fraps.lnk
2015-12-24 06:05 - 2014-10-16 19:57 - 00001017 _____ C:\Users\Public\Desktop\FIFA ONLINE 3(Vietnam).lnk
2015-12-24 06:05 - 2014-10-16 19:52 - 00001027 _____ C:\Users\Public\Desktop\Garena+.lnk
2015-12-24 06:05 - 2014-09-07 19:53 - 00001190 _____ C:\Users\Admin\Desktop\Lightshot .lnk
2015-12-24 06:05 - 2014-07-09 23:56 - 00001767 _____ C:\Users\Public\Desktop\Start BlueStacks.lnk
2015-12-24 06:05 - 2014-07-02 22:44 - 00001975 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Free Auto Clicker.lnk
2015-12-24 06:05 - 2014-07-02 22:44 - 00001951 _____ C:\Users\Admin\Desktop\Free Auto Clicker.lnk
2015-12-24 06:05 - 2014-06-11 21:59 - 00001091 _____ C:\Users\Public\Desktop\Easy Auto Clicker.lnk
2015-12-24 06:05 - 2014-05-20 17:29 - 00000880 _____ C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk
2015-12-24 06:05 - 2014-05-10 17:47 - 00000857 _____ C:\Users\Public\Desktop\osu!.lnk
2015-12-24 06:05 - 2014-05-08 19:58 - 00001635 _____ C:\Users\Admin\Desktop\POWERPNT.lnk
2015-12-24 06:05 - 2014-05-08 19:58 - 00001624 _____ C:\Users\Admin\Desktop\WINWORD.lnk
2015-12-24 06:05 - 2014-05-08 19:58 - 00001604 _____ C:\Users\Admin\Desktop\EXCEL.lnk
2015-12-24 06:05 - 2012-03-17 17:39 - 00001065 _____ C:\Users\Admin\Desktop\UniKeyVista2.0.lnk
2015-12-24 06:05 - 2012-03-17 15:49 - 00000971 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-12-24 06:05 - 2012-03-17 14:46 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-12-24 06:05 - 2012-03-17 14:46 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-12-24 06:05 - 2009-07-14 11:46 - 00001479 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-24 06:05 - 2009-07-14 11:46 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2015-12-24 06:05 - 2009-07-14 11:42 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2015-12-24 06:05 - 2009-07-14 11:42 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2015-12-24 06:05 - 2009-07-14 11:42 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2015-12-24 06:05 - 2009-07-14 11:37 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2015-12-24 06:01 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\Web
2015-12-24 05:59 - 2014-05-08 20:00 - 00000000 ____D C:\Users\Admin\AppData\Roaming\x64
2015-12-20 19:18 - 2015-12-05 17:06 - 00000000 ____D C:\Users\Admin\AppData\Local\MEGAsync
2015-12-20 18:20 - 2014-05-10 17:47 - 00000000 ____D C:\Program Files\osu!
2015-12-19 00:30 - 2012-03-17 17:06 - 00000000 ____D C:\Users\Admin\AppData\Local\ElevatedDiagnostics
2015-12-17 22:18 - 2015-11-20 00:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-12-17 22:16 - 2014-05-08 19:42 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-12-17 04:53 - 2015-04-21 17:10 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Mozilla
2015-12-15 00:04 - 2015-11-17 01:36 - 00000000 ____D C:\Program Files\McAfee Security Scan
 
==================== Files in the root of some directories =======
 
2014-06-17 03:32 - 2014-06-29 12:31 - 0000117 _____ () C:\Users\Admin\AppData\Roaming\D2Info0
2014-06-17 03:32 - 2014-06-29 00:27 - 0000008 _____ () C:\Users\Admin\AppData\Roaming\DofusAppId0_1
2014-06-17 03:32 - 2014-06-29 13:03 - 0000008 _____ () C:\Users\Admin\AppData\Roaming\DofusAppId0_2
2014-06-17 03:32 - 2014-06-27 10:37 - 0000008 _____ () C:\Users\Admin\AppData\Roaming\DofusAppId0_3
2014-06-23 10:15 - 2014-06-23 11:14 - 0000008 _____ () C:\Users\Admin\AppData\Roaming\DofusAppId0_4
2014-05-20 16:47 - 2014-05-27 15:01 - 0626176 _____ (The cURL library, http://curl.haxx.se/) C:\Users\Admin\AppData\Roaming\libcurl.dll
2014-05-20 16:47 - 2014-05-27 15:01 - 1704448 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Admin\AppData\Roaming\libeay32.dll
2014-05-20 16:47 - 2014-05-27 15:01 - 0112142 _____ () C:\Users\Admin\AppData\Roaming\libgcc_s_dw2-1.dll
2014-05-20 16:47 - 2014-05-27 15:01 - 0279955 _____ () C:\Users\Admin\AppData\Roaming\libidn-11.dll
2014-05-20 16:47 - 2014-05-27 15:01 - 0148760 _____ () C:\Users\Admin\AppData\Roaming\libpdcurses.dll
2014-05-20 16:47 - 2014-05-27 15:07 - 0000091 _____ () C:\Users\Admin\AppData\Roaming\msdtca.bat
2014-05-20 16:47 - 2014-02-19 14:08 - 0015748 _____ () C:\Users\Admin\AppData\Roaming\README.md
2014-12-20 18:30 - 2014-12-20 18:30 - 0045270 _____ () C:\Users\Admin\AppData\Roaming\room_v3.dat
2014-05-28 16:54 - 2014-05-28 10:16 - 0000267 _____ () C:\Users\Admin\AppData\Roaming\sgminer.conf
2014-05-20 16:47 - 2014-05-27 15:01 - 0364544 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Admin\AppData\Roaming\ssleay32.dll
2014-05-19 00:20 - 2014-05-19 00:20 - 0000000 __RSH () C:\Users\Admin\AppData\Roaming\wuzsd.tmp~
2014-05-20 16:47 - 2014-05-27 15:01 - 0113166 _____ () C:\Users\Admin\AppData\Roaming\zlib1.dll
2014-09-07 19:52 - 2014-09-07 19:52 - 0000003 _____ () C:\Users\Admin\AppData\Local\updater.log
2014-09-07 19:52 - 2015-10-04 01:44 - 0000412 _____ () C:\Users\Admin\AppData\Local\UserProducts.xml
 
Some files in TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Admin\AppData\Local\Temp\nsu3E3A.exe
C:\Users\Admin\AppData\Local\Temp\SDShelEx-win32.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-10 03:49
 
==================== End of FRST.txt ============================

________________________________________________________________________________________________________________________________
 
 
ADDITION
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-01-2015 01
Ran by Admin (2016-01-14 23:09:29)
Running from C:\Users\Admin\Desktop\BonusBitcoin
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2014-05-08 12:26:41)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Admin (S-1-5-21-1755497312-2144431535-1462801618-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-1755497312-2144431535-1462801618-500 - Administrator - Disabled)
Guest (S-1-5-21-1755497312-2144431535-1462801618-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.63 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.1.102.63 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{DC7723BE-A2BB-58A0-4820-5630F9B82198}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Andy OS (HKLM\...\ANDY OS) (Version: 1.1 - andyroid.net)
BitTorrent (HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\BitTorrent) (Version: 7.9.5.41373 - BitTorrent Inc.)
BlueStacks App Player (HKLM\...\BlueStacks App Player) (Version: 0.8.11.3116 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM\...\{80194F84-21CE-44CF-A46E-38D8CE448856}) (Version: 0.8.11.3116 - BlueStack Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
DigiEuro (DEUR) Scrypt version v1.0.0.1 (HKLM\...\{2D4491F5-40F6-4F65-8FB0-4B0827FA808B}_is1) (Version: v1.0.0.1 - The DigiEuro developers)
Easy Auto Clicker (HKLM\...\Easy Auto Clicker_is1) (Version: V2.0 - easyautoclicker.com)
FitnessMost 1.0 (HKLM\...\{51585469-FF82-49BF-A36F-AF942B07B64D}_is1) (Version: 1.0 - )
Fraps (remove only) (HKLM\...\Fraps) (Version:  - )
Free Auto Clicker 4.2.5 (HKLM\...\Free Auto Clicker_is1) (Version:  - FreeAutoClicker Co., Ltd.)
Game Dev Tycoon v1.4.13 (HKLM\...\Game Dev Tycoon v1.4.131.4.13) (Version: 1.4.13 - Friends in War)
Garena - FIFA ONLINE 3(Vietnam) (HKLM\...\FO3VN) (Version:  - Garena Online Pte Ltd.)
Google Chrome (HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
HitLeap Viewer 2.8 (HKLM\...\{31B12C11-AE4E-479F-8D6D-242DC265368D}) (Version: 2.8 - HitLeap Ltd.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.12.253 - SurfRight B.V.)
Hotspot Shield 5.0.2 (HKLM\...\HotspotShield) (Version: 5.0.2 - AnchorFree Inc.)
IceChat 7.80 (Build 20141213) (HKLM\...\IceChat_is1) (Version: 7.80 - IceChat Networks)
ICQ 8.4 (build 7786) (HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\ICQ) (Version: 8.4.7786.0 - ICQ)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3574 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.9.254 - Intel Corporation)
Invision (HKLM\...\{3764E0E0-6AAE-11DE-6784-0C73653918BE}) (Version: 3.3 - Invision)
Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Java DB 10.6.2.1 (HKLM\...\{73EC658D-A1C6-40CA-8E86-E05821BAACE7}) (Version: 10.6.2.1 - Oracle)
Java™ SE Development Kit 6 Update 45 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0160450}) (Version: 1.6.0.450 - Oracle)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (Version: 3.0.1 - Riot Games) Hidden
Lightshot-5.3.0.0 (HKLM\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.3.0.0 - Skillbrains)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.266.3 - McAfee, Inc.)
MEGAsync (HKLM\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Minecraft (HKLM\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
mIRC (HKLM\...\mIRC) (Version: 7.43 - mIRC Co. Ltd.)
Movavi Photo Editor 3 (HKLM\...\Movavi Photo Editor 3) (Version: 3.2.0 - Movavi)
Movavi Photo Studio (HKLM\...\Movavi Photo Studio) (Version: 1.0.2 - Movavi)
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Notepad++ (HKLM\...\Notepad++) (Version: 6.8 - Notepad++ Team)
Opera Stable 34.0.2036.42 (HKLM\...\Opera 34.0.2036.42) (Version: 34.0.2036.42 - Opera Software)
osu! (HKLM\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
PC Remote (HKLM\...\{C934DF74-D0D9-445C-90AA-34012A04E11D}) (Version: 3.51 - PC Remote)
Razer Synapse (HKLM\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.26914 - Razer Inc.)
Realtek Card Reader (HKLM\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.37 - Realtek Semiconductor Corp.)
Robocraft Launcher version 0.4 (HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\{9F101691-69D3-422E-BB5C-8CAD7110781B}_is1) (Version: 0.4 - Freejam Games)
Screencast-O-Matic (HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Screencast-O-Matic) (Version:  - Screencast-O-Matic)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.17 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
Sony Mobile Emma (HKLM\...\Emma) (Version: 2.14.15.201410271230 - Sony Mobile Communications Inc.)
Sony Mobile Update Engine (HKLM\...\Update Engine) (Version: 2.15.5.201504081732 - Sony Mobile Communications Inc.)
Sony PC Companion 2.10.303 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
STOPzilla AntiMalware (HKLM\...\{F00388F4-C134-49C2-8E5A-E7F49535371E}) (Version: 6.5.1.5 - iS3, Inc.)
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
Unity Web Player (HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\UnityWebPlayer) (Version: 5.0.3f2 - Unity Technologies ApS)
WinRAR 4.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.19.737 - Zemana Ltd.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1755497312-2144431535-1462801618-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1755497312-2144431535-1462801618-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1755497312-2144431535-1462801618-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1755497312-2144431535-1462801618-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1755497312-2144431535-1462801618-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-1755497312-2144431535-1462801618-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1755497312-2144431535-1462801618-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Admin\AppData\Local\Google\Chrome\Application\47.0.2526.106\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1755497312-2144431535-1462801618-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1755497312-2144431535-1462801618-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1755497312-2144431535-1462801618-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1755497312-2144431535-1462801618-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1755497312-2144431535-1462801618-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.29.1\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1755497312-2144431535-1462801618-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1755497312-2144431535-1462801618-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1755497312-2144431535-1462801618-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Admin\AppData\Local\Google\Update\1.3.29.1\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1755497312-2144431535-1462801618-1000_Classes\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InprocServer32 -> C:\Users\Admin\AppData\Local\Idsoft\a3dMouseHid.dll => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0A9E8703-6693-4498-A686-AA832D6E3893} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {0C9E6F71-AADE-4702-B157-69EEF7CBB824} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files\Norton Identity Safe\Engine\2013.1.0.32\SymErr.exe
Task: {12C16C52-3EA8-49AE-944E-44BDABE32DE9} - \AutoPico Daily Restart -> No File <==== ATTENTION
Task: {34A4B5B0-27BB-4C06-A943-EDE3C33F08CC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1755497312-2144431535-1462801618-1000UA => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {415C1027-9E14-425D-BC38-59D31A58D816} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files\Norton Identity Safe\Engine\2013.1.0.32\SymErr.exe
Task: {44A88B6C-583D-4DEE-9369-A9F1A07CD0F4} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1755497312-2144431535-1462801618-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {50553A25-AD00-4F15-84BC-2C10833AC4F9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1755497312-2144431535-1462801618-1000Core => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {53AE1D4E-8C06-4CCF-8F1A-6D240DE1745E} - System32\Tasks\{58471741-C06F-4997-A664-8011EEFE343C} => pcalua.exe -a "C:\Program Files\BlueStacks\HD-RuntimeUninstaller.exe"
Task: {6AEF0C98-2CB4-4B67-8C70-4C977C7355CC} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {6B522DDB-7BCC-4016-9F69-A552D76CD456} - \WPD\SqmUpload_S-1-5-21-1755497312-2144431535-1462801618-1000 -> No File <==== ATTENTION
Task: {707E2D3A-7A44-4C50-9921-E33FC781D16B} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1755497312-2144431535-1462801618-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {7E08BFEA-0446-4DF8-AD27-9DCF78B89105} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-13] (Piriform Ltd)
Task: {8258941A-E140-4992-B894-5D7620E8952D} - System32\Tasks\Opera scheduled Autoupdate 1450635150 => C:\Program Files\Opera\launcher.exe [2015-12-15] (Opera Software)
Task: {83B95AAE-B003-44DD-96A7-416A40257C60} - System32\Tasks\{F43B011D-508F-48D2-A26C-EBE3B644983D} => Chrome.exe 
Task: {84FFC84D-DB3F-43EF-BAD0-3F63546C37B5} - \Start Driver Reviver Update -> No File <==== ATTENTION
Task: {8A66DB06-A783-4F6D-8060-4D348BA55266} - System32\Tasks\Shutdown timer => C:\Windows\System32\shutdown.exe [2009-07-14] (Microsoft Corporation)
Task: {8ED0F379-4BC6-4FEE-8ABE-AB3500658A85} - System32\Tasks\gg_uac_daemon_Admin => C:\Program Files\Garena Plus\ggdllhost.exe [2015-09-03] ()
Task: {D3800FA4-3AE1-4602-84FD-22BB45D3BA90} - \Start Driver Reviver Schedule -> No File <==== ATTENTION
Task: {D622195C-D680-4FEA-9C56-59660C7C9E94} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {E5168833-A679-403F-81A9-CBCF4DCD9A2E} - System32\Tasks\{644E89F8-F8F7-48A3-9931-78D14669B2EE} => Chrome.exe 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1755497312-2144431535-1462801618-1000Core.job => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1755497312-2144431535-1462801618-1000UA.job => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3751445483-1635120005-3195046621-1000Core.job => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3751445483-1635120005-3195046621-1000UA.job => C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-13 03:35 - 2015-10-13 03:35 - 00261328 _____ () C:\Program Files\Hotspot Shield\bin\CrashRpt1403.dll
2015-06-04 05:57 - 2015-06-04 05:57 - 01749200 _____ () C:\Program Files\Hotspot Shield\bin\af_proxy.dll
2015-10-13 03:55 - 2015-10-13 03:55 - 00895184 _____ () C:\Program Files\Hotspot Shield\bin\HssRep.5.0.2.dll
2015-08-22 01:13 - 2015-08-22 01:13 - 00280143 _____ () C:\Program Files\Hotspot Shield\bin\libidn-11.dll
2009-03-28 03:02 - 2009-03-28 03:02 - 01554920 _____ () C:\Program Files\Hotspot Shield\bin\libeay32.dll
2009-03-28 03:02 - 2009-03-28 03:02 - 00332254 _____ () C:\Program Files\Hotspot Shield\bin\libssl32.dll
2015-06-04 05:59 - 2015-06-04 05:59 - 00589520 _____ () C:\Program Files\Hotspot Shield\bin\hsswd.exe
2015-06-24 02:11 - 2015-06-24 02:11 - 00187048 _____ () C:\Program Files\Razer\Razer Services\GSS\GameScannerService.exe
2014-09-18 14:46 - 2015-09-03 15:35 - 00089536 _____ () C:\Program Files\Garena Plus\ggdllhost.exe
2014-09-18 14:46 - 2015-09-03 15:35 - 02062784 _____ () C:\Program Files\Garena Plus\ggspawn.dll
2012-03-17 17:39 - 2006-04-19 07:53 - 00188416 _____ () C:\Program Files\UniKey Vista 2.0\UKHook40.dll
2014-05-01 21:15 - 2014-05-01 21:15 - 00463360 _____ () C:\Users\Admin\AppData\Local\MEGAsync\ShellExtX32.dll
2012-03-17 16:00 - 2012-01-09 19:44 - 00166912 _____ () C:\Program Files\WinRAR\rarext.dll
2015-07-13 10:12 - 2015-07-13 10:12 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2015-08-26 16:05 - 2014-11-26 09:12 - 40622592 _____ () C:\Users\Admin\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libcef.dll
2012-03-17 17:39 - 2006-04-19 07:55 - 00675840 _____ () C:\Program Files\UniKey Vista 2.0\UniKeyVista2.0.exe
2015-11-19 23:59 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
2015-11-19 23:59 - 2015-10-20 17:44 - 00242176 _____ () C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
2015-12-05 10:21 - 2015-12-05 10:21 - 00933056 ____R () C:\Program Files\Skype\Phone\ssScreenVVS2.dll
2015-11-19 23:59 - 2015-06-10 10:13 - 00113024 _____ () C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
2015-11-04 18:40 - 2015-11-04 18:40 - 00052224 _____ () C:\Users\Admin\AppData\Local\MEGAsync\cares.dll
2015-12-17 04:51 - 2015-12-11 10:54 - 01583432 _____ () C:\Users\Admin\AppData\Local\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-17 04:51 - 2015-12-11 10:54 - 00081224 _____ () C:\Users\Admin\AppData\Local\Google\Chrome\Application\47.0.2526.106\libegl.dll
2015-08-26 16:05 - 2014-11-26 09:12 - 00911360 _____ () C:\Users\Admin\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libglesv2.dll
2015-08-26 16:05 - 2014-11-26 09:12 - 00134144 _____ () C:\Users\Admin\AppData\Local\razer\InGameEngine\cache\RzSynapse\cef\libegl.dll
2015-12-25 04:17 - 2015-12-24 07:46 - 16792256 _____ () C:\Users\Admin\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.267\pepflashplayer.dll
2014-01-21 16:54 - 2015-12-10 19:22 - 01294336 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
2016-01-14 22:14 - 2016-01-14 22:14 - 02342904 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.1.6\deploy\LoLLauncher.exe
2016-01-14 22:16 - 2016-01-14 22:16 - 04319224 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.46\deploy\LoLPatcher.exe
2016-01-14 22:16 - 2016-01-14 22:16 - 01424376 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.46\deploy\RiotLauncher.dll
2016-01-14 22:16 - 2016-01-14 22:16 - 03103224 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.46\deploy\LoLPatcherUx.exe
2016-01-14 22:16 - 2016-01-14 22:16 - 34851320 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.46\deploy\libcef.dll
2016-01-14 22:16 - 2016-01-14 22:16 - 01383416 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.46\deploy\icui18n.dll
2016-01-14 22:16 - 2016-01-14 22:16 - 01142264 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.46\deploy\icuuc.dll
2016-01-14 22:16 - 2016-01-14 22:16 - 04382200 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.46\deploy\v8.dll
2016-01-14 22:16 - 2016-01-14 22:16 - 00953336 _____ () C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.46\deploy\ffmpegsumo.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\.DEFAULT\Software\Classes\.exe: exefile =>  <===== ATTENTION
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\Software\Classes\.exe: exefile =>  <===== ATTENTION
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\Software\Classes\exefile:  <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-03-17 16:42 - 2015-12-15 00:04 - 00000896 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 localhost
::1 localhost0.0.0.1 mssplus.mcafee.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 199.203.131.151 - 82.163.143.181
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: IDMan => C:\Program Files\Internet Download Manager\IDMan.exe /onboot
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{40FBDF0F-C5FF-4714-BFAA-2A292E16688C}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{307EADD2-4535-47AA-B7B8-D374154466E4}] => (Allow) C:\Users\Admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{8494EFD6-9EB9-4ADF-8FB9-1829339D6FA9}] => (Allow) C:\Users\Admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{E37390FC-5090-486A-967E-FAD6E73D6F0D}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{C4DAA5F3-DD25-4293-8382-73709D6D8024}] => (Allow) LPort=9000
StandardProfile\AuthorizedApplications: [C:\Users\Admin\AppData\Local\Temp\RarSFX1\key.exe] => Enabled:key
StandardProfile\AuthorizedApplications: [C:\Users\Admin\AppData\Local\Temp\RarSFX2\key.exe] => Enabled:key
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.
 
 
==================== Faulty Device Manager Devices =============
 
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/14/2016 10:10:20 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (01/14/2016 10:10:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/14/2016 04:22:29 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/14/2016 04:22:01 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/14/2016 04:22:00 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/14/2016 03:51:51 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (01/14/2016 03:51:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/14/2016 03:48:44 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (01/14/2016 03:48:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/14/2016 03:13:17 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program League of Legends.exe version 5.24.0.249 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1df8
 
Start Time: 01d14e38c3169730
 
Termination Time: 14735
 
Application Path: C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.114\deploy\League of Legends.exe
 
Report Id: aa52db24-ba31-11e5-82a3-685d43d0d8a5
 
 
System errors:
=============
Error: (01/14/2016 10:13:42 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.
 
Error: (01/14/2016 10:10:20 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
is3srv
szkgfs
 
Error: (01/14/2016 10:10:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (01/14/2016 10:09:54 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IP Helper service terminated with the following error: 
%%13
 
Error: (01/14/2016 10:08:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The STOPzilla AntiMalware service failed to start due to the following error: 
%%2
 
Error: (01/14/2016 10:08:44 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:24:17 SA on ‎14/‎01/‎2016 was unexpected.
 
Error: (01/14/2016 04:50:14 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.
 
Error: (01/14/2016 03:51:51 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
is3srv
szkgfs
 
Error: (01/14/2016 03:51:51 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (01/14/2016 03:51:47 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IP Helper service terminated with the following error: 
%%13
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 91%
Total physical RAM: 2472.36 MB
Available physical RAM: 219.08 MB
Total Virtual: 4943.03 MB
Available Virtual: 1193.21 MB
 
==================== Drives ================================
 
Drive c: (Windows7) (Fixed) (Total:173.36 GB) (Free:102.03 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DISK2) (Fixed) (Total:260.19 GB) (Free:255.78 GB) NTFS
Drive e: (DISK3) (Fixed) (Total:264.98 GB) (Free:264.55 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 8DECA0C4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=173.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=525.2 GB) - (Type=OF Extended)
 
==================== End of Addition.txt ============================


#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:27 AM

Posted 15 January 2016 - 08:29 AM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Let me know how the machine is running after this fix


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 Sasukemystery

Sasukemystery
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 15 January 2016 - 11:07 AM

Fix result of Farbar Recovery Scan Tool (x86) Version:10-01-2015 01
Ran by Admin (2016-01-15 22:39:22) Run:1
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2616320 2010-11-21] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2616320 2010-11-21] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Run: [YWPack] => C:\Windows\System32\regsvr32.exe C:\Users\Admin\AppData\Local\Idsoft\a3dMouseHid.dll
KU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2616320 2010-11-21] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2616320 2010-11-21] (Microsoft Corporation) <==== ATTENTION
Toolbar: HKU\S-1-5-21-1755497312-2144431535-1462801618-1000 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
FF HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Admin\AppData\Roaming\IDM\idmmzcc5 => not found
OPR Extension: (2048 AI - bitcoin) - C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\chfnopmklmpinabemlmldefhbhgkglmc [2015-12-21]
S2 szserver; "C:\Program Files\iS3\STOPzilla AntiMalware\SZServer.exe" [X]
S3 cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 EasyAntiCheatSys; \??\C:\Windows\system32\drivers\EasyAntiCheat.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [X]
S0 is3srv; system32\drivers\is3srv.sys [X]
S0 szkgfs; system32\drivers\szkgfs.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
C:\Users\Admin\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Admin\AppData\Local\Temp\nsu3E3A.exe
C:\Users\Admin\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll
FF Extension: easySubmit - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\96ghf148.default\Extensions\@easysubmit.xpi [2016-01-08]
Task: {12C16C52-3EA8-49AE-944E-44BDABE32DE9} - \AutoPico Daily Restart -> No File <==== ATTENTION
Task: {6B522DDB-7BCC-4016-9F69-A552D76CD456} - \WPD\SqmUpload_S-1-5-21-1755497312-2144431535-1462801618-1000 -> No File <==== ATTENTION
Task: {84FFC84D-DB3F-43EF-BAD0-3F63546C37B5} - \Start Driver Reviver Update -> No File <==== ATTENTION
Task: {D3800FA4-3AE1-4602-84FD-22BB45D3BA90} - \Start Driver Reviver Schedule -> No File <==== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile =>  <===== ATTENTION
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\Software\Classes\.exe: exefile =>  <===== ATTENTION
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\Software\Classes\exefile:  <===== ATTENTION
FirewallRules: [{307EADD2-4535-47AA-B7B8-D374154466E4}] => (Allow) C:\Users\Admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{8494EFD6-9EB9-4ADF-8FB9-1829339D6FA9}] => (Allow) C:\Users\Admin\AppData\Roaming\BitTorrent\BitTorrent.exe
emptytemp:
HOsts:
 
 
*****************
 
HKU\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value removed successfully.
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\Software\Microsoft\Windows\CurrentVersion\Run\\YWPack => value removed successfully.
KU\S-1-5-21-1755497312-2144431535-1462801618-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2616320 2010-11-21] (Microsoft Corporation) <==== ATTENTION => Error: No automatic fix found for this entry.
HKU\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value removed successfully.
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A13C2648-91D4-4BF3-BC6D-0079707C4389} => value removed successfully.
HKCR\CLSID\{A13C2648-91D4-4BF3-BC6D-0079707C4389} => key not found. 
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\Software\Mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com => value removed successfully.
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\chfnopmklmpinabemlmldefhbhgkglmc => moved successfully
szserver => service removed successfully.
cpudrv => service removed successfully.
EagleXNt => service removed successfully.
EasyAntiCheatSys => service removed successfully.
GGSAFERDriver => service removed successfully.
is3srv => service removed successfully.
szkgfs => service removed successfully.
VGPU => service removed successfully.
xhunter1 => service removed successfully.
C:\Users\Admin\AppData\Local\Temp\DseShExt-x86.dll => moved successfully
C:\Users\Admin\AppData\Local\Temp\nsu3E3A.exe => moved successfully
C:\Users\Admin\AppData\Local\Temp\SDShelEx-win32.dll => moved successfully
"C:\Users\Admin\AppData\Local\Temp\sqlite3.dll" => not found.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\96ghf148.default\Extensions\@easysubmit.xpi => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12C16C52-3EA8-49AE-944E-44BDABE32DE9}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12C16C52-3EA8-49AE-944E-44BDABE32DE9}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B522DDB-7BCC-4016-9F69-A552D76CD456}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B522DDB-7BCC-4016-9F69-A552D76CD456}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1755497312-2144431535-1462801618-1000" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{84FFC84D-DB3F-43EF-BAD0-3F63546C37B5}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84FFC84D-DB3F-43EF-BAD0-3F63546C37B5}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Start Driver Reviver Update => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3800FA4-3AE1-4602-84FD-22BB45D3BA90}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3800FA4-3AE1-4602-84FD-22BB45D3BA90}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Start Driver Reviver Schedule => key not found. 
"HKU\.DEFAULT\Software\Classes\.exe" => key removed successfully.
"HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\Software\Classes\exefile" => key removed successfully.
"HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\Software\Classes\.exe" => key removed successfully.
HKU\S-1-5-21-1755497312-2144431535-1462801618-1000\Software\Classes\exefile => key not found. 
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{307EADD2-4535-47AA-B7B8-D374154466E4} => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8494EFD6-9EB9-4ADF-8FB9-1829339D6FA9} => value removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 1.8 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 23:05:54 ====


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:27 AM

Posted 15 January 2016 - 12:13 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 Sasukemystery

Sasukemystery
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 15 January 2016 - 01:12 PM

It still has DNS Unlocker.

#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:27 AM

Posted 15 January 2016 - 02:31 PM

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

2.

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.

  • Extract the ZIP archive and double-click "mbar.exe" to start the tool.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    [LIST]
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

 

 

 

DNSLocker still there?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users