Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

programs for Malware removal unable to open, computer is very slow


  • This topic is locked This topic is locked
1 reply to this topic

#1 OishiBandyopadhyay

OishiBandyopadhyay

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 10 January 2016 - 08:47 AM

Malwarebytes anti-malware program doesn't run. Microsoft security essentials shuts down when i try to scan. Computer is very slow. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-01-2015
Ran by Oishi (administrator) on OISHI-PC (10-01-2016 18:55:55)
Running from C:\Users\Oishi\Downloads
Loaded Profiles: Oishi (Available Profiles: Oishi)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(BitTorrent Inc.) C:\Users\Oishi\AppData\Roaming\BitTorrent\BitTorrent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(AutoIt Team) C:\GoogleChrome\GoogleChrome.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Jetico, Inc.) C:\Users\Oishi\AppData\Local\{B497FD3F-9614-F0FF-E7B0-8AC1C5EA54ED}\syshost.exe
() C:\Users\Oishi\AppData\Roaming\DllServer.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Sky123.Org) C:\Program Files (x86)\Tencent\win.exe
(VMware, Inc.) D:\VMware\vmware-tray.exe
(BitTorrent Inc.) C:\Users\Oishi\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe
(BitTorrent Inc.) C:\Users\Oishi\AppData\Roaming\BitTorrent\updates\7.9.5_41373\utorrentie.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(The Privoxy team - www.privoxy.org) C:\Program Files (x86)\Softcomp Software\privoxy.exe
() C:\Users\Oishi\AppData\Roaming\4C4C4544-1436680794-5710-8056-C2C04F515231\hnsqAF17.tmp
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\Users\Oishi\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
() C:\Users\Oishi\AppData\Roaming\4C4C4544-1436680794-5710-8056-C2C04F515231\jnsw97BF.tmp
(VMware, Inc.) D:\VMware\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
() D:\VMware\vmware-hostd.exe
Failed to access process -> WUDFHost.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [1021056 2012-03-08] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [800896 2012-03-08] (Atheros Commnucations)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [682904 2012-09-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [gmsd_in_005010028] => [X]
HKLM-x32\...\Run: [gmsd_in_005010032] => [X]
HKLM-x32\...\Run: [gmsd_in_005010035] => [X]
HKLM-x32\...\Run: [win] => C:\Program Files (x86)\Tencent\win.exe [184320 2015-11-15] (Sky123.Org)
HKLM-x32\...\Run: [vmware-tray.exe] => D:\VMware\vmware-tray.exe [114368 2015-02-06] (VMware, Inc.)
HKLM-x32\...\Run: [avast5] => "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [TornTv Downloader] => C:\Users\Oishi\AppData\Roaming\TornTV.com\Torntv Downloader.exe /c=startup
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [BitTorrent] => C:\Users\Oishi\AppData\Roaming\BitTorrent\BitTorrent.exe [1873952 2015-12-03] (BitTorrent Inc.)
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [Google Chrome] => C:\GoogleChrome\WindowsUpdate.lnk [792 2015-04-10] ()
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [AdopeUpdate] => C:\GoogleChrome\GoogleUpdate.lnk [744 2015-03-28] ()
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [AdopeFlash] => C:\GoogleChrome\GoogleChrome.exe [853744 2015-03-25] (AutoIt Team)
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [Client Server Runtime Process] => C:\Users\Oishi\AppData\Roaming\csrss.exe
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [Host-process Windows (Rundll32.exe)] => C:\Users\Oishi\AppData\Roaming\csrss.exe
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [Service Host Process for Windows] => C:\Users\Oishi\AppData\Roaming\svchost.exe
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [apphide] => C:\Program Files (x86)\baidu\baidu.exe
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [HCDNClient] => "C:\IQIYI Video\Common\QyKernel.exe" -shell_start
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [GoogleChromeAutoLaunch_65558500AD2D8B45825879B925C738C1] => "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [DesktopSearch] => C:\ProgramData\DesktopSearch\DesktopSearch.exe -ros
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [GoogleChromeAutoLaunch_CE13C8D82A839C0220B70C2DF2280570] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-11] (Google Inc.)
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [{F836D22C-C97C-4A94-B3AF-3074AEF17C55}] => powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\FAEHZVABB').SBVWNVQYS)));
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [syshost32] => C:\Users\Oishi\AppData\Local\{B497FD3F-9614-F0FF-E7B0-8AC1C5EA54ED}\syshost.exe [288768 2015-10-12] (Jetico, Inc.)
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Run: [5e442893fd8d3815ac0f31193a1fdabd] => C:\Users\Oishi\AppData\Roaming\DllServer.exe [24064 2015-12-20] ()
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\CurrentVersion\Windows: [Load] C:\ProgramData\msvddl.exe <===== ATTENTION
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\MountPoints2: J - J:\setup.exe
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\MountPoints2: {2ac01269-44e8-11e5-8080-08edb91c550c} - M:\LaunchU3.exe -a
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\...\MountPoints2: {2ac0131e-44e8-11e5-8080-08edb91c550c} - H:\Setup.exe
Startup: C:\Users\Oishi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Learning OMNeT++ [PDF]~StormRG~.lnk [2015-03-13]
ShortcutTarget: Learning OMNeT++ [PDF]~StormRG~.lnk -> C:\ProgramData\{b909ab22-0160-bab3-b909-9ab22016ac88}\Learning OMNeT++ [PDF]~StormRG~.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49763;https=127.0.0.1:49763;
ProxyEnable: [S-1-5-21-4091964856-1131281766-1042438202-1000] => Proxy is enabled.
ProxyServer: [S-1-5-21-4091964856-1131281766-1042438202-1000] => 127.0.0.1:8118
AutoConfigURL: [S-1-5-21-4091964856-1131281766-1042438202-1000] => hxxp://stopblock.me/wpad.dat?0183599c81ba65864f09ce3e071a53e3273698
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5D0FEE91-58D5-4923-8E64-885E543528D0}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=1448341540&z=2fbb73162f7e036edfedba7gdzdz5b6cczeg5w1zee&from=amt&uid=st500lm012xhn-m500mbb_s2tdju0c209169209169
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=94493384_hao_pg
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1448341540&z=2fbb73162f7e036edfedba7gdzdz5b6cczeg5w1zee&from=amt&uid=st500lm012xhn-m500mbb_s2tdju0c209169209169
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1448341540&z=2fbb73162f7e036edfedba7gdzdz5b6cczeg5w1zee&from=amt&uid=st500lm012xhn-m500mbb_s2tdju0c209169209169
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.protectedio.com/?u=44e68728c96a0bd0079b7b3704864f39&c=p1&src=hp&inst=1449921653
HKU\S-1-5-21-4091964856-1131281766-1042438202-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1448341540&z=2fbb73162f7e036edfedba7gdzdz5b6cczeg5w1zee&from=amt&uid=st500lm012xhn-m500mbb_s2tdju0c209169209169
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1448341540&z=2fbb73162f7e036edfedba7gdzdz5b6cczeg5w1zee&from=amt&uid=st500lm012xhn-m500mbb_s2tdju0c209169209169&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1448341540&z=2fbb73162f7e036edfedba7gdzdz5b6cczeg5w1zee&from=amt&uid=st500lm012xhn-m500mbb_s2tdju0c209169209169&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = hxxps://search.protectedio.com/search.php/?q={searchTerms}&u=44e68728c96a0bd0079b7b3704864f39&c=p1&src=srch&inst=1449921653
SearchScopes: HKLM-x32 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = hxxps://search.protectedio.com/search.php/?q={searchTerms}&u=44e68728c96a0bd0079b7b3704864f39&c=p1&src=srch&inst=1449921653
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1448341540&z=2fbb73162f7e036edfedba7gdzdz5b6cczeg5w1zee&from=amt&uid=st500lm012xhn-m500mbb_s2tdju0c209169209169&q={searchTerms}
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchdominion.info/?l=1&q={searchTerms}&pid=22194&r=2015/03/13&hid=10921619979478274896&lg=EN&cc=IN
SearchScopes: HKU\S-1-5-21-4091964856-1131281766-1042438202-1000 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = hxxps://search.protectedio.com/search.php/?q={searchTerms}&u=44e68728c96a0bd0079b7b3704864f39&c=p1&src=srch&inst=1449921653
SearchScopes: HKU\S-1-5-21-4091964856-1131281766-1042438202-1000 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = hxxps://search.protectedio.com/search.php/?q={searchTerms}&u=44e68728c96a0bd0079b7b3704864f39&c=p1&src=srch&inst=1449921653
SearchScopes: HKU\S-1-5-21-4091964856-1131281766-1042438202-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1448341540&z=2fbb73162f7e036edfedba7gdzdz5b6cczeg5w1zee&from=amt&uid=st500lm012xhn-m500mbb_s2tdju0c209169209169&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4091964856-1131281766-1042438202-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.delta-homes.com/web/?utm_source=b&utm_medium=wpm04153&utm_campaign=install_ie&utm_content=ds&from=wpm04153&uid=ST500LM012XHN-M500MBB_S2TDJU0C209169209169&ts=1429098537&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4091964856-1131281766-1042438202-1000 -> {CF183B7C-FDB3-4B6D-AE87-0E74402D8EB9} URL = hxxp://www.delta-homes.com/web/?utm_source=b&utm_medium=wpm04153&utm_campaign=install_ie&utm_content=ds&from=wpm04153&uid=ST500LM012XHN-M500MBB_S2TDJU0C209169209169&ts=1429098537&type=default&q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-31] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-31] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-05-04] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-05-04] (Oracle Corporation)
BHO-x32: °®ÆæÒÕÖúÊÖ -> {FB4F6285-4C32-49F2-950F-A5998F9CEC6C} -> C:\IQIYI Video\Common\Accelerator\IEHelper.dll => No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll [No File]
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
FF Plugin: @java.com/DTPlugin,version=10.4.0 -> C:\Windows\system32\npDeployJava1.dll [2014-12-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-31] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.)
FF Plugin-x32: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll [No File]
FF Plugin-x32: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll [2012-05-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll [2012-05-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> D:\Pro 9\npnitromozilla.dll [2013-11-12] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)
FF Plugin HKU\S-1-5-21-4091964856-1131281766-1042438202-1000: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://search.protectedio.com/?u=44e68728c96a0bd0079b7b3704864f39&c=p1&src=hp&inst=1449662439"
CHR Profile: C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-26]
CHR Extension: (Google Docs) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-26]
CHR Extension: (Google Drive) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Google Sheets) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-26]
CHR Extension: (Google Docs Offline) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-21]
CHR Extension: (AdBlock) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-01-09]
CHR Extension: (Skype) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-26]
CHR Extension: (Gmail) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-26]
CHR Extension: (Download Cooking) - C:\Users\Oishi\AppData\Local\Download Cooking\Component [2016-01-08]
CHR Profile: C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (aalnjolghjkkogicompabhhbbkljnlka) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aalnjolghjkkogicompabhhbbkljnlka [2015-07-27]
CHR Extension: (Google Slides) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-22]
CHR Extension: (Google Docs) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-22]
CHR Extension: (Google Drive) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-29]
CHR Extension: (YouTube) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-29]
CHR Extension: (Google Search) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-29]
CHR Extension: (Google Sheets) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-22]
CHR Extension: (Google Docs Offline) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-29]
CHR Extension: (Skype) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-29]
CHR Extension: (Gmail) - C:\Users\Oishi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-22]
CHR Extension: (Download Cooking) - C:\Users\Oishi\AppData\Local\Download Cooking\Component [2016-01-08]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [107648 2012-03-08] (Atheros Commnucations) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-11-12] (Nitro PDF Software)
R2 PrivoxyService; C:\Program Files (x86)\Softcomp Software\privoxy.exe [371200 2016-01-05] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION
R2 vicoqudu; C:\Users\Oishi\AppData\Roaming\4C4C4544-1436680794-5710-8056-C2C04F515231\hnsqAF17.tmp [165376 2015-07-12] () [File not signed]
R2 VMAuthdService; D:\VMware\vmware-authd.exe [87744 2015-02-06] (VMware, Inc.)
R2 VMwareHostd; D:\VMware\vmware-hostd.exe [12730048 2015-02-06] ()
R2 VSSS; C:\Users\Oishi\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [100186304 2015-06-26] (Microsoft Corporation) [File not signed] <==== ATTENTION
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [159360 2012-03-08] (Atheros) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-03-28] (Atheros) [File not signed]
R2 zejytose; C:\Users\Oishi\AppData\Roaming\4C4C4544-1436680794-5710-8056-C2C04F515231\jnsw97BF.tmp [199168 2015-07-12] () [File not signed]
S2 3c2d81f8; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\CutterInstance\CutterInstance.dll",serv
S2 QQPCRTP; "C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16444.223\QQPCRtp.exe" -r [X]
S2 siwomyqe; C:\Program Files (x86)\4C4C4544-1436680794-5710-8056-C2C04F515231\knsiBD77.tmp [X]
S2 Sweet Crazy; "C:\Program Files (x86)\Sweet Crazy\Sweet Crazy.exe" [X]
S2 Util Coupon Time; "C:\Program Files (x86)\Coupon Time\bin\utilCouponTime.exe" [X]
S2 wewygyko; C:\Program Files (x86)\4C4C4544-1436680794-5710-8056-C2C04F515231\knsn1252.tmp [X]
S2 YTDUpdt; C:\PROGRA~2\YTDOWN~1\YTDUPD~1.EXE [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R2 EkaProt6; C:\Windows\System32\DRIVERS\ekaprot6.sys [26232 2014-08-22] (Ekahau Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2015-11-24] (电脑管家)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2015-01-07] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-08-28] (VMware, Inc.)
R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16444.223\QMUdisk64.sys [X]
S2 sbmntr; \??\C:\PROGRA~2\YTDOWN~1\sbmntr.sys [X]
S1 TsDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16444.223\TsDefenseBT64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-10 18:55 - 2016-01-10 18:57 - 00028257 _____ C:\Users\Oishi\Downloads\FRST.txt
2016-01-10 18:54 - 2016-01-10 18:55 - 00000000 ____D C:\FRST
2016-01-10 18:52 - 2016-01-10 18:53 - 02370560 _____ (Farbar) C:\Users\Oishi\Downloads\FRST64.exe
2016-01-10 18:43 - 2016-01-10 18:43 - 00000000 ___RD C:\Users\Oishi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-01-09 23:48 - 2016-01-09 23:48 - 01415680 _____ (wj32) C:\Program Files\SXZ138A0.exe
2016-01-09 22:22 - 2016-01-09 22:22 - 01415680 _____ (wj32) C:\Program Files\F3NBVFZ3.exe
2016-01-09 22:21 - 2016-01-09 22:21 - 01415680 _____ (wj32) C:\Program Files\Z7S19I3B.exe
2016-01-09 22:21 - 2016-01-09 22:21 - 01415680 _____ (wj32) C:\Program Files\X9LX9P9P.exe
2016-01-09 19:22 - 2016-01-09 19:22 - 01415680 _____ (wj32) C:\Program Files\NOUKKL7G.exe
2016-01-09 19:22 - 2016-01-09 19:22 - 01415680 _____ (wj32) C:\Program Files\8GPXIRZ8.exe
2016-01-09 19:22 - 2016-01-09 19:22 - 01415680 _____ (wj32) C:\Program Files\5DM7F09H.exe
2016-01-09 19:21 - 2016-01-09 19:21 - 01415680 _____ (wj32) C:\Program Files\Z7G19I9R.exe
2016-01-09 19:21 - 2016-01-09 19:21 - 01415680 _____ (wj32) C:\Program Files\V3CX5EMM.exe
2016-01-09 19:21 - 2016-01-09 19:21 - 01415680 _____ (wj32) C:\Program Files\KY7F09HZ.exe
2016-01-09 19:21 - 2016-01-09 19:21 - 01415680 _____ (wj32) C:\Program Files\AIRZKT1J.exe
2016-01-09 19:20 - 2016-01-09 19:20 - 01415680 _____ (wj32) C:\Program Files\SUWLNSRW.exe
2016-01-09 19:20 - 2016-01-09 19:20 - 01415680 _____ (wj32) C:\Program Files\G19I3BK5.exe
2016-01-09 00:34 - 2016-01-09 00:34 - 00007647 _____ C:\Users\Oishi\Downloads\Modern.Family.S07E01.720p.HDTV.x264-BATV%5BEtHD%5D.torrent
2016-01-08 17:44 - 2016-01-08 17:44 - 03990929 _____ C:\Users\Oishi\Downloads\Gravitys-rainbow-Thomas-Pynchon.pdf
2016-01-08 17:43 - 2016-01-08 17:43 - 01415680 _____ (wj32) C:\Program Files\MK7LM0K9.exe
2016-01-08 17:43 - 2016-01-08 17:43 - 01415680 _____ (wj32) C:\Program Files\HIZDUY9K.exe
2016-01-08 17:42 - 2016-01-08 17:42 - 01415680 _____ (wj32) C:\Program Files\TGRV0NDA.exe
2016-01-08 17:42 - 2016-01-08 17:42 - 01415680 _____ (wj32) C:\Program Files\P9W0WJFA.exe
2016-01-08 17:41 - 2014-05-14 21:53 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-01-08 17:41 - 2014-05-14 21:53 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-01-08 17:41 - 2014-05-14 21:53 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-01-08 17:41 - 2014-05-14 21:51 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-01-08 17:41 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-01-08 17:41 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-01-08 17:41 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-01-08 17:41 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-01-08 17:40 - 2016-01-08 17:40 - 01415680 _____ (wj32) C:\Program Files\VZM6A3N9.exe
2016-01-08 17:40 - 2016-01-08 17:40 - 01415680 _____ (wj32) C:\Program Files\GINPEGL8.exe
2016-01-08 17:39 - 2016-01-08 17:39 - 01415680 _____ (wj32) C:\Program Files\SE7TF2UL.exe
2016-01-08 17:39 - 2016-01-08 17:39 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-08 17:39 - 2016-01-08 17:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-08 17:39 - 2016-01-08 17:39 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-08 17:39 - 2016-01-08 17:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-08 17:39 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-08 17:39 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-08 17:39 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-08 17:38 - 2016-01-08 17:39 - 22908888 _____ (Malwarebytes ) C:\Users\Oishi\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-08 17:32 - 2016-01-08 17:32 - 01415680 _____ (wj32) C:\Program Files\1357CE3T.exe
2016-01-08 17:29 - 2016-01-08 17:29 - 01415680 _____ (wj32) C:\Program Files\92OAWPBX.exe
2016-01-08 17:29 - 2016-01-08 17:29 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-01-08 17:29 - 2016-01-08 17:29 - 00001945 _____ C:\Windows\epplauncher.mif
2016-01-08 17:29 - 2016-01-08 17:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-01-08 17:28 - 2016-01-08 17:29 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-01-08 17:28 - 2016-01-08 17:28 - 14243008 _____ (Microsoft Corporation) C:\Users\Oishi\Downloads\mseinstall.exe
2016-01-08 15:56 - 2016-01-08 15:56 - 00026701 _____ C:\Users\Oishi\Downloads\ethershield_v1.1_for_arduino_v1.0.zip
2016-01-08 15:38 - 2016-01-10 18:43 - 00000000 ____D C:\Users\Oishi\Documents\Bluetooth Folder
2016-01-08 15:16 - 2016-01-08 15:16 - 00084585 _____ C:\Users\Oishi\Downloads\Ethercard-Library.zip
2016-01-08 15:03 - 2016-01-08 15:05 - 00076288 ___SH C:\Users\Oishi\Documents\Thumbs.db
2016-01-08 13:10 - 2016-01-08 13:10 - 00000000 ____D C:\Users\Public\Documents\OneWire
2016-01-08 13:02 - 2016-01-08 13:02 - 00000000 ____D C:\Users\Public\Documents\ethercard
2016-01-08 12:26 - 2016-01-08 12:26 - 00104769 _____ C:\Users\Oishi\Downloads\arduino_uip-master.zip
2016-01-08 12:24 - 2016-01-08 12:24 - 00073758 _____ C:\Users\Oishi\Downloads\EtherShield-Library.zip
2016-01-07 12:14 - 2016-01-07 12:14 - 00036232 _____ C:\Users\Oishi\Downloads\-2.4-Ghz-RF-Transceibrver-CC2500-RM1178-BY-ROBOMART-January-7-2016-6-44-am.pdf
2016-01-07 11:54 - 2016-01-07 12:10 - 00000000 ____D C:\Users\Oishi\Desktop\WearableDevice
2016-01-06 16:54 - 2016-01-06 16:54 - 00000000 ____D C:\Users\Oishi\Downloads\crop
2016-01-06 11:25 - 2016-01-06 11:25 - 00000000 ____H C:\Users\Oishi\AppData\Local\BITF354.tmp
2016-01-06 11:24 - 2016-01-06 11:25 - 00000000 _____ C:\Users\Oishi\AppData\Local\{F18A4C0A-BBB0-44BD-83D7-F76F644DB84E}
2016-01-06 11:23 - 2016-01-06 11:23 - 01415680 _____ (wj32) C:\Program Files\6EN8GPAI.exe
2016-01-05 21:13 - 2016-01-05 21:13 - 00000000 ____D C:\ProgramData\Alwil Software
2016-01-05 21:13 - 2016-01-05 21:13 - 00000000 ____D C:\Program Files\Alwil Software
2016-01-05 21:13 - 2016-01-05 21:13 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2016-01-05 21:13 - 2010-06-29 02:27 - 00165032 _____ (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2016-01-04 15:24 - 2016-01-04 15:25 - 00021218 _____ C:\Users\Oishi\Downloads\RemoteCodes.txt
2016-01-04 13:09 - 2016-01-04 13:09 - 00016726 _____ C:\Users\Oishi\Downloads\[kat.cr]avast.internet.security.premier.antivirus.2016.build.11.1.2245.keys.4realtorrentz.torrent
2016-01-04 13:06 - 2016-01-04 13:06 - 00014053 _____ C:\Users\Oishi\Downloads\B4C2476FA385501B53A3A6D2293E514874888486.torrent
2016-01-04 13:01 - 2016-01-04 13:01 - 00025791 _____ C:\Users\Oishi\Downloads\Avast+Pro+Antivirus+2014+v9.0.2016+Final+%2B+License.torrent
2016-01-04 11:07 - 2016-01-04 11:07 - 08662358 _____ C:\Users\Oishi\Downloads\Jaya_ An Illustrated Retelling  - Pattanaik, Devdutt(Autosaved).pdf
2016-01-03 20:34 - 2016-01-03 20:34 - 00042846 _____ C:\Users\Oishi\Downloads\sherlock-special-the-abominable-bride_english-1251628.zip
2016-01-03 18:36 - 2016-01-03 18:36 - 00017854 _____ C:\Users\Oishi\Downloads\2CA9B50944FDA29A6313944C81C866662BA16A3F.torrent
2015-12-31 21:45 - 2015-12-31 21:45 - 00044275 _____ C:\Users\Oishi\Downloads\8-mile-english-yify-36580.zip
2015-12-31 16:53 - 2015-12-31 16:53 - 00008870 _____ C:\Users\Oishi\Downloads\[otorrents.com]Woman-In-Gold-2015-720p.torrent
2015-12-30 16:16 - 2016-01-08 12:56 - 00000000 ____D C:\Users\Oishi\AppData\Local\ElevatedDiagnostics
2015-12-29 17:09 - 2015-12-29 17:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\doxygen
2015-12-29 17:08 - 2015-12-29 17:08 - 00000000 ____D C:\Program Files\doxygen
2015-12-29 17:04 - 2015-12-29 17:08 - 25051066 _____ (Dimitri van Heesch ) C:\Users\Oishi\Downloads\doxygen-1.8.10-setup.exe
2015-12-29 12:31 - 2015-12-29 12:31 - 00000000 ____D C:\Users\Oishi\AppData\Local\BenchMarkTool
2015-12-29 12:30 - 2015-12-29 13:19 - 00000000 ____D C:\Users\Oishi\AppData\Local\MirrorOp_Lite
2015-12-29 12:30 - 2015-12-29 12:30 - 00001969 _____ C:\Users\Public\Desktop\MirrorOp Lite.lnk
2015-12-29 12:30 - 2015-12-29 12:30 - 00000744 _____ C:\Windows\SysWOW64\VACUninstall.lnk
2015-12-29 12:30 - 2015-12-29 12:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MirrorOp Lite
2015-12-29 12:30 - 2015-12-29 12:30 - 00000000 ____D C:\Program Files (x86)\MirrorOp Lite
2015-12-29 12:29 - 2015-12-29 12:30 - 02958961 _____ ( ) C:\Users\Oishi\Downloads\MirroOpLite_Setup_v1012.exe
2015-12-23 17:30 - 2015-12-23 17:34 - 08657369 _____ C:\Users\Oishi\Downloads\Jaya_ An Illustrated Retelling  - Pattanaik, Devdutt.pdf
2015-12-23 17:13 - 2015-12-23 17:13 - 05256812 _____ C:\Users\Oishi\Downloads\Jaya_ An Illustrated Retelling  - Pattanaik, Devdutt.epub
2015-12-23 12:34 - 2015-12-23 12:34 - 00000000 ____H C:\Users\Oishi\Documents\Default.rdp
2015-12-22 16:33 - 2015-12-22 16:33 - 00086528 _____ C:\Users\Oishi\Downloads\Intro-TinyOS.ppt
2015-12-22 16:29 - 2015-12-22 16:29 - 01530368 _____ C:\Users\Oishi\Downloads\Mao-Xufei-How_to_Code_on_TinyOS.ppt
2015-12-21 11:20 - 2015-12-21 11:20 - 01544274 _____ C:\Users\Oishi\Downloads\Beyond Software Architecture.pdf
2015-12-20 20:08 - 2015-12-21 11:06 - 00725684 _____ C:\Users\Oishi\Downloads\JN-DS-JN5168MO-1v2.pdf
2015-12-20 18:28 - 2015-12-20 18:28 - 00024064 _____ C:\Users\Oishi\AppData\Roaming\DllServer.exe
2015-12-20 13:57 - 2015-12-20 13:57 - 00003284 _____ C:\Users\Oishi\Downloads\[kat.cr]gotham.s02e11.hdtv.x264.lol.ettv.torrent
2015-12-20 13:57 - 2015-12-20 13:57 - 00003199 _____ C:\Users\Oishi\Downloads\[kat.cr]gotham.s02e09.hdtv.x264.lol.ettv.torrent
2015-12-20 13:57 - 2015-12-20 13:57 - 00003088 _____ C:\Users\Oishi\Downloads\[kat.cr]gotham.s02e10.hdtv.x264.lol.ettv.torrent
2015-12-20 12:52 - 2015-12-20 12:52 - 00003524 _____ C:\Users\Oishi\Downloads\[kat.cr]gotham.s02e08.hdtv.x264.lol.ettv.torrent
2015-12-20 11:15 - 2015-12-20 11:15 - 00003234 _____ C:\Users\Oishi\Downloads\[kat.cr]gotham.s02e07.hdtv.x264.lol.ettv.torrent
2015-12-19 21:28 - 2015-12-19 21:28 - 00003762 _____ C:\Users\Oishi\Downloads\[kat.cr]gotham.s02e06.hdtv.x264.lol.ettv.torrent
2015-12-19 20:05 - 2015-12-19 20:05 - 00003075 _____ C:\Users\Oishi\Downloads\[kat.cr]gotham.s02e05.hdtv.x264.lol.ettv.torrent
2015-12-18 20:31 - 2015-12-18 20:31 - 00003155 _____ C:\Users\Oishi\Downloads\[kat.cr]gotham.s02e04.hdtv.x264.lol.ettv.torrent
2015-12-18 20:29 - 2015-12-18 20:29 - 00004296 _____ C:\Users\Oishi\Downloads\Gotham.S02E03.HDTV.x264-LOL.torrent
2015-12-18 13:25 - 2015-12-18 13:26 - 02184854 _____ C:\Users\Oishi\Downloads\The_Contiki_Netstack.pdf
2015-12-17 15:32 - 2015-12-17 15:33 - 00498176 _____ C:\Users\Oishi\Downloads\day8a.ppt
2015-12-16 17:04 - 2015-12-16 17:04 - 00536576 _____ C:\Users\Oishi\Downloads\lecture6.ppt
2015-12-16 11:43 - 2015-12-16 11:43 - 00446141 _____ C:\Users\Oishi\Downloads\09034-ISN-WP-1-ContikiandTinyOS(D16).pdf
2015-12-16 11:09 - 2015-12-16 11:13 - 04051456 _____ C:\Users\Oishi\Downloads\2-3_ZigBee.ppt
2015-12-15 21:34 - 2015-12-15 21:34 - 00023719 _____ C:\Users\Oishi\Downloads\[otorrents.com]True-Detective-Season-2-2015-720p.torrent
2015-12-15 14:40 - 2016-01-10 17:12 - 00003272 _____ C:\Windows\System32\Tasks\Softcomp Software Job
2015-12-15 14:40 - 2015-12-15 14:40 - 00000000 ____D C:\Program Files (x86)\Softcomp Software
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-10 18:56 - 2014-12-15 09:26 - 00000000 ____D C:\Users\Oishi\AppData\Roaming\BitTorrent
2016-01-10 18:55 - 2009-07-14 08:50 - 00000000 ____D C:\Windows
2016-01-10 18:47 - 2015-07-14 20:36 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-10 18:45 - 2014-12-12 22:34 - 00000000 ____D C:\Users\Oishi\AppData\Roaming\Skype
2016-01-10 17:15 - 2014-12-12 23:45 - 00000486 _____ C:\Windows\Tasks\MATLAB R2014a Startup Accelerator.job
2016-01-10 17:12 - 2015-11-24 11:02 - 00000364 _____ C:\Windows\Tasks\AmiUpdXp.job
2016-01-10 17:11 - 2015-07-15 20:48 - 00000354 _____ C:\Windows\Tasks\ProMeditate.job
2016-01-10 00:47 - 2015-07-14 20:36 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-09 22:28 - 2009-07-14 10:15 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-09 22:28 - 2009-07-14 10:15 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-09 22:26 - 2009-07-14 10:43 - 00718036 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-09 22:26 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\inf
2016-01-09 22:21 - 2014-12-15 13:15 - 00000000 ____D C:\Users\Oishi\AppData\Roaming\vlc
2016-01-09 22:20 - 2015-11-24 00:10 - 00000000 ____D C:\ProgramData\VMware
2016-01-09 22:18 - 2015-12-03 18:35 - 00000000 ____D C:\Users\Oishi\AppData\LocalLow\BitTorrent
2016-01-09 22:18 - 2015-07-24 10:19 - 00001024 _____ C:\ProgramData\ProgramData.lnk
2016-01-09 22:18 - 2015-07-24 10:19 - 00001024 _____ C:\ProgramData\My Music.lnk
2016-01-09 22:17 - 2009-07-14 10:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-08 16:44 - 2014-12-12 23:51 - 00000000 ____D C:\Users\Oishi\AppData\Roaming\Nitro PDF
2016-01-08 16:33 - 2015-12-09 13:01 - 00000000 ____D C:\Users\Oishi\AppData\Local\Arduino15
2016-01-08 16:11 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\system32\NDF
2016-01-08 15:32 - 2009-07-14 08:50 - 00000000 ____D C:\Users\Public\Libraries
2016-01-08 11:03 - 2015-07-15 20:54 - 00000000 ____D C:\Users\Oishi\AppData\Local\CrashDumps
2016-01-04 11:13 - 2015-11-28 01:05 - 00000000 ____D C:\Users\Oishi\AppData\Local\VMware
2016-01-04 11:13 - 2015-11-28 00:56 - 00000000 ____D C:\Users\Oishi\AppData\Roaming\VMware
2015-12-29 15:26 - 2009-07-14 10:38 - 00032552 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-17 11:08 - 2015-02-04 17:51 - 423109993 _____ C:\Windows\MEMORY.DMP
2015-12-17 11:08 - 2015-02-04 17:51 - 00000000 ____D C:\Windows\Minidump
 
==================== Files in the root of some directories =======
 
2016-01-08 17:32 - 2016-01-08 17:32 - 1415680 _____ (wj32) C:\Program Files\1357CE3T.exe
2016-01-09 19:22 - 2016-01-09 19:22 - 1415680 _____ (wj32) C:\Program Files\5DM7F09H.exe
2016-01-06 11:23 - 2016-01-06 11:23 - 1415680 _____ (wj32) C:\Program Files\6EN8GPAI.exe
2016-01-09 19:22 - 2016-01-09 19:22 - 1415680 _____ (wj32) C:\Program Files\8GPXIRZ8.exe
2016-01-08 17:29 - 2016-01-08 17:29 - 1415680 _____ (wj32) C:\Program Files\92OAWPBX.exe
2016-01-09 19:21 - 2016-01-09 19:21 - 1415680 _____ (wj32) C:\Program Files\AIRZKT1J.exe
2015-04-16 21:57 - 2011-12-22 19:26 - 0057675 _____ () C:\Program Files\Default.htm
2015-04-16 21:57 - 2011-12-22 19:26 - 0101849 _____ () C:\Program Files\Demos.htm
2016-01-09 22:22 - 2016-01-09 22:22 - 1415680 _____ (wj32) C:\Program Files\F3NBVFZ3.exe
2016-01-09 19:20 - 2016-01-09 19:20 - 1415680 _____ (wj32) C:\Program Files\G19I3BK5.exe
2016-01-08 17:40 - 2016-01-08 17:40 - 1415680 _____ (wj32) C:\Program Files\GINPEGL8.exe
2016-01-08 17:43 - 2016-01-08 17:43 - 1415680 _____ (wj32) C:\Program Files\HIZDUY9K.exe
2016-01-09 19:21 - 2016-01-09 19:21 - 1415680 _____ (wj32) C:\Program Files\KY7F09HZ.exe
2015-04-16 22:06 - 2011-12-22 19:26 - 0172289 _____ () C:\Program Files\Labs.htm
2016-01-08 17:43 - 2016-01-08 17:43 - 1415680 _____ (wj32) C:\Program Files\MK7LM0K9.exe
2016-01-09 19:22 - 2016-01-09 19:22 - 1415680 _____ (wj32) C:\Program Files\NOUKKL7G.exe
2016-01-08 17:42 - 2016-01-08 17:42 - 1415680 _____ (wj32) C:\Program Files\P9W0WJFA.exe
2015-04-16 22:06 - 2011-12-22 19:26 - 0005557 _____ () C:\Program Files\Prerequisites.htm
2015-04-16 22:06 - 2011-12-22 19:26 - 0130608 _____ () C:\Program Files\Presentations.htm
2016-01-08 17:39 - 2016-01-08 17:39 - 1415680 _____ (wj32) C:\Program Files\SE7TF2UL.exe
2016-01-09 19:20 - 2016-01-09 19:20 - 1415680 _____ (wj32) C:\Program Files\SUWLNSRW.exe
2016-01-09 23:48 - 2016-01-09 23:48 - 1415680 _____ (wj32) C:\Program Files\SXZ138A0.exe
2015-04-16 22:06 - 2011-12-22 19:26 - 0091725 _____ () C:\Program Files\TableOfContents.htm
2016-01-08 17:42 - 2016-01-08 17:42 - 1415680 _____ (wj32) C:\Program Files\TGRV0NDA.exe
2016-01-09 19:21 - 2016-01-09 19:21 - 1415680 _____ (wj32) C:\Program Files\V3CX5EMM.exe
2015-04-16 22:06 - 2011-12-22 19:26 - 0106261 _____ () C:\Program Files\Videos.htm
2016-01-08 17:40 - 2016-01-08 17:40 - 1415680 _____ (wj32) C:\Program Files\VZM6A3N9.exe
2016-01-09 22:21 - 2016-01-09 22:21 - 1415680 _____ (wj32) C:\Program Files\X9LX9P9P.exe
2016-01-09 19:21 - 2016-01-09 19:21 - 1415680 _____ (wj32) C:\Program Files\Z7G19I9R.exe
2016-01-09 22:21 - 2016-01-09 22:21 - 1415680 _____ (wj32) C:\Program Files\Z7S19I3B.exe
2015-09-02 17:11 - 2015-09-02 17:11 - 0000000 _____ () C:\Users\Oishi\AppData\Roaming\1855.tmp
2015-08-29 17:54 - 2015-08-29 17:54 - 0000000 _____ () C:\Users\Oishi\AppData\Roaming\38F1.tmp
2015-09-06 17:56 - 2015-09-06 17:56 - 0000000 _____ () C:\Users\Oishi\AppData\Roaming\413A.tmp
2015-08-30 17:11 - 2015-08-30 17:11 - 0000000 _____ () C:\Users\Oishi\AppData\Roaming\512C.tmp
2015-08-28 17:11 - 2015-08-28 17:11 - 0000000 _____ () C:\Users\Oishi\AppData\Roaming\65AF.tmp
2015-09-04 19:27 - 2015-09-04 19:27 - 0000000 _____ () C:\Users\Oishi\AppData\Roaming\71E.tmp
2015-09-03 17:11 - 2015-09-03 17:11 - 0000000 _____ () C:\Users\Oishi\AppData\Roaming\77AE.tmp
2015-09-05 22:42 - 2015-09-05 22:42 - 0000000 _____ () C:\Users\Oishi\AppData\Roaming\8DE9.tmp
2015-08-30 22:42 - 2015-08-30 22:42 - 0000000 _____ () C:\Users\Oishi\AppData\Roaming\9218.tmp
2015-09-07 22:42 - 2015-09-07 22:42 - 0000000 _____ () C:\Users\Oishi\AppData\Roaming\92F2.tmp
2015-09-04 22:47 - 2015-09-04 22:47 - 0000000 _____ () C:\Users\Oishi\AppData\Roaming\952E.tmp
2015-09-02 22:46 - 2015-09-02 22:46 - 0000000 _____ () C:\Users\Oishi\AppData\Roaming\95E3.tmp
2015-09-02 22:56 - 2015-09-02 22:56 - 0000000 _____ () C:\Users\Oishi\AppData\Roaming\9788.tmp
2015-08-31 22:42 - 2015-08-31 22:42 - 0000000 _____ () C:\Users\Oishi\AppData\Roaming\9E.tmp
2015-05-21 16:53 - 2015-07-14 20:32 - 0000024 _____ () C:\Users\Oishi\AppData\Roaming\appdataFr25.bin
2015-02-01 20:57 - 2015-04-01 12:37 - 0000020 _____ () C:\Users\Oishi\AppData\Roaming\appdataFr3.bin
2015-08-28 22:42 - 2015-08-28 22:42 - 0000000 _____ () C:\Users\Oishi\AppData\Roaming\B693.tmp
2015-09-03 22:42 - 2015-09-03 22:42 - 0000000 _____ () C:\Users\Oishi\AppData\Roaming\CD04.tmp
2015-12-20 18:28 - 2015-12-20 18:28 - 0024064 _____ () C:\Users\Oishi\AppData\Roaming\DllServer.exe
2015-08-26 22:42 - 2015-08-26 22:42 - 0000000 _____ () C:\Users\Oishi\AppData\Roaming\E5F5.tmp
2015-09-04 19:17 - 2015-09-04 19:17 - 0000000 _____ () C:\Users\Oishi\AppData\Roaming\F8DC.tmp
2015-09-01 18:12 - 2015-09-01 18:12 - 0000000 _____ () C:\Users\Oishi\AppData\Roaming\FE91.tmp
2015-05-29 11:39 - 2015-05-29 11:38 - 0073728 ____N () C:\Users\Oishi\AppData\Roaming\rundll32.exe
2016-01-06 11:25 - 2016-01-06 11:25 - 0000000 ____H () C:\Users\Oishi\AppData\Local\BITF354.tmp
2015-07-16 20:41 - 2015-07-16 20:41 - 0613255 _____ (CMI Limited) C:\Users\Oishi\AppData\Local\nsc1AF3.tmp
2015-07-20 18:11 - 2015-07-20 18:11 - 0613255 _____ (CMI Limited) C:\Users\Oishi\AppData\Local\nsm2478.tmp
2015-11-24 10:35 - 2015-11-24 10:35 - 0333506 _____ (AnySend.com) C:\Users\Oishi\AppData\Local\nssDEBC.tmp
2015-07-14 08:08 - 2015-07-14 08:08 - 0613255 _____ (CMI Limited) C:\Users\Oishi\AppData\Local\nsuC302.tmp
2015-07-20 18:06 - 2015-07-20 18:06 - 0613255 _____ (CMI Limited) C:\Users\Oishi\AppData\Local\nsvB732.tmp
2015-03-15 13:50 - 2015-05-09 09:50 - 0000800 _____ () C:\Users\Oishi\AppData\Local\Temp-log.txt
2015-05-22 07:23 - 2015-05-22 07:23 - 0000000 _____ () C:\Users\Oishi\AppData\Local\Temp.dat
2016-01-06 11:24 - 2016-01-06 11:25 - 0000000 _____ () C:\Users\Oishi\AppData\Local\{F18A4C0A-BBB0-44BD-83D7-F76F644DB84E}
2010-11-21 08:54 - 2010-11-21 08:54 - 91762688 ___SH (Bronto Software) C:\ProgramData\msnjusfhx.exe
2010-11-21 08:54 - 2010-11-21 08:54 - 72313216 ___SH () C:\ProgramData\msvddl.exe
2015-07-24 10:19 - 2016-01-09 22:18 - 0001024 _____ () C:\ProgramData\My Music.lnk
2015-07-24 10:19 - 2016-01-09 22:18 - 0001024 _____ () C:\ProgramData\ProgramData.lnk
 
Files to move or delete:
====================
C:\ProgramData\msnjusfhx.exe
C:\ProgramData\msvddl.exe
 
 
Some files in TEMP:
====================
C:\Users\Oishi\AppData\Local\Temp\2785.exe
C:\Users\Oishi\AppData\Local\Temp\318.exe
C:\Users\Oishi\AppData\Local\Temp\9485.exe
C:\Users\Oishi\AppData\Local\Temp\avg7684.exe
C:\Users\Oishi\AppData\Local\Temp\bedhdicjca.exe
C:\Users\Oishi\AppData\Local\Temp\bedhdjdhca.exe
C:\Users\Oishi\AppData\Local\Temp\bjg21B.exe
C:\Users\Oishi\AppData\Local\Temp\cdo109402372.dll
C:\Users\Oishi\AppData\Local\Temp\cdo1243033039.dll
C:\Users\Oishi\AppData\Local\Temp\cdo1461118420.dll
C:\Users\Oishi\AppData\Local\Temp\cdo1496286639.dll
C:\Users\Oishi\AppData\Local\Temp\cdo1510122650.dll
C:\Users\Oishi\AppData\Local\Temp\cdo1929176771.dll
C:\Users\Oishi\AppData\Local\Temp\cdo2294592185.dll
C:\Users\Oishi\AppData\Local\Temp\cdo2541422562.dll
C:\Users\Oishi\AppData\Local\Temp\cdo266767624.dll
C:\Users\Oishi\AppData\Local\Temp\cdo2754623748.dll
C:\Users\Oishi\AppData\Local\Temp\cdo2853370808.dll
C:\Users\Oishi\AppData\Local\Temp\cdo2956289631.dll
C:\Users\Oishi\AppData\Local\Temp\cdo3136869178.dll
C:\Users\Oishi\AppData\Local\Temp\cdo328622288.dll
C:\Users\Oishi\AppData\Local\Temp\cdo3304684881.dll
C:\Users\Oishi\AppData\Local\Temp\cdo3669696246.dll
C:\Users\Oishi\AppData\Local\Temp\cdo3772786717.dll
C:\Users\Oishi\AppData\Local\Temp\cdo3926933226.dll
C:\Users\Oishi\AppData\Local\Temp\cdo414031479.dll
C:\Users\Oishi\AppData\Local\Temp\cdo497798347.dll
C:\Users\Oishi\AppData\Local\Temp\cdo647646295.dll
C:\Users\Oishi\AppData\Local\Temp\cdo810978537.dll
C:\Users\Oishi\AppData\Local\Temp\D335.exe
C:\Users\Oishi\AppData\Local\Temp\DE76.exe
C:\Users\Oishi\AppData\Local\Temp\fsd4D16.exe
C:\Users\Oishi\AppData\Local\Temp\fsdC13C.exe
C:\Users\Oishi\AppData\Local\Temp\fsdE0CD.exe
C:\Users\Oishi\AppData\Local\Temp\fsdE945.exe
C:\Users\Oishi\AppData\Local\Temp\GPUpd55AF816D0.exe
C:\Users\Oishi\AppData\Local\Temp\GPUpd55B0D2ED0.exe
C:\Users\Oishi\AppData\Local\Temp\GPUpd55BA2CF30.exe
C:\Users\Oishi\AppData\Local\Temp\GPUpd55BE130B0.exe
C:\Users\Oishi\AppData\Local\Temp\GPUpd55CB37970.exe
C:\Users\Oishi\AppData\Local\Temp\GPUpd55CDF06D0.exe
C:\Users\Oishi\AppData\Local\Temp\GPUpd55D0A7D90.exe
C:\Users\Oishi\AppData\Local\Temp\GPUpd55DDA7CC0.exe
C:\Users\Oishi\AppData\Local\Temp\GPUpd55E048ED0.exe
C:\Users\Oishi\AppData\Local\Temp\GPUpd55E2EBED0.exe
C:\Users\Oishi\AppData\Local\Temp\GPUpd55E59D410.exe
C:\Users\Oishi\AppData\Local\Temp\GPUpd56499E930.exe
C:\Users\Oishi\AppData\Local\Temp\GPUpd564C68630.exe
C:\Users\Oishi\AppData\Local\Temp\GPUpd564F0B630.exe
C:\Users\Oishi\AppData\Local\Temp\gp_up_324832.exe
C:\Users\Oishi\AppData\Local\Temp\Hibiki.dll
C:\Users\Oishi\AppData\Local\Temp\hp_u2_1309.exe
C:\Users\Oishi\AppData\Local\Temp\hp_u2_1350.exe
C:\Users\Oishi\AppData\Local\Temp\hp_upd2_1267.exe
C:\Users\Oishi\AppData\Local\Temp\hp_upd2_1270.exe
C:\Users\Oishi\AppData\Local\Temp\hp_upd2_1285.exe
C:\Users\Oishi\AppData\Local\Temp\hp_up_2329329.exe
C:\Users\Oishi\AppData\Local\Temp\hp_up_53523222.exe
C:\Users\Oishi\AppData\Local\Temp\hp_u_0508.exe
C:\Users\Oishi\AppData\Local\Temp\hp_u_232322.exe
C:\Users\Oishi\AppData\Local\Temp\hp_u_23232323.exe
C:\Users\Oishi\AppData\Local\Temp\hp_u_23248383.exe
C:\Users\Oishi\AppData\Local\Temp\hp_u_23828328.exe
C:\Users\Oishi\AppData\Local\Temp\hp_u_2_323232.exe
C:\Users\Oishi\AppData\Local\Temp\hp_u_439343.exe
C:\Users\Oishi\AppData\Local\Temp\h_u2_32992.exe
C:\Users\Oishi\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Oishi\AppData\Local\Temp\mytmpinstaller.exe
C:\Users\Oishi\AppData\Local\Temp\nrDlTBFGX4.exe
C:\Users\Oishi\AppData\Local\Temp\prappahykc.exe
C:\Users\Oishi\AppData\Local\Temp\qqpcmgr_v10.10.16444.223_8885765_Silence.exe
C:\Users\Oishi\AppData\Local\Temp\Ra8Qgxz6p7.exe
C:\Users\Oishi\AppData\Local\Temp\Ruby.exe
C:\Users\Oishi\AppData\Local\Temp\setacl.exe
C:\Users\Oishi\AppData\Local\Temp\Setup-2-.exe
C:\Users\Oishi\AppData\Local\Temp\setup3.exe
C:\Users\Oishi\AppData\Local\Temp\sfextra.dll
C:\Users\Oishi\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Oishi\AppData\Local\Temp\SoftonicAssistant_v0-1-6.exe
C:\Users\Oishi\AppData\Local\Temp\soiygu3.exe
C:\Users\Oishi\AppData\Local\Temp\tmpEAA5.tmp.exe
C:\Users\Oishi\AppData\Local\Temp\ttv.exe
C:\Users\Oishi\AppData\Local\Temp\tu17p84.exe
C:\Users\Oishi\AppData\Local\Temp\Uninstall.exe
C:\Users\Oishi\AppData\Local\Temp\UpdateYTD_amodcG20141226.exe
C:\Users\Oishi\AppData\Local\Temp\VLX_Player.exe
C:\Users\Oishi\AppData\Local\Temp\war of lies__10924_i1555372624_il1421709.exe
C:\Users\Oishi\AppData\Local\Temp\ytdieamo_amodc_setup.exe
C:\Users\Oishi\AppData\Local\Temp\ytd_sysmenu_setup.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-21 14:18
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:44 PM

Posted 10 January 2016 - 08:59 AM

double post - closed

go on with your other Topic
http://www.bleepingcomputer.com/forums/t/601856/programs-for-malware-removal-unable-to-open-computer-is-very-slow/

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users