Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect through localhost.world script


  • Please log in to reply
12 replies to this topic

#1 Kasutaja

Kasutaja

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:41 PM

Posted 01 February 2016 - 03:04 PM

This is what my localhost.world looks like when downloaded. this thing gets enabled as proxy script and it force closes my chrome whenever that cmd window appears and then quickly disappears. It's been for a while now when this thing has happened. First I thought Windows had some bug and didn't disable the thing and thought nah it's localhost thing, no big deal. Guess I was wrong.

function FindProxyForURL(url, host) {
    ba = /^https?:\/\/www\.google\.[a-zA-Z.]+\/?$/;if (ba.test(url)) { return "PROXY 69.197.188.122:8484" }
    bb = /^https?:\/\/www\.google\.[a-zA-Z.]+\/\?(.*)$/;if (bb.test(url)) { return "PROXY 69.197.188.122:8484" }
    bc = /^https?:\/\/www\.google\.[a-zA-Z.]+\/search\?(.*)$/;if (bc.test(url)) { return "PROXY 69.197.188.122:8484" }
    bd = /^https?:\/\/www\.google\.[a-zA-Z.]+\/cse\?(.*)$/;if (bd.test(url)) { return "PROXY 69.197.188.122:8484" }
    be = /^https?:\/\/www\.google\.[a-zA-Z.]+\/s\?(.*)$/;if (be.test(url)) { return "PROXY 69.197.188.122:8484" }
    bf = /^https?:\/\/cse\.google\.[a-zA-Z.]+\/cse\?(.*)$/;if (bf.test(url)) { return "PROXY 69.197.188.122:8484" }
    return "DIRECT";
}

Thrown Malwarebytes at it, ESET smart security, AdwCleaner, Kaspersky virus removal tool, JRT, MS malicious removal tool, Rkill, F-secure scanner thingy, rouge killer, malwarebytes rootkit thing (mbar) and TDSSkiller.

Nope, not going away nor did they find anything suspicious either. Some found some things but they were completely unrelated and after removing them the problem is still there. Of course I have reset internet settings, chrome, FF and IE, used cCleaner as well. Also lurking around on other forums I had some DO_NOT_TRUST certificates that I removed. I also had registry entry for that localhost.world thing to be default, I cleared that field. Now I'm out of ideas and thinking about a clean format.

 

 

 

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016

Ran by Alar A (2016-02-01 21:31:07)
Running from C:\Users\Alar A\Desktop
Windows 10 Pro (X64) (2015-12-11 21:45:18)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3767336195-4232530657-1193366898-500 - Administrator - Disabled) => C:\Users\Administrator
Alar A (S-1-5-21-3767336195-4232530657-1193366898-1001 - Administrator - Enabled) => C:\Users\Alar A
DefaultAccount (S-1-5-21-3767336195-4232530657-1193366898-503 - Limited - Disabled)
Guest (S-1-5-21-3767336195-4232530657-1193366898-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET Smart Security 9.0.349.14 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 9.0.349.14 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET-i personaalne tulemüür (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.1.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0.1 - Adobe Systems Incorporated)
Adventure Pinball (HKLM-x32\...\Adventure Pinball) (Version:  - )
AOMEI Partition Assistant Standard Edition 5.8 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.3.1.840 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
BurnAware Free 8.4 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Cities Skylines (HKLM-x32\...\Cities Skylines_R.G. Gamblers_is1) (Version:  - R.G. Gamblers, Fanfar)
CLEO 4.3 (HKLM-x32\...\{A8F37EB0-C741-41D7-8CAB-5B40ECEEF094}_is1) (Version: 4.3 - Seemann, Deji, Alien)
Dell System Detect (HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\73f463568823ebbe) (Version: 6.6.0.1 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.218 - ALPS ELECTRIC CO., LTD.)
Diil Internet (HKLM-x32\...\Diil Internet) (Version: 21.005.11.02.337 - Huawei Technologies Co.,Ltd)
Discord (HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Discord) (Version: 0.0.283 - Hammer & Chisel, Inc.)
EaseUS Data Recovery Wizard 9.5 (HKLM\...\EaseUS Data Recovery Wizard 9.5_is1) (Version:  - EaseUS)
Eassos PartitionGuru 4.7.2 (HKLM\...\{FC4FF5F4-2265-4E18-8BBC-12CBA9794388}_is1) (Version:  - Eassos Co., Ltd.)
Eesti ID-kaardi tarkvara 3.11.1.1599 (64 bit) (HKLM\...\{008C8FFD-83EA-44E2-A996-A1295EB9B38B}) (Version: 3.11.1.1599 - RIA)
ESET Smart Security (HKLM\...\{37BA4229-5114-4439-8A3C-44889DA880D2}) (Version: 9.0.349.14 - ESET, spol. s r.o.)
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version:  - )
FileZilla Client 3.13.1 (HKLM-x32\...\FileZilla Client) (Version: 3.13.1 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.)
Google Photos Backup (HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Google Photos Backup) (Version: 1.1.1.276 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Kodi (HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Kodi) (Version:  - XBMC-Foundation)
Life Is Strange (HKLM-x32\...\Life Is Strange_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 et) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 et)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
MP3 Renamer (HKLM\...\{75C43A91-EC51-4CC8-ADB6-F3CDAC494DB5}) (Version: 1.0.0 - hackovic.com)
Mp3tag v2.73 (HKLM-x32\...\Mp3tag) (Version: v2.73 - Florian Heidenreich)
Need For Speed 3 Patch (HKLM\...\{7de963c9-aef2-4a49-85ae-a58f90ed295d}.sdb) (Version:  - )
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
nGlide 1.04 (HKLM-x32\...\nGlide) (Version: 1.04 - Zeus Software)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.6 - Notepad++ Team)
NVIDIA 3D Vision Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.43 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation)
NVIDIA Graphics Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.43 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenIV (HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\OpenIV) (Version: 2.7.680 - .black/OpenIV Team)
paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.4.1.0 - Popcorn Time)
Popcorn Time (HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Popcorn Time) (Version:  - Popcorn Official)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.15 - Dell Inc.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.3 r2519 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.8 - Rockstar Games)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.9.1.22 - NVIDIA Corporation) Hidden
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.15.16.201511171525 - Sony Mobile Communications Inc.)
Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
Spotify (HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Spotify) (Version: 1.0.20.94.g8f8543b3 - Spotify AB)
Stardock Start10 (HKLM\...\Start10_is1) (Version: 1.0 - Stardock Software, Inc.)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.52465 - TeamViewer)
TNod User & Password Finder (HKLM\...\TNod) (Version: 1.6.0.0 - Tukero[X]Team)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Windows Driver Package - RIA (Estonian National ID Card) (UMPass) SmartCard  (05/13/2015 3.11.0.1175) (HKLM\...\C478C8A35A0A297F2FADF155E889D402655E894E) (Version: 05/13/2015 3.11.0.1175 - RIA (Estonian National ID Card))
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.8.0 - Elaborate Bytes)
Xion v1.5 (build 155) (HKLM-x32\...\Xion) (Version: 1.5 (build 155) - r2 Studios)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3767336195-4232530657-1193366898-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Alar A\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3767336195-4232530657-1193366898-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Alar A\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {20553E42-D4B3-401B-A998-E51EF5FD1B61} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {303ED432-BA7E-4816-9DAD-367BE7729E62} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3767336195-4232530657-1193366898-1001UA => C:\Users\Alar A\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-27] (Google Inc.)
Task: {42ADE43E-A244-4B71-8F6D-FCC168CF12FC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {43AFC79D-FA1E-4ED2-B4F6-280A4BF82390} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {48960E20-F3E7-4B26-BDF3-28404904B2EF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {4E3BFB1B-590C-41CE-BA53-5625E0555FB9} - System32\Tasks\RegIdleBackup => C:\windows\icm32.exe [2016-01-24] ()
Task: {7A1612A6-B3CE-4A75-9C1F-E44E932FA581} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {93B6C2D4-DBC5-4FB3-BFA7-8A3817E1D2B7} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-IHVFTHP-Alar A => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {97A6E6A1-F048-419B-B854-4DB5FB928D97} - System32\Tasks\id updater task => id-updater.exe
Task: {9C23D167-328E-44C1-9112-AA1396C99D4F} - System32\Tasks\Microsoft Toolkit Update => Wscript.exe //nologo //B //E:jscript "C:\Users\Alar A\AppData\Roaming\Microsoft Toolkit\settings.ini" <==== ATTENTION
Task: {A25D273A-D0B3-4F99-A1C8-1E3CEA9E9D05} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-20] (Adobe Systems Incorporated)
Task: {B57B4225-4824-4C18-BCF3-579CDD3739F6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3767336195-4232530657-1193366898-1001Core => C:\Users\Alar A\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-27] (Google Inc.)
Task: {E601DA2D-17DD-4039-91BD-5D6BFF4CB61D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-01] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3767336195-4232530657-1193366898-1001Core.job => C:\Users\Alar A\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3767336195-4232530657-1193366898-1001UA.job => C:\Users\Alar A\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Toolkit Update.job => Wscript.exe Z/nologo /B /E:jscript C:\Users\Alar A\AppData\Roaming\Microsoft Toolkit\settings.ini <==== ATTENTION
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-11 23:38 - 2015-12-16 16:54 - 00126256 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-11-16 15:38 - 2010-11-16 15:38 - 00339456 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2016-01-25 02:36 - 2016-01-12 06:43 - 00291264 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2015-09-14 15:26 - 2015-09-14 15:25 - 00218624 _____ () C:\ProgramData\Diil Internet\OnlineUpdate\ouc.exe
2015-12-12 09:35 - 2015-12-12 09:35 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-12 09:35 - 2015-12-12 09:35 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2010-07-15 06:44 - 2010-07-15 06:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2015-04-15 22:13 - 2015-04-15 22:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-12-18 09:07 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-18 09:07 - 2015-12-07 06:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-13 17:49 - 2016-01-05 03:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-13 17:49 - 2016-01-05 03:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-28 17:54 - 2016-01-16 07:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-28 17:54 - 2016-01-16 07:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-08-27 16:49 - 2015-08-27 16:49 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-01-03 17:19 - 2016-01-03 17:19 - 00036544 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2016-01-03 17:19 - 2016-01-03 17:19 - 01409728 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2016-01-03 17:18 - 2016-01-03 17:18 - 00022016 _____ () C:\Program Files\Rainmeter\Plugins\InputText.DLL
2016-01-03 17:17 - 2016-01-03 17:17 - 00108544 _____ () C:\Program Files\Rainmeter\Plugins\PowerPlugin.dll
2015-09-14 15:26 - 2015-09-14 15:25 - 00011362 _____ () C:\ProgramData\Diil Internet\OnlineUpdate\mingwm10.dll
2015-09-14 15:26 - 2015-09-14 15:25 - 00043008 _____ () C:\ProgramData\Diil Internet\OnlineUpdate\libgcc_s_dw2-1.dll
2015-09-14 15:26 - 2015-09-14 15:25 - 02415104 _____ () C:\ProgramData\Diil Internet\OnlineUpdate\QtCore4.dll
2015-09-14 15:26 - 2015-09-14 15:25 - 01148416 _____ () C:\ProgramData\Diil Internet\OnlineUpdate\QtNetwork4.dll
2016-01-29 14:50 - 2016-01-27 19:39 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libglesv2.dll
2016-01-29 14:50 - 2016-01-27 19:39 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libegl.dll
2016-01-21 21:02 - 2015-11-17 12:07 - 02397696 _____ () C:\Users\Alar A\AppData\Local\Discord\app-0.0.283\libdiscord.dll
2016-02-01 21:23 - 2016-02-01 21:23 - 00380416 _____ () C:\Users\Alar A\AppData\Local\Temp\7ED4.tmp
2016-01-21 21:02 - 2015-11-17 12:07 - 00240128 _____ () C:\Users\Alar A\AppData\Local\Discord\app-0.0.283\resources\node_modules\discord_toaster\discord_toaster.node
2016-01-21 21:02 - 2015-11-17 12:07 - 00049664 _____ () C:\Users\Alar A\AppData\Local\Discord\app-0.0.283\resources\node_modules\discord_overlay\discord_overlay.node
2016-01-21 21:02 - 2015-11-17 12:07 - 01581568 _____ () C:\Users\Alar A\AppData\Local\Discord\app-0.0.283\libglesv2.dll
2016-01-21 21:02 - 2015-11-17 12:07 - 00012288 _____ () C:\Users\Alar A\AppData\Local\Discord\app-0.0.283\libegl.dll
2016-01-21 21:02 - 2015-11-17 12:07 - 00371712 _____ () C:\Users\Alar A\AppData\Local\Discord\app-0.0.283\server.x86.dll
2015-08-27 16:42 - 2014-09-28 16:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
2007-07-22 03:15 - 2013-04-07 06:35 - 00758784 _____ () C:\Program Files (x86)\r2 Studios\Xion\XionTags.dll
2007-03-03 17:46 - 2006-03-03 19:52 - 00088576 _____ () C:\Program Files (x86)\r2 Studios\Xion\OptimFROG.dll
2016-01-29 14:50 - 2016-01-27 19:39 - 16799048 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 13:04 - 2016-02-01 19:30 - 00000996 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
# End of entries inserted by Spybot - Search & Destroy
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Alar A\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Update service => 2
HKLM\...\StartupApproved\Run: => "Classic Start Menu"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\StartupApproved\StartupFolder: => "HandyAndy.lnk"
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\StartupApproved\Run: => "Google Photos Backup"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{2B633F49-E9D3-417B-95C9-10292387CB58}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D63D3FE1-2361-4D1A-BCE9-50CFF1EB179A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8A6A0BC9-3885-449C-A877-0F101B62BDCC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B5635B85-1F7D-4F40-910E-19A3048D4729}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{48B01769-6FA1-44E3-8072-774D71854AC7}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{C5D7AE52-7222-43F2-962B-64BD6D7E1991}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{A2A50B2C-E900-4C52-A512-459A8547D453}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EAFBC9D3-B170-4DCC-8831-DF70E2D9CC01}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{00909C82-A9A6-4AB4-BC16-8B884733E279}] => (Allow) C:\Users\Alar A\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{303749FD-A3DD-4AAE-A232-E9EBE3E1A328}] => (Allow) C:\Users\Alar A\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{25A2CFC4-2DE2-43D1-8470-2247B577747A}] => (Allow) C:\Users\Administrator\AppData\Roaming\Andy_45_Online\Setup.exe
FirewallRules: [{CCD70261-03DE-430A-97AB-A196E9C8B803}] => (Allow) C:\Users\Administrator\AppData\Roaming\Andy_45_Online\Setup.exe
FirewallRules: [{D83FAA7A-96F2-4ACA-AA3C-8FE7E3B03F67}] => (Allow) C:\Users\Alar A\AppData\Roaming\Andy_45_Online\Setup.exe
FirewallRules: [{2025CBE3-E41C-447C-8A1D-4EE072E9DEFB}] => (Allow) C:\Users\Alar A\AppData\Roaming\Andy_45_Online\Setup.exe
FirewallRules: [{9DF09BA1-A5F8-458F-BAA1-44529C89C3B2}] => (Allow) C:\Users\Alar A\AppData\Roaming\Andy_45_Online\Setup.exe
FirewallRules: [{54413E35-CA34-459C-8926-C2796B7498C8}] => (Allow) C:\Users\Alar A\AppData\Roaming\Andy_45_Online\Setup.exe
FirewallRules: [{A374D5A9-B331-4E02-A056-90FDB20F59F4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{82B88B9B-044D-464B-87FE-5AA185D95C5E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E524FC54-FC5A-4AB1-ACFE-D0AC6BA67A65}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{6B1F14D4-0678-4F84-AAA0-809AF442A486}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{9E5E9DDD-A5D5-49CC-8B08-A69F4083647E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{5A693DB5-498C-4E71-BF27-5BED4147697B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{EBC34303-407E-4C4B-B5CE-89D97F04123F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{AF640E5B-4BD6-4212-9AB1-6D533AF2AE3E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{770D716D-D181-439B-BAF6-B6BEF529C091}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B0C3BEFA-71D4-444D-9132-06BDAA562DCA}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{8A885D96-A085-422B-BAA9-736C99DCFBCA}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{1EBF6927-9BAD-4CE4-8985-FCDAE86F26C9}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{FC2029BA-E208-4CC5-9103-B5E00C1503B3}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{C33B2840-C530-462E-B1F0-8C9F5EC35242}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{C98A790A-AB3C-4A2F-BF5E-4E7D43116B78}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{24464550-0B64-478C-9AF7-DEFA602797BB}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{67569B04-4F27-4FF9-BB05-3B108DF71291}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
25-01-2016 17:33:46 Installed GTA San Andreas
26-01-2016 22:10:34 Removed iTunes
01-02-2016 19:13:59 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Hosted Network Virtual Adapter
Description: Microsoft Hosted Network Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/01/2016 09:24:12 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (02/01/2016 09:24:07 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (02/01/2016 09:23:46 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (02/01/2016 09:19:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: regedit.exe, version: 10.0.10586.0, time stamp: 0x5632d798
Faulting module name: COMCTL32.dll, version: 6.10.10586.0, time stamp: 0x5632d2ce
Exception code: 0xc00000fd
Fault offset: 0x00000000000037a7
Faulting process id: 0x1b90
Faulting application start time: 0xregedit.exe0
Faulting application path: regedit.exe1
Faulting module path: regedit.exe2
Report Id: regedit.exe3
Faulting package full name: regedit.exe4
Faulting package-relative application ID: regedit.exe5
 
Error: (02/01/2016 07:14:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (02/01/2016 07:10:54 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: FALENONE)
Description: Windows cannot delete the profile directory C:\Users\test. This error may be caused by files in this directory being used by another program. 
 
 DETAIL - The directory is not empty.
 
Error: (02/01/2016 07:09:16 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=2
 
Error: (02/01/2016 06:11:58 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (02/01/2016 06:11:53 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (02/01/2016 06:11:33 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
 
System errors:
=============
Error: (02/01/2016 09:23:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diil Internet. RunOuc service failed to start due to the following error: 
%%1053
 
Error: (02/01/2016 09:23:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Diil Internet. RunOuc service to connect.
 
Error: (02/01/2016 09:22:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_4f15e service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (02/01/2016 09:22:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_4f15e service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (02/01/2016 09:22:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_4f15e service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (02/01/2016 09:22:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_4f15e service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (02/01/2016 09:22:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (02/01/2016 08:40:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BlueStacks Updater Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/01/2016 07:14:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/01/2016 07:10:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
 
CodeIntegrity:
===================================
  Date: 2016-01-29 14:07:43.149
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-27 11:57:44.522
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-26 16:21:11.406
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-18 12:05:49.307
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-14 14:32:56.687
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-07 20:16:32.119
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-31 11:05:39.811
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-24 00:23:23.440
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-19 12:11:44.164
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-19 03:46:33.122
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 32%
Total physical RAM: 8086.16 MB
Available physical RAM: 5480.69 MB
Total Virtual: 8286.16 MB
Available Virtual: 5662.02 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:212.47 GB) (Free:33.36 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 1FF3A241)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=212.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.9 GB) - (Type=05)
 
==================== End of Addition.txt ============================

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016

Ran by Alar A (administrator) on FALENONE (01-02-2016 21:30:38)
Running from C:\Users\Alar A\Desktop
Loaded Profiles: Alar A (Available Profiles: Alar A & Administrator)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start10\Start10Srv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start10\Start10_64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\ProgramData\Diil Internet\OnlineUpdate\ouc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Hammer & Chisel, Inc.) C:\Users\Alar A\AppData\Local\Discord\app-0.0.283\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hammer & Chisel, Inc.) C:\Users\Alar A\AppData\Local\Discord\app-0.0.283\Discord.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Hammer & Chisel, Inc.) C:\Users\Alar A\AppData\Local\Discord\app-0.0.283\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(r2 Studios) C:\Program Files (x86)\r2 Studios\Xion\Xion.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-08-27] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2015-08-27] (Pixart Imaging Inc)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2015-08-27] (Alps Electric Co., Ltd.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [TNOD UP] => C:\Program Files\TNod User & Password Finder\TNODUP.exe [5592576 2015-12-20] (Tukero[X]Team)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [4500640 2011-03-10] (Dell Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\WB: C:\Program Files (x86)\Stardock\WindowBlinds\fast64.dll [X]
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Run: [Spotify Web Helper] => C:\Users\Alar A\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2015-12-23] (Spotify Ltd)
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Run: [Spotify] => C:\Users\Alar A\AppData\Roaming\Spotify\Spotify.exe [8387696 2015-12-23] (Spotify Ltd)
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Run: [Google Update] => C:\Users\Alar A\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-12-27] (Google Inc.)
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Run: [Google Photos Backup] => C:\Users\Alar A\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3791176 2015-12-11] (Google, Inc)
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Run: [Discord] => C:\Users\Alar A\AppData\Local\Discord\app-0.0.283\Discord.exe [51716784 2015-11-17] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Policies\Explorer: [NoPreviewPane] 0
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Policies\Explorer: [HideSCANetwork] 0
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Policies\Explorer: [HideSCAVolume] 0
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\MountPoints2: {9e6a249e-5ba6-11e5-9be2-3859f98fcc62} - "D:\setup.exe" 
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175368 2015-12-16] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [175368 2015-12-16] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [153208 2015-12-16] (NVIDIA Corporation)
Startup: C:\Users\Alar A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2016-01-22]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
GroupPolicyScripts: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{d8b5b458-c7ca-46da-b312-6fb2255e812e}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
BHO: IE Token Signing Plugin -> {2A4E94A4-B275-491A-9E32-CD7A26FC7C3B} -> C:\Program Files\Estonian ID Card\esteid-plugin-ie64.dll [2015-06-02] (RIA)
BHO-x32: IE Token Signing Plugin -> {2A4E94A4-B275-491A-9E32-CD7A26FC7C3B} -> C:\Program Files (x86)\Estonian ID Card\esteid-plugin-ie.dll [2015-06-02] (RIA)
 
FireFox:
========
FF ProfilePath: C:\Users\Alar A\AppData\Roaming\Mozilla\Firefox\Profiles\xvkyscug.default-1454351539834
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] ()
FF Plugin: @RIA/esteid-firefox-plugin -> C:\Program Files\Estonian ID Card\npesteid-firefox-plugin.dll [2015-08-28] (RIA)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @RIA/esteid-firefox-plugin -> C:\Program Files (x86)\Estonian ID Card\npesteid-firefox-plugin.dll [2015-08-28] (RIA)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3767336195-4232530657-1193366898-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Alar A\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-3767336195-4232530657-1193366898-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Alar A\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{aa84ce40-4253-a00a-8cd6-0800200f9a67}] - C:\Program Files (x86)\Estonian ID Card\\{aa84ce40-4253-a00a-8cd6-0800200f9a67}.xpi
FF Extension: Estonian ID Card authentication module - C:\Program Files (x86)\Estonian ID Card\\{aa84ce40-4253-a00a-8cd6-0800200f9a67}.xpi [2015-08-28]
FF HKLM-x32\...\Firefox\Extensions: [{aa84ce40-4253-a00a-8cd6-0800200f9a67}] - C:\Program Files (x86)\Estonian ID Card\\{aa84ce40-4253-a00a-8cd6-0800200f9a67}.xpi
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR Profile: C:\Users\Alar A\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Alar A\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2016-02-01]
CHR Extension: (Google Drive) - C:\Users\Alar A\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (SoundCloud Downloader) - C:\Users\Alar A\AppData\Local\Google\Chrome\User Data\Default\Extensions\baignpanbngjdimbgmannbolcbplmofl [2016-01-23]
CHR Extension: (YouTube) - C:\Users\Alar A\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-07]
CHR Extension: (uBlock Origin) - C:\Users\Alar A\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-01-11]
CHR Extension: (Token signing) - C:\Users\Alar A\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckjefchnfjhjfedoccjbhjpbncimppeg [2016-01-24]
CHR Extension: (Google Search) - C:\Users\Alar A\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Tampermonkey) - C:\Users\Alar A\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-12-12]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\Alar A\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2015-08-27]
CHR Extension: (I don't care about cookies) - C:\Users\Alar A\AppData\Local\Google\Chrome\User Data\Default\Extensions\fihnjjcciajhdojfnbdddfaoknhalnja [2016-01-12]
CHR Extension: (Stylish) - C:\Users\Alar A\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2015-10-17]
CHR Extension: (SmoothScroll) - C:\Users\Alar A\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbokbjkabcmbfdlbddjidfmibcpneigj [2015-11-24]
CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\Alar A\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2016-01-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alar A\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-27]
CHR Extension: (AdF.ly Skipper ★WORKING★) - C:\Users\Alar A\AppData\Local\Google\Chrome\User Data\Default\Extensions\obnfifcganohemahpomajbhocfkdgmjb [2015-08-27]
CHR Extension: (Gmail) - C:\Users\Alar A\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-27]
CHR HKLM-x32\...\Chrome\Extension: [ckjefchnfjhjfedoccjbhjpbncimppeg] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated)
S2 Diil Internet. RunOuc; C:\Program Files (x86)\Diil Internet\UpdateDog\ouc.exe [218624 2015-09-14] () [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2521080 2015-11-19] (ESET)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-08-27] (Realtek Semiconductor)
R2 Start10; C:\Program Files (x86)\Stardock\Start10\Start10Srv.exe [219664 2015-02-03] (Stardock Software, Inc)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6887696 2015-11-30] (TeamViewer GmbH)
S4 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 A38CCID; C:\Windows\system32\DRIVERS\a38ccid.sys [82480 2015-08-19] (Advanced Card Systems Ltd.)
S3 ampa; C:\Windows\system32\ampa.sys [17008 2013-12-18] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [17008 2013-12-18] ()
R3 athr; C:\Windows\System32\drivers\athwnx.sys [4207104 2015-10-30] (Qualcomm Atheros Communications, Inc.)
S3 atrfiltr; C:\Windows\system32\DRIVERS\atrfiltr.sys [26496 2015-09-08] (Windows ® Win 7 DDK provider)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [263528 2015-12-08] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [251632 2015-07-14] (ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [14976 2015-11-27] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [186784 2015-11-27] (ESET)
S4 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [142976 2015-11-27] (ESET)
R3 ElcMouLFlt; C:\Windows\System32\drivers\ElcMouLFlt.sys [28648 2015-10-16] (ELECOM)
R3 ElcMouUFlt; C:\Windows\System32\drivers\ElcMouUFlt.sys [27624 2015-10-16] (ELECOM)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [206312 2015-11-27] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [52872 2015-11-27] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [69840 2015-11-27] (ESET)
S3 ewusbnet; C:\Windows\System32\drivers\ewusbnet.sys [256000 2015-09-14] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-01] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-08-27] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2015-08-27] ()
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-01 21:30 - 2016-02-01 21:30 - 00020449 _____ C:\Users\Alar A\Desktop\FRST.txt
2016-02-01 21:26 - 2016-02-01 21:26 - 00478392 ____N (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\8D772A18.sys
2016-02-01 21:26 - 2016-02-01 21:26 - 00085600 ____N (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\69911687.sys
2016-02-01 21:23 - 2016-02-01 21:23 - 00000733 _____ C:\Users\Alar A\Downloads\localhost (1).download
2016-02-01 21:13 - 2016-02-01 21:13 - 00000293 _____ C:\Users\Alar A\Downloads\Search.txt
2016-02-01 21:03 - 2016-02-01 21:04 - 00034845 _____ C:\Users\Alar A\Downloads\Addition.txt
2016-02-01 21:02 - 2016-02-01 21:30 - 00000000 ____D C:\FRST
2016-02-01 21:02 - 2016-02-01 21:24 - 00064603 _____ C:\Users\Alar A\Downloads\FRST.txt
2016-02-01 21:01 - 2016-02-01 21:02 - 02370560 _____ (Farbar) C:\Users\Alar A\Desktop\FRST64.exe
2016-02-01 20:50 - 2016-02-01 20:50 - 00505896 _____ (F-Secure Corporation) C:\Users\Alar A\Downloads\F-SecureOnlineScanner.exe
2016-02-01 20:50 - 2016-02-01 20:50 - 00000000 ____D C:\Users\Alar A\AppData\Local\F-Secure
2016-02-01 20:50 - 2016-02-01 20:50 - 00000000 ____D C:\Users\Alar A\AppData\Local\FSDART
2016-02-01 20:50 - 2016-02-01 20:50 - 00000000 ____D C:\ProgramData\F-Secure
2016-02-01 20:47 - 2016-02-01 21:21 - 00000000 ____D C:\KVRT_Data
2016-02-01 20:45 - 2016-02-01 20:47 - 91546008 _____ (Kaspersky Lab ZAO) C:\Users\Alar A\Downloads\KVRT.exe
2016-02-01 19:13 - 2016-02-01 19:13 - 01609032 _____ (Malwarebytes) C:\Users\Alar A\Downloads\JRT.exe
2016-02-01 19:08 - 2016-02-01 19:10 - 00000000 ____D C:\Users\test
2016-02-01 19:08 - 2016-02-01 19:08 - 00000000 ____D C:\Users\test\AppData\Local\TileDataLayer
2016-02-01 18:54 - 2016-02-01 18:54 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Alar A\Downloads\rkill.exe
2016-02-01 18:48 - 2016-02-01 18:48 - 00000733 _____ C:\Users\Alar A\Downloads\localhost.download
2016-02-01 18:33 - 2016-02-01 18:35 - 52988120 _____ (Microsoft Corporation) C:\Users\Alar A\Downloads\Windows-KB890830-x64-V5.32.exe
2016-02-01 18:25 - 2016-02-01 18:25 - 02779704 _____ (PortableApps.com) C:\Users\Alar A\Downloads\SpybotAntiBeaconPortable-safer-networking.org_1.5_Dev_Test_3.paf (1).exe
2016-02-01 18:25 - 2016-02-01 18:25 - 02691400 _____ (Safer-Networking Ltd. ) C:\Users\Alar A\Downloads\SpybotAntiBeacon-1.5-setup.exe
2016-02-01 18:23 - 2016-02-01 18:23 - 02779704 _____ (PortableApps.com) C:\Users\Alar A\Downloads\SpybotAntiBeaconPortable-safer-networking.org_1.5_Dev_Test_3.paf.exe
2016-02-01 18:08 - 2016-02-01 18:10 - 00000000 ____D C:\AdwCleaner
2016-02-01 18:08 - 2016-02-01 18:08 - 01508352 _____ C:\Users\Alar A\Downloads\adwcleaner_5.032.exe
2016-02-01 17:52 - 2016-02-01 17:53 - 18797207 _____ C:\Users\Alar A\Downloads\2359-rusich-4-train.zip
2016-02-01 17:30 - 2016-02-01 17:31 - 04655183 _____ C:\Users\Alar A\Downloads\60589-oncf-ansaldo-breda-z2m-head-coach.zip
2016-02-01 17:30 - 2016-02-01 17:31 - 02894656 _____ C:\Users\Alar A\Downloads\60590-oncf-ansaldo-breda-z2m-middle-car.zip
2016-02-01 16:47 - 2016-02-01 16:48 - 04474496 _____ C:\Users\Alar A\Downloads\47192-lrt-1.zip
2016-02-01 16:47 - 2016-02-01 16:47 - 03955970 _____ C:\Users\Alar A\Downloads\47193-mrt-2.zip
2016-02-01 16:34 - 2016-02-01 16:34 - 02102316 _____ C:\Users\Alar A\Downloads\Girlinleatherjacket.rar
2016-02-01 16:06 - 2016-02-01 16:06 - 00075511 _____ C:\Users\Alar A\Downloads\RainMod 1.2.zip
2016-02-01 16:00 - 2016-02-01 16:00 - 00084773 _____ C:\Users\Alar A\Downloads\SkyGfx_SA_2.8b.zip
2016-02-01 15:30 - 2016-02-01 15:30 - 03253171 _____ C:\Users\Alar A\Downloads\Alysson Claret.rar
2016-02-01 15:29 - 2016-02-01 15:29 - 26444064 _____ C:\Users\Alar A\Downloads\Moira_hood.rar
2016-01-30 04:19 - 2016-01-30 04:27 - 00000000 ____D C:\Users\Alar A\Desktop\Originaalskinnid
2016-01-30 04:18 - 2016-01-30 04:14 - 01243136 _____ C:\Users\Alar A\Desktop\bmost.dff
2016-01-30 04:18 - 2016-01-30 04:14 - 01181696 _____ C:\Users\Alar A\Desktop\bmost.txd
2016-01-29 00:26 - 2016-01-29 00:41 - 00000000 ____D C:\Program Files\AdventurePinball
2016-01-29 00:26 - 2016-01-29 00:26 - 00000992 _____ C:\Users\Alar A\Desktop\Adventure Pinball.lnk
2016-01-29 00:26 - 2016-01-29 00:26 - 00000665 _____ C:\WINDOWS\eReg.dat
2016-01-29 00:26 - 2016-01-29 00:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adventure Pinball
2016-01-29 00:22 - 2016-01-29 00:22 - 00000000 ____D C:\Users\Alar A\Desktop\Adventure Pinball (2001)
2016-01-28 17:54 - 2016-01-16 08:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-28 17:54 - 2016-01-16 08:21 - 22572624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-01-28 17:54 - 2016-01-16 08:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-28 17:54 - 2016-01-16 08:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-01-28 17:54 - 2016-01-16 08:20 - 06600904 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-01-28 17:54 - 2016-01-16 08:17 - 21125400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-01-28 17:54 - 2016-01-16 08:16 - 05238360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-01-28 17:54 - 2016-01-16 07:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-28 17:54 - 2016-01-16 07:44 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-28 17:54 - 2016-01-16 07:40 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-01-28 17:54 - 2016-01-16 07:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-28 17:54 - 2016-01-16 07:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-28 17:54 - 2016-01-16 07:32 - 24602624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-01-28 17:54 - 2016-01-16 07:30 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-01-28 17:54 - 2016-01-16 07:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-28 17:54 - 2016-01-16 07:28 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-01-28 17:54 - 2016-01-16 07:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-28 17:54 - 2016-01-16 07:26 - 19338752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-01-28 17:54 - 2016-01-16 07:24 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-28 17:54 - 2016-01-16 07:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-01-28 17:54 - 2016-01-16 07:19 - 12126208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-01-28 17:54 - 2016-01-16 07:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-28 17:54 - 2016-01-16 07:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-01-28 17:54 - 2016-01-16 07:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-01-28 17:54 - 2016-01-16 07:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-28 17:53 - 2016-01-16 08:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-28 17:53 - 2016-01-16 08:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-28 17:53 - 2016-01-16 08:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-28 17:53 - 2016-01-16 08:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-28 17:53 - 2016-01-16 08:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-28 17:53 - 2016-01-16 08:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-28 17:53 - 2016-01-16 08:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-28 17:53 - 2016-01-16 08:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-28 17:53 - 2016-01-16 08:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-28 17:53 - 2016-01-16 08:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-28 17:53 - 2016-01-16 08:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-28 17:53 - 2016-01-16 08:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-01-28 17:53 - 2016-01-16 08:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-01-28 17:53 - 2016-01-16 08:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-28 17:53 - 2016-01-16 08:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-01-28 17:53 - 2016-01-16 08:13 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-01-28 17:53 - 2016-01-16 08:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-01-28 17:53 - 2016-01-16 08:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-28 17:53 - 2016-01-16 08:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-28 17:53 - 2016-01-16 08:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-01-28 17:53 - 2016-01-16 08:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-28 17:53 - 2016-01-16 07:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-28 17:53 - 2016-01-16 07:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-28 17:53 - 2016-01-16 07:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-28 17:53 - 2016-01-16 07:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-28 17:53 - 2016-01-16 07:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-28 17:53 - 2016-01-16 07:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-28 17:53 - 2016-01-16 07:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-28 17:53 - 2016-01-16 07:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-28 17:53 - 2016-01-16 07:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-28 17:53 - 2016-01-16 07:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-28 17:53 - 2016-01-16 07:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-28 17:53 - 2016-01-16 07:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-28 17:53 - 2016-01-16 07:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-28 17:53 - 2016-01-16 07:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-28 17:53 - 2016-01-16 07:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-28 17:53 - 2016-01-16 07:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-28 17:53 - 2016-01-16 07:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-28 17:53 - 2016-01-16 07:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-28 17:53 - 2016-01-16 07:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-28 17:53 - 2016-01-16 07:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-28 17:53 - 2016-01-16 07:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-28 17:53 - 2016-01-16 07:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-28 17:53 - 2016-01-16 07:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-28 17:53 - 2016-01-16 07:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-01-28 17:53 - 2016-01-16 07:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-28 17:53 - 2016-01-16 07:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-01-28 17:53 - 2016-01-16 07:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-28 17:53 - 2016-01-16 07:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-28 17:53 - 2016-01-16 07:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-28 17:53 - 2016-01-16 07:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-28 17:53 - 2016-01-16 07:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-01-28 17:53 - 2016-01-16 07:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-28 17:53 - 2016-01-16 07:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-28 17:53 - 2016-01-16 07:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-01-28 17:53 - 2016-01-16 07:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-28 17:53 - 2016-01-16 07:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-01-28 17:53 - 2016-01-16 07:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-28 17:53 - 2016-01-16 07:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-28 17:53 - 2016-01-16 07:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-28 17:53 - 2016-01-16 07:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-28 17:53 - 2016-01-16 07:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-01-28 17:53 - 2016-01-16 07:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-28 17:53 - 2016-01-16 07:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-28 17:53 - 2016-01-16 07:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-01-28 17:53 - 2016-01-16 07:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-01-28 17:53 - 2016-01-16 07:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-28 17:53 - 2016-01-16 07:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-01-28 17:53 - 2016-01-16 07:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-28 17:53 - 2016-01-16 07:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-28 17:53 - 2016-01-16 07:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-01-28 17:53 - 2016-01-16 07:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-01-28 17:53 - 2016-01-16 07:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-01-28 17:53 - 2016-01-16 07:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-28 17:53 - 2016-01-16 07:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-28 17:53 - 2016-01-16 07:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-28 17:53 - 2016-01-16 07:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-01-28 17:53 - 2016-01-16 07:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-28 17:53 - 2016-01-16 07:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-01-28 17:53 - 2016-01-16 07:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-28 17:53 - 2016-01-16 07:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-01-28 17:53 - 2016-01-16 07:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-01-28 17:53 - 2016-01-16 07:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-01-28 17:53 - 2016-01-16 07:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-01-28 17:53 - 2016-01-16 07:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-28 17:53 - 2016-01-16 07:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-28 17:53 - 2016-01-16 07:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-28 17:53 - 2016-01-16 07:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-01-28 17:53 - 2016-01-16 07:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-01-28 17:53 - 2016-01-16 07:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-28 17:53 - 2016-01-16 07:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-01-28 17:53 - 2016-01-16 07:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-01-28 17:53 - 2016-01-16 07:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-01-28 17:53 - 2016-01-16 07:18 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-01-28 17:53 - 2016-01-16 07:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-28 17:53 - 2016-01-16 07:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-28 17:53 - 2016-01-16 07:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-01-28 17:53 - 2016-01-16 07:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-01-28 17:53 - 2016-01-16 07:09 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-01-26 01:55 - 2016-01-26 17:44 - 00001254 _____ C:\Users\Alar A\Desktop\gta_sa.exe - Shortcut.lnk
2016-01-26 01:11 - 2016-02-01 17:53 - 00000000 ____D C:\Users\Alar A\Desktop\gta
2016-01-25 17:53 - 2016-01-25 17:53 - 00007229 _____ C:\WINDOWS\unins000.dat
2016-01-25 17:53 - 2016-01-25 17:52 - 01194185 _____ C:\WINDOWS\unins000.exe
2016-01-25 17:33 - 2016-01-25 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2016-01-25 02:54 - 2016-01-25 02:54 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2016-01-25 02:54 - 2016-01-25 02:54 - 00000000 ____D C:\WINDOWS\system32\NV
2016-01-25 02:54 - 2015-12-16 16:19 - 00103216 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-01-25 02:53 - 2015-12-18 10:49 - 00040080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2016-01-25 02:53 - 2015-12-16 18:59 - 42976888 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-01-25 02:53 - 2015-12-16 18:59 - 37608568 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-01-25 02:53 - 2015-12-16 18:59 - 31098488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-01-25 02:53 - 2015-12-16 18:59 - 24923768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-01-25 02:53 - 2015-12-16 18:59 - 21131424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-01-25 02:53 - 2015-12-16 18:59 - 20672376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-01-25 02:53 - 2015-12-16 18:59 - 19727624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2016-01-25 02:53 - 2015-12-16 18:59 - 17568432 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-01-25 02:53 - 2015-12-16 18:59 - 17164160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-01-25 02:53 - 2015-12-16 18:59 - 17123736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2016-01-25 02:53 - 2015-12-16 18:59 - 17104016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2016-01-25 02:53 - 2015-12-16 18:59 - 02560816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-01-25 02:53 - 2015-12-16 18:59 - 02214192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-01-25 02:53 - 2015-12-16 18:59 - 01915512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436143.dll
2016-01-25 02:53 - 2015-12-16 18:59 - 01564976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436143.dll
2016-01-25 02:53 - 2015-12-16 18:59 - 00938104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-01-25 02:53 - 2015-12-16 18:59 - 00872056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-01-25 02:53 - 2015-12-16 18:59 - 00735024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-01-25 02:53 - 2015-12-16 18:59 - 00681592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-01-25 02:53 - 2015-12-16 18:59 - 00151184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2016-01-25 02:53 - 2015-12-16 18:59 - 00128696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2016-01-25 02:35 - 2015-12-18 08:10 - 00099472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-01-25 02:35 - 2015-12-18 08:10 - 00090768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-01-25 02:01 - 2016-01-25 02:01 - 00007605 _____ C:\Users\Alar A\AppData\Local\Resmon.ResmonCfg
2016-01-24 22:05 - 2016-01-24 22:05 - 00003378 _____ C:\WINDOWS\System32\Tasks\id updater task
2016-01-24 22:05 - 2016-01-24 22:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ID-kaart
2016-01-24 22:05 - 2016-01-24 22:05 - 00000000 ____D C:\Program Files\Estonian ID Card
2016-01-24 22:05 - 2016-01-24 22:05 - 00000000 ____D C:\Program Files\DIFX
2016-01-24 22:05 - 2016-01-24 22:05 - 00000000 ____D C:\Program Files (x86)\Estonian ID Card
2016-01-24 22:03 - 2016-01-24 22:03 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WUDFUsbccidDriver_01_11_00.Wdf
2016-01-24 02:39 - 2016-02-01 19:52 - 00002432 _____ C:\WINDOWS\System32\Tasks\RegIdleBackup
2016-01-24 02:39 - 2016-01-24 02:39 - 00197632 _____ C:\WINDOWS\icm32.exe
2016-01-23 15:51 - 2016-01-23 15:51 - 00001504 _____ C:\Users\Alar A\Desktop\LifeIsStrange.exe - Shortcut.lnk
2016-01-23 15:45 - 2016-01-23 15:45 - 00000000 ____D C:\Users\Alar A\AppData\Roaming\Life Is Strange
2016-01-23 01:28 - 2016-02-01 18:26 - 00000000 ____D C:\Program Files (x86)\SpyBot Anti-Beacon
2016-01-23 01:28 - 2016-01-23 01:28 - 00000000 ____D C:\Users\Alar A\SpyBot anti-beacon
2016-01-22 18:00 - 2016-01-22 18:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2016-01-22 18:00 - 2016-01-22 18:00 - 00000000 ____D C:\ProgramData\ESET
2016-01-22 18:00 - 2016-01-22 18:00 - 00000000 ____D C:\Program Files\ESET
2016-01-21 21:02 - 2016-01-22 01:10 - 00000000 ____D C:\Users\Alar A\AppData\Roaming\discord
2016-01-21 21:02 - 2016-01-21 21:02 - 00000000 ____D C:\Users\Alar A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-01-21 21:02 - 2016-01-21 21:02 - 00000000 ____D C:\Users\Alar A\AppData\Local\SquirrelTemp
2016-01-21 21:02 - 2016-01-21 21:02 - 00000000 ____D C:\Users\Alar A\AppData\Local\Discord
2016-01-20 21:38 - 2016-01-20 21:38 - 00000000 ____D C:\Users\Alar A\Desktop\GUI
2016-01-20 21:38 - 2016-01-20 21:38 - 00000000 ____D C:\Users\Alar A\AppData\Roaming\W10LogonChanger
2016-01-18 18:06 - 2016-01-18 18:17 - 00000438 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2016-01-16 17:21 - 2016-01-10 20:45 - 04869124 _____ C:\Users\Alar A\Desktop\visualv.oiv
2016-01-14 19:48 - 2016-01-14 19:48 - 00000000 ____D C:\Users\Alar A\AppData\Local\PopcornTimeDesktop
2016-01-14 19:48 - 2016-01-14 19:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2016-01-14 19:47 - 2016-01-14 19:48 - 00000000 ____D C:\Program Files (x86)\Popcorn Time
2016-01-14 15:00 - 2016-01-14 04:09 - 10341888 _____ C:\Users\Alar A\Desktop\Fv2-XsonicX-4.2.exe
2016-01-13 17:49 - 2016-01-05 04:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-13 17:49 - 2016-01-05 04:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-13 17:49 - 2016-01-05 04:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-13 17:49 - 2016-01-05 04:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-13 17:49 - 2016-01-05 04:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-13 17:49 - 2016-01-05 04:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-13 17:49 - 2016-01-05 04:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-13 17:49 - 2016-01-05 04:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-13 17:49 - 2016-01-05 04:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-13 17:49 - 2016-01-05 04:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-13 17:49 - 2016-01-05 04:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-13 17:49 - 2016-01-05 04:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-01-13 17:49 - 2016-01-05 04:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-13 17:49 - 2016-01-05 04:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-13 17:49 - 2016-01-05 04:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-13 17:49 - 2016-01-05 04:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-13 17:49 - 2016-01-05 04:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-13 17:49 - 2016-01-05 04:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-01-13 17:49 - 2016-01-05 04:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-13 17:49 - 2016-01-05 04:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-13 17:49 - 2016-01-05 04:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-13 17:49 - 2016-01-05 04:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-13 17:49 - 2016-01-05 04:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-13 17:49 - 2016-01-05 04:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-13 17:49 - 2016-01-05 04:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-13 17:49 - 2016-01-05 04:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-13 17:49 - 2016-01-05 04:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-13 17:49 - 2016-01-05 03:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-01-13 17:49 - 2016-01-05 03:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-01-13 17:49 - 2016-01-05 03:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-13 17:49 - 2016-01-05 03:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-13 17:49 - 2016-01-05 03:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-01-13 17:49 - 2016-01-05 03:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-13 17:49 - 2016-01-05 03:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-13 17:49 - 2016-01-05 03:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-01-13 17:49 - 2016-01-05 03:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-13 17:49 - 2016-01-05 03:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-13 17:49 - 2016-01-05 03:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-01-13 17:49 - 2016-01-05 03:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-13 17:49 - 2016-01-05 03:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-13 17:49 - 2016-01-05 03:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-13 17:49 - 2016-01-05 03:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-13 17:49 - 2016-01-05 03:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-13 17:49 - 2016-01-05 03:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-01-13 17:49 - 2016-01-05 03:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-13 17:49 - 2016-01-05 03:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-01-13 17:49 - 2016-01-05 03:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-01-13 17:49 - 2016-01-05 03:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-13 17:49 - 2016-01-05 03:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-13 17:49 - 2016-01-05 03:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-13 17:49 - 2016-01-05 03:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-13 17:48 - 2016-01-05 04:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-13 17:48 - 2016-01-05 03:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-01-13 17:48 - 2016-01-05 03:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-13 17:48 - 2016-01-05 03:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-01-13 17:48 - 2016-01-05 03:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-13 17:48 - 2016-01-05 03:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-13 17:48 - 2016-01-05 03:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-01-13 17:48 - 2016-01-05 03:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-13 17:48 - 2016-01-05 03:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-13 17:48 - 2016-01-05 03:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-13 17:48 - 2016-01-05 03:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-01-13 17:48 - 2016-01-05 03:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-13 17:48 - 2016-01-05 03:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-13 17:48 - 2016-01-05 03:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-01-13 17:48 - 2016-01-05 03:43 - 00953856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-01-13 17:48 - 2016-01-05 03:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-13 17:48 - 2016-01-05 03:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-13 17:48 - 2016-01-05 03:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-13 17:48 - 2016-01-05 03:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-01-13 17:48 - 2016-01-05 03:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-01-13 17:48 - 2016-01-05 03:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-13 17:48 - 2016-01-05 03:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-13 17:48 - 2016-01-05 03:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-07 22:21 - 2015-12-21 23:26 - 00000000 ____N C:\Users\Alar A\Desktop\data.f2fs.tar
2016-01-07 22:20 - 2015-12-21 23:29 - 586407936 ____N C:\Users\Alar A\Desktop\data.f2fs.tar.a
2016-01-07 21:58 - 2015-12-28 11:31 - 08058880 _____ C:\Users\Alar A\Desktop\twrp-2.8.6.1-i9300.tar
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-01 21:30 - 2015-08-27 18:04 - 00000000 ____D C:\Users\Alar A\AppData\Roaming\NetSpeedMonitor
2016-02-01 21:29 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-02-01 21:29 - 2015-08-27 16:24 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-01 21:23 - 2015-12-27 02:08 - 00000980 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3767336195-4232530657-1193366898-1001UA.job
2016-02-01 21:23 - 2015-12-27 02:08 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3767336195-4232530657-1193366898-1001Core.job
2016-02-01 21:23 - 2015-12-12 02:42 - 00000542 _____ C:\WINDOWS\Tasks\Microsoft Toolkit Update.job
2016-02-01 21:23 - 2015-12-11 23:43 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-01 21:23 - 2015-12-11 23:38 - 00000000 ____D C:\ProgramData\NVIDIA
2016-02-01 21:23 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-01 21:23 - 2015-08-27 20:33 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-01 21:23 - 2015-08-27 16:25 - 00000984 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-01 21:22 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-02-01 21:22 - 2015-09-03 02:00 - 00000000 ____D C:\Users\Alar A\AppData\Local\CrashDumps
2016-02-01 21:18 - 2015-12-27 02:08 - 00004100 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3767336195-4232530657-1193366898-1001UA
2016-02-01 21:18 - 2015-12-27 02:08 - 00003724 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3767336195-4232530657-1193366898-1001Core
2016-02-01 20:49 - 2015-08-27 16:25 - 00000988 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-01 20:42 - 2015-08-27 17:52 - 00000000 ____D C:\Users\Alar A\AppData\Roaming\uTorrent
2016-02-01 20:40 - 2015-10-30 09:24 - 00000000 __RHD C:\Users\Public\Libraries
2016-02-01 20:34 - 2015-08-27 21:12 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-01 20:19 - 2015-12-12 02:42 - 00003224 _____ C:\WINDOWS\System32\Tasks\Microsoft Toolkit Update
2016-02-01 19:59 - 2015-08-27 17:54 - 00000000 ____D C:\Users\Alar A\Downloads\!uTorrent
2016-02-01 19:20 - 2015-08-27 16:52 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-01 19:10 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-01 19:08 - 2015-08-27 16:21 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-01 18:17 - 2015-09-12 23:34 - 00000000 ____D C:\Users\Alar A\Desktop\Sodi
2016-02-01 02:00 - 2015-08-27 21:11 - 00000000 ____D C:\Users\Alar A\AppData\Local\Adobe
2016-01-31 17:16 - 2015-08-27 16:21 - 00000000 ____D C:\Users\Alar A\AppData\Local\VirtualStore
2016-01-31 04:14 - 2015-12-11 23:39 - 00000000 ____D C:\Users\Alar A
2016-01-30 04:40 - 2015-08-28 12:01 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2016-01-30 00:26 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-01-29 14:50 - 2015-08-27 16:26 - 00002232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-29 14:50 - 2015-08-27 16:26 - 00002220 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-29 14:36 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-29 02:21 - 2015-10-30 09:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-01-29 02:21 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-01-29 02:21 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-01-29 02:21 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-01-29 02:21 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-01-29 02:21 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-29 02:21 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-01-26 22:12 - 2015-08-30 02:15 - 00000000 ____D C:\ProgramData\Apple
2016-01-26 16:20 - 2015-10-01 20:29 - 00000000 ____D C:\Program Files\7-Zip
2016-01-26 02:49 - 2015-09-12 00:10 - 00000000 ___RD C:\Users\Alar A\3D Objects
2016-01-25 17:33 - 2015-08-30 14:49 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-25 16:33 - 2015-10-02 01:31 - 00000000 ____D C:\Users\Alar A\Documents\GTA San Andreas User Files
2016-01-25 02:54 - 2015-12-11 23:38 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-01-25 02:39 - 2015-11-11 10:11 - 00001478 _____ C:\Users\Alar A\Desktop\Fallout4.exe - Shortcut.lnk
2016-01-25 02:39 - 2015-09-22 22:42 - 00001363 _____ C:\Users\Alar A\Desktop\Cities Skylines.lnk
2016-01-25 02:39 - 2015-09-15 23:23 - 00002232 _____ C:\Users\Alar A\Desktop\Need For Speed III Hot Pursuit.lnk
2016-01-25 02:39 - 2015-08-28 16:55 - 00001327 _____ C:\Users\Alar A\Desktop\Launcher - Shortcut.lnk
2016-01-25 02:36 - 2015-08-27 17:17 - 00000000 ____D C:\Users\Alar A\AppData\Local\NVIDIA
2016-01-23 05:34 - 2015-09-29 22:55 - 00000000 ____D C:\Users\Alar A\AppData\Roaming\Mp3tag
2016-01-22 18:31 - 2015-08-30 00:54 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-22 18:00 - 2015-10-30 09:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-01-22 17:59 - 2015-10-30 08:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-01-22 03:01 - 2015-09-12 20:50 - 00001747 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
2016-01-22 03:01 - 2015-09-12 20:50 - 00000000 ____D C:\Program Files\Rainmeter
2016-01-19 18:02 - 2015-08-27 23:25 - 00000000 ____D C:\Users\Alar A\AppData\Roaming\Kodi
2016-01-19 02:26 - 2015-11-09 05:53 - 00000000 ____D C:\Users\Alar A\AppData\Roaming\MediaMonkey
2016-01-18 18:12 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-01-18 18:12 - 2015-08-27 18:48 - 00000000 ____D C:\Users\Alar A\AppData\Local\ElevatedDiagnostics
2016-01-17 23:52 - 2015-10-30 09:17 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2016-01-17 23:52 - 2015-10-30 09:17 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2016-01-17 23:52 - 2015-10-30 09:17 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2016-01-17 23:52 - 2015-10-30 09:17 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2016-01-17 23:52 - 2015-10-30 09:17 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2016-01-17 23:52 - 2015-10-30 09:17 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2016-01-17 23:52 - 2015-10-30 09:17 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2016-01-17 23:52 - 2015-10-30 09:17 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2016-01-17 23:52 - 2015-10-30 09:17 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2016-01-17 23:52 - 2015-10-30 09:17 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2016-01-17 23:52 - 2015-10-30 09:17 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2016-01-17 23:52 - 2015-10-30 09:17 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2016-01-17 23:52 - 2015-10-30 09:17 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2016-01-17 23:52 - 2015-10-30 09:17 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2016-01-17 23:52 - 2015-10-30 09:17 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2016-01-17 23:52 - 2015-10-30 09:17 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2016-01-17 23:52 - 2015-10-30 09:17 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2016-01-17 23:52 - 2015-10-30 09:17 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2016-01-16 14:55 - 2015-08-27 16:52 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-15 16:05 - 2015-08-27 19:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-14 19:46 - 2015-08-27 23:27 - 00000000 ____D C:\Users\Alar A\AppData\Local\Popcorn-Time
2016-01-14 15:00 - 2015-08-27 19:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-12 06:41 - 2015-08-29 18:07 - 01542600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2016-01-12 06:41 - 2015-08-29 18:07 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2016-01-12 06:40 - 2015-12-12 02:51 - 00112032 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2016-01-12 06:40 - 2015-08-29 18:07 - 01860120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2016-01-12 06:40 - 2015-08-29 18:07 - 01756608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2016-01-07 23:28 - 2015-11-24 00:18 - 00000000 ____D C:\Users\Alar A\Desktop\MIUI_jainternalbkup
2016-01-06 01:13 - 2015-09-12 23:29 - 00000000 ____D C:\Users\Alar A\Documents\Taustakad
2016-01-03 03:40 - 2015-10-30 09:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-03 03:40 - 2015-10-30 09:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2015-09-04 16:15 - 2015-09-21 13:01 - 0000033 _____ () C:\Users\Alar A\AppData\Roaming\AdobeWLCMCache.dat
2015-09-17 23:15 - 2015-09-18 00:07 - 0000692 _____ () C:\Users\Alar A\AppData\Roaming\burnaware.ini
2015-08-30 01:56 - 2015-08-30 02:11 - 0002872 _____ () C:\Users\Alar A\AppData\Roaming\droid4xinstaller.log
2015-09-22 21:12 - 2015-09-22 21:57 - 0001456 _____ () C:\Users\Alar A\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-10-26 02:29 - 2015-10-26 02:30 - 29361616 _____ (Sony Mobile Communications                                  ) C:\Users\Alar A\AppData\Local\pcc.exe
2016-01-25 02:01 - 2016-01-25 02:01 - 0007605 _____ () C:\Users\Alar A\AppData\Local\Resmon.ResmonCfg
2015-09-02 01:39 - 2016-02-01 18:14 - 0019535 _____ () C:\ProgramData\empty.ico
 
Some files in TEMP:
====================
C:\Users\Alar A\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-24 20:47
 
==================== End of FRST.txt ============================

Edited by Kasutaja, 01 February 2016 - 04:07 PM.


BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 PM

Posted 01 February 2016 - 07:27 PM

Hello Kasutaja and Welcome to the BleepingComputer. :welcome:
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
 

Administrator (S-1-5-21-3767336195-4232530657-1193366898-500 - Administrator - Disabled) => C:\Users\Administrator
Alar A (S-1-5-21-3767336195-4232530657-1193366898-1001 - Administrator - Enabled) => C:\Users\Alar A
DefaultAccount (S-1-5-21-3767336195-4232530657-1193366898-503 - Limited - Disabled)
Guest (S-1-5-21-3767336195-4232530657-1193366898-501 - Limited - Disabled)

Do you know what this is? =====>> C:\Users\test
==========================================================================

Task: {43AFC79D-FA1E-4ED2-B4F6-280A4BF82390} - System32\Tasks\AutoKMS => C:\Windows\AutoKM \AutoKMS.exe
C:\Program Files\TNod User & Password Finder

I'm sorry but this computer is actively running software designed to steal and pirate software from Microsoft. As such we cannot provide further assistance with this issue.
 
This topic will now be closed due to evidence of cracked or pirated software on this system.

Please here Looc
=========================================================
But, even so, I'll try to help you. Please do not use this type softwares
 
Please Uninstall:
C:\Program Files\TNod User & Password Finder

=========================================================

Let me know when you get that done


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 Kasutaja

Kasutaja
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:41 PM

Posted 01 February 2016 - 07:48 PM

Administrator (S-1-5-21-3767336195-4232530657-1193366898-500 - Administrator - Disabled) => C:\Users\Administrator
Alar A (S-1-5-21-3767336195-4232530657-1193366898-1001 - Administrator - Enabled) => C:\Users\Alar A
DefaultAccount (S-1-5-21-3767336195-4232530657-1193366898-503 - Limited - Disabled)
Guest (S-1-5-21-3767336195-4232530657-1193366898-501 - Limited - Disabled)

Do you know what this is? =====>> C:\Users\test
==========================================================================

 

 

Yes I know, I created a new test account to see if that http://localhost.world/localhost.world would still contain those proxy IP's. It did so I logged off from there and deleted the account. That's a leftover folder probably.

 

 

Task: {43AFC79D-FA1E-4ED2-B4F6-280A4BF82390} - System32\Tasks\AutoKMS => C:\Windows\AutoKM \AutoKMS.exe
C:\Program Files\TNod User & Password Finder

I'm sorry but this computer is actively running software designed to steal and pirate software from Microsoft. As such we cannot provide further assistance with this issue.
 
This topic will now be closed due to evidence of cracked or pirated software on this system.

Please here Looc
=========================================================
But, even so, I'll try to help you. Please do not use this type softwares
 
Please Uninstall:
C:\Program Files\TNod User & Password Finder

=========================================================

Let me know when you get that done

 

 

I have actually removed both KMS and Tnod. What I found out was the KMS was running a scheduled task which I removed. It was similar to the one in some other topic where it run an .ini file as a script. I suspect that was the cause of the sudden appearance of the cmd window that killed Chrome and changed the proxy settings and that probably added the weird certificates as well that I removed. 

 

Now I'm worried about the localhost.world still has those google redirect IP's, even though I have clean hosts file.

 

Here are new logs off of the program.

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Alar A (2016-02-02 02:35:42)
Running from C:\Users\Alar A\Desktop
Windows 10 Pro (X64) (2015-12-11 21:45:18)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3767336195-4232530657-1193366898-500 - Administrator - Disabled) => C:\Users\Administrator
Alar A (S-1-5-21-3767336195-4232530657-1193366898-1001 - Administrator - Enabled) => C:\Users\Alar A
DefaultAccount (S-1-5-21-3767336195-4232530657-1193366898-503 - Limited - Disabled)
Guest (S-1-5-21-3767336195-4232530657-1193366898-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET Smart Security 9.0.349.14 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 9.0.349.14 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET-i personaalne tulemüür (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.1.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0.1 - Adobe Systems Incorporated)
Adventure Pinball (HKLM-x32\...\Adventure Pinball) (Version:  - )
AOMEI Partition Assistant Standard Edition 5.8 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.3.1.840 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
BurnAware Free 8.4 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Cities Skylines (HKLM-x32\...\Cities Skylines_R.G. Gamblers_is1) (Version:  - R.G. Gamblers, Fanfar)
CLEO 4.3 (HKLM-x32\...\{A8F37EB0-C741-41D7-8CAB-5B40ECEEF094}_is1) (Version: 4.3 - Seemann, Deji, Alien)
Dell System Detect (HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\73f463568823ebbe) (Version: 6.6.0.1 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.218 - ALPS ELECTRIC CO., LTD.)
Diil Internet (HKLM-x32\...\Diil Internet) (Version: 21.005.11.02.337 - Huawei Technologies Co.,Ltd)
Discord (HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Discord) (Version: 0.0.283 - Hammer & Chisel, Inc.)
EaseUS Data Recovery Wizard 9.5 (HKLM\...\EaseUS Data Recovery Wizard 9.5_is1) (Version:  - EaseUS)
Eassos PartitionGuru 4.7.2 (HKLM\...\{FC4FF5F4-2265-4E18-8BBC-12CBA9794388}_is1) (Version:  - Eassos Co., Ltd.)
Eesti ID-kaardi tarkvara 3.11.1.1599 (64 bit) (HKLM\...\{008C8FFD-83EA-44E2-A996-A1295EB9B38B}) (Version: 3.11.1.1599 - RIA)
ESET Smart Security (HKLM\...\{37BA4229-5114-4439-8A3C-44889DA880D2}) (Version: 9.0.349.14 - ESET, spol. s r.o.)
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version:  - )
FileZilla Client 3.13.1 (HKLM-x32\...\FileZilla Client) (Version: 3.13.1 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.97 - Google Inc.)
Google Photos Backup (HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Google Photos Backup) (Version: 1.1.1.276 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Kodi (HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Kodi) (Version:  - XBMC-Foundation)
Life Is Strange (HKLM-x32\...\Life Is Strange_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 et) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 et)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
MP3 Renamer (HKLM\...\{75C43A91-EC51-4CC8-ADB6-F3CDAC494DB5}) (Version: 1.0.0 - hackovic.com)
Mp3tag v2.73 (HKLM-x32\...\Mp3tag) (Version: v2.73 - Florian Heidenreich)
Need For Speed 3 Patch (HKLM\...\{7de963c9-aef2-4a49-85ae-a58f90ed295d}.sdb) (Version:  - )
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
nGlide 1.04 (HKLM-x32\...\nGlide) (Version: 1.04 - Zeus Software)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.6 - Notepad++ Team)
NVIDIA 3D Vision Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.43 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation)
NVIDIA Graphics Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.43 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenIV (HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\OpenIV) (Version: 2.7.680 - .black/OpenIV Team)
paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.15 - Dell Inc.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.3 r2519 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.8 - Rockstar Games)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.9.1.22 - NVIDIA Corporation) Hidden
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.15.16.201511171525 - Sony Mobile Communications Inc.)
Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
Spotify (HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Spotify) (Version: 1.0.20.94.g8f8543b3 - Spotify AB)
Stardock Start10 (HKLM\...\Start10_is1) (Version: 1.0 - Stardock Software, Inc.)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.52465 - TeamViewer)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Windows Driver Package - RIA (Estonian National ID Card) (UMPass) SmartCard  (05/13/2015 3.11.0.1175) (HKLM\...\C478C8A35A0A297F2FADF155E889D402655E894E) (Version: 05/13/2015 3.11.0.1175 - RIA (Estonian National ID Card))
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.8.0 - Elaborate Bytes)
Xion v1.5 (build 155) (HKLM-x32\...\Xion) (Version: 1.5 (build 155) - r2 Studios)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3767336195-4232530657-1193366898-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Alar A\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3767336195-4232530657-1193366898-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Alar A\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {20553E42-D4B3-401B-A998-E51EF5FD1B61} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {303ED432-BA7E-4816-9DAD-367BE7729E62} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3767336195-4232530657-1193366898-1001UA => C:\Users\Alar A\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-27] (Google Inc.)
Task: {42ADE43E-A244-4B71-8F6D-FCC168CF12FC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {48960E20-F3E7-4B26-BDF3-28404904B2EF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {4E3BFB1B-590C-41CE-BA53-5625E0555FB9} - System32\Tasks\RegIdleBackup => C:\windows\icm32.exe [2016-01-24] ()
Task: {7A1612A6-B3CE-4A75-9C1F-E44E932FA581} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {88875EC4-82C2-4AA6-8622-A4168D921776} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-01] (Microsoft Corporation)
Task: {93B6C2D4-DBC5-4FB3-BFA7-8A3817E1D2B7} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-IHVFTHP-Alar A => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {97A6E6A1-F048-419B-B854-4DB5FB928D97} - System32\Tasks\id updater task => id-updater.exe
Task: {A25D273A-D0B3-4F99-A1C8-1E3CEA9E9D05} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-20] (Adobe Systems Incorporated)
Task: {B57B4225-4824-4C18-BCF3-579CDD3739F6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3767336195-4232530657-1193366898-1001Core => C:\Users\Alar A\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-27] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3767336195-4232530657-1193366898-1001Core.job => C:\Users\Alar A\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3767336195-4232530657-1193366898-1001UA.job => C:\Users\Alar A\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-11 23:38 - 2015-12-16 16:54 - 00126256 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-11-16 15:38 - 2010-11-16 15:38 - 00339456 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2016-01-25 02:36 - 2016-01-12 06:43 - 00291264 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2015-09-14 15:26 - 2015-09-14 15:25 - 00218624 _____ () C:\ProgramData\Diil Internet\OnlineUpdate\ouc.exe
2015-12-12 09:35 - 2015-12-12 09:35 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-12 09:35 - 2015-12-12 09:35 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2010-07-15 06:44 - 2010-07-15 06:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2015-04-15 22:13 - 2015-04-15 22:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-08-24 15:56 - 2015-08-24 15:56 - 00043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2015-12-18 09:07 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-18 09:07 - 2015-12-07 06:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-13 17:49 - 2016-01-05 03:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-13 17:49 - 2016-01-05 03:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-28 17:54 - 2016-01-16 07:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-28 17:54 - 2016-01-16 07:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-08-27 16:49 - 2015-08-27 16:49 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-01-03 17:19 - 2016-01-03 17:19 - 00036544 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2016-01-03 17:19 - 2016-01-03 17:19 - 01409728 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2016-01-03 17:18 - 2016-01-03 17:18 - 00022016 _____ () C:\Program Files\Rainmeter\Plugins\InputText.DLL
2016-01-03 17:17 - 2016-01-03 17:17 - 00108544 _____ () C:\Program Files\Rainmeter\Plugins\PowerPlugin.dll
2015-09-14 15:26 - 2015-09-14 15:25 - 00011362 _____ () C:\ProgramData\Diil Internet\OnlineUpdate\mingwm10.dll
2015-09-14 15:26 - 2015-09-14 15:25 - 00043008 _____ () C:\ProgramData\Diil Internet\OnlineUpdate\libgcc_s_dw2-1.dll
2015-09-14 15:26 - 2015-09-14 15:25 - 02415104 _____ () C:\ProgramData\Diil Internet\OnlineUpdate\QtCore4.dll
2015-09-14 15:26 - 2015-09-14 15:25 - 01148416 _____ () C:\ProgramData\Diil Internet\OnlineUpdate\QtNetwork4.dll
2016-01-21 21:02 - 2015-11-17 12:07 - 02397696 _____ () C:\Users\Alar A\AppData\Local\Discord\app-0.0.283\libdiscord.dll
2016-02-01 21:23 - 2016-02-01 21:23 - 00380416 _____ () C:\Users\Alar A\AppData\Local\Temp\7ED4.tmp
2016-01-21 21:02 - 2015-11-17 12:07 - 00240128 _____ () C:\Users\Alar A\AppData\Local\Discord\app-0.0.283\resources\node_modules\discord_toaster\discord_toaster.node
2016-01-21 21:02 - 2015-11-17 12:07 - 00049664 _____ () C:\Users\Alar A\AppData\Local\Discord\app-0.0.283\resources\node_modules\discord_overlay\discord_overlay.node
2015-10-30 09:17 - 2015-10-30 09:17 - 01021792 _____ () C:\Windows\SYSTEM32\speech\engines\tts\MSTTSEngine.dll
2015-10-30 09:17 - 2015-10-30 09:17 - 00528384 _____ () C:\Windows\SYSTEM32\speech\engines\tts\MSTTSLoc.DLL
2016-01-21 21:02 - 2015-11-17 12:07 - 01581568 _____ () C:\Users\Alar A\AppData\Local\Discord\app-0.0.283\libglesv2.dll
2016-01-21 21:02 - 2015-11-17 12:07 - 00012288 _____ () C:\Users\Alar A\AppData\Local\Discord\app-0.0.283\libegl.dll
2016-01-21 21:02 - 2015-11-17 12:07 - 00371712 _____ () C:\Users\Alar A\AppData\Local\Discord\app-0.0.283\server.x86.dll
2015-08-27 16:42 - 2014-09-28 16:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
2007-07-22 03:15 - 2013-04-07 06:35 - 00758784 _____ () C:\Program Files (x86)\r2 Studios\Xion\XionTags.dll
2007-03-03 17:46 - 2006-03-03 19:52 - 00088576 _____ () C:\Program Files (x86)\r2 Studios\Xion\OptimFROG.dll
2016-01-29 14:50 - 2016-01-27 19:39 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libglesv2.dll
2016-01-29 14:50 - 2016-01-27 19:39 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\libegl.dll
2015-08-24 15:56 - 2015-08-24 15:56 - 00039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 13:04 - 2016-02-01 19:30 - 00000996 ___RA C:\WINDOWS\system32\Drivers\etc\hosts
 
# End of entries inserted by Spybot - Search & Destroy
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Alar A\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Update service => 2
HKLM\...\StartupApproved\Run: => "Classic Start Menu"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\StartupApproved\StartupFolder: => "HandyAndy.lnk"
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\StartupApproved\Run: => "Google Photos Backup"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{2B633F49-E9D3-417B-95C9-10292387CB58}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D63D3FE1-2361-4D1A-BCE9-50CFF1EB179A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8A6A0BC9-3885-449C-A877-0F101B62BDCC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B5635B85-1F7D-4F40-910E-19A3048D4729}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{48B01769-6FA1-44E3-8072-774D71854AC7}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{C5D7AE52-7222-43F2-962B-64BD6D7E1991}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{A2A50B2C-E900-4C52-A512-459A8547D453}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EAFBC9D3-B170-4DCC-8831-DF70E2D9CC01}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{00909C82-A9A6-4AB4-BC16-8B884733E279}] => (Allow) C:\Users\Alar A\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{303749FD-A3DD-4AAE-A232-E9EBE3E1A328}] => (Allow) C:\Users\Alar A\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{25A2CFC4-2DE2-43D1-8470-2247B577747A}] => (Allow) C:\Users\Administrator\AppData\Roaming\Andy_45_Online\Setup.exe
FirewallRules: [{CCD70261-03DE-430A-97AB-A196E9C8B803}] => (Allow) C:\Users\Administrator\AppData\Roaming\Andy_45_Online\Setup.exe
FirewallRules: [{D83FAA7A-96F2-4ACA-AA3C-8FE7E3B03F67}] => (Allow) C:\Users\Alar A\AppData\Roaming\Andy_45_Online\Setup.exe
FirewallRules: [{2025CBE3-E41C-447C-8A1D-4EE072E9DEFB}] => (Allow) C:\Users\Alar A\AppData\Roaming\Andy_45_Online\Setup.exe
FirewallRules: [{9DF09BA1-A5F8-458F-BAA1-44529C89C3B2}] => (Allow) C:\Users\Alar A\AppData\Roaming\Andy_45_Online\Setup.exe
FirewallRules: [{54413E35-CA34-459C-8926-C2796B7498C8}] => (Allow) C:\Users\Alar A\AppData\Roaming\Andy_45_Online\Setup.exe
FirewallRules: [{A374D5A9-B331-4E02-A056-90FDB20F59F4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{82B88B9B-044D-464B-87FE-5AA185D95C5E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E524FC54-FC5A-4AB1-ACFE-D0AC6BA67A65}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{6B1F14D4-0678-4F84-AAA0-809AF442A486}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{9E5E9DDD-A5D5-49CC-8B08-A69F4083647E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{5A693DB5-498C-4E71-BF27-5BED4147697B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{EBC34303-407E-4C4B-B5CE-89D97F04123F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{AF640E5B-4BD6-4212-9AB1-6D533AF2AE3E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{770D716D-D181-439B-BAF6-B6BEF529C091}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{24464550-0B64-478C-9AF7-DEFA602797BB}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{67569B04-4F27-4FF9-BB05-3B108DF71291}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
25-01-2016 17:33:46 Installed GTA San Andreas
26-01-2016 22:10:34 Removed iTunes
01-02-2016 19:13:59 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Hosted Network Virtual Adapter
Description: Microsoft Hosted Network Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/01/2016 10:22:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: regedit.exe, version: 10.0.10586.0, time stamp: 0x5632d798
Faulting module name: COMCTL32.dll, version: 6.10.10586.0, time stamp: 0x5632d2ce
Exception code: 0xc00000fd
Fault offset: 0x00000000000037a7
Faulting process id: 0x17f0
Faulting application start time: 0xregedit.exe0
Faulting application path: regedit.exe1
Faulting module path: regedit.exe2
Report Id: regedit.exe3
Faulting package full name: regedit.exe4
Faulting package-relative application ID: regedit.exe5
 
Error: (02/01/2016 09:35:37 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (02/01/2016 09:24:12 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (02/01/2016 09:24:07 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (02/01/2016 09:23:46 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (02/01/2016 09:19:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: regedit.exe, version: 10.0.10586.0, time stamp: 0x5632d798
Faulting module name: COMCTL32.dll, version: 6.10.10586.0, time stamp: 0x5632d2ce
Exception code: 0xc00000fd
Fault offset: 0x00000000000037a7
Faulting process id: 0x1b90
Faulting application start time: 0xregedit.exe0
Faulting application path: regedit.exe1
Faulting module path: regedit.exe2
Report Id: regedit.exe3
Faulting package full name: regedit.exe4
Faulting package-relative application ID: regedit.exe5
 
Error: (02/01/2016 07:14:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (02/01/2016 07:10:54 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: FALENONE)
Description: Windows cannot delete the profile directory C:\Users\test. This error may be caused by files in this directory being used by another program. 
 
 DETAIL - The directory is not empty.
 
Error: (02/01/2016 07:09:16 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=2
 
Error: (02/01/2016 06:11:58 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable
 
 
System errors:
=============
Error: (02/01/2016 10:21:47 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys
 
Error: (02/01/2016 09:23:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diil Internet. RunOuc service failed to start due to the following error: 
%%1053
 
Error: (02/01/2016 09:23:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Diil Internet. RunOuc service to connect.
 
Error: (02/01/2016 09:22:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_4f15e service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (02/01/2016 09:22:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_4f15e service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (02/01/2016 09:22:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_4f15e service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (02/01/2016 09:22:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_4f15e service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (02/01/2016 09:22:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (02/01/2016 08:40:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BlueStacks Updater Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/01/2016 07:14:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2016-01-29 14:07:43.149
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-27 11:57:44.522
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-26 16:21:11.406
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-18 12:05:49.307
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-14 14:32:56.687
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-07 20:16:32.119
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-31 11:05:39.811
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-24 00:23:23.440
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-19 12:11:44.164
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-19 03:46:33.122
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 58%
Total physical RAM: 8086.16 MB
Available physical RAM: 3369.39 MB
Total Virtual: 8298.16 MB
Available Virtual: 3886.31 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:212.47 GB) (Free:31.72 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 1FF3A241)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=212.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.9 GB) - (Type=05)
 

 

==================== End of Addition.txt ============================
 
FRST.txt
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by Alar A (administrator) on FALENONE (02-02-2016 02:35:04)
Running from C:\Users\Alar A\Desktop
Loaded Profiles: Alar A (Available Profiles: Alar A & Administrator)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start10\Start10Srv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start10\Start10_64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\ProgramData\Diil Internet\OnlineUpdate\ouc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Hammer & Chisel, Inc.) C:\Users\Alar A\AppData\Local\Discord\app-0.0.283\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Alar A\AppData\Local\Discord\app-0.0.283\Discord.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Hammer & Chisel, Inc.) C:\Users\Alar A\AppData\Local\Discord\app-0.0.283\Discord.exe
(r2 Studios) C:\Program Files (x86)\r2 Studios\Xion\Xion.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-08-27] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2015-08-27] (Pixart Imaging Inc)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2015-08-27] (Alps Electric Co., Ltd.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [4500640 2011-03-10] (Dell Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-10-05] (Malwarebytes)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\WB: C:\Program Files (x86)\Stardock\WindowBlinds\fast64.dll [X]
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Run: [Spotify Web Helper] => C:\Users\Alar A\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2015-12-23] (Spotify Ltd)
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Run: [Spotify] => C:\Users\Alar A\AppData\Roaming\Spotify\Spotify.exe [8387696 2015-12-23] (Spotify Ltd)
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Run: [Google Update] => C:\Users\Alar A\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-12-27] (Google Inc.)
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Run: [Google Photos Backup] => C:\Users\Alar A\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3791176 2015-12-11] (Google, Inc)
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Run: [Discord] => C:\Users\Alar A\AppData\Local\Discord\app-0.0.283\Discord.exe [51716784 2015-11-17] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Policies\Explorer: [NoPreviewPane] 0
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Policies\Explorer: [HideSCANetwork] 0
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Policies\Explorer: [HideSCAVolume] 0
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\MountPoints2: {9e6a249e-5ba6-11e5-9be2-3859f98fcc62} - "D:\setup.exe" 
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175368 2015-12-16] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [175368 2015-12-16] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [153208 2015-12-16] (NVIDIA Corporation)
Startup: C:\Users\Alar A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2016-01-22]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
GroupPolicyScripts: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{d8b5b458-c7ca-46da-b312-6fb2255e812e}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
BHO: IE Token Signing Plugin -> {2A4E94A4-B275-491A-9E32-CD7A26FC7C3B} -> C:\Program Files\Estonian ID Card\esteid-plugin-ie64.dll [2015-06-02] (RIA)
BHO-x32: IE Token Signing Plugin -> {2A4E94A4-B275-491A-9E32-CD7A26FC7C3B} -> C:\Program Files (x86)\Estonian ID Card\esteid-plugin-ie.dll [2015-06-02] (RIA)
 
FireFox:
========
FF ProfilePath: C:\Users\Alar A\AppData\Roaming\Mozilla\Firefox\Profiles\xvkyscug.default-1454351539834
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] ()
FF Plugin: @RIA/esteid-firefox-plugin -> C:\Program Files\Estonian ID Card\npesteid-firefox-plugin.dll [2015-08-28] (RIA)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @RIA/esteid-firefox-plugin -> C:\Program Files (x86)\Estonian ID Card\npesteid-firefox-plugin.dll [2015-08-28] (RIA)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3767336195-4232530657-1193366898-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Alar A\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-3767336195-4232530657-1193366898-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Alar A\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{aa84ce40-4253-a00a-8cd6-0800200f9a67}] - C:\Program Files (x86)\Estonian ID Card\\{aa84ce40-4253-a00a-8cd6-0800200f9a67}.xpi
FF Extension: Estonian ID Card authentication module - C:\Program Files (x86)\Estonian ID Card\\{aa84ce40-4253-a00a-8cd6-0800200f9a67}.xpi [2015-08-28]
FF HKLM-x32\...\Firefox\Extensions: [{aa84ce40-4253-a00a-8cd6-0800200f9a67}] - C:\Program Files (x86)\Estonian ID Card\\{aa84ce40-4253-a00a-8cd6-0800200f9a67}.xpi
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR Profile: C:\Users\Alar A\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Alar A\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2016-02-01]
CHR Extension: (Google Drive) - C:\Users\Alar A\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (SoundCloud Downloader) - C:\Users\Alar A\AppData\Local\Google\Chrome\User Data\Default\Extensions\baignpanbngjdimbgmannbolcbplmofl [2016-01-23]
CHR Extension: (YouTube) - C:\Users\Alar A\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-07]
CHR Extension: (uBlock Origin) - C:\Users\Alar A\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-01-11]
CHR Extension: (Token signing) - C:\Users\Alar A\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckjefchnfjhjfedoccjbhjpbncimppeg [2016-01-24]
CHR Extension: (Google Search) - C:\Users\Alar A\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Tampermonkey) - C:\Users\Alar A\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-12-12]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\Alar A\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2015-08-27]
CHR Extension: (I don't care about cookies) - C:\Users\Alar A\AppData\Local\Google\Chrome\User Data\Default\Extensions\fihnjjcciajhdojfnbdddfaoknhalnja [2016-01-12]
CHR Extension: (Stylish) - C:\Users\Alar A\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2015-10-17]
CHR Extension: (SmoothScroll) - C:\Users\Alar A\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbokbjkabcmbfdlbddjidfmibcpneigj [2015-11-24]
CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\Alar A\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2016-01-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alar A\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-27]
CHR Extension: (AdF.ly Skipper ★WORKING★) - C:\Users\Alar A\AppData\Local\Google\Chrome\User Data\Default\Extensions\obnfifcganohemahpomajbhocfkdgmjb [2015-08-27]
CHR Extension: (Gmail) - C:\Users\Alar A\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-27]
CHR HKLM-x32\...\Chrome\Extension: [ckjefchnfjhjfedoccjbhjpbncimppeg] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated)
S2 Diil Internet. RunOuc; C:\Program Files (x86)\Diil Internet\UpdateDog\ouc.exe [218624 2015-09-14] () [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2521080 2015-11-19] (ESET)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-08-27] (Realtek Semiconductor)
R2 Start10; C:\Program Files (x86)\Stardock\Start10\Start10Srv.exe [219664 2015-02-03] (Stardock Software, Inc)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6887696 2015-11-30] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 A38CCID; C:\Windows\system32\DRIVERS\a38ccid.sys [82480 2015-08-19] (Advanced Card Systems Ltd.)
S3 ampa; C:\Windows\system32\ampa.sys [17008 2013-12-18] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [17008 2013-12-18] ()
R3 athr; C:\Windows\System32\drivers\athwnx.sys [4207104 2015-10-30] (Qualcomm Atheros Communications, Inc.)
S3 atrfiltr; C:\Windows\system32\DRIVERS\atrfiltr.sys [26496 2015-09-08] (Windows ® Win 7 DDK provider)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [263528 2015-12-08] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [251632 2015-07-14] (ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [14976 2015-11-27] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [186784 2015-11-27] (ESET)
S4 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [142976 2015-11-27] (ESET)
R3 ElcMouLFlt; C:\Windows\System32\drivers\ElcMouLFlt.sys [28648 2015-10-16] (ELECOM)
R3 ElcMouUFlt; C:\Windows\System32\drivers\ElcMouUFlt.sys [27624 2015-10-16] (ELECOM)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [206312 2015-11-27] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [52872 2015-11-27] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [69840 2015-11-27] (ESET)
S3 ewusbnet; C:\Windows\System32\drivers\ewusbnet.sys [256000 2015-09-14] (Huawei Technologies Co., Ltd.)
U0 fjidrgld; C:\Windows\System32\drivers\oxsoo.sys [79064 2016-02-01] (Malwarebytes)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2016-02-01] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-02] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-08-27] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-02-01] ()
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2015-08-27] ()
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-02 02:35 - 2016-02-02 02:35 - 00021010 _____ C:\Users\Alar A\Desktop\FRST.txt
2016-02-02 00:17 - 2016-02-02 00:17 - 00006112 _____ C:\Users\Alar A\Desktop\ZHPCleaner.txt
2016-02-02 00:10 - 2016-02-02 00:23 - 00000000 ____D C:\Users\Alar A\AppData\Roaming\ZHP
2016-02-02 00:10 - 2016-02-02 00:10 - 00000876 _____ C:\Users\Alar A\Desktop\ZHPCleaner.lnk
2016-02-02 00:09 - 2016-02-02 00:10 - 02043392 _____ C:\Users\Alar A\Downloads\ZHPCleaner.exe
2016-02-01 23:31 - 2016-02-01 23:31 - 00079064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\oxsoo.sys
2016-02-01 22:56 - 2016-02-01 22:56 - 04633146 _____ C:\Users\Alar A\Downloads\tdsskiller.zip
2016-02-01 22:38 - 2016-02-01 23:04 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-02-01 22:37 - 2016-02-01 22:37 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Alar A\Downloads\mbar-1.09.3.1001.exe
2016-02-01 22:21 - 2016-02-01 22:49 - 00000000 ____D C:\ProgramData\RogueKiller
2016-02-01 22:21 - 2016-02-01 22:21 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-02-01 22:19 - 2016-02-01 22:20 - 20943432 _____ C:\Users\Alar A\Desktop\RogueKiller.exe
2016-02-01 21:26 - 2016-02-01 21:26 - 00478392 ____N (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\8D772A18.sys
2016-02-01 21:26 - 2016-02-01 21:26 - 00085600 ____N (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\69911687.sys
2016-02-01 21:13 - 2016-02-01 21:13 - 00000293 _____ C:\Users\Alar A\Downloads\Search.txt
2016-02-01 21:03 - 2016-02-01 21:04 - 00034845 _____ C:\Users\Alar A\Downloads\Addition.txt
2016-02-01 21:02 - 2016-02-02 02:35 - 00000000 ____D C:\FRST
2016-02-01 21:02 - 2016-02-01 21:24 - 00064603 _____ C:\Users\Alar A\Downloads\FRST.txt
2016-02-01 21:01 - 2016-02-01 21:02 - 02370560 _____ (Farbar) C:\Users\Alar A\Desktop\FRST64.exe
2016-02-01 20:50 - 2016-02-01 20:50 - 00505896 _____ (F-Secure Corporation) C:\Users\Alar A\Downloads\F-SecureOnlineScanner.exe
2016-02-01 20:50 - 2016-02-01 20:50 - 00000000 ____D C:\Users\Alar A\AppData\Local\F-Secure
2016-02-01 20:50 - 2016-02-01 20:50 - 00000000 ____D C:\Users\Alar A\AppData\Local\FSDART
2016-02-01 20:50 - 2016-02-01 20:50 - 00000000 ____D C:\ProgramData\F-Secure
2016-02-01 20:47 - 2016-02-01 21:21 - 00000000 ____D C:\KVRT_Data
2016-02-01 20:45 - 2016-02-01 20:47 - 91546008 _____ (Kaspersky Lab ZAO) C:\Users\Alar A\Downloads\KVRT.exe
2016-02-01 19:13 - 2016-02-01 19:13 - 01609032 _____ (Malwarebytes) C:\Users\Alar A\Downloads\JRT.exe
2016-02-01 19:08 - 2016-02-01 19:10 - 00000000 ____D C:\Users\test
2016-02-01 19:08 - 2016-02-01 19:08 - 00000000 ____D C:\Users\test\AppData\Local\TileDataLayer
2016-02-01 18:54 - 2016-02-01 18:54 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Alar A\Downloads\rkill.exe
2016-02-01 18:33 - 2016-02-01 18:35 - 52988120 _____ (Microsoft Corporation) C:\Users\Alar A\Downloads\Windows-KB890830-x64-V5.32.exe
2016-02-01 18:25 - 2016-02-01 18:25 - 02779704 _____ (PortableApps.com) C:\Users\Alar A\Downloads\SpybotAntiBeaconPortable-safer-networking.org_1.5_Dev_Test_3.paf (1).exe
2016-02-01 18:25 - 2016-02-01 18:25 - 02691400 _____ (Safer-Networking Ltd. ) C:\Users\Alar A\Downloads\SpybotAntiBeacon-1.5-setup.exe
2016-02-01 18:23 - 2016-02-01 18:23 - 02779704 _____ (PortableApps.com) C:\Users\Alar A\Downloads\SpybotAntiBeaconPortable-safer-networking.org_1.5_Dev_Test_3.paf.exe
2016-02-01 18:08 - 2016-02-01 18:10 - 00000000 ____D C:\AdwCleaner
2016-02-01 18:08 - 2016-02-01 18:08 - 01508352 _____ C:\Users\Alar A\Downloads\adwcleaner_5.032.exe
2016-02-01 17:52 - 2016-02-01 17:53 - 18797207 _____ C:\Users\Alar A\Downloads\2359-rusich-4-train.zip
2016-02-01 17:30 - 2016-02-01 17:31 - 04655183 _____ C:\Users\Alar A\Downloads\60589-oncf-ansaldo-breda-z2m-head-coach.zip
2016-02-01 17:30 - 2016-02-01 17:31 - 02894656 _____ C:\Users\Alar A\Downloads\60590-oncf-ansaldo-breda-z2m-middle-car.zip
2016-02-01 16:47 - 2016-02-01 16:48 - 04474496 _____ C:\Users\Alar A\Downloads\47192-lrt-1.zip
2016-02-01 16:47 - 2016-02-01 16:47 - 03955970 _____ C:\Users\Alar A\Downloads\47193-mrt-2.zip
2016-02-01 16:34 - 2016-02-01 16:34 - 02102316 _____ C:\Users\Alar A\Downloads\Girlinleatherjacket.rar
2016-02-01 16:06 - 2016-02-01 16:06 - 00075511 _____ C:\Users\Alar A\Downloads\RainMod 1.2.zip
2016-02-01 16:00 - 2016-02-01 16:00 - 00084773 _____ C:\Users\Alar A\Downloads\SkyGfx_SA_2.8b.zip
2016-02-01 15:30 - 2016-02-01 15:30 - 03253171 _____ C:\Users\Alar A\Downloads\Alysson Claret.rar
2016-02-01 15:29 - 2016-02-01 15:29 - 26444064 _____ C:\Users\Alar A\Downloads\Moira_hood.rar
2016-01-30 04:19 - 2016-01-30 04:27 - 00000000 ____D C:\Users\Alar A\Desktop\Originaalskinnid
2016-01-30 04:18 - 2016-01-30 04:14 - 01243136 _____ C:\Users\Alar A\Desktop\bmost.dff
2016-01-30 04:18 - 2016-01-30 04:14 - 01181696 _____ C:\Users\Alar A\Desktop\bmost.txd
2016-01-29 00:26 - 2016-01-29 00:41 - 00000000 ____D C:\Program Files\AdventurePinball
2016-01-29 00:26 - 2016-01-29 00:26 - 00000992 _____ C:\Users\Alar A\Desktop\Adventure Pinball.lnk
2016-01-29 00:26 - 2016-01-29 00:26 - 00000665 _____ C:\WINDOWS\eReg.dat
2016-01-29 00:26 - 2016-01-29 00:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adventure Pinball
2016-01-29 00:22 - 2016-01-29 00:22 - 00000000 ____D C:\Users\Alar A\Desktop\Adventure Pinball (2001)
2016-01-28 17:54 - 2016-01-16 08:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-28 17:54 - 2016-01-16 08:21 - 22572624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-01-28 17:54 - 2016-01-16 08:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-28 17:54 - 2016-01-16 08:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-01-28 17:54 - 2016-01-16 08:20 - 06600904 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-01-28 17:54 - 2016-01-16 08:17 - 21125400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-01-28 17:54 - 2016-01-16 08:16 - 05238360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-01-28 17:54 - 2016-01-16 07:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-28 17:54 - 2016-01-16 07:44 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-28 17:54 - 2016-01-16 07:40 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-01-28 17:54 - 2016-01-16 07:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-28 17:54 - 2016-01-16 07:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-28 17:54 - 2016-01-16 07:32 - 24602624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-01-28 17:54 - 2016-01-16 07:30 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-01-28 17:54 - 2016-01-16 07:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-28 17:54 - 2016-01-16 07:28 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-01-28 17:54 - 2016-01-16 07:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-28 17:54 - 2016-01-16 07:26 - 19338752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-01-28 17:54 - 2016-01-16 07:24 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-28 17:54 - 2016-01-16 07:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-01-28 17:54 - 2016-01-16 07:19 - 12126208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-01-28 17:54 - 2016-01-16 07:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-28 17:54 - 2016-01-16 07:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-01-28 17:54 - 2016-01-16 07:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-01-28 17:54 - 2016-01-16 07:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-28 17:53 - 2016-01-16 08:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-28 17:53 - 2016-01-16 08:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-28 17:53 - 2016-01-16 08:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-28 17:53 - 2016-01-16 08:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-28 17:53 - 2016-01-16 08:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-28 17:53 - 2016-01-16 08:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-28 17:53 - 2016-01-16 08:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-28 17:53 - 2016-01-16 08:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-28 17:53 - 2016-01-16 08:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-28 17:53 - 2016-01-16 08:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-28 17:53 - 2016-01-16 08:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-28 17:53 - 2016-01-16 08:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-01-28 17:53 - 2016-01-16 08:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-01-28 17:53 - 2016-01-16 08:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-28 17:53 - 2016-01-16 08:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-01-28 17:53 - 2016-01-16 08:13 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-01-28 17:53 - 2016-01-16 08:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-01-28 17:53 - 2016-01-16 08:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-28 17:53 - 2016-01-16 08:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-28 17:53 - 2016-01-16 08:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-01-28 17:53 - 2016-01-16 08:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-28 17:53 - 2016-01-16 07:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-28 17:53 - 2016-01-16 07:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-28 17:53 - 2016-01-16 07:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-28 17:53 - 2016-01-16 07:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-28 17:53 - 2016-01-16 07:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-28 17:53 - 2016-01-16 07:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-28 17:53 - 2016-01-16 07:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-28 17:53 - 2016-01-16 07:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-28 17:53 - 2016-01-16 07:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-28 17:53 - 2016-01-16 07:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-28 17:53 - 2016-01-16 07:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-28 17:53 - 2016-01-16 07:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-28 17:53 - 2016-01-16 07:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-28 17:53 - 2016-01-16 07:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-28 17:53 - 2016-01-16 07:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-28 17:53 - 2016-01-16 07:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-28 17:53 - 2016-01-16 07:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-28 17:53 - 2016-01-16 07:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-28 17:53 - 2016-01-16 07:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-28 17:53 - 2016-01-16 07:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-28 17:53 - 2016-01-16 07:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-28 17:53 - 2016-01-16 07:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-28 17:53 - 2016-01-16 07:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-28 17:53 - 2016-01-16 07:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-01-28 17:53 - 2016-01-16 07:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-28 17:53 - 2016-01-16 07:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-01-28 17:53 - 2016-01-16 07:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-28 17:53 - 2016-01-16 07:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-28 17:53 - 2016-01-16 07:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-28 17:53 - 2016-01-16 07:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-28 17:53 - 2016-01-16 07:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-01-28 17:53 - 2016-01-16 07:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-28 17:53 - 2016-01-16 07:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-28 17:53 - 2016-01-16 07:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-01-28 17:53 - 2016-01-16 07:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-28 17:53 - 2016-01-16 07:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-01-28 17:53 - 2016-01-16 07:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-28 17:53 - 2016-01-16 07:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-28 17:53 - 2016-01-16 07:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-28 17:53 - 2016-01-16 07:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-28 17:53 - 2016-01-16 07:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-01-28 17:53 - 2016-01-16 07:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-28 17:53 - 2016-01-16 07:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-28 17:53 - 2016-01-16 07:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-01-28 17:53 - 2016-01-16 07:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-01-28 17:53 - 2016-01-16 07:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-28 17:53 - 2016-01-16 07:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-01-28 17:53 - 2016-01-16 07:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-28 17:53 - 2016-01-16 07:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-28 17:53 - 2016-01-16 07:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-01-28 17:53 - 2016-01-16 07:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-01-28 17:53 - 2016-01-16 07:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-01-28 17:53 - 2016-01-16 07:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-28 17:53 - 2016-01-16 07:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-28 17:53 - 2016-01-16 07:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-28 17:53 - 2016-01-16 07:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-01-28 17:53 - 2016-01-16 07:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-28 17:53 - 2016-01-16 07:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-01-28 17:53 - 2016-01-16 07:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-28 17:53 - 2016-01-16 07:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-01-28 17:53 - 2016-01-16 07:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-01-28 17:53 - 2016-01-16 07:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-01-28 17:53 - 2016-01-16 07:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-01-28 17:53 - 2016-01-16 07:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-28 17:53 - 2016-01-16 07:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-28 17:53 - 2016-01-16 07:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-28 17:53 - 2016-01-16 07:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-01-28 17:53 - 2016-01-16 07:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-01-28 17:53 - 2016-01-16 07:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-28 17:53 - 2016-01-16 07:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-01-28 17:53 - 2016-01-16 07:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-01-28 17:53 - 2016-01-16 07:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-01-28 17:53 - 2016-01-16 07:18 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-01-28 17:53 - 2016-01-16 07:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-28 17:53 - 2016-01-16 07:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-28 17:53 - 2016-01-16 07:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-01-28 17:53 - 2016-01-16 07:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-01-28 17:53 - 2016-01-16 07:09 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-01-26 01:55 - 2016-01-26 17:44 - 00001254 _____ C:\Users\Alar A\Desktop\gta_sa.exe - Shortcut.lnk
2016-01-26 01:11 - 2016-02-01 17:53 - 00000000 ____D C:\Users\Alar A\Desktop\gta
2016-01-25 17:53 - 2016-01-25 17:53 - 00007229 _____ C:\WINDOWS\unins000.dat
2016-01-25 17:53 - 2016-01-25 17:52 - 01194185 _____ C:\WINDOWS\unins000.exe
2016-01-25 17:33 - 2016-01-25 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2016-01-25 02:54 - 2016-01-25 02:54 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2016-01-25 02:54 - 2016-01-25 02:54 - 00000000 ____D C:\WINDOWS\system32\NV
2016-01-25 02:54 - 2015-12-16 16:19 - 00103216 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-01-25 02:53 - 2015-12-18 10:49 - 00040080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2016-01-25 02:53 - 2015-12-16 18:59 - 42976888 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-01-25 02:53 - 2015-12-16 18:59 - 37608568 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-01-25 02:53 - 2015-12-16 18:59 - 31098488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-01-25 02:53 - 2015-12-16 18:59 - 24923768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-01-25 02:53 - 2015-12-16 18:59 - 21131424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-01-25 02:53 - 2015-12-16 18:59 - 20672376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-01-25 02:53 - 2015-12-16 18:59 - 19727624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2016-01-25 02:53 - 2015-12-16 18:59 - 17568432 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-01-25 02:53 - 2015-12-16 18:59 - 17164160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-01-25 02:53 - 2015-12-16 18:59 - 17123736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2016-01-25 02:53 - 2015-12-16 18:59 - 17104016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2016-01-25 02:53 - 2015-12-16 18:59 - 02560816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-01-25 02:53 - 2015-12-16 18:59 - 02214192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-01-25 02:53 - 2015-12-16 18:59 - 01915512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436143.dll
2016-01-25 02:53 - 2015-12-16 18:59 - 01564976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436143.dll
2016-01-25 02:53 - 2015-12-16 18:59 - 00938104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-01-25 02:53 - 2015-12-16 18:59 - 00872056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-01-25 02:53 - 2015-12-16 18:59 - 00735024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-01-25 02:53 - 2015-12-16 18:59 - 00681592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-01-25 02:53 - 2015-12-16 18:59 - 00151184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2016-01-25 02:53 - 2015-12-16 18:59 - 00128696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2016-01-25 02:35 - 2015-12-18 08:10 - 00099472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-01-25 02:35 - 2015-12-18 08:10 - 00090768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-01-25 02:01 - 2016-01-25 02:01 - 00007605 _____ C:\Users\Alar A\AppData\Local\Resmon.ResmonCfg
2016-01-24 22:05 - 2016-01-24 22:05 - 00003378 _____ C:\WINDOWS\System32\Tasks\id updater task
2016-01-24 22:05 - 2016-01-24 22:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ID-kaart
2016-01-24 22:05 - 2016-01-24 22:05 - 00000000 ____D C:\Program Files\Estonian ID Card
2016-01-24 22:05 - 2016-01-24 22:05 - 00000000 ____D C:\Program Files\DIFX
2016-01-24 22:05 - 2016-01-24 22:05 - 00000000 ____D C:\Program Files (x86)\Estonian ID Card
2016-01-24 22:03 - 2016-01-24 22:03 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WUDFUsbccidDriver_01_11_00.Wdf
2016-01-24 02:39 - 2016-02-01 19:52 - 00002432 _____ C:\WINDOWS\System32\Tasks\RegIdleBackup
2016-01-24 02:39 - 2016-01-24 02:39 - 00197632 _____ C:\WINDOWS\icm32.exe
2016-01-23 15:51 - 2016-01-23 15:51 - 00001504 _____ C:\Users\Alar A\Desktop\LifeIsStrange.exe - Shortcut.lnk
2016-01-23 15:45 - 2016-01-23 15:45 - 00000000 ____D C:\Users\Alar A\AppData\Roaming\Life Is Strange
2016-01-23 01:28 - 2016-02-01 18:26 - 00000000 ____D C:\Program Files (x86)\SpyBot Anti-Beacon
2016-01-23 01:28 - 2016-01-23 01:28 - 00000000 ____D C:\Users\Alar A\SpyBot anti-beacon
2016-01-22 18:00 - 2016-01-22 18:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2016-01-22 18:00 - 2016-01-22 18:00 - 00000000 ____D C:\ProgramData\ESET
2016-01-22 18:00 - 2016-01-22 18:00 - 00000000 ____D C:\Program Files\ESET
2016-01-21 21:02 - 2016-01-22 01:10 - 00000000 ____D C:\Users\Alar A\AppData\Roaming\discord
2016-01-21 21:02 - 2016-01-21 21:02 - 00000000 ____D C:\Users\Alar A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-01-21 21:02 - 2016-01-21 21:02 - 00000000 ____D C:\Users\Alar A\AppData\Local\SquirrelTemp
2016-01-21 21:02 - 2016-01-21 21:02 - 00000000 ____D C:\Users\Alar A\AppData\Local\Discord
2016-01-20 21:38 - 2016-01-20 21:38 - 00000000 ____D C:\Users\Alar A\Desktop\GUI
2016-01-20 21:38 - 2016-01-20 21:38 - 00000000 ____D C:\Users\Alar A\AppData\Roaming\W10LogonChanger
2016-01-18 18:06 - 2016-01-18 18:17 - 00000438 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2016-01-16 17:21 - 2016-01-10 20:45 - 04869124 _____ C:\Users\Alar A\Desktop\visualv.oiv
2016-01-14 15:00 - 2016-01-14 04:09 - 10341888 _____ C:\Users\Alar A\Desktop\Fv2-XsonicX-4.2.exe
2016-01-13 17:49 - 2016-01-05 04:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-13 17:49 - 2016-01-05 04:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-13 17:49 - 2016-01-05 04:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-13 17:49 - 2016-01-05 04:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-13 17:49 - 2016-01-05 04:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-13 17:49 - 2016-01-05 04:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-13 17:49 - 2016-01-05 04:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-13 17:49 - 2016-01-05 04:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-13 17:49 - 2016-01-05 04:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-13 17:49 - 2016-01-05 04:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-13 17:49 - 2016-01-05 04:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-13 17:49 - 2016-01-05 04:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-01-13 17:49 - 2016-01-05 04:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-13 17:49 - 2016-01-05 04:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-13 17:49 - 2016-01-05 04:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-13 17:49 - 2016-01-05 04:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-13 17:49 - 2016-01-05 04:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-13 17:49 - 2016-01-05 04:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-01-13 17:49 - 2016-01-05 04:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-13 17:49 - 2016-01-05 04:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-13 17:49 - 2016-01-05 04:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-13 17:49 - 2016-01-05 04:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-13 17:49 - 2016-01-05 04:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-13 17:49 - 2016-01-05 04:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-13 17:49 - 2016-01-05 04:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-13 17:49 - 2016-01-05 04:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-13 17:49 - 2016-01-05 04:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-13 17:49 - 2016-01-05 03:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-01-13 17:49 - 2016-01-05 03:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-01-13 17:49 - 2016-01-05 03:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-13 17:49 - 2016-01-05 03:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-13 17:49 - 2016-01-05 03:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-01-13 17:49 - 2016-01-05 03:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-13 17:49 - 2016-01-05 03:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-13 17:49 - 2016-01-05 03:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-01-13 17:49 - 2016-01-05 03:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-13 17:49 - 2016-01-05 03:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-13 17:49 - 2016-01-05 03:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-01-13 17:49 - 2016-01-05 03:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-13 17:49 - 2016-01-05 03:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-13 17:49 - 2016-01-05 03:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-13 17:49 - 2016-01-05 03:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-13 17:49 - 2016-01-05 03:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-13 17:49 - 2016-01-05 03:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-01-13 17:49 - 2016-01-05 03:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-13 17:49 - 2016-01-05 03:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-01-13 17:49 - 2016-01-05 03:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-01-13 17:49 - 2016-01-05 03:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-13 17:49 - 2016-01-05 03:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-13 17:49 - 2016-01-05 03:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-13 17:49 - 2016-01-05 03:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-13 17:48 - 2016-01-05 04:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-13 17:48 - 2016-01-05 03:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-01-13 17:48 - 2016-01-05 03:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-13 17:48 - 2016-01-05 03:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-01-13 17:48 - 2016-01-05 03:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-13 17:48 - 2016-01-05 03:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-13 17:48 - 2016-01-05 03:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-01-13 17:48 - 2016-01-05 03:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-13 17:48 - 2016-01-05 03:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-13 17:48 - 2016-01-05 03:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-13 17:48 - 2016-01-05 03:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-01-13 17:48 - 2016-01-05 03:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-13 17:48 - 2016-01-05 03:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-13 17:48 - 2016-01-05 03:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-01-13 17:48 - 2016-01-05 03:43 - 00953856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-01-13 17:48 - 2016-01-05 03:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-13 17:48 - 2016-01-05 03:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-13 17:48 - 2016-01-05 03:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-13 17:48 - 2016-01-05 03:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-01-13 17:48 - 2016-01-05 03:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-01-13 17:48 - 2016-01-05 03:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-13 17:48 - 2016-01-05 03:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-13 17:48 - 2016-01-05 03:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-07 22:21 - 2015-12-21 23:26 - 00000000 ____N C:\Users\Alar A\Desktop\data.f2fs.tar
2016-01-07 22:20 - 2015-12-21 23:29 - 586407936 ____N C:\Users\Alar A\Desktop\data.f2fs.tar.a
2016-01-07 21:58 - 2015-12-28 11:31 - 08058880 _____ C:\Users\Alar A\Desktop\twrp-2.8.6.1-i9300.tar
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-02 02:35 - 2015-08-27 18:04 - 00000000 ____D C:\Users\Alar A\AppData\Roaming\NetSpeedMonitor
2016-02-02 02:34 - 2015-08-27 21:12 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-02 02:27 - 2015-08-27 20:33 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-02 02:23 - 2015-12-27 02:08 - 00000980 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3767336195-4232530657-1193366898-1001UA.job
2016-02-02 02:00 - 2015-08-27 21:11 - 00000000 ____D C:\Users\Alar A\AppData\Local\Adobe
2016-02-02 01:49 - 2015-08-27 16:25 - 00000988 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-01 23:31 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-02-01 22:38 - 2015-08-27 20:33 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-02-01 22:22 - 2015-09-03 02:00 - 00000000 ____D C:\Users\Alar A\AppData\Local\CrashDumps
2016-02-01 21:29 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-02-01 21:29 - 2015-08-27 16:24 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-01 21:23 - 2015-12-27 02:08 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3767336195-4232530657-1193366898-1001Core.job
2016-02-01 21:23 - 2015-12-11 23:43 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-01 21:23 - 2015-12-11 23:38 - 00000000 ____D C:\ProgramData\NVIDIA
2016-02-01 21:23 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-01 21:23 - 2015-08-27 16:25 - 00000984 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-01 21:22 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-02-01 21:18 - 2015-12-27 02:08 - 00004100 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3767336195-4232530657-1193366898-1001UA
2016-02-01 21:18 - 2015-12-27 02:08 - 00003724 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3767336195-4232530657-1193366898-1001Core
2016-02-01 20:42 - 2015-08-27 17:52 - 00000000 ____D C:\Users\Alar A\AppData\Roaming\uTorrent
2016-02-01 20:40 - 2015-10-30 09:24 - 00000000 __RHD C:\Users\Public\Libraries
2016-02-01 19:59 - 2015-08-27 17:54 - 00000000 ____D C:\Users\Alar A\Downloads\!uTorrent
2016-02-01 19:20 - 2015-08-27 16:52 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-01 19:10 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-01 19:08 - 2015-08-27 16:21 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-01 18:17 - 2015-09-12 23:34 - 00000000 ____D C:\Users\Alar A\Desktop\Sodi
2016-01-31 17:16 - 2015-08-27 16:21 - 00000000 ____D C:\Users\Alar A\AppData\Local\VirtualStore
2016-01-31 04:14 - 2015-12-11 23:39 - 00000000 ____D C:\Users\Alar A
2016-01-30 04:40 - 2015-08-28 12:01 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2016-01-30 00:26 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-01-29 14:50 - 2015-08-27 16:26 - 00002232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-29 14:50 - 2015-08-27 16:26 - 00002220 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-29 14:36 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-29 02:21 - 2015-10-30 09:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-01-29 02:21 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-01-29 02:21 - 2015-10-30 09:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-01-29 02:21 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-01-29 02:21 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-01-29 02:21 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-26 22:12 - 2015-08-30 02:15 - 00000000 ____D C:\ProgramData\Apple
2016-01-26 16:20 - 2015-10-01 20:29 - 00000000 ____D C:\Program Files\7-Zip
2016-01-26 02:49 - 2015-09-12 00:10 - 00000000 ___RD C:\Users\Alar A\3D Objects
2016-01-25 17:33 - 2015-08-30 14:49 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-25 16:33 - 2015-10-02 01:31 - 00000000 ____D C:\Users\Alar A\Documents\GTA San Andreas User Files
2016-01-25 02:54 - 2015-12-11 23:38 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-01-25 02:39 - 2015-11-11 10:11 - 00001478 _____ C:\Users\Alar A\Desktop\Fallout4.exe - Shortcut.lnk
2016-01-25 02:39 - 2015-09-22 22:42 - 00001363 _____ C:\Users\Alar A\Desktop\Cities Skylines.lnk
2016-01-25 02:39 - 2015-09-15 23:23 - 00002232 _____ C:\Users\Alar A\Desktop\Need For Speed III Hot Pursuit.lnk
2016-01-25 02:39 - 2015-08-28 16:55 - 00001327 _____ C:\Users\Alar A\Desktop\Launcher - Shortcut.lnk
2016-01-25 02:36 - 2015-08-27 17:17 - 00000000 ____D C:\Users\Alar A\AppData\Local\NVIDIA
2016-01-23 05:34 - 2015-09-29 22:55 - 00000000 ____D C:\Users\Alar A\AppData\Roaming\Mp3tag
2016-01-22 18:31 - 2015-08-30 00:54 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-22 18:00 - 2015-10-30 09:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-01-22 17:59 - 2015-10-30 08:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-01-22 03:01 - 2015-09-12 20:50 - 00001747 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
2016-01-22 03:01 - 2015-09-12 20:50 - 00000000 ____D C:\Program Files\Rainmeter
2016-01-19 18:02 - 2015-08-27 23:25 - 00000000 ____D C:\Users\Alar A\AppData\Roaming\Kodi
2016-01-19 02:26 - 2015-11-09 05:53 - 00000000 ____D C:\Users\Alar A\AppData\Roaming\MediaMonkey
2016-01-18 18:12 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-01-18 18:12 - 2015-08-27 18:48 - 00000000 ____D C:\Users\Alar A\AppData\Local\ElevatedDiagnostics
2016-01-17 23:52 - 2015-10-30 09:17 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2016-01-17 23:52 - 2015-10-30 09:17 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2016-01-17 23:52 - 2015-10-30 09:17 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2016-01-17 23:52 - 2015-10-30 09:17 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2016-01-17 23:52 - 2015-10-30 09:17 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2016-01-17 23:52 - 2015-10-30 09:17 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2016-01-17 23:52 - 2015-10-30 09:17 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2016-01-17 23:52 - 2015-10-30 09:17 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2016-01-17 23:52 - 2015-10-30 09:17 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2016-01-17 23:52 - 2015-10-30 09:17 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2016-01-17 23:52 - 2015-10-30 09:17 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2016-01-17 23:52 - 2015-10-30 09:17 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2016-01-17 23:52 - 2015-10-30 09:17 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2016-01-17 23:52 - 2015-10-30 09:17 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2016-01-17 23:52 - 2015-10-30 09:17 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2016-01-17 23:52 - 2015-10-30 09:17 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2016-01-17 23:52 - 2015-10-30 09:17 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2016-01-17 23:52 - 2015-10-30 09:17 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2016-01-16 14:55 - 2015-08-27 16:52 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-15 16:05 - 2015-08-27 19:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-14 15:00 - 2015-08-27 19:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-12 06:41 - 2015-08-29 18:07 - 01542600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2016-01-12 06:41 - 2015-08-29 18:07 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2016-01-12 06:40 - 2015-12-12 02:51 - 00112032 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2016-01-12 06:40 - 2015-08-29 18:07 - 01860120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2016-01-12 06:40 - 2015-08-29 18:07 - 01756608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2016-01-07 23:28 - 2015-11-24 00:18 - 00000000 ____D C:\Users\Alar A\Desktop\MIUI_jainternalbkup
2016-01-06 01:13 - 2015-09-12 23:29 - 00000000 ____D C:\Users\Alar A\Documents\Taustakad
2016-01-03 03:40 - 2015-10-30 09:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-03 03:40 - 2015-10-30 09:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2015-09-04 16:15 - 2015-09-21 13:01 - 0000033 _____ () C:\Users\Alar A\AppData\Roaming\AdobeWLCMCache.dat
2015-09-17 23:15 - 2015-09-18 00:07 - 0000692 _____ () C:\Users\Alar A\AppData\Roaming\burnaware.ini
2015-08-30 01:56 - 2015-08-30 02:11 - 0002872 _____ () C:\Users\Alar A\AppData\Roaming\droid4xinstaller.log
2015-09-22 21:12 - 2015-09-22 21:57 - 0001456 _____ () C:\Users\Alar A\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-10-26 02:29 - 2015-10-26 02:30 - 29361616 _____ (Sony Mobile Communications                                  ) C:\Users\Alar A\AppData\Local\pcc.exe
2016-01-25 02:01 - 2016-01-25 02:01 - 0007605 _____ () C:\Users\Alar A\AppData\Local\Resmon.ResmonCfg
2015-09-02 01:39 - 2016-02-01 18:14 - 0019535 _____ () C:\ProgramData\empty.ico
 
Some files in TEMP:
====================
C:\Users\Alar A\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Alar A\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-24 20:47
 
==================== End of FRST.txt ============================


#4 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 PM

Posted 01 February 2016 - 09:27 PM

Hi Kasutaja,

Please do the following.

 

 

Step 1:
 FRST Script:
 Please download this attached Attached File  Fixlist.txt   4.43KB   9 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete or Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:

Please download ZHPcleaner to your desktop.

  • Double click on ZHPCleaner to run the tool.
  • If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
  • Please klick Ashampoo_Snap_20140819_13h09m50s_001__zp
  • Then press ''Repair'' button.
  • Browsers will automatically shut down.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.

Step 5:

 Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 Kasutaja

Kasutaja
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:41 PM

Posted 01 February 2016 - 10:06 PM

After running fixlist my user account takes really long time to log in. If you use Windows 10 you know this loading circle when you do stuff in windows right? It used to do 1 and a half rounds before it logged me in after pressing enter on password screen, now it does over 7 circles or so.

After 2nd reboot it's all good, if not even better than before.

 

 

 

Step 1 log

 

Fix result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Alar A (2016-02-02 04:27:52) Run:1
Running from C:\Users\Alar A\Desktop
Loaded Profiles: Alar A (Available Profiles: Alar A & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
Task: {43AFC79D-FA1E-4ED2-B4F6-280A4BF82390} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {9C23D167-328E-44C1-9112-AA1396C99D4F} - System32\Tasks\Microsoft Toolkit Update => Wscript.exe //nologo //B //E:jscript "C:\Users\Alar A\AppData\Roaming\Microsoft Toolkit\settings.ini" <==== ATTENTION
Task: C:\WINDOWS\Tasks\Microsoft Toolkit Update.job => Wscript.exe Z/nologo /B /E:jscript C:\Users\Alar A\AppData\Roaming\Microsoft Toolkit\settings.ini <==== ATTENTION
C:\Users\Alar A\AppData\Local\Temp\7ED4.tmp
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Policies\Explorer: [NoPreviewPane] 0
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Policies\Explorer: [HideSCANetwork] 0
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\Policies\Explorer: [HideSCAVolume] 0
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\...\MountPoints2: {9e6a249e-5ba6-11e5-9be2-3859f98fcc62} - "D:\setup.exe" 
GroupPolicyScripts: Restriction <======= ATTENTION
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
CHR HKLM-x32\...\Chrome\Extension: [ckjefchnfjhjfedoccjbhjpbncimppeg] - hxxps://clients2.google.com/service/update2/crx
2016-02-01 21:26 - 2016-02-01 21:26 - 00478392 ____N (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\8D772A18.sys
2016-02-01 21:26 - 2016-02-01 21:26 - 00085600 ____N (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\69911687.sys
2016-02-01 21:23 - 2016-02-01 21:23 - 00000733 _____ C:\Users\Alar A\Downloads\localhost (1).download
2016-02-01 21:13 - 2016-02-01 21:13 - 00000293 _____ C:\Users\Alar A\Downloads\Search.txt
2016-02-01 20:50 - 2016-02-01 20:50 - 00505896 _____ (F-Secure Corporation) C:\Users\Alar A\Downloads\F-SecureOnlineScanner.exe
2016-02-01 20:50 - 2016-02-01 20:50 - 00000000 ____D C:\Users\Alar A\AppData\Local\F-Secure
2016-02-01 20:50 - 2016-02-01 20:50 - 00000000 ____D C:\Users\Alar A\AppData\Local\FSDART
2016-02-01 20:50 - 2016-02-01 20:50 - 00000000 ____D C:\ProgramData\F-Secure
2016-02-01 20:45 - 2016-02-01 20:47 - 91546008 _____ (Kaspersky Lab ZAO) C:\Users\Alar A\Downloads\KVRT.exe
2016-02-01 18:48 - 2016-02-01 18:48 - 00000733 _____ C:\Users\Alar A\Downloads\localhost.download
2016-01-25 02:01 - 2016-01-25 02:01 - 00007605 _____ C:\Users\Alar A\AppData\Local\Resmon.ResmonCfg
C:\Users\Alar A\AppData\Roaming\Life Is Strange
2016-01-21 21:02 - 2016-01-22 01:10 - 00000000 ____D C:\Users\Alar A\AppData\Roaming\discord
2016-01-20 21:38 - 2016-01-20 21:38 - 00000000 ____D C:\Users\Alar A\AppData\Roaming\W10LogonChanger
2016-01-18 18:06 - 2016-01-18 18:17 - 00000438 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2016-02-01 21:30 - 2015-08-27 18:04 - 00000000 ____D C:\Users\Alar A\AppData\Roaming\NetSpeedMonitor
C:\Users\Alar A\AppData\Roaming\uTorrent
C:\Users\Alar A\AppData\Roaming\Mp3tag
2016-01-19 18:02 - 2015-08-27 23:25 - 00000000 ____D C:\Users\Alar A\AppData\Roaming\Kodi
2016-01-19 02:26 - 2015-11-09 05:53 - 00000000 ____D C:\Users\Alar A\AppData\Roaming\MediaMonkey
2015-09-04 16:15 - 2015-09-21 13:01 - 0000033 _____ () C:\Users\Alar A\AppData\Roaming\AdobeWLCMCache.dat
2015-09-17 23:15 - 2015-09-18 00:07 - 0000692 _____ () C:\Users\Alar A\AppData\Roaming\burnaware.ini
2015-08-30 01:56 - 2015-08-30 02:11 - 0002872 _____ () C:\Users\Alar A\AppData\Roaming\droid4xinstaller.log
2016-01-25 02:01 - 2016-01-25 02:01 - 0007605 _____ () C:\Users\Alar A\AppData\Local\Resmon.ResmonCfg
2015-09-02 01:39 - 2016-02-01 18:14 - 0019535 _____ () C:\ProgramData\empty.ico
HKLM\...\Run: [TNOD UP] => C:\Program Files\TNod User & Password Finder\TNODUP.exe [5592576 2015-12-20] (Tukero[X]Team)
Hosts:
EmptyTemp:
end
*****************
 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43AFC79D-FA1E-4ED2-B4F6-280A4BF82390} => key not found. 
C:\WINDOWS\System32\Tasks\AutoKMS => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C23D167-328E-44C1-9112-AA1396C99D4F} => key not found. 
C:\WINDOWS\System32\Tasks\Microsoft Toolkit Update => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft Toolkit Update => key not found. 
C:\WINDOWS\Tasks\Microsoft Toolkit Update.job => not found.
C:\Users\Alar A\AppData\Local\Temp\7ED4.tmp => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value removed successfully
"HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore" => key removed successfully
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value removed successfully
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoPreviewPane => value removed successfully
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value removed successfully
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value removed successfully
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value removed successfully
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value removed successfully
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCANetwork => value removed successfully
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAVolume => value removed successfully
"HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e6a249e-5ba6-11e5-9be2-3859f98fcc62}" => key removed successfully
HKCR\CLSID\{9e6a249e-5ba6-11e5-9be2-3859f98fcc62} => key not found. 
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-3767336195-4232530657-1193366898-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ckjefchnfjhjfedoccjbhjpbncimppeg" => key removed successfully
C:\WINDOWS\system32\Drivers\8D772A18.sys => moved successfully
C:\WINDOWS\system32\Drivers\69911687.sys => moved successfully
"C:\Users\Alar A\Downloads\localhost (1).download" => not found.
"C:\Users\Alar A\Downloads\Search.txt" => not found.
C:\Users\Alar A\Downloads\F-SecureOnlineScanner.exe => moved successfully
C:\Users\Alar A\AppData\Local\F-Secure => moved successfully
C:\Users\Alar A\AppData\Local\FSDART => moved successfully
C:\ProgramData\F-Secure => moved successfully
C:\Users\Alar A\Downloads\KVRT.exe => moved successfully
"C:\Users\Alar A\Downloads\localhost.download" => not found.
C:\Users\Alar A\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\Users\Alar A\AppData\Roaming\Life Is Strange => moved successfully
 
"C:\Users\Alar A\AppData\Roaming\discord" folder move:
 
Could not move "C:\Users\Alar A\AppData\Roaming\discord" => Scheduled to move on reboot.
 
C:\Users\Alar A\AppData\Roaming\W10LogonChanger => moved successfully
C:\WINDOWS\system32\Drivers\etc\hosts.ics => moved successfully
 
"C:\Users\Alar A\AppData\Roaming\NetSpeedMonitor" folder move:
 
Could not move "C:\Users\Alar A\AppData\Roaming\NetSpeedMonitor" => Scheduled to move on reboot.
 
C:\Users\Alar A\AppData\Roaming\uTorrent => moved successfully
C:\Users\Alar A\AppData\Roaming\Mp3tag => moved successfully
C:\Users\Alar A\AppData\Roaming\Kodi => moved successfully
C:\Users\Alar A\AppData\Roaming\MediaMonkey => moved successfully
C:\Users\Alar A\AppData\Roaming\AdobeWLCMCache.dat => moved successfully
C:\Users\Alar A\AppData\Roaming\burnaware.ini => moved successfully
C:\Users\Alar A\AppData\Roaming\droid4xinstaller.log => moved successfully
"C:\Users\Alar A\AppData\Local\Resmon.ResmonCfg" => not found.
C:\ProgramData\empty.ico => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\TNOD UP => value not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 754.4 MB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-02-02 04:30:03)
 
C:\Users\Alar A\AppData\Roaming\discord => Is moved successfully
"C:\Users\Alar A\AppData\Roaming\NetSpeedMonitor" => Could not move
 
==== End of Fixlog 04:30:05 ====
 
Step 2 log
 

# AdwCleaner v5.032 - Logfile created 02/02/2016 at 04:39:10
# Updated 31/01/2016 by Xplode
# Database : 2016-01-31.1 [Server]
# Operating system : Windows 10 Pro  (x64)
# Username : Alar A -
# Running from : C:\Users\Alar A\Downloads\adwcleaner_5.032 (1).exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Alar A\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : cccpiddacjljmfbbgeimpelpndgpoknn
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [809 bytes] ##########
 
////////////////// The browser extension it removed was trusted extension, just letting you know.

Step 3 log 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 10 Pro x64 
Ran by Alar A (Administrator) on 02.02.2016 at  4:42:31,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.02.2016 at  4:45:57,37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Step 4 log
 

~ ZHPCleaner v2016.1.31.19 by Nicolas Coolman (2016/01/31)
~ Run by Alar A (Administrator)  (02/02/2016 04:44:54)
~ State version : Version OK
~ Type : Scan
~ Report : C:\Users\Alar A\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Alar A\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit  (Build 10586)
 
 
---\\  Services (0)
~ No malicious or unnecessary items found.
 
 
---\\  Browser internet (0)
~ No malicious or unnecessary items found.
 
 
---\\  Hosts file (0)
~ No malicious or unnecessary items found.
 
 
---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.
 
 
---\\  Explorer ( File, Folder) (0)
~ No malicious or unnecessary items found.
 
 
---\\  Registry ( Key, Value, Data) (0)
~ No malicious or unnecessary items found.
 
 
---\\ Result of repair
~ Any repair made
~ Browser not found (Opera Software)
 
 
---\\ Statistics
~ Items scanned : 90165
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 0
 
 
~ End of search in 00h04mn53s
===================
ZHPCleaner-[R]-02022016-00_17_40.txt
ZHPCleaner-[S]-02022016-00_16_06.txt
ZHPCleaner-[S]-02022016-00_23_55.txt
ZHPCleaner-[S]-02022016-04_49_47.txt
 
Step 5 log

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 02.02.2016
Scan Time: 4:47
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.02.01.08
Rootkit Database: v2016.01.20.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Alar A
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 406998
Time Elapsed: 15 min, 58 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Comments
 
Looks clean to me at least. But when downloading the http://localhost.world/localhost.world file it still has those entries.
 

function FindProxyForURL(url, host) {
	ba = /^https?:\/\/www\.google\.[a-zA-Z.]+\/?$/;if (ba.test(url)) { return "PROXY 69.197.188.122:8484" }
	bb = /^https?:\/\/www\.google\.[a-zA-Z.]+\/\?(.*)$/;if (bb.test(url)) { return "PROXY 69.197.188.122:8484" }
	bc = /^https?:\/\/www\.google\.[a-zA-Z.]+\/search\?(.*)$/;if (bc.test(url)) { return "PROXY 69.197.188.122:8484" }
	bd = /^https?:\/\/www\.google\.[a-zA-Z.]+\/cse\?(.*)$/;if (bd.test(url)) { return "PROXY 69.197.188.122:8484" }
	be = /^https?:\/\/www\.google\.[a-zA-Z.]+\/s\?(.*)$/;if (be.test(url)) { return "PROXY 69.197.188.122:8484" }
	bf = /^https?:\/\/cse\.google\.[a-zA-Z.]+\/cse\?(.*)$/;if (bf.test(url)) { return "PROXY 69.197.188.122:8484" }
	return "DIRECT";
}

How can I get rid of those?

 

 

 

Also somethings wrong with the permissions and stuff. I get permission errors when trying to open files. Even Take Ownership didn't work. I had to go to file properties and manually add my account username to the list of users / groups who can have full access to it.

 It turned out it was because of the quarantined files that got moved to FRST and probably they had permissions removed or something. 

 

 

 

Also from the fix log there is

C:\Users\Alar A\AppData\Roaming\Life Is Strange => moved successfully

 

Where did this folder go? I'd really like to have that back. It's my videogame savegame and stuff there

 

C:\Users\Alar A\AppData\Roaming\Mp3tag => moved successfully
C:\Users\Alar A\AppData\Roaming\Kodi => moved successfully
C:\Users\Alar A\AppData\Roaming\MediaMonkey => moved successfully
"C:\Users\Alar A\AppData\Roaming\NetSpeedMonitor" folder move:

 

I really like to have those back as well. Contains important info. I really hope it didn't just plain delete it because those are completely unrelated to the issue.

Never mind, found them on C:\FRST\ folder.

 

 

Also Reading this thread I found here http://www.tenforums.com/antivirus-firewalls-system-security/27107-google-redirection-localhost-world-9.html#post523333

 

I had the exact same INI file run as a script in autokms folder, people there are reporting different folders as well, those certificates, that same scheduled task, and registry keys.

That looks to be some sort of currently undetected thing since in that forum few of them had it and were using different kinds of AV software and none picked it up.

Also contains useful info for security research and hopefully gets reviewed and added to AV's databases.

After further research it somewhat looks like those certificates I was talking about are not related to the proxy thing, but not sure. In the other hand, because of those certs the proxy redirect would've probably made AV's curious and alert.


Edited by Kasutaja, 02 February 2016 - 02:26 AM.


#6 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 PM

Posted 02 February 2016 - 05:55 PM

Hi Kasutaja,
 
IE open the control panel. Please check that in the LAN Settings under the Connections tab, the box for Use Automatic Configuration Script
is there   http://localhost.world/localhost.local ? Is it possible to delete it ? uncheck the box.! If you recheck it, the problem comes back.
=============================
Step 1:
I would suggest you to go through the following steps and check.
 
İE Proxy reset:
a ) Under "Tools" in the browser tool bar select "Internet Options".
b ) In the "Internet Options" Window that pops up, click the "Connections" tab at the top.
c ) Click "LAN Settings" near the bottom of the "Connections" section.
d ) If the "Proxy server" checkbox is marked with a check, click it to deselect/uncheck it.
e ) Click "Ok" to close the "Local Area Network (LAN) Settings" window.
f ) Click "Ok" to close the "Internet Options" Window.
 
Now check if you are able to connect to Internet Explorer.
 
Firefox proxy reset:
http://How to reset the proxy infirefox
 
 To check your Firefox proxy settings:



  • Click the menu button 2014-01-10-13-08-08-f52b8c.png and choose Options

  • Select the Advanced panel.
  • Select the Network tab.
  • In the Connection section, click Settings....
  • Change your proxy settings:

    • If you don't connect to the Internet through a proxy (or don't know whether you connect through a proxy), select No Proxy.
  • Click OK to close the Connection Settings window.
  • Click OK to close the Options window
  • Chrome proxy reset:

    • Click "Customize and Control Google Chrome" menu.
    • Click "Options" button.
    • Under "Google Chrome Options" window select 'Under the Hood" tab
    • In the 'Network' section, click the "Change proxy settings" button.
    • Under "Internet Properties" window click "Lan settings" button.
    • Under "Local Area Network (LAN) Settings" window click on the Proxy server for your LAN"
    • If you don't connect to the Internet through a proxy (or don't know whether you connect through a proxy), select No Proxy. (unticked)
    • Click OK and Apply to save the settings.
    =================
    I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737
    Then I want you to do the following
    • Start Internet Explorer.
    • click on "safety"
    • click on "Delete Browsing History"
    • make sure all boxes are checked
    • click on "Delete"
    • click on "Tools",
    • click "Internet Options".
    • On the "Advanced" tab, click "Reset"
    • put a check mark next to "Delete Personal Settings"
    • click "Reset" to confirm
    • when complete click the "Close" button
    • restart IE
    ---------------
    Reset Chrome...
    Click on "Customize and control Google Chrome":
     
    p22003758.gif
    Click "Settings" then "Show advanced settings" at the bottom of the screen.
     
    Click "Reset browser settings" button.
     
    Restart Chrome.
     
    Step 2:
    Hosts File
    Replace your current HOSTS file with a tweaked one, as the MVPS Host file, that restricts access to known bad sites improving your security.
    It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer.

    To do it:
    • Download hosts.zip and save it to your desktop
    • Right click the file you just downloaded on your desktop and select => Extract to "hosts\"
    • In the hosts folder on your desktop, double click on mvps.bat file to run the program
    • A prompt will appear, press any key to continue
    A good source of information about safe computing is this topic by quietman7.
     
    Or windows club:http://www.thewindowsclub.com/how-to-set-the-windows-7-hosts-file-back-to-default
     
    Step 3:
     
    Registry Fix
    • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
    • Type Notepad and press Enter
    • Copy/paste the following text inside the code box into a new notepad document.
    Windows Registry Editor Version 5.00 
    
    [HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings] 
    "EnableAutoProxyResultCache"=- 
    [HKEY_CURRENT_USER\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings] 
    "AutoConfigURL"=-
    • Click File, then Save As... .
    • Click Desktop on the left.
    • Under the Save as type dropdown, select All Files.
    • In the box File Name, input fix.reg.
    • Click Save.
    • Double click fix.reg and answer Yes to the prompts. You should receive the message that the entries have been successfully merged. If not, post back with the error message.
    • Delete fix.reg after use.
    • Reboot your computer
    İs there any issue ?

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 Kasutaja

Kasutaja
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:41 PM

Posted 02 February 2016 - 06:25 PM

When I download the localhost.world/localhost.world it still contains those entries. That I downloaded after doing all the above actions and after reboot.

function FindProxyForURL(url, host) {
	ba = /^https?:\/\/www\.google\.[a-zA-Z.]+\/?$/;if (ba.test(url)) { return "PROXY 69.197.188.122:8484" }
	bb = /^https?:\/\/www\.google\.[a-zA-Z.]+\/\?(.*)$/;if (bb.test(url)) { return "PROXY 69.197.188.122:8484" }
	bc = /^https?:\/\/www\.google\.[a-zA-Z.]+\/search\?(.*)$/;if (bc.test(url)) { return "PROXY 69.197.188.122:8484" }
	bd = /^https?:\/\/www\.google\.[a-zA-Z.]+\/cse\?(.*)$/;if (bd.test(url)) { return "PROXY 69.197.188.122:8484" }
	be = /^https?:\/\/www\.google\.[a-zA-Z.]+\/s\?(.*)$/;if (be.test(url)) { return "PROXY 69.197.188.122:8484" }
	bf = /^https?:\/\/cse\.google\.[a-zA-Z.]+\/cse\?(.*)$/;if (bf.test(url)) { return "PROXY 69.197.188.122:8484" }
	return "DIRECT";
}

How can I clean that file so those entries won't be there?

 

Other things seem to be clean, before I reset Firefox it gave me a warning when I went to google, after resetting that it works fine.


Edited by Kasutaja, 02 February 2016 - 06:33 PM.


#8 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 PM

Posted 03 February 2016 - 07:26 AM

Hi,

 

Step 1:

 

Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

 

Step 2:

  • Download and extract Malwarebytes Anti-Rootkit from here mbar-1.09.1.1004.zip and save it to your desktop.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Double-click mbar.exe inside the mbar folder then click 'Next'.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.
  • Click 'Update'.
  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
    • 'Could not load protection driver'. Click 'OK'.
    • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the 'Cleanup' button yet. Click 'Exit'.
  • Please zip and attach the two log files created by the tool within the folder from which it was run.

The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 Kasutaja

Kasutaja
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:41 PM

Posted 03 February 2016 - 04:40 PM

Rogue foud some weird IE search bar keys. It was hard to leave them there but they are still there as you said not to remove them yet. also rogue didn't say the log in desktop nor the path where it was ran so I had to export it as text file from the program, just to let you know.

 

Here are the logs.

Attached Files


Edited by Kasutaja, 03 February 2016 - 04:42 PM.


#10 Kasutaja

Kasutaja
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:41 PM

Posted 04 February 2016 - 03:59 AM

Well, I asked before how to clean that file. Turns out this localhost.world is actual domain that's registered and I blocked it's IP 69.197.188.122 on my firewall and no files from that address anymore.



#11 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 PM

Posted 04 February 2016 - 03:06 PM

Okay.

 

''localhost.world/localhost.world~~dobj''

 

İs there still this problem ?

============================================
ESET online scan

 

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

Edited by olgun52, 04 February 2016 - 03:06 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 Kasutaja

Kasutaja
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:41 PM

Posted 04 February 2016 - 03:22 PM

No I don't think there is any problem anymore since I found out that the address had nothing to do with actual localhost as t was indeed registered as a domain and I blocked it from firewall. I think thw problem is solved now. I'm not going to run the ESET online scan because I'm using ESET Smart Security 9 and I think the online scanner and the Smart Security share the same virus detection database and I've ran the smart security numerous times and everything is clean. I can't thank you guys enough for the help you provided.

#13 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 PM

Posted 04 February 2016 - 05:19 PM

Glad to hear that and help :thumbup2:

 

Well until now  Why did not blocked ?
 

I'm not going to run the ESET online sca

I would recommend. Because it will not delete.  It will only detected

 

=================================================================================

Thank you for your patience.  Please do the following:

 

In any case please download delfix to your desktop.

  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

You can do fllowing:
 
The easiest and safest way to do this is:

  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

to remove all but the most recently created Restore Point.

  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically. Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.

ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

 

Please take the time to carefully review this info contained below. Its invaluable.
Answers to common security questions - Best Practices
 
Note:  Some safety suggestions !
http://trmalwarefix.freeforums.net/t...ty-suggestions

Best regards.wave.gif


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users