Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CLEAN HACK IN WINDOWS 8.1 HELPP


  • This topic is locked This topic is locked
2 replies to this topic

#1 MartineliCJ

MartineliCJ

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 26 December 2016 - 09:03 PM

I used Farbar Recovery Scan Tool, and i really and a help to clean this hack in my computer
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by Killer Of Demons (administrator) on PCDOXANDI (26-12-2016 23:47:16)
Running from C:\Users\Killer Of Demons\Downloads
Loaded Profiles: Killer Of Demons (Available Profiles: Killer Of Demons & alexandre)
Platform: Windows 8.1 Pro (Update) (X64) Language: Português (Portugal)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files\WaIEn\wajam_64.exe
() C:\Program Files\WaIEn\wajam.exe
() C:\Program Files\WaIEn\wajam_64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hide My IP) C:\Program Files (x86)\Hide My IP 6\HideMyIpSrv.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
(SumRando) C:\Program Files (x86)\SumRando\SumRando\misc\vpnmanagesvc.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MRT] => C:\Windows\system32\MRT.exe [135632432 2016-12-15] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe] => C:\ProgramData\Adobe\8E59FF5.vbe [7642 2012-12-13] ()
HKLM-x32\...\Run: [mbot_br_354] => [X]
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\RunOnce: [Merokegu] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\KILLER~1\AppData\Roaming\Sedile"
HKLM-x32\...\RunOnce: [Kogocureresu] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\KILLER~1\AppData\Roaming\Hobecarobafe"
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2810221886-3895275583-3711292954-1001\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-2810221886-3895275583-3711292954-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53123712 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2810221886-3895275583-3711292954-1001\...\Run: [EADM] => C:\Users\Public\Desktop\Origin\Origin.exe [3044848 2016-11-23] (Electronic Arts)
HKU\S-1-5-21-2810221886-3895275583-3711292954-1001\...\Run: [Chromium] => c:\users\killer of demons\appdata\local\chromium\application\chrome.exe [1035264 2016-03-17] (The Chromium Authors)
HKU\S-1-5-21-2810221886-3895275583-3711292954-1001\...\MountPoints2: {3669ee3e-9ba2-11e4-825f-08edb9d25f66} - "F:\setup.exe" 
HKU\S-1-5-21-2810221886-3895275583-3711292954-1001\...\MountPoints2: {da1bd1ac-7ff0-11e4-8255-08edb9d25f66} - "D:\autorun.exe" 
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Killer Of Demons\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Killer Of Demons\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Killer Of Demons\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Killer Of Demons\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Killer Of Demons\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Killer Of Demons\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog9 01 C:\Windows\system32\sslsp105.dll [75520 2015-07-13] (SumRando)
Winsock: Catalog9 02 C:\Windows\system32\sslsp105.dll [75520 2015-07-13] (SumRando)
Winsock: Catalog9 03 C:\Windows\system32\HMIPCore.dll No File 
Winsock: Catalog9 04 C:\Windows\system32\HMIPCore.dll No File 
Winsock: Catalog9 05 C:\Windows\system32\HMIPCore.dll No File 
Winsock: Catalog9 06 C:\Windows\system32\HMIPCore.dll No File 
Winsock: Catalog9 18 C:\Windows\system32\HMIPCore.dll No File 
Winsock: Catalog9 19 C:\Windows\system32\sslsp105.dll [75520 2015-07-13] (SumRando)
Winsock: Catalog9-x64 01 C:\Windows\system32\sslsp105.dll [75520 2015-07-13] (SumRando)
Winsock: Catalog9-x64 02 C:\Windows\system32\sslsp105.dll [75520 2015-07-13] (SumRando)
Winsock: Catalog9-x64 03 C:\Windows\system32\HMIPCore64.dll [482376 2016-02-29] (Hide My IP)
Winsock: Catalog9-x64 04 C:\Windows\system32\HMIPCore64.dll [482376 2016-02-29] (Hide My IP)
Winsock: Catalog9-x64 05 C:\Windows\system32\HMIPCore64.dll [482376 2016-02-29] (Hide My IP)
Winsock: Catalog9-x64 06 C:\Windows\system32\HMIPCore64.dll [482376 2016-02-29] (Hide My IP)
Winsock: Catalog9-x64 18 C:\Windows\system32\HMIPCore64.dll [482376 2016-02-29] (Hide My IP)
Winsock: Catalog9-x64 19 C:\Windows\system32\sslsp105.dll [75520 2015-07-13] (SumRando)
Tcpip\Parameters: [DhcpNameServer] 189.6.0.137 189.6.0.132
Tcpip\..\Interfaces\{2C6ECB42-23ED-4F65-983F-FDEF563DC2C0}: [DhcpNameServer] 189.6.0.138 189.6.0.133
Tcpip\..\Interfaces\{AA6E6FED-A997-43B0-9ED7-DDFCB8E0BD83}: [DhcpNameServer] 189.6.0.137 189.6.0.132
Tcpip\..\Interfaces\{C75D4B49-1DBD-4A88-92ED-2A7FC0455BA8}: [DhcpNameServer] 8.8.8.8
 
Internet Explorer:
==================
HKU\S-1-5-21-2810221886-3895275583-3711292954-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-0aa86222
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-0aa86222
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=dspp&ts=1421259842&from=smt&uid=HitachiXHTS547550A9E384_J2160051F29THCF29THCX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=dspp&ts=1421259842&from=smt&uid=HitachiXHTS547550A9E384_J2160051F29THCF29THCX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hppp&ts=1421259842&from=smt&uid=HitachiXHTS547550A9E384_J2160051F29THCF29THCX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hppp&ts=1421259842&from=smt&uid=HitachiXHTS547550A9E384_J2160051F29THCF29THCX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=dspp&ts=1421259842&from=smt&uid=HitachiXHTS547550A9E384_J2160051F29THCF29THCX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=dspp&ts=1421259842&from=smt&uid=HitachiXHTS547550A9E384_J2160051F29THCF29THCX&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=130951287269833539&GUID=E040035E-0577-4A89-B741-B9AF75922B47
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbPPq_NcKDZkQXPy4TZR44LspvC9sb99JtP_5YrARM0WUp_nvWHw_BxE3D40SNgcXdtuTEsCbNqnSzkZFOe25KU_lYf1rsx3D9Zt1hdIVX-9AiUJsqriVPJzevW8gfHfE5az18vGcUWYmQ4qbyBBJqFLsTTYaMU_f9jom_k12NGtcCG6&q={searchTerms}
HKU\S-1-5-21-2810221886-3895275583-3711292954-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbPPq_NcKDZkQXPy4TZR44LspvC9sb99JtP_5YrARM0WUp_nvWHw_BxE3D40SNgcXdtuTEsCbNqnSzkZFOe25KU_lYf1rsx3D9Zt1hdIVX-9AiUJsqriVPJzevW8gfHfE5az18vGcUWYmQ4qbyBBJqFLsTTYaMU_f9jom_k12NGtcCG9&q={searchTerms}
HKU\S-1-5-21-2810221886-3895275583-3711292954-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hppp&ts=1421259842&from=smt&uid=HitachiXHTS547550A9E384_J2160051F29THCF29THCX
HKU\S-1-5-21-2810221886-3895275583-3711292954-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1418524115&from=cor&uid=HitachiXHTS547550A9E384_J2160051F29THCF29THCX&q={searchTerms}
HKU\S-1-5-21-2810221886-3895275583-3711292954-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-0aa86222
URLSearchHook: HKLM-x32 -> Default = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
URLSearchHook: HKU\S-1-5-21-2810221886-3895275583-3711292954-1001 - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0aa86222&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_bxi01_15_01_ch&cd=2XzuyEtN2Y1L1QzutAtD0Fzy0E0D0E0EyBzztCyEtD0FtCyDtN0D0Tzu0StCtDzyzytN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0D0CyCyBtB0EyCtGzz0E0A0EtG0B0E0FzztGyB0BtBtAtGtDzy0A0FyCtByEyE0BtBzztD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtBtB0B0BtDtA0AtGtAyC0CyBtGyEtAyEzztG0AtCtD0FtG0E0FtA0CyEtAyEtDzyyCtD0F2Q&cr=1603799296&ir=
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = hxxp://www.mystartsearch.com/web/?type=dspp&ts=1421259842&from=smt&uid=HitachiXHTS547550A9E384_J2160051F29THCF29THCX&q={searchTerms}
SearchScopes: HKLM -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0aa86222&q={searchTerms}
SearchScopes: HKLM -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.searchult.com/?bd=ds&oem=Mobi&uid=HitachiXHTS547550A9E384_J2160051F29THCF29THCX&version=2.0.0.1288&pid=414031160&cs=9b56660c53fcf52ac593ffbf8279949d&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0aa86222&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbPPq_NcKDZkQXPy4TZR44LspvC9sb99JtP_5YrARM0WUp_nvWHw_BxE3D40SNgcXdtuTEsCbNqnSzkZFOe25KU_lYf1rsx3D9Zt1hdIVX-9AiUJsqriVPJzevW8gfHfE5az18vGcUWYmQ4qbyBBJqFLsTTYaMU_f9jom_k12NGtcCG6&q={searchTerms}
SearchScopes: HKLM-x32 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0aa86222&q={searchTerms}
SearchScopes: HKLM-x32 -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.searchult.com/?bd=ds&oem=Mobi&uid=HitachiXHTS547550A9E384_J2160051F29THCF29THCX&version=2.0.0.1288&pid=414031160&cs=9b56660c53fcf52ac593ffbf8279949d&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-2810221886-3895275583-3711292954-1001 -> DefaultScope {7FFD65E1-AEE1-459F-B87C-2F482397B41A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0aa86222&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2810221886-3895275583-3711292954-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbPPq_NcKDZkQXPy4TZR44LspvC9sb99JtP_5YrARM0WUp_nvWHw_BxE3D40SNgcXdtuTEsCbNqnSzkZFOe25KU_lYf1rsx3D9Zt1hdIVX-9AiUJsqriVPJzevW8gfHfE5az18vGcUWYmQ4qbyBBJqFLsTTYaMU_f9jom_k12NGtcCG9&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2810221886-3895275583-3711292954-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_bxi01_15_01_ch&cd=2XzuyEtN2Y1L1QzutAtD0Fzy0E0D0E0EyBzztCyEtD0FtCyDtN0D0Tzu0StCtDzyzytN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0D0CyCyBtB0EyCtGzz0E0A0EtG0B0E0FzztGyB0BtBtAtGtDzy0A0FyCtByEyE0BtBzztD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtBtB0B0BtDtA0AtGtAyC0CyBtGyEtAyEzztG0AtCtD0FtG0E0FtA0CyEtAyEtDzyyCtD0F2Q&cr=1603799296&ir=
SearchScopes: HKU\S-1-5-21-2810221886-3895275583-3711292954-1001 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = hxxp://www.mystartsearch.com/web/?type=dspp&ts=1421259842&from=smt&uid=HitachiXHTS547550A9E384_J2160051F29THCF29THCX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2810221886-3895275583-3711292954-1001 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-2810221886-3895275583-3711292954-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_dnldastr_15_13&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzytDyC0AtD0FyCtD0FtCyDtN0D0Tzu0StCtCyBtAtN1L2XzutAtFzztFtAtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyD0E0D0CtA0DtD0DtGzzyEyBtDtG0B0FtB0CtGyC0DzytAtGyD0CyEzzzy0ByB0B0FtB0E0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtBtB0B0BtDtA0AtGtAyC0CyBtGyEtAyEzztG0AtCtD0FtG0E0FtA0CyEtAyEtDzyyCtD0F2Q&cr=1978168633&ir=
SearchScopes: HKU\S-1-5-21-2810221886-3895275583-3711292954-1001 -> {7FFD65E1-AEE1-459F-B87C-2F482397B41A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0aa86222&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2810221886-3895275583-3711292954-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> No File
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: No Name -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> No File
BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> No File
BHO-x32: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> No File
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: PriceFountain -> {b608cc98-54de-4775-96c9-097de398500c} -> C:\Users\Killer Of Demons\AppData\Local\PriceFountain\PriceFountainIE.dll => No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM - Hotspot Shield Toolbar - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF DefaultProfile: dteb9m78.default
FF ProfilePath: C:\Users\Killer Of Demons\AppData\Roaming\Mozilla\Firefox\Profiles\dteb9m78.default [2015-05-09]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-12-24] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-12-24] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-01-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2015-01-31] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=pt-br
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Killer Of Demons\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.758\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Killer Of Demons\AppData\Local\Google\Chrome\User Data\PepperFlash\16.0.0.305\pepflashplayer.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll ()
CHR Profile: C:\Users\Killer Of Demons\AppData\Local\Google\Chrome\User Data\Default [2016-12-26]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Killer Of Demons\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Virtual Keyboard) - C:\Users\Killer Of Demons\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflmllfnnabikmfkkaddkoolinlfninn [2015-12-20]
CHR HKLM\...\Chrome\Extension: [elggllhppljlljkgfeokjpehmdamkejk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2810221886-3895275583-3711292954-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [elggllhppljlljkgfeokjpehmdamkejk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2810221886-3895275583-3711292954-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2810221886-3895275583-3711292954-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2810221886-3895275583-3711292954-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [elggllhppljlljkgfeokjpehmdamkejk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R3 HideMyIpSRV; C:\Program Files (x86)\Hide My IP 6\HideMyIpSRV.exe [3970632 2016-03-01] (Hide My IP)
S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S3 Origin Client Service; C:\Users\Public\Desktop\Origin\OriginClientService.exe [2119688 2016-11-23] (Electronic Arts)
S2 Origin Web Helper Service; C:\Users\Public\Desktop\Origin\OriginWebHelperService.exe [2180624 2016-11-23] (Electronic Arts)
S2 Sed; C:\Users\Killer Of Demons\AppData\Roaming\ntsvc\ntsvc.exe [411504 2015-01-16] (Navigation Co., Ltd.)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
R3 SumRandoVPNService; C:\Program Files (x86)\SumRando\SumRando\misc\vpnmanagesvc.exe [107776 2016-11-11] (SumRando)
R2 WaIEn Monitor; C:\Program Files\WaIEn\wajam_64.exe [1991680 2015-06-01] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2016-11-11] (LogMeIn Inc.)
R2 hmip; C:\Windows\system32\Drivers\hmip64.sys [44384 2016-03-01] (Hide My IP)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
R3 tun3326; C:\Windows\system32\DRIVERS\tun3326.sys [32368 2013-03-22] (The OpenVPN Project)
R1 VBoxUSBMon; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2014-11-30] (Basil Projects)
R1 {13e8d46d-09b8-4fd6-b75a-25c04a0db747}Gw64; C:\Windows\System32\drivers\{13e8d46d-09b8-4fd6-b75a-25c04a0db747}Gw64.sys [48784 2015-04-04] (StdLib)
R1 {29b8df85-56af-474f-9022-e376793679f9}Gw64; C:\Windows\System32\drivers\{29b8df85-56af-474f-9022-e376793679f9}Gw64.sys [48792 2015-01-04] (StdLib)
R1 {38c95e98-da81-4038-a23a-50d0e098cff8}Gw64; C:\Windows\System32\drivers\{38c95e98-da81-4038-a23a-50d0e098cff8}Gw64.sys [48784 2015-03-19] (StdLib)
R1 {dc19896d-a3e2-417d-be46-d18ebc99e240}Gw64; C:\Windows\System32\drivers\{dc19896d-a3e2-417d-be46-d18ebc99e240}Gw64.sys [48776 2014-11-26] (StdLib)
R1 {ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64; C:\Windows\System32\drivers\{ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64.sys [48792 2015-01-13] (StdLib)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S1 ccnfd_1_10_0_4; system32\drivers\ccnfd_1_10_0_4.sys [X]
S1 cherimoya; system32\drivers\cherimoya.sys [X] <==== ATTENTION
S3 PCFApiUtil; \??\C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [X]
S1 wpnfd_1_10_0_1; system32\drivers\wpnfd_1_10_0_1.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-26 23:47 - 2016-12-26 23:48 - 00025167 _____ C:\Users\Killer Of Demons\Downloads\FRST.txt
2016-12-26 23:46 - 2016-12-26 23:47 - 00000000 ____D C:\FRST
2016-12-26 23:46 - 2016-12-26 23:46 - 02420736 _____ (Farbar) C:\Users\Killer Of Demons\Downloads\FRST64.exe
2016-12-26 23:43 - 2016-12-26 23:43 - 01762816 _____ (Farbar) C:\Users\Killer Of Demons\Downloads\FRST.exe
2016-12-26 23:00 - 2016-12-26 23:36 - 00000000 ___RD C:\Users\Killer Of Demons\OneDrive
2016-12-26 22:57 - 2016-12-26 23:00 - 00000000 ___RD C:\Users\Killer Of Demons\OneDrive (3).old
2016-12-26 22:36 - 2016-12-26 22:25 - 01410757 _____ C:\Users\Killer Of Demons\Desktop\SMAPI-1.4.zip
2016-12-26 22:36 - 2016-12-26 21:57 - 00165868 _____ C:\Users\Killer Of Demons\Desktop\1.11-MakeshiftMultiplyer-0.2.10.zip-501-0-2-10.zip
2016-12-26 22:36 - 2016-12-12 21:46 - 00000000 ____D C:\Users\Killer Of Demons\Desktop\SMAPI 1.4
2016-12-26 22:25 - 2016-12-26 22:25 - 01410757 _____ C:\Users\Killer Of Demons\Downloads\SMAPI-1.4.zip
2016-12-26 21:57 - 2016-12-26 21:57 - 00165868 _____ C:\Users\Killer Of Demons\Downloads\1.11-MakeshiftMultiplyer-0.2.10.zip-501-0-2-10.zip
2016-12-26 21:38 - 2016-12-26 21:38 - 00000000 _____ C:\Users\Killer Of Demons\Desktop\Age of Empires II
2016-12-26 20:55 - 2016-12-26 20:55 - 00000010 _____ C:\Users\Killer Of Demons\Desktop\erro steam.txt
2016-12-26 20:54 - 2016-12-26 20:06 - 00738165 _____ C:\Users\Killer Of Demons\Desktop\swiftshader v2.0_uploaded_by_super--completo.blogspot.com.rar
2016-12-26 20:53 - 2016-12-26 20:15 - 01744502 _____ C:\Users\Killer Of Demons\Desktop\3d-analyze.rar
2016-12-26 20:16 - 2008-08-08 21:09 - 00000000 ____D C:\Users\Killer Of Demons\Downloads\3d-analyze
2016-12-26 20:14 - 2016-12-26 20:15 - 01744502 _____ C:\Users\Killer Of Demons\Downloads\3d-analyze.rar
2016-12-26 20:06 - 2016-12-26 20:06 - 00738165 _____ C:\Users\Killer Of Demons\Downloads\swiftshader v2.0_uploaded_by_super--completo.blogspot.com.rar
2016-12-25 00:22 - 2016-12-25 00:22 - 00000000 ____D C:\Users\Killer Of Demons\Documents\Lightshot
2016-12-25 00:16 - 2016-12-25 00:17 - 00000430 _____ C:\Windows\Tasks\update-sys.job
2016-12-25 00:16 - 2016-12-25 00:16 - 00003300 _____ C:\Windows\System32\Tasks\update-sys
2016-12-25 00:16 - 2016-12-25 00:16 - 00003300 _____ C:\Windows\System32\Tasks\update-S-1-5-21-2810221886-3895275583-3711292954-1001
2016-12-25 00:16 - 2016-12-25 00:16 - 00000430 _____ C:\Windows\Tasks\update-S-1-5-21-2810221886-3895275583-3711292954-1001.job
2016-12-25 00:16 - 2016-12-25 00:16 - 00000424 _____ C:\Users\Killer Of Demons\AppData\Local\UserProducts.xml
2016-12-25 00:16 - 2016-12-25 00:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2016-12-25 00:16 - 2016-12-25 00:16 - 00000000 ____D C:\Program Files (x86)\Skillbrains
2016-12-25 00:15 - 2016-12-25 00:15 - 02551888 _____ (Skillbrains ) C:\Users\Killer Of Demons\Downloads\setup-lightshot.exe
2016-12-24 23:05 - 2015-01-28 18:49 - 00567616 _____ (IObit) C:\Windows\system32\Zip.dll
2016-12-24 21:58 - 2016-12-24 21:58 - 00198128 _____ C:\Users\Killer Of Demons\Downloads\Zip.rar
2016-12-24 21:58 - 2015-01-28 18:49 - 00567616 _____ (IObit) C:\Users\Killer Of Demons\Desktop\Zip.dll
2016-12-24 21:14 - 2016-12-24 21:14 - 00000637 _____ C:\Users\Killer
2016-12-24 21:00 - 2016-12-24 21:00 - 00716800 _____ (Valve Corporation) C:\Users\Killer Of Demons\Downloads\good.exe
2016-12-24 20:11 - 2016-12-24 20:13 - 00000000 ____D C:\Users\Killer Of Demons\AppData\Roaming\DFXCT
2016-12-24 20:10 - 2016-12-24 21:55 - 00000000 ____D C:\Program Files (x86)\DLL-Files.com Client
2016-12-24 20:10 - 2016-12-24 20:10 - 00001141 _____ C:\Users\Public\Desktop\DLL-Files.com Client.lnk
2016-12-24 20:10 - 2016-12-24 20:10 - 00000000 ____D C:\Users\Killer Of Demons\AppData\Roaming\DLL-files.com
2016-12-24 20:10 - 2016-12-24 20:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DLL-Files.com Client
2016-12-24 20:09 - 2016-12-24 20:09 - 02729024 _____ (DLL-Files.com Client ) C:\Users\Killer Of Demons\Downloads\clientsetup_d-0.exe
2016-12-24 14:57 - 2016-12-24 14:57 - 00000000 ____D C:\Users\Killer Of Demons\AppData\LocalLow\Panoramik
2016-12-23 06:09 - 2016-12-26 22:57 - 00000000 ___RD C:\Users\Killer Of Demons\OneDrive (2).old
2016-12-22 17:59 - 2016-12-22 17:59 - 00000000 ____D C:\ProgramData\HP
2016-12-22 17:57 - 2016-12-22 17:57 - 00026234 _____ C:\Users\Killer Of Demons\Downloads\boleto_A93C0DE5-ACFC-4076-960E-F820B46E3454.pdf
2016-12-22 17:57 - 2016-12-22 17:57 - 00026234 _____ C:\Users\Killer Of Demons\Downloads\boleto_A93C0DE5-ACFC-4076-960E-F820B46E3454 (1).pdf
2016-12-22 17:56 - 2016-12-22 17:56 - 00000000 ____D C:\Users\Killer Of Demons\AppData\LocalLow\Temp
2016-12-21 17:51 - 2016-12-21 17:51 - 00000000 ____D C:\Users\Killer Of Demons\AppData\Local\UnrealEngine
2016-12-21 17:51 - 2016-12-21 17:51 - 00000000 ____D C:\Users\Killer Of Demons\AppData\Local\PropWitchHunt
2016-12-20 23:13 - 2016-12-20 23:13 - 00000000 ____D C:\Users\Killer Of Demons\AppData\LocalLow\Artix Entertainment, LLC
2016-12-19 12:02 - 2016-12-19 12:02 - 00002593 _____ C:\Users\Killer Of Demons\Downloads\Flash-Inst-v1.5.zip
2016-12-18 11:55 - 2016-12-18 12:09 - 00000000 ____D C:\Users\Killer Of Demons\Downloads\NiceHashMiner_v1.7.3.10
2016-12-18 11:52 - 2016-12-18 11:52 - 01902119 _____ C:\Users\Killer Of Demons\Downloads\NiceHashMiner_v1.7.3.10.zip
2016-12-17 21:42 - 2016-12-17 21:59 - 00000000 ____D C:\Users\Killer Of Demons\AppData\Local\A Wizard's Lizard
2016-12-15 19:15 - 2016-12-15 19:19 - 00002148 _____ C:\Users\Public\Desktop\SumRando.lnk
2016-12-15 19:15 - 2016-12-15 19:15 - 00000000 ____D C:\Users\Killer Of Demons\AppData\Local\SumRando
2016-12-15 19:15 - 2016-12-15 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumRando
2016-12-15 19:10 - 2016-12-15 19:10 - 00000000 ____D C:\Program Files (x86)\SumRando
2016-12-15 19:09 - 2016-12-15 19:09 - 05080920 _____ (SumRando) C:\Users\Killer Of Demons\Downloads\sumrando_setup.exe
2016-12-15 14:07 - 2016-12-01 12:13 - 00869576 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2016-12-15 14:07 - 2016-12-01 12:13 - 00678592 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2016-12-15 14:07 - 2016-12-01 12:11 - 00875720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2016-12-15 14:07 - 2016-12-01 12:11 - 00536768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2016-12-15 14:07 - 2016-10-20 11:14 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2016-12-15 14:07 - 2016-10-20 11:10 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2016-12-15 12:30 - 2016-12-15 12:41 - 96179731 _____ C:\Users\Killer Of Demons\Downloads\videoplayback.mp4
2016-12-15 11:40 - 2016-12-15 11:40 - 00000222 _____ C:\Users\Killer Of Demons\Desktop\Timberman.url
2016-12-14 23:54 - 2016-12-14 23:54 - 00000000 ____D C:\Users\Killer Of Demons\AppData\Local\Breathing_Fear
2016-12-14 05:20 - 2016-11-12 17:08 - 25759744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-12-14 05:20 - 2016-11-12 16:17 - 20302848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-12-14 05:20 - 2016-11-12 15:41 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-12-14 05:19 - 2016-11-19 19:24 - 00567152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-12-14 05:19 - 2016-11-19 19:24 - 00152856 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2016-12-14 05:19 - 2016-11-19 17:29 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-12-14 05:19 - 2016-11-19 16:44 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-12-14 05:19 - 2016-11-19 15:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-12-14 05:19 - 2016-11-19 15:22 - 00111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2016-12-14 05:19 - 2016-11-16 19:49 - 00377176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2016-12-14 05:19 - 2016-11-12 19:06 - 00738104 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-12-14 05:19 - 2016-11-12 17:38 - 00613632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-12-14 05:19 - 2016-11-12 17:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-12-14 05:19 - 2016-11-12 17:07 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-12-14 05:19 - 2016-11-12 16:53 - 06049280 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-12-14 05:19 - 2016-11-12 16:29 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-12-14 05:19 - 2016-11-12 16:23 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-12-14 05:19 - 2016-11-12 16:14 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-12-14 05:19 - 2016-11-12 16:10 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-12-14 05:19 - 2016-11-12 15:45 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-12-14 05:19 - 2016-11-12 15:38 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-12-14 05:19 - 2016-11-12 15:37 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-12-14 05:19 - 2016-11-12 15:35 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-12-14 05:19 - 2016-11-12 15:21 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-12-14 05:19 - 2016-11-12 15:20 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-12-14 05:19 - 2016-11-12 15:11 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-12-14 05:19 - 2016-11-12 15:05 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-12-14 05:19 - 2016-11-12 15:02 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-12-14 05:19 - 2016-11-12 15:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-12-14 05:19 - 2016-11-11 00:33 - 01541240 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-12-14 05:19 - 2016-11-09 15:25 - 01376768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-12-14 05:19 - 2016-11-05 18:46 - 00422744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2016-12-14 05:19 - 2016-11-05 16:35 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-12-14 05:19 - 2016-11-05 15:57 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-12-14 05:19 - 2016-11-05 15:11 - 03606528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-12-14 05:19 - 2016-11-05 13:56 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-12-14 05:19 - 2016-11-05 13:46 - 02463744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-12-14 05:19 - 2016-10-28 00:56 - 01380048 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-12-14 05:19 - 2016-10-27 12:28 - 01097728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-12-14 05:19 - 2016-10-12 19:49 - 00379224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2016-12-14 05:19 - 2016-10-12 19:11 - 00922968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refs.sys
2016-12-14 05:19 - 2016-10-11 14:45 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2016-12-14 05:19 - 2016-10-10 21:31 - 00990040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2016-12-14 05:19 - 2016-10-10 16:18 - 00069976 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-12-14 05:19 - 2016-10-10 16:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cmimcext.sys
2016-12-14 05:19 - 2016-10-09 12:17 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\ActionQueue.dll
2016-12-14 05:19 - 2016-10-09 12:08 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\shsetup.dll
2016-12-14 05:19 - 2016-10-09 12:08 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shsetup.dll
2016-12-14 05:19 - 2016-10-08 20:24 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2016-12-14 05:19 - 2016-10-08 19:31 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2016-12-14 05:19 - 2016-10-08 19:10 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-12-14 05:19 - 2016-10-05 12:01 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2016-12-14 05:19 - 2016-10-05 12:00 - 00868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2016-12-14 05:19 - 2016-10-05 12:00 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2016-12-14 05:19 - 2016-10-05 11:52 - 00513456 _____ C:\Windows\SysWOW64\locale.nls
2016-12-14 05:19 - 2016-10-05 11:52 - 00513456 _____ C:\Windows\system32\locale.nls
2016-12-14 05:19 - 2016-10-05 02:15 - 01969944 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-12-14 05:19 - 2016-10-05 02:15 - 01613528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-12-14 05:19 - 2016-10-05 02:15 - 00324896 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-12-14 05:19 - 2016-10-05 02:15 - 00245320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-12-14 05:19 - 2016-09-27 18:16 - 00445873 _____ C:\Windows\system32\ApnDatabase.xml
2016-12-14 05:19 - 2016-09-20 20:30 - 02462040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-12-14 00:08 - 2016-12-14 00:08 - 00000000 ____D C:\Users\Killer Of Demons\AppData\LocalLow\ForeverEntertainment
2016-12-13 23:57 - 2016-12-13 23:57 - 00000000 ____D C:\Users\Killer Of Demons\AppData\Local\TakeThyThrone
2016-12-12 17:51 - 2016-12-12 18:13 - 00000000 ____D C:\Users\Killer Of Demons\AppData\Roaming\dvdcss
2016-12-12 17:48 - 2016-12-20 23:05 - 00000000 ____D C:\Users\Killer Of Demons\AppData\Roaming\vlc
2016-12-12 17:48 - 2016-12-12 17:48 - 00001086 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-12-12 17:48 - 2016-12-12 17:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-12-12 17:47 - 2016-12-12 17:47 - 30533688 _____ C:\Users\Killer Of Demons\Downloads\Baixaki_vlc-media-player [1].exe
2016-12-12 17:47 - 2016-12-12 17:47 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2016-12-12 17:44 - 2016-12-12 17:45 - 01878480 _____ ( ) C:\Users\Killer Of Demons\Downloads\Baixaki_vlc-media-player.exe
2016-12-12 17:34 - 2013-08-10 01:20 - 00031232 _____ (Party Princess Palace) C:\Users\Killer Of Demons\Desktop\SAM.API.dll
2016-12-12 17:34 - 2011-09-23 08:16 - 00045056 _____ (Party Princess Palace) C:\Users\Killer Of Demons\Desktop\SAM.Picker.exe
2016-12-12 17:34 - 2011-09-23 08:16 - 00045056 _____ (Party Princess Palace) C:\Users\Killer Of Demons\Desktop\SAM.Game.exe
2016-12-12 15:18 - 2016-12-12 15:18 - 00000000 ____D C:\Users\Killer Of Demons\AppData\LocalLow\GameDeveloperX
2016-12-12 12:19 - 2016-12-12 12:19 - 00046130 _____ C:\Users\Killer Of Demons\Downloads\SteamAchievementManager63_hotfix.zip
2016-12-12 12:18 - 2016-12-12 12:18 - 02869264 _____ (Microsoft Corporation) C:\Users\Killer Of Demons\Downloads\dotNetFx35setup.exe
2016-12-12 12:07 - 2016-12-12 12:07 - 00001814 _____ C:\Users\Killer Of Demons\Desktop\Merchants of Kaidan.lnk
2016-12-12 12:07 - 2016-12-12 12:07 - 00001802 _____ C:\Users\Killer Of Demons\Desktop\Mr.President!.lnk
2016-12-12 12:07 - 2016-12-12 12:07 - 00000870 _____ C:\Users\Killer Of Demons\Desktop\Knights of Pen and Paper +1.lnk
2016-12-11 23:05 - 2016-07-29 19:00 - 01412032 _____ C:\Users\Killer Of Demons\Desktop\idle_master.zip
2016-12-11 12:40 - 2016-12-11 12:40 - 00000000 _____ C:\Users\Killer Of Demons\Desktop\Stories of Bethem
2016-12-11 12:20 - 2016-12-11 16:22 - 00000000 ____D C:\Users\Killer Of Demons\AppData\Local\StoriesOfBethemFullMoon
2016-12-11 01:24 - 2016-12-11 01:24 - 00000000 ____D C:\Users\Killer Of Demons\AppData\Roaming\RotMG.Production
2016-12-09 12:49 - 2016-12-09 12:49 - 01680344 ___SH C:\Users\Killer Of Demons\Downloads\Steam Escrow (3).exe
2016-12-09 12:44 - 2016-12-09 12:44 - 01680344 ___SH C:\Users\Killer Of Demons\Downloads\Steam Escrow (2).exe
2016-12-09 12:37 - 2016-12-09 12:37 - 01680344 ___SH C:\Users\Killer Of Demons\Downloads\Steam Escrow (1).exe
2016-12-09 12:36 - 2016-12-26 23:13 - 00000000 ____D C:\Users\Killer Of Demons\AppData\Roaming\1B1D6FBF-1382-4C07-B89D-5CF392A96753
2016-12-09 12:36 - 2016-12-13 18:47 - 01499648 _____ (NanoCore.io) C:\Users\Killer Of Demons\AppData\Roaming\schost.exe
2016-12-09 12:36 - 2016-12-09 12:36 - 01680344 ___SH C:\Users\Killer Of Demons\AppData\Roaming\schost.exe.bak
2016-12-09 12:36 - 2016-12-09 12:36 - 00000000 ____D C:\Windows\System32\Tasks\Update
2016-12-09 12:35 - 2016-12-09 12:35 - 01680344 ___SH C:\Users\Killer Of Demons\Downloads\Steam Escrow.exe
2016-12-02 14:25 - 2016-12-26 22:44 - 00000000 ____D C:\Users\Killer Of Demons\AppData\Roaming\StardewValley
2016-12-02 14:24 - 2016-12-02 14:24 - 00001806 _____ C:\Users\Killer Of Demons\Desktop\Stardew Valley.lnk
2016-11-30 18:31 - 2016-11-30 18:31 - 00000000 _____ C:\Users\Killer Of Demons\Desktop\Legend of Dungeon
2016-11-30 18:24 - 2016-11-30 18:26 - 00000000 ____D C:\Users\Killer Of Demons\AppData\Local\Warframe
2016-11-30 00:24 - 2016-11-30 00:24 - 00000000 ____D C:\Users\Killer Of Demons\AppData\Roaming\Metagaming B.V
2016-11-29 13:32 - 2016-11-29 13:33 - 00000000 ____D C:\Users\Killer Of Demons\AppData\Roaming\com.freakinware.wormis
2016-11-29 13:31 - 2016-11-29 13:31 - 00001818 _____ C:\Users\Killer Of Demons\Desktop\Realm of the Mad God.lnk
2016-11-29 13:10 - 2016-11-29 13:10 - 00001798 _____ C:\Users\Killer Of Demons\Desktop\Hammerwatch.lnk
2016-11-28 00:14 - 2016-11-28 00:14 - 00001818 _____ C:\Users\Killer Of Demons\Desktop\Don't Starve Together.lnk
2016-11-26 16:44 - 2016-11-26 16:44 - 00000000 ____D C:\Users\Killer Of Demons\Documents\Klei
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2099-12-31 01:32 - 2014-11-15 21:40 - 00031232 ____R () C:\Windows\system32\CMDOW.EXE
2016-12-26 23:49 - 2014-12-28 02:13 - 00000000 ____D C:\Users\Killer Of Demons\AppData\Roaming\Skype
2016-12-26 23:44 - 2014-12-28 17:17 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-26 23:07 - 2015-01-31 19:32 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-26 23:07 - 2014-12-09 11:33 - 00000000 ____D C:\ProgramData\Origin
2016-12-26 23:07 - 2013-08-22 12:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-26 23:04 - 2015-06-07 04:05 - 00000000 ____D C:\Program Files\WaIEn
2016-12-26 23:01 - 2016-10-20 16:01 - 00000322 _____ C:\Windows\Tasks\{3378D3EB-9C03-F012-0401-5C074F79B9DE}.job
2016-12-26 23:00 - 2014-11-16 13:36 - 00000000 ____D C:\Users\Killer Of Demons
2016-12-26 23:00 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\Inf
2016-12-26 22:57 - 2013-08-22 11:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-12-26 20:57 - 2016-03-06 19:06 - 00005192 _____ C:\Windows\SysWOW64\HideMyIpSRVOff.ini
2016-12-26 20:57 - 2016-03-06 19:06 - 00005192 _____ C:\Windows\system32\HideMyIpSRVOff.ini
2016-12-26 19:45 - 2014-12-28 17:29 - 00000000 ____D C:\Users\Killer Of Demons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-12-25 19:55 - 2014-12-09 15:02 - 00000000 ____D C:\Users\Killer Of Demons\Documents\My Games
2016-12-24 21:14 - 2016-08-14 01:07 - 00000000 ____D C:\Users\Killer Of Demons\AppData\Roaming\Nox
2016-12-24 21:14 - 2016-08-14 01:07 - 00000000 ____D C:\Users\Killer Of Demons\AppData\Local\Nox
2016-12-24 21:13 - 2016-08-14 01:38 - 00000000 ____D C:\Program Files (x86)\Hide ALL IP
2016-12-24 19:26 - 2016-07-28 17:45 - 00000000 ___RD C:\Users\Killer Of Demons\Documents\MEGA
2016-12-24 19:26 - 2016-07-28 17:42 - 00000000 ____D C:\Users\Killer Of Demons\AppData\Local\MEGAsync
2016-12-24 16:23 - 2016-02-23 15:14 - 00000024 _____ C:\Users\Killer Of Demons\random.dat
2016-12-24 15:40 - 2016-02-23 15:14 - 00000024 _____ C:\Users\Killer Of Demons\jagexappletviewer.preferences
2016-12-24 15:38 - 2016-02-23 15:14 - 00000055 _____ C:\Users\Killer Of Demons\jagex_cl_runescape_LIVE.dat
2016-12-24 14:44 - 2014-11-15 21:51 - 01999626 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-24 14:44 - 2013-08-22 21:52 - 00854068 _____ C:\Windows\system32\prfh0816.dat
2016-12-24 14:44 - 2013-08-22 21:52 - 00188230 _____ C:\Windows\system32\prfc0816.dat
2016-12-23 06:29 - 2016-10-20 16:00 - 00000000 ____D C:\Users\Killer Of Demons\AppData\Roaming\{7CD34A68-5981-271E-32B7-00CCEE65FDF2}
2016-12-23 06:29 - 2014-12-14 18:28 - 00000308 _____ C:\Users\Killer Of Demons\AppData\Roaming\WB.CFG
2016-12-23 06:09 - 2015-03-19 21:38 - 00000000 ___RD C:\Users\Killer Of Demons\OneDrive.old
2016-12-23 06:06 - 2013-08-22 12:44 - 00478616 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-23 00:44 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\oobe
2016-12-22 18:44 - 2016-02-27 08:48 - 00000056 _____ C:\Users\Killer Of Demons\jagex_cl_runescape_LIVE1.dat
2016-12-21 17:50 - 2015-12-25 00:51 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-17 12:50 - 2016-07-29 19:02 - 00000000 ____D C:\Users\Killer Of Demons\AppData\Local\IdleMaster
2016-12-15 18:45 - 2016-11-23 00:45 - 00001028 _____ C:\Windows\Tasks\Bing Search Engine daror.job
2016-12-15 18:45 - 2016-11-23 00:45 - 00000318 _____ C:\Windows\Tasks\{58312212-6E3E-F744-3486-4DA4CCB0D695}.job
2016-12-15 18:45 - 2016-11-23 00:45 - 00000000 ____D C:\ProgramData\{DF551A36-5517-90F0-D3D1-0EB24993857C}
2016-12-15 18:37 - 2015-01-31 19:32 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-15 18:36 - 2015-03-19 23:36 - 00000340 _____ C:\Windows\Tasks\Wse_binkiland.job
2016-12-15 18:36 - 2014-11-16 13:41 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2810221886-3895275583-3711292954-1001
2016-12-15 18:27 - 2015-12-24 19:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-15 18:22 - 2014-11-16 14:13 - 00003990 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{68D66C5D-D92E-41DF-97A8-ADA856BC6676}
2016-12-15 14:29 - 2013-08-22 13:20 - 00000000 ____D C:\Windows\CbsTemp
2016-12-15 14:12 - 2014-12-01 02:46 - 135632432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-12-15 14:12 - 2014-12-01 02:46 - 00000000 ____D C:\Windows\system32\MRT
2016-12-15 11:35 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\AppReadiness
2016-12-12 19:11 - 2015-02-20 22:32 - 00000000 ____D C:\Users\Killer Of Demons\AppData\Local\Steam
2016-12-12 00:45 - 2014-12-23 01:26 - 00000900 __RSH C:\ProgramData\ntuser.pol
2016-12-11 21:00 - 2016-11-24 16:12 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-11 21:00 - 2016-11-24 16:12 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-11 01:24 - 2016-07-29 16:54 - 00000000 ____D C:\Users\Killer Of Demons\AppData\Local\roshambo_arena
2016-12-09 13:17 - 2016-07-27 11:10 - 00000000 ____D C:\Users\Killer Of Demons\AppData\Local\rpgmo
2016-12-09 13:17 - 2014-12-28 17:30 - 00000000 ____D C:\Users\Killer Of Demons\AppData\Roaming\Cubic
2016-12-09 12:13 - 2016-11-23 00:45 - 00000000 ____D C:\Users\Killer Of Demons\AppData\Roaming\58312212-6E3E-F744-3486-4DA4CCB0D695
2016-12-02 13:52 - 2014-12-09 11:36 - 00000000 ____D C:\Users\Killer Of Demons\AppData\Roaming\Origin
2016-11-30 10:34 - 2016-10-20 15:49 - 00000000 ____D C:\Users\Killer Of Demons\AppData\Local\Origin
2016-11-30 04:12 - 2013-08-22 13:36 - 00000000 ____D C:\Windows\rescache
 
==================== Files in the root of some directories =======
 
2016-11-23 00:45 - 2016-11-23 00:45 - 0020446 _____ () C:\Users\Killer Of Demons\AppData\Roaming\Hobecarobafe
2016-12-09 12:36 - 2016-12-13 18:47 - 1499648 _____ (NanoCore.io) C:\Users\Killer Of Demons\AppData\Roaming\schost.exe
2016-12-09 12:36 - 2016-12-09 12:36 - 1680344 ___SH () C:\Users\Killer Of Demons\AppData\Roaming\schost.exe.bak
2016-10-20 16:01 - 2016-10-20 16:01 - 0016466 _____ () C:\Users\Killer Of Demons\AppData\Roaming\Sedile
2014-12-14 00:42 - 2014-12-14 00:42 - 2022880 _____ (Object Browser) C:\Users\Killer Of Demons\AppData\Roaming\VJHY.exe
2014-12-14 18:28 - 2016-12-23 06:29 - 0000308 _____ () C:\Users\Killer Of Demons\AppData\Roaming\WB.CFG
2015-01-04 21:25 - 2015-01-04 21:25 - 0000010 _____ () C:\Users\Killer Of Demons\AppData\Local\DSI.DAT
2015-01-04 21:25 - 2015-01-04 21:25 - 0022528 _____ () C:\Users\Killer Of Demons\AppData\Local\dsisetup148788752.exe
2014-12-14 00:26 - 2014-12-14 00:26 - 0628496 _____ (CMI Limited) C:\Users\Killer Of Demons\AppData\Local\nsfC27E.tmp
2014-12-14 00:39 - 2014-12-14 00:39 - 0613057 _____ (CMI Limited) C:\Users\Killer Of Demons\AppData\Local\nspB511.tmp
2014-12-30 22:10 - 2014-12-30 22:10 - 0628496 _____ (CMI Limited) C:\Users\Killer Of Demons\AppData\Local\nswE757.tmp
2014-12-12 18:29 - 2014-12-12 18:29 - 0613057 _____ (CMI Limited) C:\Users\Killer Of Demons\AppData\Local\nswEE8C.tmp
2016-12-25 00:16 - 2016-12-25 00:16 - 0000003 _____ () C:\Users\Killer Of Demons\AppData\Local\updater.log
2016-12-25 00:16 - 2016-12-25 00:16 - 0000424 _____ () C:\Users\Killer Of Demons\AppData\Local\UserProducts.xml
2016-11-24 22:36 - 2016-11-24 22:36 - 0000016 _____ () C:\ProgramData\mntemp
 
Files to move or delete:
====================
C:\Windows\Tasks\{3378D3EB-9C03-F012-0401-5C074F79B9DE}.job
C:\Windows\Tasks\{58312212-6E3E-F744-3486-4DA4CCB0D695}.job
 
 
Some files in TEMP:
====================
C:\Users\Killer Of Demons\AppData\Local\Temp\dd838741e8a8ea1157c3558ccd304515.dll
C:\Users\Killer Of Demons\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Killer Of Demons\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Killer Of Demons\AppData\Local\Temp\E53196BC-E402-48B3-78D8-8CE65C5C9FB5.exe
C:\Users\Killer Of Demons\AppData\Local\Temp\ICReinstall_exe.exe
C:\Users\Killer Of Demons\AppData\Local\Temp\ICSW_0B1T1L2V1T1J1L1V1G1P2W0S1J1L1GtB.exe
C:\Users\Killer Of Demons\AppData\Local\Temp\installerdll1406453.dll
C:\Users\Killer Of Demons\AppData\Local\Temp\installerdll1444015.dll
C:\Users\Killer Of Demons\AppData\Local\Temp\NGMDll.dll
C:\Users\Killer Of Demons\AppData\Local\Temp\NGMResource.dll
C:\Users\Killer Of Demons\AppData\Local\Temp\PriceFountainUpdateVer.exe
C:\Users\Killer Of Demons\AppData\Local\Temp\rootsupd.exe
C:\Users\Killer Of Demons\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Killer Of Demons\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Killer Of Demons\AppData\Local\Temp\Setup.exe
C:\Users\Killer Of Demons\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Killer Of Demons\AppData\Local\Temp\smt_mystartsearch.exe
C:\Users\Killer Of Demons\AppData\Local\Temp\spark_install(1).exe
C:\Users\Killer Of Demons\AppData\Local\Temp\spark_install.exe
C:\Users\Killer Of Demons\AppData\Local\Temp\sprz.exe
C:\Users\Killer Of Demons\AppData\Local\Temp\steam05.exe
C:\Users\Killer Of Demons\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Killer Of Demons\AppData\Local\Temp\tu17p84.exe
C:\Users\Killer Of Demons\AppData\Local\Temp\unelevate.exe
C:\Users\Killer Of Demons\AppData\Local\Temp\unicows.dll
C:\Users\Killer Of Demons\AppData\Local\Temp\Uninstall.exe
C:\Users\Killer Of Demons\AppData\Local\Temp\utt58D2.tmp.exe
C:\Users\Killer Of Demons\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Killer Of Demons\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Killer Of Demons\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
C:\Users\Killer Of Demons\AppData\Local\Temp\winp5875443188700298652.dll
C:\Users\Killer Of Demons\AppData\Local\Temp\yor5yvrf.dll
C:\Users\Killer Of Demons\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-12-10 15:28
 
==================== End of FRST.txt ============================
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by Killer Of Demons (26-12-2016 23:49:58)
Running from C:\Users\Killer Of Demons\Downloads
Windows 8.1 Pro (Update) (X64) (2014-11-16 15:36:21)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-2810221886-3895275583-3711292954-500 - Administrator - Disabled)
alexandre (S-1-5-21-2810221886-3895275583-3711292954-1011 - Limited - Enabled) => C:\Users\alexandre
Convidado (S-1-5-21-2810221886-3895275583-3711292954-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2810221886-3895275583-3711292954-1003 - Limited - Enabled)
Killer Of Demons (S-1-5-21-2810221886-3895275583-3711292954-1001 - Administrator - Enabled) => C:\Users\Killer Of Demons
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 19 NPAPI (HKLM-x32\...\{2F881898-5300-4D68-AE46-F5FE074D59AA}) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version:  - Skybox Labs)
Assistente de Atualização do Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
Blacklight: Retribution (HKLM-x32\...\Steam App 209870) (Version:  - Hardsuit Labs)
Brtibia versão 8.60 (HKLM-x32\...\{4DF96E82-17E1-43EB-99D2-AFFE0E7371B0}_is1) (Version: 8.60 - HaRu)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Clicker Heroes (HKLM-x32\...\Steam App 363970) (Version:  - Playsaurus)
Combat Arms (HKLM-x32\...\Combat Arms) (Version:  - )
Cubic Castles (HKLM-x32\...\Steam App 317470) (Version:  - Cosmic Cow LLC)
DLL-Files.com Client (HKLM-x32\...\DA71BA65-680A-4212-9150-6239217B53DC_DLL-Files.c~79141F26_is1) (Version: 2.1.1000.4462 - DLL-Files.com Client)
Dragon Saga (HKLM-x32\...\Steam App 381990) (Version:  - Gravity Interactive)
Endorlight (HKLM\...\Steam App 428430) (Version:  - Endorlight)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Half-Life (HKLM-x32\...\Half-Life_is1) (Version: Half-Life - Non Steam - KingSOFT DVD)
Hammerwatch (HKLM-x32\...\1207659483_is1) (Version: 2.6.0.9 - GOG.com)
Hammerwatch (HKLM-x32\...\Steam App 239070) (Version:  - Crackshell)
Hammerwatch v1.32 (HKLM-x32\...\vsetop.com Hammerwatch v1.32_is1) (Version:  - VseTop.Com)
Hero Siege (HKLM\...\Steam App 269210) (Version:  - Elias Viglione)
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
JetBrains PyCharm Community Edition 2016.1.2 (HKLM-x32\...\PyCharm Community Edition 2016.1.2) (Version: 145.844.6 - JetBrains s.r.o.)
Jogos Level Up (HKU\S-1-5-21-2810221886-3895275583-3711292954-1001\...\6d7bdf9c3c2a31f9) (Version: 0.9.4.1 - Level Up)
Last Survivor (HKLM\...\Steam App 463620) (Version:  - Original Games)
Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mitos.is: The Game (HKLM-x32\...\Steam App 389570) (Version:  - Freakinware Studios)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
OT Pokemon 9.4 (HKLM-x32\...\{F390C9F2-6564-48F9-8E7A-75470FB18602}_is1) (Version: 9.4 - OTPokemon, Inc.)
otPokemonNew versão 13.01 (HKLM-x32\...\{1424AD55-1B76-4EF9-8C8C-873297F4DF3C}_is1) (Version: 13.01 - otPokemon)
otPokemonNew versão 13.08 (HKU\S-1-5-21-2810221886-3895275583-3711292954-1001\...\{1424AD55-1B76-4EF9-8C8C-873297F4DF3C}_is1) (Version: 13.08 - otPokemon)
Pokémon Trading Card Game Online (HKLM-x32\...\{472905C0-C523-4874-9CED-5F75C87E2DE8}) (Version: 2.23.1 - The Pokémon Company International)
Python 2.7.11 (HKLM-x32\...\{16E52445-1392-469F-9ADB-FC03AF00CD61}) (Version: 2.7.11150 - Python Software Foundation)
RoShamBo Arena (HKLM\...\Steam App 393930) (Version:  - Blam! Games LLC)
RPG MO (HKLM\...\Steam App 372800) (Version:  - Marxnet)
RuneScape Launcher 1.2.7 (HKLM-x32\...\{FA52A2D0-298E-4D40-8BB7-39928627EA6A}) (Version: 1.2.7 - Jagex Ltd)
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stick RPG 2 (HKLM-x32\...\Steam App 307640) (Version:  - XGen Studios)
SumRando (HKLM-x32\...\SumRandoSumRando) (Version: 1.0.0.220 - SumRando)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
Timberman (HKLM\...\Steam App 398710) (Version:  - Digital Melody)
Trove (HKLM-x32\...\Steam App 304050) (Version:  - Trion Worlds)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Zezenia Online (HKLM\...\Steam App 497860) (Version:  - Saucer Software)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2810221886-3895275583-3711292954-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2810221886-3895275583-3711292954-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2810221886-3895275583-3711292954-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2810221886-3895275583-3711292954-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2810221886-3895275583-3711292954-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2810221886-3895275583-3711292954-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02E7D597-AF26-4E7D-9315-BAC0B1F7DB56} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-31] (Google Inc.)
Task: {075D15E5-FC7F-4E5B-977D-C432CCE49083} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {3CA965EC-D45A-49C9-B5E8-FE3FDB0CB98C} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
Task: {3E01DAFD-3A79-4985-B8B2-93C69DB2E06E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-31] (Google Inc.)
Task: {5D553011-5275-4131-8F80-0196B59C3C3A} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {750AB141-FFF8-4872-A683-8F8F8728FF26} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {7B6B72D1-2D8F-4ABF-99A3-DE18B1A008F6} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2016-07-11] ()
Task: {7C814465-1E94-4013-8999-DE546D414A14} - System32\Tasks\Wse_binkiland => C:\Users\KILLER~1\AppData\Roaming\WSE_BI~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {7E8E0C34-C860-4E26-8927-507C567AAF66} - \Price Fountain -> No File <==== ATTENTION
Task: {84C199E1-9E8E-46ED-951D-AE5C413E0D22} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-24] (Adobe Systems Incorporated)
Task: {8DF14649-4070-4CF3-9CFF-FBA87AABBC81} - System32\Tasks\gameo_update => C:\Users\Killer [Argument = Of Demons\AppData\Roaming\Gameo\gameo.exe C:\Users\Killer Of Demons\AppData\Roaming\Gameo\gameo.dat  update:update] <==== ATTENTION
Task: {A621E945-A469-464C-9CDA-1FA367B7F4C2} - System32\Tasks\Bing Search Engine daror => Wscript.exe "C:\ProgramData\{DF551A36-5517-90F0-D3D1-0EB24993857C}\rafe.txt" "687474703a2f2f77617662736c792e636f6d" "433a5c50726f6772616d446174615c7b44463535314133362d353531372d393046302d443344312d3045423234393933383537437d5c63656c6f6c6f" "433a5c50726f6772616d446174615c7b44463535314133362d353531372d393046302d44 (the data entry has 82 more characters).
Task: {C196881E-8357-4970-ADA9-81E41CDAEE78} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {E08BB4F0-F7CD-4B35-A060-602D13343849} - System32\Tasks\{64A9BEFE-3612-4605-94E4-50C25D2FE1C4} => Chrome.exe hxxp://ui.skype.com/ui/0/7.0.59.102/pt/abandoninstall?page=tsMain
Task: {E55013EF-BB2B-4F54-BD48-4C5326789DDE} - System32\Tasks\Update\MKhsSKsJNVPDBTNvFboJxiJJxUZXCD => C:\Users\Killer Of Demons\AppData\Roaming\schost.exe [2016-12-13] (NanoCore.io) <==== ATTENTION
Task: {F2716437-B063-4302-95D4-4665AF640226} - System32\Tasks\{58312212-6E3E-F744-3486-4DA4CCB0D695} => C:\Users\Killer Of Demons\AppData\Roaming\58312212-6E3E-F744-3486-4DA4CCB0D695\updane.exe [2013-04-09] ()
Task: {FABBBD38-1C7E-4A25-A9B1-D375459285ED} - System32\Tasks\update-S-1-5-21-2810221886-3895275583-3711292954-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2016-07-11] ()
Task: {FFA96DF5-870B-47FE-AC3A-60879617061A} - System32\Tasks\{3378D3EB-9C03-F012-0401-5C074F79B9DE} => C:\Users\Killer Of Demons\AppData\Roaming\{7CD34A68-5981-271E-32B7-00CCEE65FDF2}\HelperUpdate.exe [2013-04-20] () <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\Bing Search Engine daror.job => Wscript.exe  C:\ProgramData\{DF551A36-5517-90F0-D3D1-0EB24993857C}\rafe.txt <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-2810221886-3895275583-3711292954-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\Wse_binkiland.job => C:\Users\KILLER~1\AppData\Roaming\WSE_BI~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\{3378D3EB-9C03-F012-0401-5C074F79B9DE}.job => C:\Users\KILLER~1\AppData\Roaming\{7CD34~1\HELPER~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\{58312212-6E3E-F744-3486-4DA4CCB0D695}.job => C:\Users\KILLER~1\AppData\Roaming\583122~1\updane.exe <==== ATTENTION
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Killer Of Demons\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Killer Of Demons\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Killer Of Demons\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\4c67a9bb43d84a89\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-06-01 12:17 - 2015-06-01 12:17 - 01991680 _____ () C:\Program Files\WaIEn\wajam_64.exe
2015-06-01 12:15 - 2015-06-01 12:15 - 01605120 _____ () C:\Program Files\WaIEn\wajam.exe
2016-12-26 23:04 - 2016-12-26 23:04 - 01398272 _____ () C:\Program Files\WaIEn\dlls\acdwz.dll
2016-12-26 23:04 - 2016-12-26 23:04 - 01203712 _____ () C:\Program Files\WaIEn\dlls\brirj.dll
2014-12-28 17:21 - 2016-12-08 13:13 - 00656160 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-19 23:11 - 2016-08-31 23:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2014-12-28 17:21 - 2016-12-20 00:25 - 02322720 _____ () C:\Program Files (x86)\Steam\video.dll
2015-01-19 23:11 - 2016-08-31 23:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-19 23:11 - 2016-08-31 23:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-12-28 17:20 - 2016-01-27 05:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-12-28 17:20 - 2016-01-27 05:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-12-28 17:20 - 2016-01-27 05:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-12-28 17:20 - 2016-01-27 05:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-12-28 17:20 - 2016-01-27 05:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-12-28 17:20 - 2016-12-20 00:25 - 00838944 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-15 14:53 - 2016-07-04 20:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-12 19:08 - 2016-12-05 14:21 - 67304736 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2014-12-28 17:20 - 2016-12-20 00:25 - 00388384 _____ () C:\Program Files (x86)\Steam\steam.dll
2015-01-19 23:11 - 2015-09-24 21:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2015-12-25 16:40 - 2015-12-11 01:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-25 16:40 - 2015-12-11 01:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
2016-07-19 19:11 - 2016-07-06 19:01 - 17602240 _____ () C:\Users\Killer Of Demons\AppData\Local\Google\Chrome\User Data\PepperFlash\22.0.0.209\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [118]
AlternateDataStreams: C:\Users\Killer Of Demons\Desktop\Age of Empires II: HD Edition.lnk [3670]
AlternateDataStreams: C:\Users\Killer Of Demons\Desktop\Legend of Dungeon: Masters.lnk [3662]
AlternateDataStreams: C:\Users\Killer Of Demons\Desktop\Stories of Bethem: Full Moon.lnk [917]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HideMyIpSRV => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\hmip => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 11:25 - 2013-08-22 11:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2810221886-3895275583-3711292954-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 189.6.0.137 - 189.6.0.132
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{7F532B3C-F007-4A24-BF60-7D66F0584C3D}] => C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{8DFFA7BC-EBD2-42C9-995F-116B5DC4D4CB}] => C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{DC4C1777-10CE-45F3-A37E-A1D42EC398F9}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{843A4558-4E8B-4576-9CA9-764DE1956387}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{93AB7877-7408-4838-9016-3C622BC38108}] => C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{9F52747E-D4FC-4FB6-B7D1-898BFD2346CD}] => C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{B3432F40-D083-4A0F-964F-AFC204DEE1BC}] => C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{CD1DA142-38D9-475E-A342-63976B589E6A}] => C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{65D6ED58-D95D-450B-A224-F1EDF9EB2234}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A8F5B4CC-47D7-4966-9F0E-4A5BB7502161}] => C:\Program Files (x86)\Origin Games\Kingdoms of Amalur Reckoning\Reckoning.exe
FirewallRules: [{6D14C804-5FD6-42B4-845C-82A73AC74957}] => C:\Program Files (x86)\Origin Games\Kingdoms of Amalur Reckoning\Reckoning.exe
FirewallRules: [TCP Query User{BE32A63A-706C-4D3E-AC82-F964C2BFA6DB}C:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe] => C:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe
FirewallRules: [UDP Query User{F68359BA-9B39-4BD5-8DE7-09E01074BDCA}C:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe] => C:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.
 
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/26/2016 11:50:56 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Não foi possível agendar o serviço de Proteção de Software para reiniciar em 2016-12-28T01:09:56Z. Código de Erro: 0x80040154.
 
Error: (12/26/2016 11:50:26 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Não foi possível agendar o serviço de Proteção de Software para reiniciar em 2016-12-28T01:09:26Z. Código de Erro: 0x80040154.
 
Error: (12/26/2016 11:49:56 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Não foi possível agendar o serviço de Proteção de Software para reiniciar em 2016-12-28T01:09:56Z. Código de Erro: 0x80040154.
 
Error: (12/26/2016 11:49:26 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Não foi possível agendar o serviço de Proteção de Software para reiniciar em 2016-12-28T01:09:26Z. Código de Erro: 0x80040154.
 
Error: (12/26/2016 11:48:56 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Não foi possível agendar o serviço de Proteção de Software para reiniciar em 2016-12-28T01:09:56Z. Código de Erro: 0x80040154.
 
Error: (12/26/2016 11:48:26 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Não foi possível agendar o serviço de Proteção de Software para reiniciar em 2016-12-28T01:09:26Z. Código de Erro: 0x80040154.
 
Error: (12/26/2016 11:47:56 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Não foi possível agendar o serviço de Proteção de Software para reiniciar em 2016-12-28T01:09:56Z. Código de Erro: 0x80040154.
 
Error: (12/26/2016 11:47:26 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Não foi possível agendar o serviço de Proteção de Software para reiniciar em 2016-12-28T01:09:26Z. Código de Erro: 0x80040154.
 
Error: (12/26/2016 11:46:56 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Não foi possível agendar o serviço de Proteção de Software para reiniciar em 2016-12-28T01:09:56Z. Código de Erro: 0x80040154.
 
Error: (12/26/2016 11:46:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: svchost.exe_wlidsvc, versão: 6.3.9600.17415, carimbo de data/hora: 0x54504177
Nome do módulo com falha: ntdll.dll, versão: 6.3.9600.18438, carimbo de data/hora: 0x57ae642e
Código de exceção: 0xc000000d
Desvio de falha: 0x0000000000102ab0
ID do processo com falha: 0x444
Hora de início da aplicação com falha: 0x01d25fe27e78ef85
Caminho da aplicação com falha: C:\Windows\system32\svchost.exe
Caminho do módulo com falha: C:\Windows\SYSTEM32\ntdll.dll
ID do Relatório: 55830f1f-cbd6-11e6-82ac-08edb9d25f66
Nome completo do pacote com falha: 
ID da aplicação relativa ao pacote com falha:
 
 
System errors:
=============
Error: (12/26/2016 11:46:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Assistente de Início de Sessão da Conta Microsoft terminou inesperadamente. Isto aconteceu 67 vez(es).
 
Error: (12/26/2016 11:46:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Serviço de Perfis de Utilizador terminou inesperadamente. Isto aconteceu 5 vez(es).
 
Error: (12/26/2016 11:46:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Programador de Classes de Multimédia terminou inesperadamente. Isto aconteceu 14 vez(es).
 
Error: (12/26/2016 11:46:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Cliente de Política de Grupo terminou inesperadamente. Isto aconteceu 8 vez(es).
 
Error: (12/26/2016 11:46:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Informações sobre Aplicações terminou inesperadamente. Isto aconteceu 3 vez(es).
 
Error: (12/26/2016 11:46:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Experiência de Aplicação terminou inesperadamente. Isto aconteceu 4 vez(es).
 
Error: (12/26/2016 11:44:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Steam Client Service terminou inesperadamente. Isto aconteceu 100 vez(es).
 
Error: (12/26/2016 11:44:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Steam Client Service terminou inesperadamente. Isto aconteceu 99 vez(es).
 
Error: (12/26/2016 11:44:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Steam Client Service terminou inesperadamente. Isto aconteceu 98 vez(es).
 
Error: (12/26/2016 11:44:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Steam Client Service terminou inesperadamente. Isto aconteceu 97 vez(es).
 
 
==================== Memory info =========================== 
 
Processor: AMD E2-1800 APU with Radeon™ HD Graphics
Percentage of memory in use: 51%
Total physical RAM: 3689.36 MB
Available physical RAM: 1779.41 MB
Total Virtual: 4457.36 MB
Available Virtual: 2575.79 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.42 GB) (Free:372.19 GB) NTFS
Drive e: () (Removable) (Total:1.85 GB) (Free:1.36 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 000B23CB)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

Edit: Moved topic from Windows 8 to the more appropriate forum. Duplicate of this topic has been deleted as well. ~ Animal

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:53 PM

Posted 27 December 2016 - 10:04 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

ATTENTION: System Restore is disabled
Turn your System Restore ON - Windows Help
http://windows.microsoft.com/en-ca/windows/turn-system-restore-on-off#1TC=windows-7

====

You have may unwanted programs. Lets clean what what we can with these tools.
I will review the fresh FRST and Addition.txt that you will provide.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======


Please run the Farbar program one more time and post fresh FRST and Addition.txt for my review.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:53 PM

Posted 01 January 2017 - 09:53 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users