Solved Browser adblocker FRST & addition

JunSS

Posts: 15   +0
I uninstalling my chrome because it have very annoying browser adblocker extension
running farbar heres the log
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by Home (administrator) on HOME-PC on 28-05-2015 21:14:17
Running from C:\Users\Home\Desktop
Loaded Profiles: Home (Available Profiles: Home)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5299320 2012-10-25] (VIA)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GamingMouseG7] => C:\Program Files (x86)\AQUILA-X Gaming Mouse\mousehid.exe [741376 2012-06-03] ()
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-18] (Panda Security, S.L.)
HKLM\...\Winlogon: [Userinit] C:\WINDOWS\SysWOW64\userinit.exe,
HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3837520 2014-06-17] (Tonec Inc.)
HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\MountPoints2: {11851c1c-264d-11e4-82cf-1078d241dde7} - "F:\AutoRun.exe"
HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\MountPoints2: {873727fd-b3cb-11e4-83a1-1078d241dde7} - "I:\AutoRun.exe"
HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\MountPoints2: {8737283c-b3cb-11e4-83a1-1078d241dde7} - "I:\AutoRun.exe"
Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Y210 Recovery Installer.rar.lnk [2015-05-12]
ShortcutTarget: Y210 Recovery Installer.rar.lnk -> C:\ProgramData\{d406bd95-3834-533f-d406-6bd95383f654}\Y210 Recovery Installer.rar.exe (No File)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
BootExecute: autocheck autochk * bootdelete
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:50796;https=127.0.0.1:50796
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.plasa.msn.com/?rd=1&ucc=ID&dcc=ID&opt=0
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Tcpip\..\Interfaces\{749045DC-334A-4ED7-B313-4EC1C395DA00}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{AF710261-D09A-49E1-AD37-E069E7130235}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\mvldvpgz.default
FF NetworkProxy: "socks", "31.186.175.155"
FF NetworkProxy: "socks_port", 60088
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-25] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-25] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-28] (Oracle Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1415457942-1267786245-2192413135-1001: @unity3d.com/UnityPlayer,version=1.0 -> Unity\WebPlayer\loader\npUnity3D32.dll No File
FF Extension: Adblock Plus - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\mvldvpgz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-15]
FF HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Home\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Home\AppData\Roaming\IDM\idmmzcc5 [2014-06-27]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (No Name) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mppnoffgpafgpgbaigljliadgbnhljfl [2015-01-14]
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 5
CHR Extension: (No Name) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-17]
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 6
CHR Extension: (No Name) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
S4 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-07-15] (Freemake) [File not signed]
S4 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-07-15] (Ellora Assets Corp.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-18] (Panda Security, S.L.)
S4 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2014-10-22] (The OpenVPN Project)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-18] (Panda Security, S.L.)
S4 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1006784 2014-06-22] (@ByELDI) [File not signed]
S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
S4 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [X]
S2 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [X]
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [X]
S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [X]
S2 HuaweiHiSuiteService64.exe; "C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe" -/service [X]
S4 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [X]
S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 DFX11_1; C:\Windows\system32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows (R) Win 7 DDK provider)
R3 GM3305Fltr; C:\Windows\system32\drivers\GM3305Fltr.sys [9600 2012-03-28] (LXD Development, Inc.)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-05-28] ()
S1 hwinterface; C:\Windows\SysWOW64\Drivers\hwinterface.sys [3026 2015-05-07] (Logix4u) [File not signed]
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-10] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-10] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-10] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-10] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [49936 2014-12-31] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-10] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-10] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-10] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-10] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-10] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-10] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-10] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-10] (Panda Security, S.L.)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-12] (CACE Technologies, Inc.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2015-02-12] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-12] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-10] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-12] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-12] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-12] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-01-30] (Panda Security, S.L.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [116296 2014-10-11] (Oracle Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X]
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 ewusbmbb; \SystemRoot\system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 21:14 - 2015-05-28 21:14 - 00017629 _____ () C:\Users\Home\Desktop\FRST.txt
2015-05-28 21:13 - 2015-05-28 21:13 - 00002259 _____ () C:\WINDOWS\epplauncher.mif
2015-05-28 20:49 - 2015-05-28 21:14 - 00000000 ____D () C:\FRST
2015-05-28 20:49 - 2015-05-28 20:49 - 02108928 _____ (Farbar) C:\Users\Home\Desktop\FRST64.exe
2015-05-28 20:25 - 2015-05-28 20:25 - 00000024 _____ () C:\Users\Home\AppData\Roaming\appdataFr25.bin
2015-05-28 20:24 - 2015-05-28 20:24 - 00043664 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-05-28 20:21 - 2015-05-28 20:21 - 00085578 _____ () C:\WINDOWS\system32\.crusader
2015-05-28 20:20 - 2015-05-28 20:20 - 00114978 _____ () C:\Users\Home\Documents\HitmanPro_20150528_2020.log
2015-05-28 20:10 - 2015-05-28 20:21 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-05-28 17:57 - 2015-05-28 19:20 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2015-05-28 17:57 - 2015-05-28 19:19 - 00000000 ____D () C:\sh4ldr
2015-05-28 17:56 - 2015-05-28 19:19 - 00000000 ____D () C:\WINDOWS\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2015-05-28 16:28 - 2015-05-28 16:28 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-28 16:27 - 2015-05-28 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-28 16:27 - 2015-05-28 16:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-28 16:27 - 2015-05-28 16:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-28 16:27 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-05-28 16:27 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-28 16:27 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-05-26 09:02 - 2015-05-26 09:02 - 00001041 _____ () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Captcha.lnk
2015-05-24 15:07 - 2015-05-28 21:02 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1415457942-1267786245-2192413135-1001
2015-05-24 15:02 - 2015-01-30 00:21 - 00061712 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2015-05-24 14:56 - 2015-05-28 20:32 - 00000000 ____D () C:\AdwCleaner
2015-05-24 14:25 - 2015-05-24 14:25 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Panda Security
2015-05-24 14:24 - 2015-05-24 14:26 - 00002217 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus.lnk
2015-05-24 14:24 - 2015-05-24 14:25 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-05-24 14:24 - 2015-05-24 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-05-24 14:23 - 2015-05-24 14:25 - 00000000 ____D () C:\ProgramData\Panda Security
2015-05-24 12:53 - 2015-05-24 12:53 - 00000000 _____ () C:\autoexec.bat
2015-05-22 14:46 - 2015-05-22 14:46 - 01081072 _____ (Unity Technologies ApS) C:\Users\Home\Downloads\UnityWebPlayer.exe
2015-05-20 10:10 - 2015-05-20 10:12 - 00000000 ____D () C:\murottal
2015-05-19 12:54 - 2015-05-19 12:54 - 00000000 _____ () C:\Users\Home\AppData\Local\Temp.dat
2015-05-12 22:54 - 2011-10-24 11:04 - 00223232 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_quusbmdm.sys
2015-05-12 22:54 - 2011-10-24 10:51 - 00116864 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_usbdev.sys
2015-05-12 22:54 - 2010-02-19 06:00 - 01533512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFUpdate_01007.dll
2015-05-12 22:54 - 2010-02-19 06:00 - 00708168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WinUSBCoInstaller.dll
2015-05-07 21:02 - 2015-05-07 21:02 - 00003026 _____ (Logix4u) C:\WINDOWS\SysWOW64\Drivers\hwinterface.sys
2015-05-07 21:02 - 2015-05-07 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aplikasi Pengusir Nyamuk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 21:00 - 2013-08-22 22:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-28 20:59 - 2014-06-27 22:11 - 01712900 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-28 20:59 - 2014-06-27 08:20 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-28 20:55 - 2015-04-25 15:47 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-28 20:39 - 2013-08-22 21:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-28 20:23 - 2014-06-27 22:05 - 00035054 _____ () C:\WINDOWS\PFRO.log
2015-05-28 20:22 - 2013-08-22 20:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-28 20:21 - 2015-03-27 13:48 - 00000000 ____D () C:\Users\Home\Downloads\langsung guak
2015-05-28 20:11 - 2015-01-01 23:23 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-05-28 20:10 - 2014-11-16 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-05-28 20:10 - 2014-11-16 11:54 - 00000000 ____D () C:\Program Files\Oracle
2015-05-28 20:09 - 2015-01-19 21:32 - 00000000 ____D () C:\Users\Home\AppData\Local\Deployment
2015-05-28 20:09 - 2014-11-25 19:39 - 00000000 ____D () C:\Program Files (x86)\Naver
2015-05-28 20:00 - 2015-02-14 21:28 - 00000000 ____D () C:\Users\Home\Documents\KONAMI
2015-05-28 19:47 - 2014-11-21 15:17 - 00000000 ____D () C:\Program Files\PowerISO
2015-05-28 19:02 - 2014-06-27 08:16 - 00000000 ____D () C:\Users\Home
2015-05-28 18:36 - 2014-07-03 23:49 - 00007599 _____ () C:\Users\Home\AppData\Local\Resmon.ResmonCfg
2015-05-28 17:58 - 2014-09-26 00:52 - 00000000 ____D () C:\Users\Home\AppData\Local\Battle.net
2015-05-28 16:52 - 2014-07-14 02:34 - 00000000 ____D () C:\Users\Home\AppData\Local\26159
2015-05-28 16:51 - 2014-06-27 08:17 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-28 16:47 - 2013-08-22 21:46 - 00016988 _____ () C:\WINDOWS\setupact.log
2015-05-28 16:22 - 2013-08-22 22:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-05-27 14:04 - 2014-09-08 18:24 - 00000000 ____D () C:\Users\Home\AppData\Roaming\MultiBit
2015-05-27 01:31 - 2014-06-27 08:39 - 00000000 ____D () C:\Users\Home\AppData\Roaming\DMCache
2015-05-27 01:27 - 2014-07-08 08:54 - 00000000 ____D () C:\Users\Home\AppData\Roaming\vlc
2015-05-26 12:38 - 2014-06-27 08:39 - 00000000 ____D () C:\Users\Home\Downloads\Video
2015-05-25 13:03 - 2015-01-30 18:03 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-24 15:01 - 2013-08-22 21:44 - 00392416 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-24 14:58 - 2015-02-12 09:12 - 00001198 _____ () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2015-05-24 14:58 - 2015-01-15 10:59 - 00000780 _____ () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\firefox.lnk
2015-05-24 14:58 - 2014-06-27 08:28 - 00001227 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Feature Mananger.lnk
2015-05-24 14:58 - 2014-06-27 08:17 - 00001004 _____ () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-24 14:41 - 2015-02-09 09:31 - 00000000 ____D () C:\WINDOWS\SysWOW64\HavijPro
2015-05-24 12:51 - 2014-06-27 08:20 - 00000000 ____D () C:\Users\Home\AppData\Local\Google
2015-05-24 12:24 - 2015-01-15 10:57 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Mozilla
2015-05-24 11:59 - 2014-06-27 08:52 - 00000000 ____D () C:\Program Files\KMSpico
2015-05-23 13:44 - 2014-07-03 19:43 - 00000000 ____D () C:\Users\Home\AppData\Roaming\MultiDoge
2015-05-20 07:07 - 2013-08-22 22:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-19 13:08 - 2014-12-05 08:17 - 00000000 ____D () C:\WINDOWS\Minidump
2015-05-19 13:08 - 2014-06-30 08:44 - 00000000 ____D () C:\Users\Home\AppData\Roaming\uTorrent
2015-05-18 05:39 - 2013-08-22 22:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-12 23:32 - 2014-06-27 08:39 - 00000000 ____D () C:\Users\Home\Downloads\Compressed
2015-05-01 16:02 - 2014-07-19 14:52 - 00000000 ____D () C:\Users\Home\AppData\Roaming\dvdcss

==================== Files in the root of some directories =======

2015-05-28 20:25 - 2015-05-28 20:25 - 0000024 _____ () C:\Users\Home\AppData\Roaming\appdataFr25.bin
2015-02-22 09:32 - 2015-03-12 06:53 - 0000079 _____ () C:\Users\Home\AppData\Roaming\captchakey
2014-07-03 23:49 - 2015-05-28 18:36 - 0007599 _____ () C:\Users\Home\AppData\Local\Resmon.ResmonCfg
2015-05-19 12:54 - 2015-05-19 12:54 - 0000000 _____ () C:\Users\Home\AppData\Local\Temp.dat
2014-10-11 17:08 - 2014-10-11 17:08 - 0000003 _____ () C:\Users\Home\AppData\Local\updater.log
2014-10-11 17:08 - 2015-04-23 05:46 - 0000424 _____ () C:\Users\Home\AppData\Local\UserProducts.xml

Some files in TEMP:
====================
C:\Users\Home\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2gjrzn.dll
C:\Users\Home\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnwguld.dll
C:\Users\Home\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\Home\AppData\Local\Temp\Quarantine.exe
C:\Users\Home\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-25 11:01

==================== End of log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by Home at 2015-05-28 21:15:06
Running from C:\Users\Home\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1415457942-1267786245-2192413135-500 - Administrator - Disabled)
Guest (S-1-5-21-1415457942-1267786245-2192413135-501 - Limited - Enabled)
Home (S-1-5-21-1415457942-1267786245-2192413135-1001 - Administrator - Enabled) => C:\Users\Home

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {5FD6C936-849B-5CE2-14BA-709E1D6FD1DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Enabled - Up to date) {E4B728D2-A2A1-536C-2E0A-4BEC66E89B67}
FW: Panda Firewall (Disabled) {67ED4813-CEF4-5DBA-3FE5-D9ABE3BC96A1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{13351E83-6DCD-4E97-2A8C-5D496259A47F}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AQUILA-X Gaming Mouse (HKLM-x32\...\{B1669080-7C2D-4BA9-AB6F-FD6A4B0CE8AF}) (Version: 1.00 - Gaming Mouse)
AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
CleanMem (HKLM-x32\...\CleanMem) (Version: v2.4.3 - PcWinTech.com)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dropbox (HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.0 - Ellora Assets Corporation)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
KMSpico v9.3 (HKLM\...\KMSpico_is1) (Version: 9.3 - )
Lightshot-5.2.1.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.2.1.1 - Skillbrains)
Livestreamer 1.12.1 (HKLM-x32\...\Livestreamer) (Version: - )
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Max Recorder (HKLM-x32\...\Max Recorder) (Version: 1.026.0.0 - Silver Vine, LLC)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
MultiBit 0.5.18 (HKLM-x32\...\MultiBit 0.5.18) (Version: 0.5.18 - )
MultiDoge 0.1.2 (HKLM-x32\...\MultiDoge 0.1.2) (Version: 0.1.2 - )
MultiDoge 0.1.3 (HKLM-x32\...\MultiDoge 0.1.3) (Version: 0.1.3 - )
MultiDoge 0.1.4 (HKLM-x32\...\MultiDoge 0.1.4) (Version: 0.1.4 - )
OpenVPN 2.3.4-I005 (HKLM\...\OpenVPN) (Version: 2.3.4-I005 - )
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.01.00.0000 - Panda Security)
Panda Free Antivirus (Version: 7.81.00.0000 - Panda Security) Hidden
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Pro Evolution Soccer 2015 (HKLM-x32\...\UHJvRXZvbHV0aW9uU29jY2VyMjAxNQ==_is1) (Version: 1 - )
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
SMPlayer 14.3.0 (HKLM-x32\...\SMPlayer) (Version: 14.3.0 - Ricardo Villalba)
Stamina 2.5 (HKLM-x32\...\Stamina) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
System Requirements Lab Detection (HKLM-x32\...\{12BEDCF6-A533-4943-ADC8-9CF4759102C4}) (Version: 6.1.1.0 - Husdawg, LLC)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Ultra Street Fighter IV (HKLM-x32\...\Steam App 45760) (Version: - Capcom)
Ultra Street Fighter IV (HKLM-x32\...\VWx0cmFTdHJlZXRGaWdodGVySVY=_is1) (Version: 1 - )
Unity Web Player (HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\UnityWebPlayer) (Version: 4.6.5f1 - Unity Technologies ApS)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.56 - Nullsoft, Inc)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.10 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

28-05-2015 19:19:30 Removed SpyHunter
28-05-2015 20:42:05 Revo Uninstaller Pro's restore point - Dropbox
28-05-2015 20:48:08 CHrome
28-05-2015 20:57:01 Revo Uninstaller Pro's restore point - Google Chrome

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 20:25 - 2013-08-22 20:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0EB26E79-DB36-4C28-906B-3780F18CF767} - \AutoPico Daily Restart No Task File <==== ATTENTION
Task: {27CE2D81-430E-45EB-A0D0-BE88E0691AF5} - \CleanMem Mini Monitor No Task File <==== ATTENTION
Task: {447F9C85-5D06-4258-B04E-6FB3E071A2FE} - \Clean System Memory No Task File <==== ATTENTION
Task: {59AD778A-DA10-49A2-9ADA-7ED2766CCC49} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {CB5B039D-B803-4BE7-B3C4-47A8C47EE0DC} - \Adobe Flash Player Updater No Task File <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2013-08-30 19:47 - 2013-08-30 19:47 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-10-22 14:41 - 2012-10-22 14:41 - 00749056 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-10-22 14:42 - 2012-10-22 14:42 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-04-13 00:23 - 2013-04-13 00:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:41ADDB8A
AlternateDataStreams: C:\ProgramData\TEMP:A064CECC
AlternateDataStreams: C:\Users\Home\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\Control Panel\Desktop\\Wallpaper -> E:\Wpp\068 - TlnW6at.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AIPS => 2
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdUpdaterSvc => 2
MSCONFIG\Services: Freemake Improver => 2
MSCONFIG\Services: FreemakeVideoCapture => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HWDeviceService64.exe => 2
MSCONFIG\Services: IHProtect Service => 2
MSCONFIG\Services: OpenVPNService => 3
MSCONFIG\Services: Service KMSELDI => 2
MSCONFIG\Services: Smartfren Connex EC176-2 UI. RunOuc => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: VIAKaraokeService => 2
HKLM\...\StartupApproved\StartupFolder: => "IML64.lnk"
HKLM\...\StartupApproved\Run: => "HDAudDeck"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "GamingMouseG7"
HKLM\...\StartupApproved\Run32: => "DFX"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKLM\...\StartupApproved\Run32: => "Lightshot"
HKLM\...\StartupApproved\Run32: => "wmagent.exe"
HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\StartupApproved\StartupFolder: => "Rainmeter.lnk"
HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\StartupApproved\StartupFolder: => "Y210 Recovery Installer.rar.lnk"
HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\StartupApproved\Run: => "GarenaPlus"
HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\StartupApproved\Run: => "LightShot"
HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\StartupApproved\Run: => "Google Update"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{21FF6A40-D8F3-456D-970C-8F505FA2C614}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{3FE4EC6A-EF6B-44B2-87C1-070060C8966D}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{FB71492F-9DF2-4B67-825A-B7D42ACF0F6A}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{F76A451B-89E6-4754-850B-17B69F09EEE2}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{E685BA33-3BC6-47F8-AFDB-A3C183EE8377}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{94425F9B-7557-4EC8-ABDB-D77B3B4D4691}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{2154C88C-6469-44F1-9CDF-F5E73DA7CB8E}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{334649D7-D60B-40FC-9F85-8E2EAD57E41A}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{CAECAB55-50F9-47C1-A6AC-DE697FB329A6}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{4B9CD4CB-50FF-4838-B5D2-584C4D2D853C}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{EF0235A4-5640-48E3-9AF6-04E9ED63C66E}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{7AD50298-18DA-4308-831F-1EEA7BB46949}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{B89203A9-5D30-424C-820B-16CDFF21391B}] => (Allow) C:\Users\Home\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{ACA168C8-9478-4EA3-A398-9B4BB1BE9455}] => (Allow) C:\Users\Home\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{8C63B07D-5564-4A36-B298-A2E5C60CA60F}D:\e\arcpool\arcpool\arcade pool ii.exe] => (Block) D:\e\arcpool\arcpool\arcade pool ii.exe
FirewallRules: [UDP Query User{ACF602FF-D995-4984-BC9C-58B9E47ACCC5}D:\e\arcpool\arcpool\arcade pool ii.exe] => (Block) D:\e\arcpool\arcpool\arcade pool ii.exe
FirewallRules: [TCP Query User{3BAA030D-D3AF-4D64-B501-631FA0EE523C}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{F4964EA6-EC34-4A50-A9C7-67C0B7E85288}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{D890B9E9-0CA9-4A17-9EA4-012E3F08EDF5}D:\locker\prog\handycacherc3.1.0.0.268\handycache.exe] => (Allow) D:\locker\prog\handycacherc3.1.0.0.268\handycache.exe
FirewallRules: [UDP Query User{067C2261-AD86-4DE1-BA9C-3D7362B845DC}D:\locker\prog\handycacherc3.1.0.0.268\handycache.exe] => (Allow) D:\locker\prog\handycacherc3.1.0.0.268\handycache.exe
FirewallRules: [TCP Query User{7D10BC07-A79B-4CC3-92F2-A8006B0C8772}D:\control panel.{21ec2020-3aea-1069-a2dd-08002b30309d}\prog\handycacherc3.1.0.0.268\handycache.exe] => (Allow) D:\control panel.{21ec2020-3aea-1069-a2dd-08002b30309d}\prog\handycacherc3.1.0.0.268\handycache.exe
FirewallRules: [UDP Query User{6BA92B5F-1CCB-4642-96DE-C27F2ACCA754}D:\control panel.{21ec2020-3aea-1069-a2dd-08002b30309d}\prog\handycacherc3.1.0.0.268\handycache.exe] => (Allow) D:\control panel.{21ec2020-3aea-1069-a2dd-08002b30309d}\prog\handycacherc3.1.0.0.268\handycache.exe
FirewallRules: [{D7374DC1-117B-476E-9D2B-8894A7C1DEE9}] => (Block) D:\control panel.{21ec2020-3aea-1069-a2dd-08002b30309d}\prog\handycacherc3.1.0.0.268\handycache.exe
FirewallRules: [{5BDBAB66-3A1B-45AE-8005-F5137C03FA28}] => (Block) D:\control panel.{21ec2020-3aea-1069-a2dd-08002b30309d}\prog\handycacherc3.1.0.0.268\handycache.exe
FirewallRules: [TCP Query User{9930AED4-962D-4643-9F7A-C4FB819CA5DF}D:\ro2\hc\handycache.exe] => (Allow) D:\ro2\hc\handycache.exe
FirewallRules: [UDP Query User{2942EC3B-F09E-4818-ABE9-6B33C41A56DC}D:\ro2\hc\handycache.exe] => (Allow) D:\ro2\hc\handycache.exe
FirewallRules: [{6469D9CD-2278-4E4D-B3E7-BD21EB2A39E9}] => (Block) D:\ro2\hc\handycache.exe
FirewallRules: [{60A4CCA8-119D-4819-A2F0-1D26777F75CD}] => (Block) D:\ro2\hc\handycache.exe
FirewallRules: [TCP Query User{6D27FDF9-847C-4127-8E4D-5497712DC5FD}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{86C52BFB-048B-4B9B-84D5-2229F4A833B4}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{A47F65BE-BD16-41DB-945F-2922ECDA2437}D:\locker\gam\dragon's tale\eclient.exe] => (Allow) D:\locker\gam\dragon's tale\eclient.exe
FirewallRules: [UDP Query User{313503B7-B313-4C36-B9CD-AA7C2483E6F1}D:\locker\gam\dragon's tale\eclient.exe] => (Allow) D:\locker\gam\dragon's tale\eclient.exe
FirewallRules: [{0A94E464-E541-44A3-AD3D-631FA47907CE}] => (Allow) C:\Users\Home\Downloads\LoLInstaller.exe
FirewallRules: [{D472746F-2A65-4747-80BC-3AA3665643EF}] => (Allow) C:\Users\Home\Downloads\LoLInstaller.exe
FirewallRules: [{94483A90-8A33-45DC-B61B-3AE1E7798600}] => (Allow) C:\GarenaDownload\Games\lolid\lolidInstaller.exe
FirewallRules: [{450EC6DB-49A8-470A-ABC4-6F52EB2C6E3F}] => (Allow) C:\GarenaDownload\Games\lolid\lolidInstaller.exe
FirewallRules: [{50D9FC16-190E-4BF2-A1DE-F4F5303F5E49}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{7794820F-1629-4054-A9DD-EE8E27E9E50D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{68647CBA-9D47-46F2-A105-9E74102B4E73}] => (Allow) E:\HearthStone\Battle.net\Battle.net.exe
FirewallRules: [{9E94CF76-47B9-41E7-ADA8-064DD78BBB09}] => (Allow) E:\HearthStone\Battle.net\Battle.net.exe
FirewallRules: [{EB8F8E12-67C3-4A47-8BD9-6F892A9D2AA1}] => (Allow) E:\HearthStone\Hearthstone\Hearthstone.exe
FirewallRules: [{C87D17CE-265E-4923-A2F0-DA691FC8E551}] => (Allow) E:\HearthStone\Hearthstone\Hearthstone.exe
FirewallRules: [{C42073C2-F2E9-475B-8F61-25DD60A87D2E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{A042371C-948F-4B3B-9CCA-4736912672A2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{36751F19-BD5D-47FB-A5C8-7D6C794B08D1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{6642DF43-62B2-4800-A273-68119F815704}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{E360AF24-361D-4F3F-B921-25887D4FA383}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{F0A03AA1-CDCB-4A6A-9CCA-F2C8021476E9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [TCP Query User{8B234DA7-35DB-4521-8CE6-8340D8D1BA4C}C:\programdata\battle.net\agent\agent.3507\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3507\agent.exe
FirewallRules: [UDP Query User{165FA3E9-7ADD-45DB-88DA-7F4615D86727}C:\programdata\battle.net\agent\agent.3507\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3507\agent.exe
FirewallRules: [{6A2FE460-F822-4949-87F3-C3D44F03673B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{B3D45FE7-1BC8-4FE6-9CE8-C3A472C0CCD3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [TCP Query User{48165FF4-C9B0-4D74-9406-BD26DF631DC4}E:\hearthstone\hearthstone\hearthstone.exe] => (Allow) E:\hearthstone\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{3CCD4E59-A199-4AE8-9F31-797B45898AF1}E:\hearthstone\hearthstone\hearthstone.exe] => (Allow) E:\hearthstone\hearthstone\hearthstone.exe
FirewallRules: [{F95BD2B2-C2AE-4731-A07E-17E25022A7C6}] => (Allow) E:\HearthStone\StarCraft II\StarCraft II.exe
FirewallRules: [{48209402-0BD4-45FE-8031-2A4287968FFA}] => (Allow) E:\HearthStone\StarCraft II\StarCraft II.exe
FirewallRules: [TCP Query User{79AFE7A0-7E1E-4EA1-8B9E-0B36E10FCC0F}E:\hearthstone\starcraft ii\versions\base32283\sc2.exe] => (Allow) E:\hearthstone\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{64D59B9B-A39E-4861-AFA1-55D2817F28FE}E:\hearthstone\starcraft ii\versions\base32283\sc2.exe] => (Allow) E:\hearthstone\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [{585B90E4-4987-4B64-9E3E-F40E6EC42D2D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{E0065EA1-EB81-4EE0-B8A3-1F75F96C26F2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [TCP Query User{98CA78CD-51BA-4B9F-9447-7CE99ADC3A11}E:\xde\xdecoin-qt.exe] => (Allow) E:\xde\xdecoin-qt.exe
FirewallRules: [UDP Query User{16FA63CF-80AA-4C1D-A21D-ECB545C2D59F}E:\xde\xdecoin-qt.exe] => (Allow) E:\xde\xdecoin-qt.exe
FirewallRules: [{DC6F768E-AF80-420F-AAD0-77E349CF3802}] => (Block) E:\xde\xdecoin-qt.exe
FirewallRules: [{502EF45C-C6D8-4CB1-B52D-56A0223587E1}] => (Block) E:\xde\xdecoin-qt.exe
FirewallRules: [{453B369F-E545-40FC-92CE-F8CD91D154A5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{B3E2E85C-4F92-4B8C-840D-EE588D2BC83C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{1A38FE85-AE11-4A00-8F4A-3DDE0CEC869B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{1C01CEC5-EF88-4DB5-BA21-D8129E6FF7BD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{E4F37EA0-085A-4DD4-B0B4-E0C869EC0A1B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{A56F1BD3-565D-4A9A-878A-662A9811FB4B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{8E383BA4-02A5-4964-9F56-5DB1C72797D2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{AD3C4114-8197-4CD0-9200-7582071EA11B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [TCP Query User{210CC0D1-7939-405D-B290-10A69EE11CE0}D:\local disk e_112015848\hearthstone\hearthstone\hearthstone.exe] => (Allow) D:\local disk e_112015848\hearthstone\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{623A8C16-23E4-4565-BABC-3CEFA2295807}D:\local disk e_112015848\hearthstone\hearthstone\hearthstone.exe] => (Allow) D:\local disk e_112015848\hearthstone\hearthstone\hearthstone.exe
FirewallRules: [{11AEF7FD-44E9-4E82-B6DC-9B136E93D6B5}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{7086952A-515E-4E07-8F16-BA89E7A77460}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{3086A77E-94A6-400F-9CF3-89A4EEE332B3}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{AF3022C5-B984-444A-B61D-18CB79F60136}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{F11A6B78-0049-45C3-B37B-0253C81B2E89}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{711907E0-C5AC-4EAB-970B-AE4AC90F64FB}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{97B69781-FF32-41BF-8CE2-7DBFE127DFD6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{9338A320-AA4B-4A97-B28F-9C13BDAFC241}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{DE9CFB51-B749-4821-A0EF-D28CA5A935F9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{593D8951-231B-4579-9C40-4F6671E5EDCA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{DA8796A6-1F22-44DC-96A0-CBFA40BFEACC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{F05D071D-5572-429F-8495-0F4893A2F7D8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{EA6C4745-D480-43F6-9AD7-CC7520A2A900}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{9E6F0476-CE39-4D01-BCAB-F8F4FB432F97}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{798CF340-621E-4855-A529-276A12C0B6BF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{A9E92156-A2B6-499D-9191-0521F69197CB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [TCP Query User{A09D91C7-9471-4558-9EDD-F80B5192953A}E:\iti\iticoin-qt.exe] => (Allow) E:\iti\iticoin-qt.exe
FirewallRules: [UDP Query User{5FB1D89B-7EC7-4B1F-BE94-E5EC5232C022}E:\iti\iticoin-qt.exe] => (Allow) E:\iti\iticoin-qt.exe
FirewallRules: [{ACA246E7-FA0F-4895-BCCF-21D6A772BBE0}] => (Block) E:\iti\iticoin-qt.exe
FirewallRules: [{855CE4D3-75EE-4403-BA50-81876709823F}] => (Block) E:\iti\iticoin-qt.exe
FirewallRules: [TCP Query User{17366C22-BBFD-4138-8E6D-2AE8902840B9}C:\program files (x86)\pro evolution soccer 2015\pes2015.exe] => (Block) C:\program files (x86)\pro evolution soccer 2015\pes2015.exe
FirewallRules: [UDP Query User{4824CFB5-9E98-4BF5-B603-D96ACC234A3F}C:\program files (x86)\pro evolution soccer 2015\pes2015.exe] => (Block) C:\program files (x86)\pro evolution soccer 2015\pes2015.exe
FirewallRules: [TCP Query User{4FE08B28-902B-42BA-A1AB-114D251733EB}D:\ro2\handycacherc3.1.0.0.268\handycache.exe] => (Allow) D:\ro2\handycacherc3.1.0.0.268\handycache.exe
FirewallRules: [UDP Query User{2E3B72F6-8113-429B-A120-FC94FCCE6EFD}D:\ro2\handycacherc3.1.0.0.268\handycache.exe] => (Allow) D:\ro2\handycacherc3.1.0.0.268\handycache.exe
FirewallRules: [{8F5B6030-F946-4BCF-BDE4-FC1CF75D802B}] => (Allow) C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{CB73DE48-5458-4002-970E-18307CF6C294}] => (Allow) C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7FDF9642-453D-4299-8A63-73A766CA154E}] => (Allow) C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{318A2A3D-0667-46A6-BC2A-6C898FE9E81D}] => (Allow) C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{34712F63-914B-4AF1-A9AF-7BD186EB4FB9}] => (Allow) E:\adsdasd\fo3idInstaller.exe
FirewallRules: [{EA38938E-CCE5-4789-BFCB-8ED0F4BC0494}] => (Allow) E:\adsdasd\fo3idInstaller.exe
FirewallRules: [{5CAC08A4-FB19-406E-978F-32FEBFCA9202}] => (Allow) E:\Steam\steamapps\common\FreeStyle2\LauncherSteam.exe
FirewallRules: [{64B4BA64-A93B-4045-8A4B-09D523F924C7}] => (Allow) E:\Steam\steamapps\common\FreeStyle2\LauncherSteam.exe
FirewallRules: [TCP Query User{1C9C0C53-8C01-43E0-9DDC-27DBE3E95BC6}E:\steam\steamapps\common\freestyle2\freestyle2.exe] => (Allow) E:\steam\steamapps\common\freestyle2\freestyle2.exe
FirewallRules: [UDP Query User{1F538570-2D24-4753-87A8-1693AF42A222}E:\steam\steamapps\common\freestyle2\freestyle2.exe] => (Allow) E:\steam\steamapps\common\freestyle2\freestyle2.exe
FirewallRules: [{C3D3C9CA-F7DA-477F-B1BA-177AE80FA096}] => (Block) E:\steam\steamapps\common\freestyle2\freestyle2.exe
FirewallRules: [{1B3A3CDE-316A-4930-8240-6E4077C4C44E}] => (Block) E:\steam\steamapps\common\freestyle2\freestyle2.exe
FirewallRules: [{D0EF86ED-9244-4CDC-8F53-1B8482D60745}] => (Allow) E:\Steam\steamapps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
FirewallRules: [{C91CAB48-35C5-4F8C-B0C5-DA18EE821977}] => (Allow) E:\Steam\steamapps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
FirewallRules: [TCP Query User{4838ADF0-25EB-41AD-82CF-84661998D678}C:\program files (x86)\pro evolution soccer 2015\pes2015.exe] => (Block) C:\program files (x86)\pro evolution soccer 2015\pes2015.exe
FirewallRules: [UDP Query User{A3F305CC-37A1-4F67-83BC-F85D1553952D}C:\program files (x86)\pro evolution soccer 2015\pes2015.exe] => (Block) C:\program files (x86)\pro evolution soccer 2015\pes2015.exe

==================== Faulty Device Manager Devices =============

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/28/2015 09:13:25 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: HOME-PC)
Description: HRESULT:0x8004FF6F
Description:You don’t need to install Microsoft Security Essentials. Your version of Windows includes an updated version of Windows Defender that provides the same level of protection as Microsoft Security Essentials, along with other significant improvements. <a>For more information on the differences and improvements, see online Help</a>. Error code:0x8004FF6F.

Error: (05/28/2015 08:57:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/28/2015 08:57:01 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {6414cd97-1be6-4133-818a-84798866cb08}

Error: (05/28/2015 08:48:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/28/2015 08:42:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/28/2015 08:42:03 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {6414cd97-1be6-4133-818a-84798866cb08}

Error: (05/28/2015 08:21:48 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Home\Downloads\Programs\HitmanPro_x64.exe ; Description = Checkpoint by HitmanPro; Error = 0x8007043c).

Error: (05/28/2015 08:21:00 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Home\Downloads\Programs\HitmanPro_x64.exe ; Description = Checkpoint by HitmanPro; Error = 0x8007043c).

Error: (05/28/2015 08:10:41 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe" ; Description = Revo Uninstaller Pro's restore point - FreeStyle2: Street Basketball; Error = 0x8007043c).

Error: (05/28/2015 08:10:16 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe" ; Description = Revo Uninstaller Pro's restore point - NetCut 2.1.4; Error = 0x8007043c).


System errors:
=============
Error: (05/28/2015 08:59:28 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Firewall service terminated with the following service-specific error:
%%5

Error: (05/28/2015 08:40:43 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (05/28/2015 08:40:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The BlueStacks Android Service service depends on the BlueStacks Hypervisor service which failed to start because of the following error:
%%3

Error: (05/28/2015 08:40:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HuaweiHiSuiteService64.exe service failed to start due to the following error:
%%2

Error: (05/28/2015 08:40:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlueStacks Updater Service service failed to start due to the following error:
%%2

Error: (05/28/2015 08:40:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlueStacks Hypervisor service failed to start due to the following error:
%%3

Error: (05/28/2015 08:40:01 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Firewall service terminated with the following service-specific error:
%%5

Error: (05/28/2015 08:39:21 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\hwinterface.sys

Error: (05/28/2015 08:38:51 PM) (Source: DCOM) (EventID: 10005) (User: HOME-PC)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (05/28/2015 08:38:50 PM) (Source: DCOM) (EventID: 10005) (User: HOME-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}


Microsoft Office:
=========================
Error: (05/28/2015 09:13:25 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: HOME-PC)
Description: HRESULT:0x8004FF6F
Description:You don’t need to install Microsoft Security Essentials. Your version of Windows includes an updated version of Windows Defender that provides the same level of protection as Microsoft Security Essentials, along with other significant improvements. <a>For more information on the differences and improvements, see online Help</a>. Error code:0x8004FF6F.

Error: (05/28/2015 08:57:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (05/28/2015 08:57:01 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {6414cd97-1be6-4133-818a-84798866cb08}

Error: (05/28/2015 08:48:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (05/28/2015 08:42:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (05/28/2015 08:42:03 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {6414cd97-1be6-4133-818a-84798866cb08}

Error: (05/28/2015 08:21:48 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Users\Home\Downloads\Programs\HitmanPro_x64.exe Checkpoint by HitmanPro0x8007043c

Error: (05/28/2015 08:21:00 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Users\Home\Downloads\Programs\HitmanPro_x64.exe Checkpoint by HitmanPro0x8007043c

Error: (05/28/2015 08:10:41 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe" Revo Uninstaller Pro's restore point - FreeStyle2: Street Basketball0x8007043c

Error: (05/28/2015 08:10:16 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe" Revo Uninstaller Pro's restore point - NetCut 2.1.40x8007043c


==================== Memory info ===========================

Processor: AMD A4-3300 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 33%
Total physical RAM: 3561.99 MB
Available physical RAM: 2365.76 MB
Total Pagefile: 6121.99 MB
Available Pagefile: 4004.72 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Win 8) (Fixed) (Total:50.01 GB) (Free:15.35 GB) NTFS
Drive d: (Data) (Fixed) (Total:117.42 GB) (Free:11.17 GB) NTFS
Drive e: (BBB) (Fixed) (Total:200.58 GB) (Free:89.74 GB) NTFS
Drive g: (Windows 7) (Fixed) (Total:97.66 GB) (Free:21.62 GB) NTFS
Drive h: (NEW) (CDROM) (Total:3.28 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: FC5F84F5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=318 GB) - (Type=OF Extended)

==================== End of log ============================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


If you already have MBAM 2.0 installed:

  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.


(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
RogueKiller V10.7.0.0 [May 25 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Home [Administrator]
Started from : C:\Users\Home\AppData\Local\Microsoft\Windows\INetCache\IE\2UIT8RWV\RogueKiller.exe
Mode : Delete -- Date : 05/28/2015 23:06:15

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 73 ¤¤¤
[PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Not selected
[PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Not selected
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Not selected
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Not selected
[PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict) | (default) : {8BA85C75-763B-4103-94EB-9470F12FE0F7} -> Not selected
[PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress) | (default) : {CD55129A-B1A1-438E-A425-CEBC7DC684EE} -> Not selected
[PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync) | (default) : {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} -> Not selected
[PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate | (default) : {08244EE6-92F0-47f2-9FC9-929BAA2E7235} -> Not selected
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict) | (default) : {8BA85C75-763B-4103-94EB-9470F12FE0F7} -> Not selected
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress) | (default) : {CD55129A-B1A1-438E-A425-CEBC7DC684EE} -> Not selected
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync) | (default) : {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} -> Not selected
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate | (default) : {08244EE6-92F0-47f2-9FC9-929BAA2E7235} -> Not selected
[PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -> Not selected
[PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> Not selected
[PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF} -> Not selected
[PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> Not selected
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> Not selected
[PUP] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -> Not selected
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> Not selected
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF} -> Not selected
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> Not selected
[PUM.Orphan] (X64) HKEY_USERS\RK_spirit indonesia_ON_G_59BA\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {47833539-D0C5-4125-9FA8-0819E2EAAC93} : -> Not selected
[PUM.Orphan] (X86) HKEY_USERS\RK_spirit indonesia_ON_G_59BA\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {47833539-D0C5-4125-9FA8-0819E2EAAC93} : -> Not selected
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Lightshot : C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [7] -> Not selected
[PUP] (X64) HKEY_USERS\RK_spirit indonesia_ON_G_59BA\Software\Microsoft\Windows\CurrentVersion\Run | LiveSupport : "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log [x][x][x] -> Not selected
[PUP] (X86) HKEY_USERS\RK_spirit indonesia_ON_G_59BA\Software\Microsoft\Windows\CurrentVersion\Run | LiveSupport : "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log [x][x][x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HuaweiHiSuiteService64.exe ("C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe" -/service) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_E3F0\ControlSet001\Services\IBUpdaterService ("C:\ProgramData\IBUpdaterService\ibsvc.exe" /SERVICE) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HuaweiHiSuiteService64.exe ("C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe" -/service) -> Not selected
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:50796;https=127.0.0.1:50796 -> Not selected
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:50796;https=127.0.0.1:50796 -> Not selected
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:50796;https=127.0.0.1:50796 -> Not selected
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:50796;https=127.0.0.1:50796 -> Not selected
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Internet Explorer\Main | Start Page : http://id.hao123.com/?tn=pcf_inner_protection_01_hao123_id_ie -> Not selected
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Internet Explorer\Main | Start Page : http://id.hao123.com/?tn=pcf_inner_protection_01_hao123_id_ie -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\RK_spirit indonesia_ON_G_59BA\Software\Microsoft\Internet Explorer\Main | Start Page : http://id.hao123.com/?tn=pcf_inner_protection_01_hao123_id_ie -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\RK_spirit indonesia_ON_G_59BA\Software\Microsoft\Internet Explorer\Main | Start Page : http://id.hao123.com/?tn=pcf_inner_protection_01_hao123_id_ie -> Not selected
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Internet Explorer\Main | Default_Page_URL : -> Not selected
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Internet Explorer\Main | Default_Page_URL : -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\RK_spirit indonesia_ON_G_59BA\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\RK_spirit indonesia_ON_G_59BA\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1415457942-1267786245-2192413135-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1415457942-1267786245-2192413135-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_E3F0\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8D6F902B-9993-402D-AFFF-D04F1721324A} | NameServer : 10.17.3.252 10.17.125.230 [(Private Address) (XX)][(Private Address) (XX)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_E3F0\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A06D150E-737F-4220-AB48-4A625504A28A} | NameServer : 10.17.3.252 10.17.125.230 [(Private Address) (XX)][(Private Address) (XX)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_E3F0\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C2EDDB6E-7145-4E96-8B48-A541A41B62B7} | NameServer : 10.17.3.252 10.17.125.230 [(Private Address) (XX)][(Private Address) (XX)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_E3F0\ControlSet002\Services\Tcpip\Parameters\Interfaces\{109AFCA6-C954-461D-9975-19BF0754D9AF} | NameServer : 10.17.118.187 10.17.118.251 [(Private Address) (XX)][(Private Address) (XX)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_E3F0\ControlSet002\Services\Tcpip\Parameters\Interfaces\{73B4EF26-530D-4FBD-8665-D70E7D89DED7} | NameServer : 10.17.118.187 10.17.118.251 [(Private Address) (XX)][(Private Address) (XX)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_E3F0\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8D6F902B-9993-402D-AFFF-D04F1721324A} | NameServer : 10.17.118.187 10.17.118.251 [(Private Address) (XX)][(Private Address) (XX)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_E3F0\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A06D150E-737F-4220-AB48-4A625504A28A} | NameServer : 10.17.3.252 10.17.125.230 [(Private Address) (XX)][(Private Address) (XX)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_E3F0\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C2EDDB6E-7145-4E96-8B48-A541A41B62B7} | NameServer : 10.17.3.252 10.17.125.230 [(Private Address) (XX)][(Private Address) (XX)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_E3F0\ControlSet003\Services\Tcpip\Parameters\Interfaces\{109AFCA6-C954-461D-9975-19BF0754D9AF} | NameServer : 10.17.118.187 10.17.118.251 [(Private Address) (XX)][(Private Address) (XX)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_E3F0\ControlSet003\Services\Tcpip\Parameters\Interfaces\{73B4EF26-530D-4FBD-8665-D70E7D89DED7} | NameServer : 10.17.118.187 10.17.118.251 [(Private Address) (XX)][(Private Address) (XX)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_E3F0\ControlSet003\Services\Tcpip\Parameters\Interfaces\{8D6F902B-9993-402D-AFFF-D04F1721324A} | NameServer : 10.17.118.187 10.17.118.251 [(Private Address) (XX)][(Private Address) (XX)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_E3F0\ControlSet003\Services\Tcpip\Parameters\Interfaces\{A06D150E-737F-4220-AB48-4A625504A28A} | NameServer : 10.17.3.252 10.17.125.230 [(Private Address) (XX)][(Private Address) (XX)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_E3F0\ControlSet003\Services\Tcpip\Parameters\Interfaces\{C2EDDB6E-7145-4E96-8B48-A541A41B62B7} | NameServer : 10.17.3.252 10.17.125.230 [(Private Address) (XX)][(Private Address) (XX)] -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\RK_spirit indonesia_ON_G_59BA\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\RK_spirit indonesia_ON_G_59BA\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1415457942-1267786245-2192413135-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1415457942-1267786245-2192413135-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[Suspicious.Path][File] Y210 Recovery Installer.rar.lnk -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Y210 Recovery Installer.rar.lnk [LNK@] C:\ProgramData\{d406bd95-3834-533f-d406-6bd95383f654}\Y210 Recovery Installer.rar.exe --startup=1 -> Deleted

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.Proxy][FIREFX:Config] mvldvpgz.default : user_pref("network.proxy.type", 4); -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AACS-00G8B1 ATA Device +++++
--- User ---
[MBR] 06cd13aa10a519a15cf33787d1a900ab
[BSP] 7275acb36f79c4cecc94b6f051ce475a : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 100000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 871895745 | Size: 51207 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 205006849 | Size: 325629 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_05282015_230528.log
 
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/28/2015
Scan Time: 16:29:16
Logfile:
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.28.03
Rootkit Database: v2015.05.24.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Home

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 384314
Time Elapsed: 22 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [53b0efaa4d3d62d4c85da14056ad9a66],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
Trojan.Agent, C:\Program Files\PowerISO\Crack (x64).exe, No Action By User, [6c976e2bcdbd8da9cb4082b7b64c867a],
PUP.Optional.Amonetize, C:\Users\Home\AppData\Local\26159\a12135.exe, Quarantined, [7c8752475733da5cc4b123a8669b57a9],
PUP.Optional.MyStartSearch.A, C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Good: (), Bad: ({"browser":{"show_home_button":false},"extensions":{"settings":{"aapbdbdomjkkjkaonfhkkikfgjllcleb":{"disable_reasons":32,"state":0},"abjcfabbhafbcdfjoecdgepllmpfceif":{"active_permissions":{"api":["contextMenus","storage","tabs"],"explicit_host":["https://ssl.google-analytics.com https://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js; object-src 'self'","description":"Docks your favourite stuff in a floating mobile-view window! Including Facebook chatting, Youtube videos and Hangouts calls","icons":{"128":"icon128.png","16":"icon16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDL/z0wb8ThEQnZZm1HdV5134PSWJmCBwnXerUQvPQTazt8RvItYsFhJJKpIyLuf7J0kgHdo4+WfVmwbQtCz7g4G7IxwZEh3r/tLyjeHDk9TMCwCG1OEmbLbQG3u0WpIvqEETQvwyXl/q37Pbhm3WPaNuikvuO5N6qxlRIw0crr+QIDAQAB","manifest_version":2,"name":"Picture in Picture Viewer","options_page":"options.html","permissions":["tabs","webRequest","webRequestBlocking","webNavigation","contextMenus","*://*/*"],"update_url":"https://chromeadblock.com .google.com[/URL] .gstatic.com[/URL]; object-src 'self'","current_locale":"en_US","default_locale":"en","description":"Bookmark Manager","externally_connectable":{"matches":["*://*.google.com/*"]},"icons":{"16":"icons/bookmarks16.png","32":"icons/bookmarks32.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDO1rEc7Du17LBzIOf1nXMC4JM4suAzgaswHRjJhaE4/fNIXxrTjqaDH5tpU7huX8RdVyuu3zggdP36mpqhLYNzCf9fgnvhZEGpsXYqedWXapQ4nrVca4Xg5SB8/K7oRS+dnMwwxYjED434qTyfiSiJoXVo7MXa+qBckMQ6Wf0t0QIDAQAB","manifest_version":2,"minimum_chrome_version":"42","name":"Bookmark Manager DEV","oauth2":{"client_id":"610799782257-avhfi6rijk0n02t94linmllq54ool5kf.apps.googleusercontent.com","scopes":["https://ssl.google-analytics.com; object-src 'self'","description":"Preloaded Extension Placeholder for Crhome","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjvF5pjuK8gRaw/2LoRYi37QqRd48B/FeO9yFtT6ueY84z/u0NrJ/xbPFc9OCGBi8RKIblVvcbY0ySGqdmp0QsUr/oXN0b06GL4iB8rMhlO082HhMzrClV8OKRJ+eJNhNBl8viwmtJs3MN0x9ljA4HQLaAPBA9a14IUKLjP0pWuwIDAQAB","manifest_version":2,"name":"Default Placeholder Extensions","permissions":["tabs","cookies","bookmarks",""],"version":"35.2.1","web_accessible_resources":["content.js"]},"path":"C:\\Program'>/*[/URL]","/*[/URL]","file://*","chrome://*/*","storage","management","webRequest","idle","webRequestBlocking","history","debugger","\u003Call_urls>"],"version":"35.2.1","web_accessible_resources":["content.js"]},"path":"C:\\Program Files\\Google\\Chrome\\Application\\Extensions\\chrome\\man","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"mbniclmhobmnbdlbpiphghaielnnpgdp":{"disable_reasons":32,"state":0},"mfehgcgbbipciphmccgaenjidiccnmng":{"active_permissions":{"api":["cloudPrintPrivate"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13076928208311557","location":5,"manifest":{"app":{"launch":{"web_url":"https://www.google.com/cloudprint"},"urls":["https://www.google.com/cloudprint/enable_chrome_connector"]},"description":"Cloud Print","display_in_launcher":false,"icons":{},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDqOhnwk4+HXVfGyaNsAQdU/js1Na56diW08oF1MhZiwzSnJsEaeuMN9od9q9N4ZdK3o1xXOSARrYdE+syV7Dl31nf6qz3A6K+D5NHe6sSB9yvYlIiN37jdWdrfxxE0pRYEVYZNTe3bzq3NkcYJlOdt1UPcpJB+isXpAGUKUvt7EQIDAQAB","name":"Cloud Print","permissions":["cloudPrintPrivate"],"version":"0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\43.0.2357.65\\resources\\cloud_print","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"mfffpogegjflfpflabcdkioaeobkgjik":{"active_permissions":{"api":["webRequest","webRequestBlocking"],"explicit_host":["\u003Call_urls>","chrome://favicon/*"],"manifest_permissions":[],"scriptable_host":["\u003Call_urls>"]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13076928253636823","location":5,"manifest":{"background":{"scripts":["channel.js","background.js"]},"content_scripts":[{"all_frames":true,"js":["channel.js","saml_injected.js"],"matches":["\u003Call_urls>"],"run_at":"document_start"}],"content_security_policy":"default-src 'self'; script-src 'self'; frame-src 'self' http: https:; style-src 'self'","description":"GAIA Component Extension","incognito":"split","key":"MIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQC4L17nAfeTd6Xhtx96WhQ6DSr8KdHeQmfzgCkieKLCgUkWdwB9G1DCuh0EPMDn1MdtSwUAT7xE36APEzi0X/UpKjOVyX8tCC3aQcLoRAE0aJAvCcGwK7qIaQaczHmHKvPC2lrRdzSoMMTC5esvHX+ZqIBMi123FOL0dGW6OPKzIwIBIw==","manifest_version":2,"name":"GaiaAuthExtension","permissions":["\u003Call_urls>","webRequest","webRequestBlocking"],"version":"0.0.1","web_accessible_resources":["main.css","main.html","main.js","offline.css","offline.html","offline.js","success.html","success.js","util.js"]},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\43.0.2357.65\\resources\\gaia_auth","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"mgndgikekgjfcpckkfioiadnlibdjbkf":{"active_permissions":{"api":[],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13076928208311557","location":5,"manifest":{"app":{"launch":{"web_url":"http://THIS-WILL-BE-REPLACED"}},"description":"A fast, simple, and secure web browser, built for the modern web.","display_in_launcher":true,"display_in_new_tab_page":false,"icons":{"128":"product_logo_128.png","16":"product_logo_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNuYLEQ1QPMcc5HfWI/9jiEf6FdJWqEtgRmIeI7qtjPLBM5oje+Ny2E2mTAhou5qdJiO2CHWdU1DQXY2F7Zu2gZaKZgHLfK4WimHxUT5Xd9/aro/R9PCzjguM1BLusiWYc9xlj1IsZpyiN1hcjU7SCnBhv1feQlv2WSB5KRiXwhQIDAQAB","name":"Chrome","version":"0.1"},"page_ordinal":"n","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\43.0.2357.65\\resources\\chrome_app","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"mpphfcjpaldmedbbomcdhgonmhjngfig":{"disable_reasons":32,"state":0},"nmladpigjlinmngadjgfogblnmddndcp":{"app_launcher_ordinal":"zg","disable_reasons":32,"page_ordinal":"n","state":0},"nmmhkkegccagdldgiimedpiccmgmieda":{"ack_external":true,"active_permissions":{"api":["identity","webview"],"explicit_host":["https://wallet-web.sandbox.google.com/*","https://wallet.google.com/*","https://www.google.com/*","https://www.googleapis.com/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":137,"events":["app.runtime.onLaunched","runtime.onConnectExternal"],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["identity","webview"],"explicit_host":["https://wallet-web.sandbox.google.com/*","https://wallet.google.com/*","https://www.google.com/*","https://www.googleapis.com/*"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13076928233488823","lastpingday":"13077270001802742","location":10,"manifest":{"app":{"background":{"scripts":["craw_background.js"]}},"current_locale":"en_US","default_locale":"en","description":"Google Wallet for digital goods","display_in_launcher":false,"display_in_new_tab_page":false,"icons":{"128":"images/icon_128.png","16":"images/icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrKfMnLqViEyokd1wk57FxJtW2XXpGXzIHBzv9vQI/01UsuP0IV5/lj0wx7zJ/xcibUgDeIxobvv9XD+zO1MdjMWuqJFcKuSS4Suqkje6u+pMrTSGOSHq1bmBVh0kpToN8YoJs/P/yrRd7FEtAXTaFTGxQL4C385MeXSjaQfiRiQIDAQAB","manifest_version":2,"minimum_chrome_version":"29","name":"Google Wallet","oauth2":{"auto_approve":true,"client_id":"203784468217.apps.googleusercontent.com","scopes":["","chrome://favicon/*"],"manifest_permissions":[],"scriptable_host":["file:///*","ftp://*/*","/*[/URL]","/*[/URL]"]},"commands":{},"content_settings":[],"creation_flags":9,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["storage","tabs","webNavigation","webRequest","webRequestBlocking"],"explicit_host":["\u003Call_urls>","chrome://favicon/*"],"manifest_permissions":[],"scriptable_host":["file:///*","ftp://*/*","/*[/URL]","/*[/URL]"]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13077247807358480","lastpingday":"13077270001802742","location":1,"manifest":{"background":{"page":"pdfHandler.html"},"content_scripts":[{"all_frames":true,"css":["contentstyle.css"],"js":["contentscript.js"],"matches":["/*[/URL]","/*[/URL]","ftp://*/*","file://*/*"],"run_at":"document_start"}],"content_security_policy":"script-src'>https://www.googleapis.com/auth/sierra","https://www.googleapis.com/auth/sierrasandbox","https://www.googleapis.com/auth/chromewebstore","https://www.googleapis.com/auth/chromewebstore.readonly"]},"permissions":["identity","webview","https://wallet.google.com/","https://wallet-web.sandbox.google.com/","https://www.google.com/","https://www.googleapis.com/*"],"update_url":"https://clients2.google.com/service/update2/crx","version":"0.1.1.0"},"path":"nmmhkkegccagdldgiimedpiccmgmieda\\0.1.1.0_0","preferences":{},"regular_only_preferences":{},"running":false,"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"oemmndcbldboiebfnladdacbdfmadadm":{"active_permissions":{"api":["storage","tabs","webNavigation","webRequest","webRequestBlocking"],"explicit_host":["\u003Call_urls>","chrome://favicon/*"],"manifest_permissions":[],"scriptable_host":["file:///*","ftp://*/*","/*[/URL]","/*[/URL]"]},"commands":{},"content_settings":[],"creation_flags":9,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["storage","tabs","webNavigation","webRequest","webRequestBlocking"],"explicit_host":["\u003Call_urls>","chrome://favicon/*"],"manifest_permissions":[],"scriptable_host":["file:///*","ftp://*/*","/*[/URL]","/*[/URL]"]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13077247807358480","lastpingday":"13077270001802742","location":1,"manifest":{"background":{"page":"pdfHandler.html"},"content_scripts":[{"all_frames":true,"css":["contentstyle.css"],"js":["contentscript.js"],"matches":["/*[/URL]","/*[/URL]","ftp://*/*","file://*/*"],"run_at":"document_start"}],"content_security_policy":"script-src 'self' 'unsafe-eval'; object-src 'self'","description":"Uses HTML5 to display PDF files directly in the browser.","file_browser_handlers":[{"default_title":"Open with PDF Viewer","file_filters":["filesystem:*.pdf"],"id":"open-as-pdf"}],"icons":{"128":"icon128.png","16":"icon16.png","48":"icon48.png"},"incognito":"split","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDb5PIb8ayK6vHvEIY1nJKRSCDE8iJ1T43qFN+5dvCVQrmyEkgqB9ZuZNT24Lwot96HV51VoITHKRNIVKI2Nrbfn0M49t7qtaP34g/GXJ7mAIbSzsY4+I+Wsz8EL2SNEIw6uH8RmXG7nZ29NJ7sk7jn17QmMsO2UJ01UT8hfOOOEQIDAQAB","manifest_version":2,"mime_types":["application/pdf"],"name":"PDF Viewer","options_page":"options/options.html","options_ui":{"chrome_style":true,"page":"options/options.html"},"page_action":{"default_icon":{"19":"icon19.png","38":"icon38.png"},"default_popup":"pageActionPopup.html","default_title":"Show PDF URL"},"permissions":["fileBrowserHandler","webRequest","webRequestBlocking","\u003Call_urls>","tabs","webNavigation","storage","streamsPrivate"],"storage":{"managed_schema":"preferences_schema.json"},"update_url":"https://clients2.google.com/service/update2/crx","version":"1.1.132","web_accessible_resources":["getFrameId","content/web/viewer.html","http:/*","https:/*","ftp:/*","file:/*","chrome-extension:/*","filesystem:/*","drive:*"]},"path":"oemmndcbldboiebfnladdacbdfmadadm\\1.1.132_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"pfjmpddhehfgenddjoejiakphgbkhknc":{"disable_reasons":32,"lastpingday":"13077270002512742","state":0},"pjkljhegncpnkpknbcohdijeoejaedia":{"active_permissions":{"api":["notifications"],"manifest_permissions":[]},"app_launcher_ordinal":"wn","commands":{},"content_settings":[],"creation_flags":9,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13076928310276840","lastpingday":"13077270001802742","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"en_US","default_locale":"en","description":"Fast, searchable email with less spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false}}},"google":{"services":{"last_username":"jun.ro70@gmail.com","username":"jun.ro70@gmail.com"}},"homepage":"","homepage_is_newtabpage":true,"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"FC724A054C8261FAC500B0D00B779A264513F3EDF3A4FE9663D71F11E180C83C"},"default_search_provider":{"keyword":"6A3BCD7409E5FAC77E904DB95B810C71FFEF20A231A7F1EB1DF0F24B42C049F1","name":"2F822171863DBF4ABE5B133CFF124C311EAF240CA2EBCA7EF426A3766704BC7D","search_url":"5002197665DA3F5D9AF60DB7FEF1C8BCDC5E47B0E29662F4719422E84FB9F9C5"},"default_search_provider_data":{"template_url_data":"A422F6AD49EB58B4B8765CD851C5253B475B7D48CF858CE1CE8A57442E2D02FC"},"extensions":{"settings":{"aapbdbdomjkkjkaonfhkkikfgjllcleb":"2E0E795D6739BA477B3AB093C16884DA02881EB645A921206C0B74A2CC014909","abjcfabbhafbcdfjoecdgepllmpfceif":"0254DEC3A56C0137C2BFE6BE3337B0E58618D4518F439F5287F348660152696D","ahfgeienlihckogmohjhadlkjgocpleb":"931804D0D89DCBE55857396DB7A2B54AC7E008AAF86575A978527ACB75BF5E41","babikeemlljheaiopgchfgnpogodbfci":"CB60E627C1FB59DE0F7E003F62AC9FDA2FA0DBAC2A43DA90A64293F088F08C40","bbfenppodikphgiphiipabngecoffcni":"1F99A4F0B0086B00EA464F79A38C3BE8654898ABE4A1B8DA1BC1950CF68FFD90","bcbpbenaemaebapiffhkjjnilcphggcn":"49A5C5C2B0AF217203C80F0117B1866560F1102D2FD0FA4D45D4BD4D98B68C4E","bepbmhgboaologfdajaanbcjmnhjmhfn":"48685D5D653316ED62088892F165EC1371D3EE2F3D7BA0DA4FA711FCF1BAFEAB","bicgmdmgbomnebambjpkkkjpbkiahike":"2A826A2042FAA2321FB952E5B670BA751522FFB0D0901164FE817B3A369B9144","blpcfgokakmgnkcojhhkbfbldkacnbeo":"A6780ADC979CE965337DEA4478A604C0D028FBFA39898937B882D733257D460E","cfhdojbkjhnklbpkdaibdccddilifddb":"45F86A8C51B6D05E48A5455D36A7B5AD3274F5DCCE806E0C77A2D20B50B1E4CE","coobgpohoikkiipiblmjeljniedjpjpf":"286F32CE5A0D851C057B5F349FA9A0B17024123D984892EF6ECEEFF0BE80C98C","ddkedpofhcigoiibhjfmlfpghobnbabn":"2029D9753638543CE1A4AF05D9DA2F936CD241FED91EBF6003FC4E0FD0B0A7B4","dhdgffkkebhmkfjojejmpbldmpobfkfo":"0EAF5B6FC6F43266771AF8C42A7A74FF5603532B516D43986200F13E3C504863","djflhoibgkdhkhhcedjiklpkjnoahfmg":"DBDED7F3EF266F3AAD2DBE867F2BE8121F1AD818E2E60A2F16AE3DF2AFFF7BC2","donooklgjecljcdaflphibjiigobinho":"BB6D1A8346988D9EEFF85F2865681580C8E7AC26BBE8A9A341AAC685069F79FC","dpdmlmpcpbjdllmdacjgdldbmhefmmkb":"1B34AE7A36727EF5F360E4AE6C8181EBF8DD94BF1708602A8337293F3B1B9DE8","dpplabbmogkhghncfbfdeeokoefdjegm":"9EE0A2A70FFEEC3C65B31224D47BB311501995B90102DD5CCA92889286F0E50C","eemcgdkfndhakfknompkggombfjjjeno":"6C0AAE96A1F3EED9E36C5BCBC7423081C94B3D7E7A42B32F5B37168EDA9DE36F","efaagmolahogmekmnmkigonhfcdiemnl":"51BD048B3784452E647AA7D906BA38C31C96E6E93AD09513505F629A56801837","efgochcggfpajofoidkjhelkaihdflpo":"ED973B8779A7B962083B0AEC56938C1C49FA75946F40A7CAF7EE6AE11CAC7CE2","eooefojkjcddbgjjeoabdloeapnbccmh":"6E1304DEAF488AFEC35EB2B3BD55164E5DDD13DC40D063106F35A42F35519DBF","fjeahcfaibacboijpccppebdpihhbflk":"EC9AF4D6F5C65E39B9713ABB47D9FDD35F2F0DBF22BAB617CA10BABECCC4BB68","fjnbnpbmkenffdnngjfgmeleoegfcffe":"92B87B23673EBCA6B5DE9B94996145E4EA129DED529DEA4652E09001DAAD01AE","flapeljaacmlecndmchagnbjhnblobfg":"9BA4F7400EB4811E0F9CD386BC6D46CF480C9C8B3661E84FDCB78797ACD85573","gaedmjdfmmahhbjefcbgaolhhanlaolb":"D445E5A8A8A3324F62292232DFAD9E3AC9299737D642590299006F061D2E91F7","gbkeegbaiigmenfmjfclcdgdpimamgkj":"F561A723CCA7CAF19D7BAD5FCBA9BE29A6E2AF4F6787A3792AA2E1931CDCE87F","gighmmpiobklfepjocnamgkkbiglidom":"A709EA667CAFF816BF0D735F68B9B64AA8FD5F33DD15BFA5EE72DA50C9FB083B","gmlllbghnfkpflemihljekbapjopfjik":"78427E61937CD3FA704E8B2D7DA7BEAB0C1F9C871761B3B15028247EB392ACE3","headobkbbbbgggkilpbjkmmpdmdkpjhl":"CC5EBE73531DA2DE8AA6A704FC0F35483CEBF4371239F49351DB754DA076EA54","inijnmkffhfbpknkajembojpfejgmnjn":"93D84D72DD47D8112AD51F121C9BF206433824064D7B7E7F99E2F3A1AEA68578","ipplilmaapjjklilmmaccfemdmhkoacd":"27E82E14976A98AEAD16E864C1EF2C1306B40E95CDF7CC42FA9008D2AEE084C8","jdbcdbdkiaadpbkggggekjcpmgjekkke":"1097F67B659D471ED0314345CA8E40745488E1B39A7D8AC0B38965E75DFCD167","jeaohhlajejodfjadcponpnjgkiikocn":"A3AB26F20B1F8D288D2B035E0F0DBDB17262367F277411DD01A09EC436876501","kejckknopfdplgggklalmeanigajfcol":"B503002FAD8519DB9D000AD67E176B1CE69141593DD4D5F5B56D763286FB8510","kmokinipfahjbfaicnjnmlobmbfiedmp":"0A8212028F594794BA93301722ECE7CD4C606319362D3B68C1D6A329ADDB2073","koiaokdomkpjdgniimnkhgbilbjgpeak":"8BB27EF3AB148D796C9522FD74690FF88C203BA14B223024AF278325B1F48535","lcccjopfndhhpdnjbbadijddmjbadpkn":"4BDD32E36B265CD7B4470781334E643D7A7A5139BFCD9C48B07F4B2D65305AF1","lccekmodgklaepjeofjdjpbminllajkg":"6F6B94ED792E25D5F976F3AC1479A85131D13BAFFD4348CBBA4F2DAE304678B3","lepfcadhgpghgblgpffcmabpfckadmbd":"F0DC5D18F95F6939FEDA1BD7A5A3B185801BD1BEA800DD8A681C3F1CB710B286","lfmhcpmkbdkbgbmkjoiopeeegenkdikp":"67BF398AD97F3137A69652A7CE9CE1BC8D2B204C7857A9390590D3F1604E2820","lojpenhmoajbiciapkjkiekmobleogjc":"25748F20AB1210CD8A72CFB588D41AF25F212CC103795436BBDA3C74D0EC909A","mbniclmhobmnbdlbpiphghaielnnpgdp":"304936278D599281DB412BC7C6779C75E4ABCCED629933F4BFD4A17D35CCD3CA","mfehgcgbbipciphmccgaenjidiccnmng":"3127630829B63609435AACA92F3A3830B009B622688C6F742C8889FDD84C3A32","mfffpogegjflfpflabcdkioaeobkgjik":"5A302ABF4DBE786311B20732929DD9D22589DB62D69CB6A6D9EF5C2AA4F57450","mgndgikekgjfcpckkfioiadnlibdjbkf":"5800DCEDAFBFEE985B4B913FE2EBF9DFFE04A55E9C7A94DF0606D64E2E05EBF2","mpphfcjpaldmedbbomcdhgonmhjngfig":"7388C62D65967D5E51FF6F6AB1DC8382FCC65BBB03B85E15BC3587AC9EB8DFEF","nmladpigjlinmngadjgfogblnmddndcp":"6B34485E6F5197343408D3F9A6FA3BD9EB6ADCC511851EFA017869180AC04FA9","nmmhkkegccagdldgiimedpiccmgmieda":"5812983064DDA262729192A90FBA4F90EFA9A85B10C329695177F2627BB4AD21","oemmndcbldboiebfnladdacbdfmadadm":"1888221C4FE127341A402DA58C5E7077563494EEC061A8B485085FEE6EC99638","pfjmpddhehfgenddjoejiakphgbkhknc":"9C39A8405DB5976413BEC6D7C7E84BE16F7FFE47E15999633DFE35AA0D361582","pjkljhegncpnkpknbcohdijeoejaedia":"C7C4C9767DBD50412BD4EB6EDDB19EB7637A172896EEA124942021930595813B"}},"google":{"services":{"last_username":"95ECB7BC196C6233813ED79AFA7B5A71B6C1911A9EF60127A1D545810C7D526C","username":"4A3F37CFA233F4E6ACA506F62053CAA3834F6A772D5018BC05F904485771A258"}},"homepage":"ABE0DDDB67E94623AA9F0B2E3D8BAF10FDFF2769A02954500B9CE36AC9E0BFD3","homepage_is_newtabpage":"CD52D0CDE9CE53BEEB8B9DF3DAFE360C347397BC1ED4FEA4BF66F19685162587","pinned_tabs":"885BAEFA39CB2727A99BEB49AA025BBDCB9508CFBFD4AF5AED2129B8F5E17C5F","prefs":{"preference_reset_time":"9EA3519C7E77F0192E9244CC98A5F3FF369F278A6CFC738BCF17C10FB197EB50"},"profile":{"reset_prompt_memento":"0AD227584A87055A23265D1A05D460B7855FAD4E4F4B42C441A9BCCA5A509CD7"},"safebrowsing":{"incidents_sent":"45F5EABAAA7EFCE39346558606F30EF783D243CAB3591BD971A76528CB73ED48"},"search_provider_overrides":"2ECF4B0891691B4C6EDD35038C9ED7207A1D0779E4026693B8F8FB725A7478C9","session":{"restore_on_startup":"0EF7B7576354532BC2E5FB1BA17D52CB6B584CD010132714F862637283814E6C","startup_urls":"225D482E4E52E311CB98E9AE0E1941D136D056670EA414FB887FE80377FBF101"},"software_reporter":{"prompt_reason":"3AD0A4B95A4BF5369279FAD77FB151AAC192A96EF6F64B48167B185A1FEFADC3","prompt_seed":"75FD9EFC32767362928D17CF832F64A61CF7E243D3B584996B26D4F783435999","prompt_version":"E79DE9E1B2E18A94ED36B543C29BB720A44F49FC15722A625C4DD50E2D3B8905"},"sync":{"remaining_rollback_tries":"891FC1409DB7DABAE01E5A4F93EEFD3F1924B1E9AB682F98558DD1A088C27764"}},"super_mac":"319F648198F1334B4F46B3E06D373ABBE7DCEC04BADE621A58D6C6C340602CFA"},"session":{"restore_on_startup":5,"startup_urls":["http://www.google.com","http://www.google.com/","http://search.conduit.com/?ctid=CT1547340&SearchSource=48","http://www.mysearchresults.com/?c=2600&t=03","http://search.babylon.com/?affID=11...HP_ss&mntrId=68c87b48000000000000e0cb4ec0c995","http://search.shareazaweb.net/","http://search.babylon.com/?affID=11...HP_ss&mntrId=08c39efb000000000000e0cb4ec58c6d","http://search.certified-toolbar.com?si=41460&home=true&tid=2937","http://home.sweetim.com/?crg=3.1010000.10009&barid={A1E05DEA-26B2-11E2-9E75-E0CB4EC58C6D}","http://search.babylon.com/?affID=11...HP_ss&mntrId=7228409d000000000000000000000000","http://home.sweetim.com/?crg=3.1010000.10011&barid={3BC1DDF5-5C4A-11E2-BFB6-00197E846A15}","http://isearch.babylon.com/?affID=120023&babsrc=HP_ss&mntrId=48552de0000000000000003067c30afc","http://www.delta-search.com/?affID=119294&babsrc=HP_ss&mntrId=2E08001E8C2655DF","http://websearch.helpmefindyour.info/?pid=821&r=2013/04/24&hid=1515876265&lg=EN&cc=ID","http://websearch.searchboxes.info/?pid=887&r=2013/07/24&hid=2139690387&lg=EN&cc=ID&unqvl=28","http://websearch.searchguru.info/?pid=821&r=2013/12/08&hid=7240186974202971102&lg=EN&cc=ID&unqvl=43","http://www.istartsurf.com/?type=hp&...id=WDCXWD5000AACS-00G8B1_WD-WCAUH011131911319","http://www.mystartsearch.com/?type=...id=WDCXWD5000AACS-00G8B1_WD-WCAUH011131911319"]},"sync":{"remaining_rollback_tries":0}}), %5

Physical Sectors: 0
(No malicious items detected)


(end)
 
# AdwCleaner v4.205 - Logfile created 28/05/2015 at 23:28:09
# Updated 21/05/2015 by Xplode
# Database : 2015-05-25.3 [Server]
# Operating system : Windows 8.1 Pro (x64)
# Username : Home - HOME-PC
# Running from : C:\Users\Home\Downloads\Programs\adwcleaner_4.205.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:50796;hxxps=127.0.0.1:50796
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.16384


-\\ Mozilla Firefox v


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [21599 bytes] - [24/05/2015 14:56:51]
AdwCleaner[R1].txt - [9736 bytes] - [28/05/2015 20:27:39]
AdwCleaner[R2].txt - [1587 bytes] - [28/05/2015 23:26:53]
AdwCleaner[S0].txt - [11723 bytes] - [24/05/2015 14:58:43]
AdwCleaner[S1].txt - [2282 bytes] - [28/05/2015 20:32:17]
AdwCleaner[S2].txt - [1292 bytes] - [28/05/2015 23:28:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1351 bytes] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.2 (05.28.2015:1)
OS: Windows 8.1 Pro x64
Ran by Home on Thu 05/28/2015 at 23:33:03.79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1415457942-1267786245-2192413135-1001\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Users\Home\AppData\Roaming\appdataFr25.bin



~~~ Folders

Successfully deleted: [Folder] C:\Users\Home\appdata\local\crashrpt





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 05/28/2015 at 23:35:51.00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by Home (administrator) on HOME-PC on 29-05-2015 07:40:04
Running from C:\Users\Home\Desktop
Loaded Profiles: Home (Available Profiles: Home)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Valve Corporation) E:\Steam\Steam.exe
(Valve Corporation) E:\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
Failed to access process -> FRST64.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5299320 2012-10-25] (VIA)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GamingMouseG7] => C:\Program Files (x86)\AQUILA-X Gaming Mouse\mousehid.exe [741376 2012-06-03] ()
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-18] (Panda Security, S.L.)
HKLM\...\Winlogon: [Userinit] C:\WINDOWS\SysWOW64\userinit.exe,
HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3837520 2014-06-17] (Tonec Inc.)
HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\MountPoints2: {11851c1c-264d-11e4-82cf-1078d241dde7} - "F:\AutoRun.exe"
HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\MountPoints2: {873727fd-b3cb-11e4-83a1-1078d241dde7} - "I:\AutoRun.exe"
HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\MountPoints2: {8737283c-b3cb-11e4-83a1-1078d241dde7} - "I:\AutoRun.exe"
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
BootExecute: autocheck autochk * bootdelete
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:50796;https=127.0.0.1:50796
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://u.msn.com/id-id/?ocid=iehp
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Tcpip\..\Interfaces\{749045DC-334A-4ED7-B313-4EC1C395DA00}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{AF710261-D09A-49E1-AD37-E069E7130235}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\mvldvpgz.default
FF NetworkProxy: "socks", "31.186.175.155"
FF NetworkProxy: "socks_port", 60088
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-25] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-25] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-28] (Oracle Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1415457942-1267786245-2192413135-1001: @unity3d.com/UnityPlayer,version=1.0 -> Unity\WebPlayer\loader\npUnity3D32.dll No File
FF Extension: Adblock Plus - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\mvldvpgz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-15]
FF HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Home\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Home\AppData\Roaming\IDM\idmmzcc5 [2014-06-27]

Chrome:
=======
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-05-28]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2015-05-28]
CHR Extension: (Google Drive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-28]
CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-28]
CHR Extension: (Google Search) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-28]
CHR Extension: (Tampermonkey) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-05-28]
CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2015-05-28]
CHR Extension: (Proxy SwitchySharp) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm [2015-05-28]
CHR Extension: (Picture in Picture Viewer) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaagmolahogmekmnmkigonhfcdiemnl [2015-05-28]
CHR Extension: (Twitch Mini Player) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\efgochcggfpajofoidkjhelkaihdflpo [2015-05-28]
CHR Extension: (Twitch Mini Player) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjeahcfaibacboijpccppebdpihhbflk [2015-05-28]
CHR Extension: (Stylish) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2015-05-28]
CHR Extension: (Authy) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaedmjdfmmahhbjefcbgaolhhanlaolb [2015-05-28]
CHR Extension: (AdBlock) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-28]
CHR Extension: (ReChat for Twitch™) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipplilmaapjjklilmmaccfemdmhkoacd [2015-05-28]
CHR Extension: (Office Apps) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdbcdbdkiaadpbkggggekjcpmgjekkke [2015-05-28]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2015-05-28]
CHR Extension: (Better Image Viewer) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmokinipfahjbfaicnjnmlobmbfiedmp [2015-05-28]
CHR Extension: (Auto HD For YouTube™) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2015-05-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-28]
CHR Extension: (Lightshot (screenshot tool)) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2015-05-28]
CHR Extension: (LocalChromecast Player) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmladpigjlinmngadjgfogblnmddndcp [2015-05-28]
CHR Extension: (Google Wallet) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-28]
CHR Extension: (PDF Viewer) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\oemmndcbldboiebfnladdacbdfmadadm [2015-05-28]
CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-28]
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (No Name) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mppnoffgpafgpgbaigljliadgbnhljfl [2015-01-14]
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 5
CHR Extension: (No Name) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-17]
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 6
CHR Extension: (No Name) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
S4 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-07-15] (Freemake) [File not signed]
S4 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-07-15] (Ellora Assets Corp.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-18] (Panda Security, S.L.)
S4 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2014-10-22] (The OpenVPN Project)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-18] (Panda Security, S.L.)
S4 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1006784 2014-06-22] (@ByELDI) [File not signed]
S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
S4 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [X]
S2 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [X]
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [X]
S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [X]
S2 HuaweiHiSuiteService64.exe; "C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe" -/service [X]
S4 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [X]
S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 DFX11_1; C:\Windows\system32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows (R) Win 7 DDK provider)
R3 GM3305Fltr; C:\Windows\system32\drivers\GM3305Fltr.sys [9600 2012-03-28] (LXD Development, Inc.)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-05-28] ()
S1 hwinterface; C:\Windows\SysWOW64\Drivers\hwinterface.sys [3026 2015-05-07] (Logix4u) [File not signed]
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-10] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-10] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-10] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-10] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [49936 2014-12-31] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-10] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-10] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-10] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-10] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-10] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-10] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-10] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-10] (Panda Security, S.L.)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-12] (CACE Technologies, Inc.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2015-02-12] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-12] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-10] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-12] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-12] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-12] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-01-30] (Panda Security, S.L.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-05-28] ()
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [116296 2014-10-11] (Oracle Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X]
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 ewusbmbb; \SystemRoot\system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 23:38 - 2015-05-28 23:38 - 00002244 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-28 23:38 - 2015-05-28 23:38 - 00002244 _____ () C:\ProgramData\Desktop\Google Chrome.lnk
2015-05-28 23:38 - 2015-05-28 23:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-28 23:38 - 2015-05-28 23:38 - 00000000 ____D () C:\Program Files (x86)\GUM8B9F.tmp
2015-05-28 23:35 - 2015-05-28 23:35 - 00001477 _____ () C:\Users\Home\Desktop\JRT.txt
2015-05-28 23:33 - 2015-05-28 23:33 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-HOME-PC-Windows-8.1-Pro-(64-bit).dat
2015-05-28 23:33 - 2015-05-28 23:33 - 00000000 ____D () C:\RegBackup
2015-05-28 23:12 - 2015-05-28 23:12 - 02947143 _____ (Thisisu) C:\Users\Home\Desktop\JRT.exe
2015-05-28 22:57 - 2015-05-28 23:09 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-05-28 22:57 - 2015-05-28 22:57 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-05-28 21:15 - 2015-05-28 21:15 - 00040487 _____ () C:\Users\Home\Desktop\Addition.txt
2015-05-28 21:14 - 2015-05-29 07:40 - 00021350 _____ () C:\Users\Home\Desktop\FRST.txt
2015-05-28 21:13 - 2015-05-28 21:13 - 00002259 _____ () C:\WINDOWS\epplauncher.mif
2015-05-28 20:49 - 2015-05-29 07:40 - 00000000 ____D () C:\FRST
2015-05-28 20:49 - 2015-05-28 20:49 - 02108928 _____ (Farbar) C:\Users\Home\Desktop\FRST64.exe
2015-05-28 20:24 - 2015-05-28 20:24 - 00043664 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-05-28 20:21 - 2015-05-28 20:21 - 00085578 _____ () C:\WINDOWS\system32\.crusader
2015-05-28 20:20 - 2015-05-28 20:20 - 00114978 _____ () C:\Users\Home\Documents\HitmanPro_20150528_2020.log
2015-05-28 20:10 - 2015-05-28 20:21 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-05-28 17:57 - 2015-05-28 19:20 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2015-05-28 17:57 - 2015-05-28 19:19 - 00000000 ____D () C:\sh4ldr
2015-05-28 17:56 - 2015-05-28 19:19 - 00000000 ____D () C:\WINDOWS\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2015-05-28 16:28 - 2015-05-28 23:09 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-28 16:27 - 2015-05-28 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-28 16:27 - 2015-05-28 16:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-28 16:27 - 2015-05-28 16:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-28 16:27 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-05-28 16:27 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-28 16:27 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-05-26 09:02 - 2015-05-26 09:02 - 00001041 _____ () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Captcha.lnk
2015-05-24 15:07 - 2015-05-29 07:34 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1415457942-1267786245-2192413135-1001
2015-05-24 15:02 - 2015-01-30 00:21 - 00061712 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2015-05-24 14:56 - 2015-05-28 23:28 - 00000000 ____D () C:\AdwCleaner
2015-05-24 14:25 - 2015-05-24 14:25 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Panda Security
2015-05-24 14:24 - 2015-05-24 14:26 - 00002217 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus.lnk
2015-05-24 14:24 - 2015-05-24 14:25 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-05-24 14:24 - 2015-05-24 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-05-24 14:23 - 2015-05-24 14:25 - 00000000 ____D () C:\ProgramData\Panda Security
2015-05-24 12:53 - 2015-05-24 12:53 - 00000000 _____ () C:\autoexec.bat
2015-05-22 14:46 - 2015-05-22 14:46 - 01081072 _____ (Unity Technologies ApS) C:\Users\Home\Downloads\UnityWebPlayer.exe
2015-05-20 10:10 - 2015-05-20 10:12 - 00000000 ____D () C:\murottal
2015-05-19 12:54 - 2015-05-19 12:54 - 00000000 _____ () C:\Users\Home\AppData\Local\Temp.dat
2015-05-12 22:54 - 2011-10-24 11:04 - 00223232 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_quusbmdm.sys
2015-05-12 22:54 - 2011-10-24 10:51 - 00116864 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_usbdev.sys
2015-05-12 22:54 - 2010-02-19 06:00 - 01533512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFUpdate_01007.dll
2015-05-12 22:54 - 2010-02-19 06:00 - 00708168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WinUSBCoInstaller.dll
2015-05-07 21:02 - 2015-05-07 21:02 - 00003026 _____ (Logix4u) C:\WINDOWS\SysWOW64\Drivers\hwinterface.sys
2015-05-07 21:02 - 2015-05-07 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aplikasi Pengusir Nyamuk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-29 07:16 - 2014-06-27 22:11 - 01751563 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-29 07:00 - 2013-08-22 22:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-29 06:55 - 2015-04-25 15:47 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-28 23:38 - 2014-06-27 08:20 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-28 23:29 - 2013-08-22 21:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-28 23:28 - 2013-08-22 20:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-28 21:33 - 2014-06-27 08:39 - 00000000 ____D () C:\Users\Home\AppData\Roaming\DMCache
2015-05-28 21:31 - 2014-06-27 08:34 - 00000000 ____D () C:\Program Files\OblyTile
2015-05-28 21:29 - 2014-09-08 18:24 - 00000000 ____D () C:\Users\Home\AppData\Roaming\MultiBit
2015-05-28 20:23 - 2014-06-27 22:05 - 00035054 _____ () C:\WINDOWS\PFRO.log
2015-05-28 20:21 - 2015-03-27 13:48 - 00000000 ____D () C:\Users\Home\Downloads\langsung guak
2015-05-28 20:11 - 2015-01-01 23:23 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-05-28 20:10 - 2014-11-16 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-05-28 20:10 - 2014-11-16 11:54 - 00000000 ____D () C:\Program Files\Oracle
2015-05-28 20:09 - 2015-01-19 21:32 - 00000000 ____D () C:\Users\Home\AppData\Local\Deployment
2015-05-28 20:09 - 2014-11-25 19:39 - 00000000 ____D () C:\Program Files (x86)\Naver
2015-05-28 20:00 - 2015-02-14 21:28 - 00000000 ____D () C:\Users\Home\Documents\KONAMI
2015-05-28 19:47 - 2014-11-21 15:17 - 00000000 ____D () C:\Program Files\PowerISO
2015-05-28 19:02 - 2014-06-27 08:16 - 00000000 ____D () C:\Users\Home
2015-05-28 18:36 - 2014-07-03 23:49 - 00007599 _____ () C:\Users\Home\AppData\Local\Resmon.ResmonCfg
2015-05-28 17:58 - 2014-09-26 00:52 - 00000000 ____D () C:\Users\Home\AppData\Local\Battle.net
2015-05-28 16:52 - 2014-07-14 02:34 - 00000000 ____D () C:\Users\Home\AppData\Local\26159
2015-05-28 16:51 - 2014-06-27 08:17 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-28 16:47 - 2013-08-22 21:46 - 00016988 _____ () C:\WINDOWS\setupact.log
2015-05-28 16:22 - 2013-08-22 22:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-05-27 01:27 - 2014-07-08 08:54 - 00000000 ____D () C:\Users\Home\AppData\Roaming\vlc
2015-05-26 12:38 - 2014-06-27 08:39 - 00000000 ____D () C:\Users\Home\Downloads\Video
2015-05-25 13:03 - 2015-01-30 18:03 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-24 15:01 - 2013-08-22 21:44 - 00392416 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-24 14:58 - 2015-02-12 09:12 - 00001198 _____ () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2015-05-24 14:58 - 2015-01-15 10:59 - 00000780 _____ () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\firefox.lnk
2015-05-24 14:58 - 2014-06-27 08:28 - 00001227 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Feature Mananger.lnk
2015-05-24 14:58 - 2014-06-27 08:17 - 00001004 _____ () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-24 14:41 - 2015-02-09 09:31 - 00000000 ____D () C:\WINDOWS\SysWOW64\HavijPro
2015-05-24 12:51 - 2014-06-27 08:20 - 00000000 ____D () C:\Users\Home\AppData\Local\Google
2015-05-24 12:24 - 2015-01-15 10:57 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Mozilla
2015-05-24 11:59 - 2014-06-27 08:52 - 00000000 ____D () C:\Program Files\KMSpico
2015-05-23 13:44 - 2014-07-03 19:43 - 00000000 ____D () C:\Users\Home\AppData\Roaming\MultiDoge
2015-05-20 07:07 - 2013-08-22 22:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-19 13:08 - 2014-12-05 08:17 - 00000000 ____D () C:\WINDOWS\Minidump
2015-05-19 13:08 - 2014-06-30 08:44 - 00000000 ____D () C:\Users\Home\AppData\Roaming\uTorrent
2015-05-18 05:39 - 2013-08-22 22:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-12 23:32 - 2014-06-27 08:39 - 00000000 ____D () C:\Users\Home\Downloads\Compressed
2015-05-01 16:02 - 2014-07-19 14:52 - 00000000 ____D () C:\Users\Home\AppData\Roaming\dvdcss

==================== Files in the root of some directories =======

2015-02-22 09:32 - 2015-03-12 06:53 - 0000079 _____ () C:\Users\Home\AppData\Roaming\captchakey
2014-07-03 23:49 - 2015-05-28 18:36 - 0007599 _____ () C:\Users\Home\AppData\Local\Resmon.ResmonCfg
2015-05-19 12:54 - 2015-05-19 12:54 - 0000000 _____ () C:\Users\Home\AppData\Local\Temp.dat
2014-10-11 17:08 - 2014-10-11 17:08 - 0000003 _____ () C:\Users\Home\AppData\Local\updater.log
2014-10-11 17:08 - 2015-04-23 05:46 - 0000424 _____ () C:\Users\Home\AppData\Local\UserProducts.xml

Some files in TEMP:
====================
C:\Users\Home\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Home\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2gjrzn.dll
C:\Users\Home\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnwguld.dll
C:\Users\Home\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\Home\AppData\Local\Temp\Quarantine.exe
C:\Users\Home\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-25 11:01

==================== End of log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by Home at 2015-05-29 07:40:56
Running from C:\Users\Home\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1415457942-1267786245-2192413135-500 - Administrator - Disabled)
Guest (S-1-5-21-1415457942-1267786245-2192413135-501 - Limited - Enabled)
Home (S-1-5-21-1415457942-1267786245-2192413135-1001 - Administrator - Enabled) => C:\Users\Home

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {5FD6C936-849B-5CE2-14BA-709E1D6FD1DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Enabled - Up to date) {E4B728D2-A2A1-536C-2E0A-4BEC66E89B67}
FW: Panda Firewall (Disabled) {67ED4813-CEF4-5DBA-3FE5-D9ABE3BC96A1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{13351E83-6DCD-4E97-2A8C-5D496259A47F}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AQUILA-X Gaming Mouse (HKLM-x32\...\{B1669080-7C2D-4BA9-AB6F-FD6A4B0CE8AF}) (Version: 1.00 - Gaming Mouse)
AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
CleanMem (HKLM-x32\...\CleanMem) (Version: v2.4.3 - PcWinTech.com)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dropbox (HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.0 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
KMSpico v9.3 (HKLM\...\KMSpico_is1) (Version: 9.3 - )
Lightshot-5.2.1.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.2.1.1 - Skillbrains)
Livestreamer 1.12.1 (HKLM-x32\...\Livestreamer) (Version: - )
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Max Recorder (HKLM-x32\...\Max Recorder) (Version: 1.026.0.0 - Silver Vine, LLC)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
MultiBit 0.5.18 (HKLM-x32\...\MultiBit 0.5.18) (Version: 0.5.18 - )
MultiDoge 0.1.2 (HKLM-x32\...\MultiDoge 0.1.2) (Version: 0.1.2 - )
MultiDoge 0.1.3 (HKLM-x32\...\MultiDoge 0.1.3) (Version: 0.1.3 - )
MultiDoge 0.1.4 (HKLM-x32\...\MultiDoge 0.1.4) (Version: 0.1.4 - )
OpenVPN 2.3.4-I005 (HKLM\...\OpenVPN) (Version: 2.3.4-I005 - )
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.01.00.0000 - Panda Security)
Panda Free Antivirus (Version: 7.81.00.0000 - Panda Security) Hidden
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Pro Evolution Soccer 2015 (HKLM-x32\...\UHJvRXZvbHV0aW9uU29jY2VyMjAxNQ==_is1) (Version: 1 - )
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
SMPlayer 14.3.0 (HKLM-x32\...\SMPlayer) (Version: 14.3.0 - Ricardo Villalba)
Stamina 2.5 (HKLM-x32\...\Stamina) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
System Requirements Lab Detection (HKLM-x32\...\{12BEDCF6-A533-4943-ADC8-9CF4759102C4}) (Version: 6.1.1.0 - Husdawg, LLC)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Ultra Street Fighter IV (HKLM-x32\...\Steam App 45760) (Version: - Capcom)
Ultra Street Fighter IV (HKLM-x32\...\VWx0cmFTdHJlZXRGaWdodGVySVY=_is1) (Version: 1 - )
Unity Web Player (HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\UnityWebPlayer) (Version: 4.6.5f1 - Unity Technologies ApS)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.56 - Nullsoft, Inc)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.10 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 20:25 - 2013-08-22 20:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0EB26E79-DB36-4C28-906B-3780F18CF767} - \AutoPico Daily Restart No Task File <==== ATTENTION
Task: {27CE2D81-430E-45EB-A0D0-BE88E0691AF5} - \CleanMem Mini Monitor No Task File <==== ATTENTION
Task: {447F9C85-5D06-4258-B04E-6FB3E071A2FE} - \Clean System Memory No Task File <==== ATTENTION
Task: {59AD778A-DA10-49A2-9ADA-7ED2766CCC49} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {CB5B039D-B803-4BE7-B3C4-47A8C47EE0DC} - \Adobe Flash Player Updater No Task File <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2013-04-13 00:23 - 2013-04-13 00:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2015-01-01 22:58 - 2015-04-17 00:40 - 00776192 _____ () E:\Steam\SDL2.dll
2015-01-23 12:33 - 2015-04-23 09:16 - 04962816 _____ () E:\Steam\v8.dll
2015-01-01 22:58 - 2015-05-15 08:58 - 02396352 _____ () E:\Steam\video.dll
2015-01-23 12:33 - 2015-04-23 09:16 - 01556992 _____ () E:\Steam\icui18n.dll
2015-01-23 12:33 - 2015-04-23 09:16 - 01187840 _____ () E:\Steam\icuuc.dll
2015-01-01 22:58 - 2014-12-02 04:31 - 02396672 _____ () E:\Steam\libavcodec-56.dll
2015-01-01 22:58 - 2014-12-02 04:31 - 00479744 _____ () E:\Steam\libavformat-56.dll
2015-01-01 22:58 - 2014-12-02 04:31 - 00332800 _____ () E:\Steam\libavresample-2.dll
2015-01-01 22:58 - 2014-12-02 04:31 - 00442880 _____ () E:\Steam\libavutil-54.dll
2015-01-01 22:58 - 2014-12-02 04:31 - 00485888 _____ () E:\Steam\libswscale-3.dll
2015-01-01 22:58 - 2015-05-15 08:57 - 00703168 _____ () E:\Steam\bin\chromehtml.DLL
2015-01-01 22:58 - 2015-05-12 02:01 - 36302728 _____ () E:\Steam\bin\libcef.dll
2015-05-14 09:02 - 2015-05-12 02:01 - 08958344 _____ () E:\Steam\bin\pdf.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:41ADDB8A
AlternateDataStreams: C:\ProgramData\TEMP:A064CECC
AlternateDataStreams: C:\Users\Home\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\Control Panel\Desktop\\Wallpaper -> E:\Wpp\068 - TlnW6at.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AIPS => 2
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdUpdaterSvc => 2
MSCONFIG\Services: Freemake Improver => 2
MSCONFIG\Services: FreemakeVideoCapture => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HWDeviceService64.exe => 2
MSCONFIG\Services: IHProtect Service => 2
MSCONFIG\Services: OpenVPNService => 3
MSCONFIG\Services: Service KMSELDI => 2
MSCONFIG\Services: Smartfren Connex EC176-2 UI. RunOuc => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: VIAKaraokeService => 2
HKLM\...\StartupApproved\StartupFolder: => "IML64.lnk"
HKLM\...\StartupApproved\Run: => "HDAudDeck"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "GamingMouseG7"
HKLM\...\StartupApproved\Run32: => "DFX"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKLM\...\StartupApproved\Run32: => "Lightshot"
HKLM\...\StartupApproved\Run32: => "wmagent.exe"
HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\StartupApproved\StartupFolder: => "Rainmeter.lnk"
HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\StartupApproved\StartupFolder: => "Y210 Recovery Installer.rar.lnk"
HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\StartupApproved\Run: => "GarenaPlus"
HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\StartupApproved\Run: => "LightShot"
HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\StartupApproved\Run: => "Google Update"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{21FF6A40-D8F3-456D-970C-8F505FA2C614}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{3FE4EC6A-EF6B-44B2-87C1-070060C8966D}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{FB71492F-9DF2-4B67-825A-B7D42ACF0F6A}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{F76A451B-89E6-4754-850B-17B69F09EEE2}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{E685BA33-3BC6-47F8-AFDB-A3C183EE8377}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{94425F9B-7557-4EC8-ABDB-D77B3B4D4691}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{2154C88C-6469-44F1-9CDF-F5E73DA7CB8E}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{334649D7-D60B-40FC-9F85-8E2EAD57E41A}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{CAECAB55-50F9-47C1-A6AC-DE697FB329A6}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{4B9CD4CB-50FF-4838-B5D2-584C4D2D853C}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{EF0235A4-5640-48E3-9AF6-04E9ED63C66E}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{7AD50298-18DA-4308-831F-1EEA7BB46949}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{B89203A9-5D30-424C-820B-16CDFF21391B}] => (Allow) C:\Users\Home\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{ACA168C8-9478-4EA3-A398-9B4BB1BE9455}] => (Allow) C:\Users\Home\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{8C63B07D-5564-4A36-B298-A2E5C60CA60F}D:\e\arcpool\arcpool\arcade pool ii.exe] => (Block) D:\e\arcpool\arcpool\arcade pool ii.exe
FirewallRules: [UDP Query User{ACF602FF-D995-4984-BC9C-58B9E47ACCC5}D:\e\arcpool\arcpool\arcade pool ii.exe] => (Block) D:\e\arcpool\arcpool\arcade pool ii.exe
FirewallRules: [TCP Query User{3BAA030D-D3AF-4D64-B501-631FA0EE523C}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{F4964EA6-EC34-4A50-A9C7-67C0B7E85288}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{D890B9E9-0CA9-4A17-9EA4-012E3F08EDF5}D:\locker\prog\handycacherc3.1.0.0.268\handycache.exe] => (Allow) D:\locker\prog\handycacherc3.1.0.0.268\handycache.exe
FirewallRules: [UDP Query User{067C2261-AD86-4DE1-BA9C-3D7362B845DC}D:\locker\prog\handycacherc3.1.0.0.268\handycache.exe] => (Allow) D:\locker\prog\handycacherc3.1.0.0.268\handycache.exe
FirewallRules: [TCP Query User{7D10BC07-A79B-4CC3-92F2-A8006B0C8772}D:\control panel.{21ec2020-3aea-1069-a2dd-08002b30309d}\prog\handycacherc3.1.0.0.268\handycache.exe] => (Allow) D:\control panel.{21ec2020-3aea-1069-a2dd-08002b30309d}\prog\handycacherc3.1.0.0.268\handycache.exe
FirewallRules: [UDP Query User{6BA92B5F-1CCB-4642-96DE-C27F2ACCA754}D:\control panel.{21ec2020-3aea-1069-a2dd-08002b30309d}\prog\handycacherc3.1.0.0.268\handycache.exe] => (Allow) D:\control panel.{21ec2020-3aea-1069-a2dd-08002b30309d}\prog\handycacherc3.1.0.0.268\handycache.exe
FirewallRules: [{D7374DC1-117B-476E-9D2B-8894A7C1DEE9}] => (Block) D:\control panel.{21ec2020-3aea-1069-a2dd-08002b30309d}\prog\handycacherc3.1.0.0.268\handycache.exe
FirewallRules: [{5BDBAB66-3A1B-45AE-8005-F5137C03FA28}] => (Block) D:\control panel.{21ec2020-3aea-1069-a2dd-08002b30309d}\prog\handycacherc3.1.0.0.268\handycache.exe
FirewallRules: [TCP Query User{9930AED4-962D-4643-9F7A-C4FB819CA5DF}D:\ro2\hc\handycache.exe] => (Allow) D:\ro2\hc\handycache.exe
FirewallRules: [UDP Query User{2942EC3B-F09E-4818-ABE9-6B33C41A56DC}D:\ro2\hc\handycache.exe] => (Allow) D:\ro2\hc\handycache.exe
FirewallRules: [{6469D9CD-2278-4E4D-B3E7-BD21EB2A39E9}] => (Block) D:\ro2\hc\handycache.exe
FirewallRules: [{60A4CCA8-119D-4819-A2F0-1D26777F75CD}] => (Block) D:\ro2\hc\handycache.exe
FirewallRules: [TCP Query User{6D27FDF9-847C-4127-8E4D-5497712DC5FD}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{86C52BFB-048B-4B9B-84D5-2229F4A833B4}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{A47F65BE-BD16-41DB-945F-2922ECDA2437}D:\locker\gam\dragon's tale\eclient.exe] => (Allow) D:\locker\gam\dragon's tale\eclient.exe
FirewallRules: [UDP Query User{313503B7-B313-4C36-B9CD-AA7C2483E6F1}D:\locker\gam\dragon's tale\eclient.exe] => (Allow) D:\locker\gam\dragon's tale\eclient.exe
FirewallRules: [{0A94E464-E541-44A3-AD3D-631FA47907CE}] => (Allow) C:\Users\Home\Downloads\LoLInstaller.exe
FirewallRules: [{D472746F-2A65-4747-80BC-3AA3665643EF}] => (Allow) C:\Users\Home\Downloads\LoLInstaller.exe
FirewallRules: [{94483A90-8A33-45DC-B61B-3AE1E7798600}] => (Allow) C:\GarenaDownload\Games\lolid\lolidInstaller.exe
FirewallRules: [{450EC6DB-49A8-470A-ABC4-6F52EB2C6E3F}] => (Allow) C:\GarenaDownload\Games\lolid\lolidInstaller.exe
FirewallRules: [{50D9FC16-190E-4BF2-A1DE-F4F5303F5E49}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{7794820F-1629-4054-A9DD-EE8E27E9E50D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{68647CBA-9D47-46F2-A105-9E74102B4E73}] => (Allow) E:\HearthStone\Battle.net\Battle.net.exe
FirewallRules: [{9E94CF76-47B9-41E7-ADA8-064DD78BBB09}] => (Allow) E:\HearthStone\Battle.net\Battle.net.exe
FirewallRules: [{EB8F8E12-67C3-4A47-8BD9-6F892A9D2AA1}] => (Allow) E:\HearthStone\Hearthstone\Hearthstone.exe
FirewallRules: [{C87D17CE-265E-4923-A2F0-DA691FC8E551}] => (Allow) E:\HearthStone\Hearthstone\Hearthstone.exe
FirewallRules: [{C42073C2-F2E9-475B-8F61-25DD60A87D2E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{A042371C-948F-4B3B-9CCA-4736912672A2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{36751F19-BD5D-47FB-A5C8-7D6C794B08D1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{6642DF43-62B2-4800-A273-68119F815704}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{E360AF24-361D-4F3F-B921-25887D4FA383}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{F0A03AA1-CDCB-4A6A-9CCA-F2C8021476E9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [TCP Query User{8B234DA7-35DB-4521-8CE6-8340D8D1BA4C}C:\programdata\battle.net\agent\agent.3507\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3507\agent.exe
FirewallRules: [UDP Query User{165FA3E9-7ADD-45DB-88DA-7F4615D86727}C:\programdata\battle.net\agent\agent.3507\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3507\agent.exe
FirewallRules: [{6A2FE460-F822-4949-87F3-C3D44F03673B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{B3D45FE7-1BC8-4FE6-9CE8-C3A472C0CCD3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [TCP Query User{48165FF4-C9B0-4D74-9406-BD26DF631DC4}E:\hearthstone\hearthstone\hearthstone.exe] => (Allow) E:\hearthstone\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{3CCD4E59-A199-4AE8-9F31-797B45898AF1}E:\hearthstone\hearthstone\hearthstone.exe] => (Allow) E:\hearthstone\hearthstone\hearthstone.exe
FirewallRules: [{F95BD2B2-C2AE-4731-A07E-17E25022A7C6}] => (Allow) E:\HearthStone\StarCraft II\StarCraft II.exe
FirewallRules: [{48209402-0BD4-45FE-8031-2A4287968FFA}] => (Allow) E:\HearthStone\StarCraft II\StarCraft II.exe
FirewallRules: [TCP Query User{79AFE7A0-7E1E-4EA1-8B9E-0B36E10FCC0F}E:\hearthstone\starcraft ii\versions\base32283\sc2.exe] => (Allow) E:\hearthstone\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [UDP Query User{64D59B9B-A39E-4861-AFA1-55D2817F28FE}E:\hearthstone\starcraft ii\versions\base32283\sc2.exe] => (Allow) E:\hearthstone\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [{585B90E4-4987-4B64-9E3E-F40E6EC42D2D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{E0065EA1-EB81-4EE0-B8A3-1F75F96C26F2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [TCP Query User{98CA78CD-51BA-4B9F-9447-7CE99ADC3A11}E:\xde\xdecoin-qt.exe] => (Allow) E:\xde\xdecoin-qt.exe
FirewallRules: [UDP Query User{16FA63CF-80AA-4C1D-A21D-ECB545C2D59F}E:\xde\xdecoin-qt.exe] => (Allow) E:\xde\xdecoin-qt.exe
FirewallRules: [{DC6F768E-AF80-420F-AAD0-77E349CF3802}] => (Block) E:\xde\xdecoin-qt.exe
FirewallRules: [{502EF45C-C6D8-4CB1-B52D-56A0223587E1}] => (Block) E:\xde\xdecoin-qt.exe
FirewallRules: [{453B369F-E545-40FC-92CE-F8CD91D154A5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{B3E2E85C-4F92-4B8C-840D-EE588D2BC83C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{1A38FE85-AE11-4A00-8F4A-3DDE0CEC869B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{1C01CEC5-EF88-4DB5-BA21-D8129E6FF7BD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{E4F37EA0-085A-4DD4-B0B4-E0C869EC0A1B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{A56F1BD3-565D-4A9A-878A-662A9811FB4B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{8E383BA4-02A5-4964-9F56-5DB1C72797D2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{AD3C4114-8197-4CD0-9200-7582071EA11B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [TCP Query User{210CC0D1-7939-405D-B290-10A69EE11CE0}D:\local disk e_112015848\hearthstone\hearthstone\hearthstone.exe] => (Allow) D:\local disk e_112015848\hearthstone\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{623A8C16-23E4-4565-BABC-3CEFA2295807}D:\local disk e_112015848\hearthstone\hearthstone\hearthstone.exe] => (Allow) D:\local disk e_112015848\hearthstone\hearthstone\hearthstone.exe
FirewallRules: [{11AEF7FD-44E9-4E82-B6DC-9B136E93D6B5}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{7086952A-515E-4E07-8F16-BA89E7A77460}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{3086A77E-94A6-400F-9CF3-89A4EEE332B3}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{AF3022C5-B984-444A-B61D-18CB79F60136}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{F11A6B78-0049-45C3-B37B-0253C81B2E89}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{711907E0-C5AC-4EAB-970B-AE4AC90F64FB}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{97B69781-FF32-41BF-8CE2-7DBFE127DFD6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{9338A320-AA4B-4A97-B28F-9C13BDAFC241}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{DE9CFB51-B749-4821-A0EF-D28CA5A935F9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{593D8951-231B-4579-9C40-4F6671E5EDCA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{DA8796A6-1F22-44DC-96A0-CBFA40BFEACC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{F05D071D-5572-429F-8495-0F4893A2F7D8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{EA6C4745-D480-43F6-9AD7-CC7520A2A900}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{9E6F0476-CE39-4D01-BCAB-F8F4FB432F97}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{798CF340-621E-4855-A529-276A12C0B6BF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{A9E92156-A2B6-499D-9191-0521F69197CB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [TCP Query User{A09D91C7-9471-4558-9EDD-F80B5192953A}E:\iti\iticoin-qt.exe] => (Allow) E:\iti\iticoin-qt.exe
FirewallRules: [UDP Query User{5FB1D89B-7EC7-4B1F-BE94-E5EC5232C022}E:\iti\iticoin-qt.exe] => (Allow) E:\iti\iticoin-qt.exe
FirewallRules: [{ACA246E7-FA0F-4895-BCCF-21D6A772BBE0}] => (Block) E:\iti\iticoin-qt.exe
FirewallRules: [{855CE4D3-75EE-4403-BA50-81876709823F}] => (Block) E:\iti\iticoin-qt.exe
FirewallRules: [TCP Query User{17366C22-BBFD-4138-8E6D-2AE8902840B9}C:\program files (x86)\pro evolution soccer 2015\pes2015.exe] => (Block) C:\program files (x86)\pro evolution soccer 2015\pes2015.exe
FirewallRules: [UDP Query User{4824CFB5-9E98-4BF5-B603-D96ACC234A3F}C:\program files (x86)\pro evolution soccer 2015\pes2015.exe] => (Block) C:\program files (x86)\pro evolution soccer 2015\pes2015.exe
FirewallRules: [TCP Query User{4FE08B28-902B-42BA-A1AB-114D251733EB}D:\ro2\handycacherc3.1.0.0.268\handycache.exe] => (Allow) D:\ro2\handycacherc3.1.0.0.268\handycache.exe
FirewallRules: [UDP Query User{2E3B72F6-8113-429B-A120-FC94FCCE6EFD}D:\ro2\handycacherc3.1.0.0.268\handycache.exe] => (Allow) D:\ro2\handycacherc3.1.0.0.268\handycache.exe
FirewallRules: [{8F5B6030-F946-4BCF-BDE4-FC1CF75D802B}] => (Allow) C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{CB73DE48-5458-4002-970E-18307CF6C294}] => (Allow) C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7FDF9642-453D-4299-8A63-73A766CA154E}] => (Allow) C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{318A2A3D-0667-46A6-BC2A-6C898FE9E81D}] => (Allow) C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{34712F63-914B-4AF1-A9AF-7BD186EB4FB9}] => (Allow) E:\adsdasd\fo3idInstaller.exe
FirewallRules: [{EA38938E-CCE5-4789-BFCB-8ED0F4BC0494}] => (Allow) E:\adsdasd\fo3idInstaller.exe
FirewallRules: [{5CAC08A4-FB19-406E-978F-32FEBFCA9202}] => (Allow) E:\Steam\steamapps\common\FreeStyle2\LauncherSteam.exe
FirewallRules: [{64B4BA64-A93B-4045-8A4B-09D523F924C7}] => (Allow) E:\Steam\steamapps\common\FreeStyle2\LauncherSteam.exe
FirewallRules: [TCP Query User{1C9C0C53-8C01-43E0-9DDC-27DBE3E95BC6}E:\steam\steamapps\common\freestyle2\freestyle2.exe] => (Allow) E:\steam\steamapps\common\freestyle2\freestyle2.exe
FirewallRules: [UDP Query User{1F538570-2D24-4753-87A8-1693AF42A222}E:\steam\steamapps\common\freestyle2\freestyle2.exe] => (Allow) E:\steam\steamapps\common\freestyle2\freestyle2.exe
FirewallRules: [{C3D3C9CA-F7DA-477F-B1BA-177AE80FA096}] => (Block) E:\steam\steamapps\common\freestyle2\freestyle2.exe
FirewallRules: [{1B3A3CDE-316A-4930-8240-6E4077C4C44E}] => (Block) E:\steam\steamapps\common\freestyle2\freestyle2.exe
FirewallRules: [{D0EF86ED-9244-4CDC-8F53-1B8482D60745}] => (Allow) E:\Steam\steamapps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
FirewallRules: [{C91CAB48-35C5-4F8C-B0C5-DA18EE821977}] => (Allow) E:\Steam\steamapps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
FirewallRules: [TCP Query User{4838ADF0-25EB-41AD-82CF-84661998D678}C:\program files (x86)\pro evolution soccer 2015\pes2015.exe] => (Block) C:\program files (x86)\pro evolution soccer 2015\pes2015.exe
FirewallRules: [UDP Query User{A3F305CC-37A1-4F67-83BC-F85D1553952D}C:\program files (x86)\pro evolution soccer 2015\pes2015.exe] => (Block) C:\program files (x86)\pro evolution soccer 2015\pes2015.exe

==================== Faulty Device Manager Devices =============

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/29/2015 07:40:06 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 27.5.2015.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f58

Start Time: 01d099a7e411c5c4

Termination Time: 4294967295

Application Path: C:\Users\Home\Desktop\FRST64.exe

Report Id: 38f66cb2-059b-11e5-8400-1078d241dde7

Faulting package full name:

Faulting package-relative application ID:

Error: (05/29/2015 07:37:26 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for E:\Steam\steam.exe

Error: (05/28/2015 09:13:25 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: HOME-PC)
Description: HRESULT:0x8004FF6F
Description:You don’t need to install Microsoft Security Essentials. Your version of Windows includes an updated version of Windows Defender that provides the same level of protection as Microsoft Security Essentials, along with other significant improvements. <a>For more information on the differences and improvements, see online Help</a>. Error code:0x8004FF6F.

Error: (05/28/2015 08:57:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/28/2015 08:57:01 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {6414cd97-1be6-4133-818a-84798866cb08}

Error: (05/28/2015 08:48:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/28/2015 08:42:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/28/2015 08:42:03 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {6414cd97-1be6-4133-818a-84798866cb08}

Error: (05/28/2015 08:21:48 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Home\Downloads\Programs\HitmanPro_x64.exe ; Description = Checkpoint by HitmanPro; Error = 0x8007043c).

Error: (05/28/2015 08:21:00 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Home\Downloads\Programs\HitmanPro_x64.exe ; Description = Checkpoint by HitmanPro; Error = 0x8007043c).


System errors:
=============
Error: (05/29/2015 07:35:50 AM) (Source: DCOM) (EventID: 10010) (User: HOME-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (05/29/2015 07:35:20 AM) (Source: DCOM) (EventID: 10010) (User: HOME-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/29/2015 00:19:37 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (05/29/2015 00:10:55 AM) (Source: DCOM) (EventID: 10010) (User: HOME-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (05/29/2015 00:10:24 AM) (Source: DCOM) (EventID: 10010) (User: HOME-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/28/2015 11:33:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (05/28/2015 11:33:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Panda Devices Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (05/28/2015 11:33:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/28/2015 11:33:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (05/28/2015 11:33:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office:
=========================
Error: (05/29/2015 07:40:06 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe27.5.2015.1f5801d099a7e411c5c44294967295C:\Users\Home\Desktop\FRST64.exe38f66cb2-059b-11e5-8400-1078d241dde7

Error: (05/29/2015 07:37:26 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Failed to add firewall exception for E:\Steam\steam.exe

Error: (05/28/2015 09:13:25 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: HOME-PC)
Description: HRESULT:0x8004FF6F
Description:You don’t need to install Microsoft Security Essentials. Your version of Windows includes an updated version of Windows Defender that provides the same level of protection as Microsoft Security Essentials, along with other significant improvements. <a>For more information on the differences and improvements, see online Help</a>. Error code:0x8004FF6F.

Error: (05/28/2015 08:57:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (05/28/2015 08:57:01 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {6414cd97-1be6-4133-818a-84798866cb08}

Error: (05/28/2015 08:48:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (05/28/2015 08:42:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (05/28/2015 08:42:03 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {6414cd97-1be6-4133-818a-84798866cb08}

Error: (05/28/2015 08:21:48 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Users\Home\Downloads\Programs\HitmanPro_x64.exe Checkpoint by HitmanPro0x8007043c

Error: (05/28/2015 08:21:00 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Users\Home\Downloads\Programs\HitmanPro_x64.exe Checkpoint by HitmanPro0x8007043c


==================== Memory info ===========================

Processor: AMD A4-3300 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 34%
Total physical RAM: 3561.99 MB
Available physical RAM: 2341.9 MB
Total Pagefile: 6121.99 MB
Available Pagefile: 4595.51 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (Win 8) (Fixed) (Total:50.01 GB) (Free:15.12 GB) NTFS
Drive d: (Data) (Fixed) (Total:117.42 GB) (Free:11.17 GB) NTFS
Drive e: (BBB) (Fixed) (Total:200.58 GB) (Free:89.64 GB) NTFS
Drive g: (Windows 7) (Fixed) (Total:97.66 GB) (Free:21.32 GB) NTFS
Drive h: (NEW) (CDROM) (Total:3.28 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: FC5F84F5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=318 GB) - (Type=OF Extended)

==================== End of log ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    4.3 KB · Views: 4
Thank you


Fix result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by Home at 2015-05-29 09:45:58 Run:1
Running from C:\Users\Home\Desktop
Loaded Profiles: Home (Available Profiles: Home)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\MountPoints2: {11851c1c-264d-11e4-82cf-1078d241dde7} - "F:\AutoRun.exe"
HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\MountPoints2: {873727fd-b3cb-11e4-83a1-1078d241dde7} - "I:\AutoRun.exe"
HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\MountPoints2: {8737283c-b3cb-11e4-83a1-1078d241dde7} - "I:\AutoRun.exe"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:50796;https=127.0.0.1:50796
RemoveProxy:
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll No File
FF Plugin HKU\S-1-5-21-1415457942-1267786245-2192413135-1001: @unity3d.com/UnityPlayer,version=1.0 -> Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR Extension: (No Name) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mppnoffgpafgpgbaigljliadgbnhljfl [2015-01-14]
C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mppnoffgpafgpgbaigljliadgbnhljfl
S4 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [X]
S2 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [X]
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [X]
S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [X]
S2 HuaweiHiSuiteService64.exe; "C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe" -/service [X]
S4 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [X]
S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [X]
S2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X]
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 ewusbmbb; \SystemRoot\system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X]
2015-02-22 09:32 - 2015-03-12 06:53 - 0000079 _____ () C:\Users\Home\AppData\Roaming\captchakey
2014-07-03 23:49 - 2015-05-28 18:36 - 0007599 _____ () C:\Users\Home\AppData\Local\Resmon.ResmonCfg
2015-05-19 12:54 - 2015-05-19 12:54 - 0000000 _____ () C:\Users\Home\AppData\Local\Temp.dat
2014-10-11 17:08 - 2014-10-11 17:08 - 0000003 _____ () C:\Users\Home\AppData\Local\updater.log
2014-10-11 17:08 - 2015-04-23 05:46 - 0000424 _____ () C:\Users\Home\AppData\Local\UserProducts.xml
C:\Users\Home\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Home\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2gjrzn.dll
C:\Users\Home\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnwguld.dll
C:\Users\Home\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\Home\AppData\Local\Temp\Quarantine.exe
C:\Users\Home\AppData\Local\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
Task: {0EB26E79-DB36-4C28-906B-3780F18CF767} - \AutoPico Daily Restart No Task File <==== ATTENTION
Task: {27CE2D81-430E-45EB-A0D0-BE88E0691AF5} - \CleanMem Mini Monitor No Task File <==== ATTENTION
Task: {447F9C85-5D06-4258-B04E-6FB3E071A2FE} - \Clean System Memory No Task File <==== ATTENTION
Task: {59AD778A-DA10-49A2-9ADA-7ED2766CCC49} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {CB5B039D-B803-4BE7-B3C4-47A8C47EE0DC} - \Adobe Flash Player Updater No Task File <==== ATTENTION
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:41ADDB8A
AlternateDataStreams: C:\ProgramData\TEMP:A064CECC
AlternateDataStreams: C:\Users\Home\SkyDrive:ms-properties


*****************

"HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11851c1c-264d-11e4-82cf-1078d241dde7}" => key Removed successfully
HKCR\CLSID\{11851c1c-264d-11e4-82cf-1078d241dde7} => key not found.
"HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{873727fd-b3cb-11e4-83a1-1078d241dde7}" => key Removed successfully
HKCR\CLSID\{873727fd-b3cb-11e4-83a1-1078d241dde7} => key not found.
"HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8737283c-b3cb-11e4-83a1-1078d241dde7}" => key Removed successfully
HKCR\CLSID\{8737283c-b3cb-11e4-83a1-1078d241dde7} => key not found.
"HKLM\SOFTWARE\Policies\Google" => key Removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value Removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value Removed successfully

========= RemoveProxy: =========

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully
HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully


========= End of RemoveProxy: =========

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}" => key Removed successfully
HKCR\Wow6432Node\CLSID\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found.
"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => key Removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin" => key Removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@t.garena.com/garenatalk" => key Removed successfully
HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\Software\MozillaPlugins\FF Plugin HKU\S-1-5-21-1415457942-1267786245-2192413135-1001: @unity3d.com/UnityPlayer,version=1.0 -> Unity\WebPlayer\loader\npUnity3D32.dll No File => key not found.
FF Plugin HKU\S-1-5-21-1415457942-1267786245-2192413135-1001: @unity3d.com/UnityPlayer,version=1.0 -> Unity\WebPlayer\loader\npUnity3D32.dll No File not found.
C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mppnoffgpafgpgbaigljliadgbnhljfl => Moved successfully.
"C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mppnoffgpafgpgbaigljliadgbnhljfl" => File/Folder not found.
AIPS => Service Removed successfully
BstHdAndroidSvc => Service Removed successfully
BstHdLogRotatorSvc => Service Removed successfully
BstHdUpdaterSvc => Service Removed successfully
HuaweiHiSuiteService64.exe => Service Removed successfully
HWDeviceService64.exe => Service Removed successfully
rpcapd => Service Removed successfully
BstHdDrv => Service Removed successfully
EagleX64 => Service Removed successfully
esgiguard => Service Removed successfully
ewusbmbb => Service Removed successfully
ew_hwusbdev => Service Removed successfully
huawei_enumerator => Service Removed successfully
hwdatacard => Service Removed successfully
C:\Users\Home\AppData\Roaming\captchakey => Moved successfully.
C:\Users\Home\AppData\Local\Resmon.ResmonCfg => Moved successfully.
C:\Users\Home\AppData\Local\Temp.dat => Moved successfully.
C:\Users\Home\AppData\Local\updater.log => Moved successfully.
C:\Users\Home\AppData\Local\UserProducts.xml => Moved successfully.
C:\Users\Home\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\Home\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2gjrzn.dll => Moved successfully.
C:\Users\Home\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnwguld.dll => Moved successfully.
C:\Users\Home\AppData\Local\Temp\EsgInstallerx64Stub.exe => Moved successfully.
C:\Users\Home\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Home\AppData\Local\Temp\sqlite3.dll => Moved successfully.
"HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0EB26E79-DB36-4C28-906B-3780F18CF767}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EB26E79-DB36-4C28-906B-3780F18CF767}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{27CE2D81-430E-45EB-A0D0-BE88E0691AF5}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27CE2D81-430E-45EB-A0D0-BE88E0691AF5}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CleanMem Mini Monitor" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{447F9C85-5D06-4258-B04E-6FB3E071A2FE}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{447F9C85-5D06-4258-B04E-6FB3E071A2FE}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Clean System Memory" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{59AD778A-DA10-49A2-9ADA-7ED2766CCC49}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59AD778A-DA10-49A2-9ADA-7ED2766CCC49}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB5B039D-B803-4BE7-B3C4-47A8C47EE0DC}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB5B039D-B803-4BE7-B3C4-47A8C47EE0DC}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => key Removed successfully
C:\Windows => ":nlsPreferences" ADS Removed successfully.
C:\ProgramData\TEMP => ":41ADDB8A" ADS Removed successfully.
C:\ProgramData\TEMP => ":A064CECC" ADS Removed successfully.
"C:\Users\Home\SkyDrive" => ":ms-properties" ADS not found.

==== End of Fixlog 09:46:01 ====
 
Last edited:
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Results of screen317's Security Check version 1.002
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Panda Free Antivirus
Windows Defender
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 40
Java version 32-bit out of Date!
Adobe Flash Player 17.0.0.169
Google Chrome (43.0.2357.81)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 17-01-2015
Ran by Home (administrator) on 29-05-2015 at 10:50:29
Running from "C:\Users\Home\Desktop"
Microsoft Windows 8.1 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
redtarget.gif
Is your Windows firewall working and on? FSS log seems to be indicating some issue.

redtarget.gif
Update Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

redtarget.gif
Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.
 
Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.


Go to Step 3 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool that the Check Disk is needed click on Do It button next to 2. Check Disk.
In that case make sure you restart computer.

p22012121.gif



Once the above is done go to Step 4 and allow it to run System File Check by clicking on Do It button:

p22012122.gif



Go to Step 5 and under "System Restore" click on Create button:

p22012123.gif



Go to Repairs tab and click Open Repairs button.

p22012124.gif


In next window....
Leave all checkmarks as they're.
Click on Start Repairs button.

p22012126.gif


Post Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
 
Tweaking.com - Windows Repair v3.2.0
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Windows 8.1 Pro
OS Architecture: 64-bit
OS Version: 6.3.9600
OS Service Pack:
Computer Name: HOME-PC
Windows Drive: C:\
Windows Path: C:\WINDOWS
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Home
Current Profile SID: S-1-5-21-1415457942-1267786245-2192413135-1001
Current Profile Classes: S-1-5-21-1415457942-1267786245-2192413135-1001_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Users\Home\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 02:53:55

Process Count: 56
Commit Total: 1.96 GB
Commit Limit: 5.85 GB
Commit Peak: 3.58 GB
Handle Count: 20615
Kernel Total: 266.59 MB
Kernel Paged: 201.71 MB
Kernel Non Paged: 64.88 MB
System Cache: 1.98 GB
Thread Count: 739
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.48 GB
Memory Used: 1.47 GB(42.2007%)
Memory Avail.: 2.01 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.48 GB
Memory Used: 1.18 GB(33.9142%)
Memory Avail.: 2.30 GB
--------------------------------------------------------------------------------

Starting Repairs...
Started at (5/30/2015 10:02:03)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 66

01 - Reset Registry Permissions
Restore Windows 8 Default Registry Permissions
Start (5/30/2015 10:02:05)


Decompressing & Updating Windows Permission File hkud.txt
Done, 0.3 seconds.


Decompressing & Updating Windows Permission File hkcu.txt
Done, 0.29 seconds.


Decompressing & Updating Windows Permission File hkcr.txt
Done, 1.25 seconds.


Decompressing & Updating Windows Permission File hklm.txt
Done, 3.25 seconds.

Running Repair Under System Account
Running Repair Under Current User Account
Done (5/30/2015 10:09:19)

03 - Reset Service Permissions
Start (5/30/2015 10:09:19)

Running Repair Under Current User Account
Running Repair Under System Account
Done (5/30/2015 10:09:29)

04 - Register System Files
Start (5/30/2015 10:09:29)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/30/2015 10:10:30)

05 - Repair WMI
Start (5/30/2015 10:10:30)

Starting Security Center So We Can Export The Security Info.

Exporting Antivirus Info...
Panda Free Antivirus Exported.
Windows Defender Exported.

Exporting AntiSpyware Info...
Windows Defender Exported.
Panda Free Antivirus Exported.

Exporting 3rd Party Firewall Info...
Panda Firewall Exported.

Running Repair Under Current User Account
Done (5/30/2015 10:17:50)

06 - Repair Windows Firewall
Start (5/30/2015 10:17:50)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/30/2015 10:18:23)

07 - Repair Internet Explorer
Start (5/30/2015 10:18:23)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/30/2015 10:18:50)

10 - Remove Policies Set By Infections
Start (5/30/2015 10:18:50)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/30/2015 10:18:55)

11 - Repair Start Menu Icons Removed By Infections
Start (5/30/2015 10:18:55)
Running Repair Under System Account
Done (5/30/2015 10:18:56)

12 - Repair Icons
Start (5/30/2015 10:18:56)
Running Repair Under Current User Account
Done (5/30/2015 10:18:57)

13 - Repair Winsock & DNS Cache
Start (5/30/2015 10:18:57)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/30/2015 10:19:12)

15 - Repair Proxy Settings
Start (5/30/2015 10:19:12)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/30/2015 10:19:14)

17 - Repair Windows Updates
Start (5/30/2015 10:19:14)
Running Repair Under Current User Account
Running Repair Under System Account
Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
Done (5/30/2015 10:19:54)

21 - Repair MSI (Windows Installer)
Start (5/30/2015 10:19:54)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/30/2015 10:20:08)

23.01 - Repair bat Association
Start (5/30/2015 10:20:08)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/30/2015 10:20:10)

23.02 - Repair cmd Association
Start (5/30/2015 10:20:10)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/30/2015 10:20:12)

23.03 - Repair com Association
Start (5/30/2015 10:20:12)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/30/2015 10:20:14)

23.04 - Repair Directory Association
Start (5/30/2015 10:20:14)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/30/2015 10:20:16)

23.05 - Repair Drive Association
Start (5/30/2015 10:20:16)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/30/2015 10:20:19)

23.06 - Repair exe Association
Start (5/30/2015 10:20:19)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/30/2015 10:20:21)

23.07 - Repair Folder Association
Start (5/30/2015 10:20:21)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/30/2015 10:20:23)

23.08 - Repair inf Association
Start (5/30/2015 10:20:23)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/30/2015 10:20:25)

23.09 - Repair lnk (Shortcuts) Association
Start (5/30/2015 10:20:25)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/30/2015 10:20:27)

23.10 - Repair msc Association
Start (5/30/2015 10:20:27)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/30/2015 10:20:30)

23.11 - Repair reg Association
Start (5/30/2015 10:20:30)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/30/2015 10:20:32)

23.12 - Repair scr Association
Start (5/30/2015 10:20:32)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/30/2015 10:20:34)

25 - Repair Print Spooler
Start (5/30/2015 10:20:34)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/30/2015 10:20:51)

26 - Restore Important Windows Services
Start (5/30/2015 10:20:51)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/30/2015 10:21:03)

27 - Set Windows Services To Default Startup
Start (5/30/2015 10:21:03)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/30/2015 10:21:07)

28.01 - Repair Windows 8 App Store
Start (5/30/2015 10:21:07)

Decompressing & Updating Windows Permission File hkcu.txt
Done, 0.25 seconds.

Running Repair Under Current User Account
Done (5/30/2015 10:22:16)

29 - Repair Windows 8 Component Store
Start (5/30/2015 10:22:16)
Running Repair Under Current User Account
Done (5/30/2015 10:36:25)

30 - Restore Windows 8 COM+ Unmarshalers
Start (5/30/2015 10:36:25)
Running Repair Under System Account
Processing ACL of: <classes_root\Unmarshalers>

SetACL finished with error(s):
SetACL error message: The call to SetNamedSecurityInfo () failed
Operating system error message: Access is denied.

Done (5/30/2015 10:36:26)

31 - Repair Windows 'New' Submenu
Start (5/30/2015 10:36:26)
Running Repair Under Current User Account
Running Repair Under System Account
Done (5/30/2015 10:36:29)

33 - Repair Performance Counters
Start (5/30/2015 10:36:29)
Running Repair Under Current User Account
Done (5/30/2015 10:36:32)

Cleaning up empty logs...

All Selected Repairs Done.
Done at (5/30/2015 10:36:32)
Total Repair Time: 00:34:31


...YOU MUST RESTART YOUR SYSTEM...
 
Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.
 
Back