Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by Home (administrator) on HOME-PC on 29-05-2015 07:40:04
Running from C:\Users\Home\Desktop
Loaded Profiles: Home (Available Profiles: Home)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Valve Corporation) E:\Steam\Steam.exe
(Valve Corporation) E:\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
Failed to access process -> FRST64.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5299320 2012-10-25] (VIA)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GamingMouseG7] => C:\Program Files (x86)\AQUILA-X Gaming Mouse\mousehid.exe [741376 2012-06-03] ()
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-18] (Panda Security, S.L.)
HKLM\...\Winlogon: [Userinit] C:\WINDOWS\SysWOW64\userinit.exe,
HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3837520 2014-06-17] (Tonec Inc.)
HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\MountPoints2: {11851c1c-264d-11e4-82cf-1078d241dde7} - "F:\AutoRun.exe"
HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\MountPoints2: {873727fd-b3cb-11e4-83a1-1078d241dde7} - "I:\AutoRun.exe"
HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\MountPoints2: {8737283c-b3cb-11e4-83a1-1078d241dde7} - "I:\AutoRun.exe"
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
BootExecute: autocheck autochk * bootdelete
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:50796;https=127.0.0.1:50796
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
http://www.msn.com/?pc=MSE1
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.google.com
HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://u.msn.com/id-id/?ocid=iehp
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Tcpip\..\Interfaces\{749045DC-334A-4ED7-B313-4EC1C395DA00}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{AF710261-D09A-49E1-AD37-E069E7130235}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FireFox:
========
FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\mvldvpgz.default
FF NetworkProxy: "socks", "31.186.175.155"
FF NetworkProxy: "socks_port", 60088
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-25] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-25] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-28] (Oracle Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1415457942-1267786245-2192413135-1001: @unity3d.com/UnityPlayer,version=1.0 -> Unity\WebPlayer\loader\npUnity3D32.dll No File
FF Extension: Adblock Plus - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\mvldvpgz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-15]
FF HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\SeaMonkey\Extensions: [
mozilla_cc@internetdownloadmanager.com] - C:\Users\Home\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Home\AppData\Roaming\IDM\idmmzcc5 [2014-06-27]
Chrome:
=======
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-05-28]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2015-05-28]
CHR Extension: (Google Drive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-28]
CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-28]
CHR Extension: (Google Search) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-28]
CHR Extension: (Tampermonkey) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-05-28]
CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2015-05-28]
CHR Extension: (Proxy SwitchySharp) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm [2015-05-28]
CHR Extension: (Picture in Picture Viewer) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaagmolahogmekmnmkigonhfcdiemnl [2015-05-28]
CHR Extension: (Twitch Mini Player) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\efgochcggfpajofoidkjhelkaihdflpo [2015-05-28]
CHR Extension: (Twitch Mini Player) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjeahcfaibacboijpccppebdpihhbflk [2015-05-28]
CHR Extension: (Stylish) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2015-05-28]
CHR Extension: (Authy) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaedmjdfmmahhbjefcbgaolhhanlaolb [2015-05-28]
CHR Extension: (AdBlock) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-28]
CHR Extension: (ReChat for Twitch™) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipplilmaapjjklilmmaccfemdmhkoacd [2015-05-28]
CHR Extension: (Office Apps) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdbcdbdkiaadpbkggggekjcpmgjekkke [2015-05-28]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2015-05-28]
CHR Extension: (Better Image Viewer) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmokinipfahjbfaicnjnmlobmbfiedmp [2015-05-28]
CHR Extension: (Auto HD For YouTube™) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2015-05-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-28]
CHR Extension: (Lightshot (screenshot tool)) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2015-05-28]
CHR Extension: (LocalChromecast Player) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmladpigjlinmngadjgfogblnmddndcp [2015-05-28]
CHR Extension: (Google Wallet) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-28]
CHR Extension: (PDF Viewer) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\oemmndcbldboiebfnladdacbdfmadadm [2015-05-28]
CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-28]
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (No Name) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mppnoffgpafgpgbaigljliadgbnhljfl [2015-01-14]
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 5
CHR Extension: (No Name) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-17]
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 6
CHR Extension: (No Name) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-23]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
S4 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-07-15] (Freemake) [File not signed]
S4 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-07-15] (Ellora Assets Corp.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-18] (Panda Security, S.L.)
S4 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2014-10-22] (The OpenVPN Project)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-18] (Panda Security, S.L.)
S4 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1006784 2014-06-22] (@ByELDI) [File not signed]
S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
S4 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [X]
S2 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [X]
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [X]
S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [X]
S2 HuaweiHiSuiteService64.exe; "C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe" -/service [X]
S4 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [X]
S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 DFX11_1; C:\Windows\system32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows (R) Win 7 DDK provider)
R3 GM3305Fltr; C:\Windows\system32\drivers\GM3305Fltr.sys [9600 2012-03-28] (LXD Development, Inc.)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-05-28] ()
S1 hwinterface; C:\Windows\SysWOW64\Drivers\hwinterface.sys [3026 2015-05-07] (Logix4u) [File not signed]
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-10] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-10] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-10] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-10] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [49936 2014-12-31] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-10] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-10] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-10] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-10] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-10] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-10] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-10] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-10] (Panda Security, S.L.)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-12] (CACE Technologies, Inc.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2015-02-12] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-12] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-10] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-12] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-12] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-12] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-01-30] (Panda Security, S.L.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-05-28] ()
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [116296 2014-10-11] (Oracle Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X]
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 ewusbmbb; \SystemRoot\system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-28 23:38 - 2015-05-28 23:38 - 00002244 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-28 23:38 - 2015-05-28 23:38 - 00002244 _____ () C:\ProgramData\Desktop\Google Chrome.lnk
2015-05-28 23:38 - 2015-05-28 23:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-28 23:38 - 2015-05-28 23:38 - 00000000 ____D () C:\Program Files (x86)\GUM8B9F.tmp
2015-05-28 23:35 - 2015-05-28 23:35 - 00001477 _____ () C:\Users\Home\Desktop\JRT.txt
2015-05-28 23:33 - 2015-05-28 23:33 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-HOME-PC-Windows-8.1-Pro-(64-bit).dat
2015-05-28 23:33 - 2015-05-28 23:33 - 00000000 ____D () C:\RegBackup
2015-05-28 23:12 - 2015-05-28 23:12 - 02947143 _____ (Thisisu) C:\Users\Home\Desktop\JRT.exe
2015-05-28 22:57 - 2015-05-28 23:09 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-05-28 22:57 - 2015-05-28 22:57 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-05-28 21:15 - 2015-05-28 21:15 - 00040487 _____ () C:\Users\Home\Desktop\Addition.txt
2015-05-28 21:14 - 2015-05-29 07:40 - 00021350 _____ () C:\Users\Home\Desktop\FRST.txt
2015-05-28 21:13 - 2015-05-28 21:13 - 00002259 _____ () C:\WINDOWS\epplauncher.mif
2015-05-28 20:49 - 2015-05-29 07:40 - 00000000 ____D () C:\FRST
2015-05-28 20:49 - 2015-05-28 20:49 - 02108928 _____ (Farbar) C:\Users\Home\Desktop\FRST64.exe
2015-05-28 20:24 - 2015-05-28 20:24 - 00043664 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-05-28 20:21 - 2015-05-28 20:21 - 00085578 _____ () C:\WINDOWS\system32\.crusader
2015-05-28 20:20 - 2015-05-28 20:20 - 00114978 _____ () C:\Users\Home\Documents\HitmanPro_20150528_2020.log
2015-05-28 20:10 - 2015-05-28 20:21 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-05-28 17:57 - 2015-05-28 19:20 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2015-05-28 17:57 - 2015-05-28 19:19 - 00000000 ____D () C:\sh4ldr
2015-05-28 17:56 - 2015-05-28 19:19 - 00000000 ____D () C:\WINDOWS\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2015-05-28 16:28 - 2015-05-28 23:09 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-28 16:27 - 2015-05-28 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-28 16:27 - 2015-05-28 16:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-28 16:27 - 2015-05-28 16:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-28 16:27 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-05-28 16:27 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-28 16:27 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-05-26 09:02 - 2015-05-26 09:02 - 00001041 _____ () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Captcha.lnk
2015-05-24 15:07 - 2015-05-29 07:34 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1415457942-1267786245-2192413135-1001
2015-05-24 15:02 - 2015-01-30 00:21 - 00061712 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2015-05-24 14:56 - 2015-05-28 23:28 - 00000000 ____D () C:\AdwCleaner
2015-05-24 14:25 - 2015-05-24 14:25 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Panda Security
2015-05-24 14:24 - 2015-05-24 14:26 - 00002217 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus.lnk
2015-05-24 14:24 - 2015-05-24 14:25 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-05-24 14:24 - 2015-05-24 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-05-24 14:23 - 2015-05-24 14:25 - 00000000 ____D () C:\ProgramData\Panda Security
2015-05-24 12:53 - 2015-05-24 12:53 - 00000000 _____ () C:\autoexec.bat
2015-05-22 14:46 - 2015-05-22 14:46 - 01081072 _____ (Unity Technologies ApS) C:\Users\Home\Downloads\UnityWebPlayer.exe
2015-05-20 10:10 - 2015-05-20 10:12 - 00000000 ____D () C:\murottal
2015-05-19 12:54 - 2015-05-19 12:54 - 00000000 _____ () C:\Users\Home\AppData\Local\Temp.dat
2015-05-12 22:54 - 2011-10-24 11:04 - 00223232 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_quusbmdm.sys
2015-05-12 22:54 - 2011-10-24 10:51 - 00116864 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_usbdev.sys
2015-05-12 22:54 - 2010-02-19 06:00 - 01533512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFUpdate_01007.dll
2015-05-12 22:54 - 2010-02-19 06:00 - 00708168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WinUSBCoInstaller.dll
2015-05-07 21:02 - 2015-05-07 21:02 - 00003026 _____ (Logix4u) C:\WINDOWS\SysWOW64\Drivers\hwinterface.sys
2015-05-07 21:02 - 2015-05-07 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aplikasi Pengusir Nyamuk
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-29 07:16 - 2014-06-27 22:11 - 01751563 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-29 07:00 - 2013-08-22 22:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-29 06:55 - 2015-04-25 15:47 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-28 23:38 - 2014-06-27 08:20 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-28 23:29 - 2013-08-22 21:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-28 23:28 - 2013-08-22 20:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-28 21:33 - 2014-06-27 08:39 - 00000000 ____D () C:\Users\Home\AppData\Roaming\DMCache
2015-05-28 21:31 - 2014-06-27 08:34 - 00000000 ____D () C:\Program Files\OblyTile
2015-05-28 21:29 - 2014-09-08 18:24 - 00000000 ____D () C:\Users\Home\AppData\Roaming\MultiBit
2015-05-28 20:23 - 2014-06-27 22:05 - 00035054 _____ () C:\WINDOWS\PFRO.log
2015-05-28 20:21 - 2015-03-27 13:48 - 00000000 ____D () C:\Users\Home\Downloads\langsung guak
2015-05-28 20:11 - 2015-01-01 23:23 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-05-28 20:10 - 2014-11-16 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-05-28 20:10 - 2014-11-16 11:54 - 00000000 ____D () C:\Program Files\Oracle
2015-05-28 20:09 - 2015-01-19 21:32 - 00000000 ____D () C:\Users\Home\AppData\Local\Deployment
2015-05-28 20:09 - 2014-11-25 19:39 - 00000000 ____D () C:\Program Files (x86)\Naver
2015-05-28 20:00 - 2015-02-14 21:28 - 00000000 ____D () C:\Users\Home\Documents\KONAMI
2015-05-28 19:47 - 2014-11-21 15:17 - 00000000 ____D () C:\Program Files\PowerISO
2015-05-28 19:02 - 2014-06-27 08:16 - 00000000 ____D () C:\Users\Home
2015-05-28 18:36 - 2014-07-03 23:49 - 00007599 _____ () C:\Users\Home\AppData\Local\Resmon.ResmonCfg
2015-05-28 17:58 - 2014-09-26 00:52 - 00000000 ____D () C:\Users\Home\AppData\Local\Battle.net
2015-05-28 16:52 - 2014-07-14 02:34 - 00000000 ____D () C:\Users\Home\AppData\Local\26159
2015-05-28 16:51 - 2014-06-27 08:17 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-28 16:47 - 2013-08-22 21:46 - 00016988 _____ () C:\WINDOWS\setupact.log
2015-05-28 16:22 - 2013-08-22 22:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-05-27 01:27 - 2014-07-08 08:54 - 00000000 ____D () C:\Users\Home\AppData\Roaming\vlc
2015-05-26 12:38 - 2014-06-27 08:39 - 00000000 ____D () C:\Users\Home\Downloads\Video
2015-05-25 13:03 - 2015-01-30 18:03 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-24 15:01 - 2013-08-22 21:44 - 00392416 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-24 14:58 - 2015-02-12 09:12 - 00001198 _____ () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2015-05-24 14:58 - 2015-01-15 10:59 - 00000780 _____ () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\firefox.lnk
2015-05-24 14:58 - 2014-06-27 08:28 - 00001227 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Feature Mananger.lnk
2015-05-24 14:58 - 2014-06-27 08:17 - 00001004 _____ () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-24 14:41 - 2015-02-09 09:31 - 00000000 ____D () C:\WINDOWS\SysWOW64\HavijPro
2015-05-24 12:51 - 2014-06-27 08:20 - 00000000 ____D () C:\Users\Home\AppData\Local\Google
2015-05-24 12:24 - 2015-01-15 10:57 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Mozilla
2015-05-24 11:59 - 2014-06-27 08:52 - 00000000 ____D () C:\Program Files\KMSpico
2015-05-23 13:44 - 2014-07-03 19:43 - 00000000 ____D () C:\Users\Home\AppData\Roaming\MultiDoge
2015-05-20 07:07 - 2013-08-22 22:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-05-19 13:08 - 2014-12-05 08:17 - 00000000 ____D () C:\WINDOWS\Minidump
2015-05-19 13:08 - 2014-06-30 08:44 - 00000000 ____D () C:\Users\Home\AppData\Roaming\uTorrent
2015-05-18 05:39 - 2013-08-22 22:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-12 23:32 - 2014-06-27 08:39 - 00000000 ____D () C:\Users\Home\Downloads\Compressed
2015-05-01 16:02 - 2014-07-19 14:52 - 00000000 ____D () C:\Users\Home\AppData\Roaming\dvdcss
==================== Files in the root of some directories =======
2015-02-22 09:32 - 2015-03-12 06:53 - 0000079 _____ () C:\Users\Home\AppData\Roaming\captchakey
2014-07-03 23:49 - 2015-05-28 18:36 - 0007599 _____ () C:\Users\Home\AppData\Local\Resmon.ResmonCfg
2015-05-19 12:54 - 2015-05-19 12:54 - 0000000 _____ () C:\Users\Home\AppData\Local\Temp.dat
2014-10-11 17:08 - 2014-10-11 17:08 - 0000003 _____ () C:\Users\Home\AppData\Local\updater.log
2014-10-11 17:08 - 2015-04-23 05:46 - 0000424 _____ () C:\Users\Home\AppData\Local\UserProducts.xml
Some files in TEMP:
====================
C:\Users\Home\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Home\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2gjrzn.dll
C:\Users\Home\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnwguld.dll
C:\Users\Home\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\Home\AppData\Local\Temp\Quarantine.exe
C:\Users\Home\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-25 11:01
==================== End of log ============================