TechSpot

Browser adblocker FRST & addition

By JunSS
May 28, 2015
  1. I uninstalling my chrome because it have very annoying browser adblocker extension
    running farbar heres the log
     
  2. JunSS

    JunSS TS Rookie Topic Starter Posts: 16

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
    Ran by Home (administrator) on HOME-PC on 28-05-2015 21:14:17
    Running from C:\Users\Home\Desktop
    Loaded Profiles: Home (Available Profiles: Home)
    Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
    (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5299320 2012-10-25] (VIA)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [GamingMouseG7] => C:\Program Files (x86)\AQUILA-X Gaming Mouse\mousehid.exe [741376 2012-06-03] ()
    HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
    HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-18] (Panda Security, S.L.)
    HKLM\...\Winlogon: [Userinit] C:\WINDOWS\SysWOW64\userinit.exe,
    HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3837520 2014-06-17] (Tonec Inc.)
    HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\MountPoints2: {11851c1c-264d-11e4-82cf-1078d241dde7} - "F:\AutoRun.exe"
    HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\MountPoints2: {873727fd-b3cb-11e4-83a1-1078d241dde7} - "I:\AutoRun.exe"
    HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\MountPoints2: {8737283c-b3cb-11e4-83a1-1078d241dde7} - "I:\AutoRun.exe"
    Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Y210 Recovery Installer.rar.lnk [2015-05-12]
    ShortcutTarget: Y210 Recovery Installer.rar.lnk -> C:\ProgramData\{d406bd95-3834-533f-d406-6bd95383f654}\Y210 Recovery Installer.rar.exe (No File)
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
    BootExecute: autocheck autochk * bootdelete
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
    ProxyServer: [.DEFAULT] => http=127.0.0.1:50796;https=127.0.0.1:50796
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
    HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.plasa.msn.com/?rd=1&ucc=ID&dcc=ID&opt=0
    SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Tcpip\..\Interfaces\{749045DC-334A-4ED7-B313-4EC1C395DA00}: [NameServer] 8.8.8.8,8.8.4.4
    Tcpip\..\Interfaces\{AF710261-D09A-49E1-AD37-E069E7130235}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\mvldvpgz.default
    FF NetworkProxy: "socks", "31.186.175.155"
    FF NetworkProxy: "socks_port", 60088
    FF NetworkProxy: "type", 4
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-25] ()
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-25] ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
    FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-28] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-28] (Oracle Corporation)
    FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll No File
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
    FF Plugin HKU\S-1-5-21-1415457942-1267786245-2192413135-1001: @unity3d.com/UnityPlayer,version=1.0 -> Unity\WebPlayer\loader\npUnity3D32.dll No File
    FF Extension: Adblock Plus - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\mvldvpgz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-15]
    FF HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Home\AppData\Roaming\IDM\idmmzcc5
    FF Extension: IDM CC - C:\Users\Home\AppData\Roaming\IDM\idmmzcc5 [2014-06-27]

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default
    CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 2
    CHR Extension: (No Name) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mppnoffgpafgpgbaigljliadgbnhljfl [2015-01-14]
    CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 5
    CHR Extension: (No Name) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-17]
    CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 6
    CHR Extension: (No Name) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-23]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
    S4 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-07-15] (Freemake) [File not signed]
    S4 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-07-15] (Ellora Assets Corp.) [File not signed]
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
    R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-18] (Panda Security, S.L.)
    S4 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2014-10-22] (The OpenVPN Project)
    R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
    R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-18] (Panda Security, S.L.)
    S4 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1006784 2014-06-22] (@ByELDI) [File not signed]
    S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
    S4 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [X]
    S2 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [X]
    S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [X]
    S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [X]
    S2 HuaweiHiSuiteService64.exe; "C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe" -/service [X]
    S4 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [X]
    S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 DFX11_1; C:\Windows\system32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows (R) Win 7 DDK provider)
    R3 GM3305Fltr; C:\Windows\system32\drivers\GM3305Fltr.sys [9600 2012-03-28] (LXD Development, Inc.)
    S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-05-28] ()
    S1 hwinterface; C:\Windows\SysWOW64\Drivers\hwinterface.sys [3026 2015-05-07] (Logix4u) [File not signed]
    U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
    R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-10] (Panda Security, S.L.)
    R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-10] (Panda Security, S.L.)
    R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-10] (Panda Security, S.L.)
    R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-10] (Panda Security, S.L.)
    R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [49936 2014-12-31] (Panda Security, S.L.)
    R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-10] (Panda Security, S.L.)
    R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-10] (Panda Security, S.L.)
    R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-10] (Panda Security, S.L.)
    R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-10] (Panda Security, S.L.)
    R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-10] (Panda Security, S.L.)
    R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-10] (Panda Security, S.L.)
    R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-10] (Panda Security, S.L.)
    R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-10] (Panda Security, S.L.)
    R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-12] (CACE Technologies, Inc.)
    R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2015-02-12] (Panda Security, S.L.)
    R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-12] (Panda Security, S.L.)
    R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-10] (Panda Security, S.L.)
    R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-12] (Panda Security, S.L.)
    R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-12] (Panda Security, S.L.)
    R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-12] (Panda Security, S.L.)
    R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-01-30] (Panda Security, S.L.)
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
    S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
    S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [116296 2014-10-11] (Oracle Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
    S2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X]
    S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
    S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    S3 ewusbmbb; \SystemRoot\system32\DRIVERS\ewusbwwan.sys [X]
    S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
    S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
    S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-05-28 21:14 - 2015-05-28 21:14 - 00017629 _____ () C:\Users\Home\Desktop\FRST.txt
    2015-05-28 21:13 - 2015-05-28 21:13 - 00002259 _____ () C:\WINDOWS\epplauncher.mif
    2015-05-28 20:49 - 2015-05-28 21:14 - 00000000 ____D () C:\FRST
    2015-05-28 20:49 - 2015-05-28 20:49 - 02108928 _____ (Farbar) C:\Users\Home\Desktop\FRST64.exe
    2015-05-28 20:25 - 2015-05-28 20:25 - 00000024 _____ () C:\Users\Home\AppData\Roaming\appdataFr25.bin
    2015-05-28 20:24 - 2015-05-28 20:24 - 00043664 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
    2015-05-28 20:21 - 2015-05-28 20:21 - 00085578 _____ () C:\WINDOWS\system32\.crusader
    2015-05-28 20:20 - 2015-05-28 20:20 - 00114978 _____ () C:\Users\Home\Documents\HitmanPro_20150528_2020.log
    2015-05-28 20:10 - 2015-05-28 20:21 - 00000000 ____D () C:\ProgramData\HitmanPro
    2015-05-28 17:57 - 2015-05-28 19:20 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
    2015-05-28 17:57 - 2015-05-28 19:19 - 00000000 ____D () C:\sh4ldr
    2015-05-28 17:56 - 2015-05-28 19:19 - 00000000 ____D () C:\WINDOWS\4E0C6314A8B84026AC15084E8B63AFB5.TMP
    2015-05-28 16:28 - 2015-05-28 16:28 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-05-28 16:27 - 2015-05-28 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-05-28 16:27 - 2015-05-28 16:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-05-28 16:27 - 2015-05-28 16:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-05-28 16:27 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2015-05-28 16:27 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2015-05-28 16:27 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2015-05-26 09:02 - 2015-05-26 09:02 - 00001041 _____ () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Captcha.lnk
    2015-05-24 15:07 - 2015-05-28 21:02 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1415457942-1267786245-2192413135-1001
    2015-05-24 15:02 - 2015-01-30 00:21 - 00061712 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
    2015-05-24 14:56 - 2015-05-28 20:32 - 00000000 ____D () C:\AdwCleaner
    2015-05-24 14:25 - 2015-05-24 14:25 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Panda Security
    2015-05-24 14:24 - 2015-05-24 14:26 - 00002217 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus.lnk
    2015-05-24 14:24 - 2015-05-24 14:25 - 00000000 ____D () C:\Program Files (x86)\Panda Security
    2015-05-24 14:24 - 2015-05-24 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
    2015-05-24 14:23 - 2015-05-24 14:25 - 00000000 ____D () C:\ProgramData\Panda Security
    2015-05-24 12:53 - 2015-05-24 12:53 - 00000000 _____ () C:\autoexec.bat
    2015-05-22 14:46 - 2015-05-22 14:46 - 01081072 _____ (Unity Technologies ApS) C:\Users\Home\Downloads\UnityWebPlayer.exe
    2015-05-20 10:10 - 2015-05-20 10:12 - 00000000 ____D () C:\murottal
    2015-05-19 12:54 - 2015-05-19 12:54 - 00000000 _____ () C:\Users\Home\AppData\Local\Temp.dat
    2015-05-12 22:54 - 2011-10-24 11:04 - 00223232 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_quusbmdm.sys
    2015-05-12 22:54 - 2011-10-24 10:51 - 00116864 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_usbdev.sys
    2015-05-12 22:54 - 2010-02-19 06:00 - 01533512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFUpdate_01007.dll
    2015-05-12 22:54 - 2010-02-19 06:00 - 00708168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WinUSBCoInstaller.dll
    2015-05-07 21:02 - 2015-05-07 21:02 - 00003026 _____ (Logix4u) C:\WINDOWS\SysWOW64\Drivers\hwinterface.sys
    2015-05-07 21:02 - 2015-05-07 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aplikasi Pengusir Nyamuk

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-05-28 21:00 - 2013-08-22 22:36 - 00000000 ____D () C:\WINDOWS\system32\sru
    2015-05-28 20:59 - 2014-06-27 22:11 - 01712900 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-05-28 20:59 - 2014-06-27 08:20 - 00000000 ____D () C:\Program Files (x86)\Google
    2015-05-28 20:55 - 2015-04-25 15:47 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-05-28 20:39 - 2013-08-22 21:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2015-05-28 20:23 - 2014-06-27 22:05 - 00035054 _____ () C:\WINDOWS\PFRO.log
    2015-05-28 20:22 - 2013-08-22 20:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
    2015-05-28 20:21 - 2015-03-27 13:48 - 00000000 ____D () C:\Users\Home\Downloads\langsung guak
    2015-05-28 20:11 - 2015-01-01 23:23 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2015-05-28 20:10 - 2014-11-16 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
    2015-05-28 20:10 - 2014-11-16 11:54 - 00000000 ____D () C:\Program Files\Oracle
    2015-05-28 20:09 - 2015-01-19 21:32 - 00000000 ____D () C:\Users\Home\AppData\Local\Deployment
    2015-05-28 20:09 - 2014-11-25 19:39 - 00000000 ____D () C:\Program Files (x86)\Naver
    2015-05-28 20:00 - 2015-02-14 21:28 - 00000000 ____D () C:\Users\Home\Documents\KONAMI
    2015-05-28 19:47 - 2014-11-21 15:17 - 00000000 ____D () C:\Program Files\PowerISO
    2015-05-28 19:02 - 2014-06-27 08:16 - 00000000 ____D () C:\Users\Home
    2015-05-28 18:36 - 2014-07-03 23:49 - 00007599 _____ () C:\Users\Home\AppData\Local\Resmon.ResmonCfg
    2015-05-28 17:58 - 2014-09-26 00:52 - 00000000 ____D () C:\Users\Home\AppData\Local\Battle.net
    2015-05-28 16:52 - 2014-07-14 02:34 - 00000000 ____D () C:\Users\Home\AppData\Local\26159
    2015-05-28 16:51 - 2014-06-27 08:17 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2015-05-28 16:47 - 2013-08-22 21:46 - 00016988 _____ () C:\WINDOWS\setupact.log
    2015-05-28 16:22 - 2013-08-22 22:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
    2015-05-27 14:04 - 2014-09-08 18:24 - 00000000 ____D () C:\Users\Home\AppData\Roaming\MultiBit
    2015-05-27 01:31 - 2014-06-27 08:39 - 00000000 ____D () C:\Users\Home\AppData\Roaming\DMCache
    2015-05-27 01:27 - 2014-07-08 08:54 - 00000000 ____D () C:\Users\Home\AppData\Roaming\vlc
    2015-05-26 12:38 - 2014-06-27 08:39 - 00000000 ____D () C:\Users\Home\Downloads\Video
    2015-05-25 13:03 - 2015-01-30 18:03 - 00000000 ____D () C:\ProgramData\TEMP
    2015-05-24 15:01 - 2013-08-22 21:44 - 00392416 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
    2015-05-24 14:58 - 2015-02-12 09:12 - 00001198 _____ () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
    2015-05-24 14:58 - 2015-01-15 10:59 - 00000780 _____ () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\firefox.lnk
    2015-05-24 14:58 - 2014-06-27 08:28 - 00001227 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Feature Mananger.lnk
    2015-05-24 14:58 - 2014-06-27 08:17 - 00001004 _____ () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2015-05-24 14:41 - 2015-02-09 09:31 - 00000000 ____D () C:\WINDOWS\SysWOW64\HavijPro
    2015-05-24 12:51 - 2014-06-27 08:20 - 00000000 ____D () C:\Users\Home\AppData\Local\Google
    2015-05-24 12:24 - 2015-01-15 10:57 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Mozilla
    2015-05-24 11:59 - 2014-06-27 08:52 - 00000000 ____D () C:\Program Files\KMSpico
    2015-05-23 13:44 - 2014-07-03 19:43 - 00000000 ____D () C:\Users\Home\AppData\Roaming\MultiDoge
    2015-05-20 07:07 - 2013-08-22 22:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
    2015-05-19 13:08 - 2014-12-05 08:17 - 00000000 ____D () C:\WINDOWS\Minidump
    2015-05-19 13:08 - 2014-06-30 08:44 - 00000000 ____D () C:\Users\Home\AppData\Roaming\uTorrent
    2015-05-18 05:39 - 2013-08-22 22:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
    2015-05-12 23:32 - 2014-06-27 08:39 - 00000000 ____D () C:\Users\Home\Downloads\Compressed
    2015-05-01 16:02 - 2014-07-19 14:52 - 00000000 ____D () C:\Users\Home\AppData\Roaming\dvdcss

    ==================== Files in the root of some directories =======

    2015-05-28 20:25 - 2015-05-28 20:25 - 0000024 _____ () C:\Users\Home\AppData\Roaming\appdataFr25.bin
    2015-02-22 09:32 - 2015-03-12 06:53 - 0000079 _____ () C:\Users\Home\AppData\Roaming\captchakey
    2014-07-03 23:49 - 2015-05-28 18:36 - 0007599 _____ () C:\Users\Home\AppData\Local\Resmon.ResmonCfg
    2015-05-19 12:54 - 2015-05-19 12:54 - 0000000 _____ () C:\Users\Home\AppData\Local\Temp.dat
    2014-10-11 17:08 - 2014-10-11 17:08 - 0000003 _____ () C:\Users\Home\AppData\Local\updater.log
    2014-10-11 17:08 - 2015-04-23 05:46 - 0000424 _____ () C:\Users\Home\AppData\Local\UserProducts.xml

    Some files in TEMP:
    ====================
    C:\Users\Home\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2gjrzn.dll
    C:\Users\Home\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnwguld.dll
    C:\Users\Home\AppData\Local\Temp\EsgInstallerx64Stub.exe
    C:\Users\Home\AppData\Local\Temp\Quarantine.exe
    C:\Users\Home\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-05-25 11:01

    ==================== End of log ============================
     
  3. JunSS

    JunSS TS Rookie Topic Starter Posts: 16

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
    Ran by Home at 2015-05-28 21:15:06
    Running from C:\Users\Home\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1415457942-1267786245-2192413135-500 - Administrator - Disabled)
    Guest (S-1-5-21-1415457942-1267786245-2192413135-501 - Limited - Enabled)
    Home (S-1-5-21-1415457942-1267786245-2192413135-1001 - Administrator - Enabled) => C:\Users\Home

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Panda Free Antivirus (Enabled - Up to date) {5FD6C936-849B-5CE2-14BA-709E1D6FD1DA}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Panda Free Antivirus (Enabled - Up to date) {E4B728D2-A2A1-536C-2E0A-4BEC66E89B67}
    FW: Panda Firewall (Disabled) {67ED4813-CEF4-5DBA-3FE5-D9ABE3BC96A1}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
    AMD Catalyst Install Manager (HKLM\...\{13351E83-6DCD-4E97-2A8C-5D496259A47F}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
    AQUILA-X Gaming Mouse (HKLM-x32\...\{B1669080-7C2D-4BA9-AB6F-FD6A4B0CE8AF}) (Version: 1.00 - Gaming Mouse)
    AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    CleanMem (HKLM-x32\...\CleanMem) (Version: v2.4.3 - PcWinTech.com)
    Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
    Dropbox (HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
    Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.0 - Ellora Assets Corporation)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
    Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
    Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
    Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
    KMSpico v9.3 (HKLM\...\KMSpico_is1) (Version: 9.3 - )
    Lightshot-5.2.1.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.2.1.1 - Skillbrains)
    Livestreamer 1.12.1 (HKLM-x32\...\Livestreamer) (Version: - )
    Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
    Max Recorder (HKLM-x32\...\Max Recorder) (Version: 1.026.0.0 - Silver Vine, LLC)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    MultiBit 0.5.18 (HKLM-x32\...\MultiBit 0.5.18) (Version: 0.5.18 - )
    MultiDoge 0.1.2 (HKLM-x32\...\MultiDoge 0.1.2) (Version: 0.1.2 - )
    MultiDoge 0.1.3 (HKLM-x32\...\MultiDoge 0.1.3) (Version: 0.1.3 - )
    MultiDoge 0.1.4 (HKLM-x32\...\MultiDoge 0.1.4) (Version: 0.1.4 - )
    OpenVPN 2.3.4-I005 (HKLM\...\OpenVPN) (Version: 2.3.4-I005 - )
    Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
    Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
    Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.01.00.0000 - Panda Security)
    Panda Free Antivirus (Version: 7.81.00.0000 - Panda Security) Hidden
    Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
    Pro Evolution Soccer 2015 (HKLM-x32\...\UHJvRXZvbHV0aW9uU29jY2VyMjAxNQ==_is1) (Version: 1 - )
    Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
    SMPlayer 14.3.0 (HKLM-x32\...\SMPlayer) (Version: 14.3.0 - Ricardo Villalba)
    Stamina 2.5 (HKLM-x32\...\Stamina) (Version: - )
    Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
    System Requirements Lab Detection (HKLM-x32\...\{12BEDCF6-A533-4943-ADC8-9CF4759102C4}) (Version: 6.1.1.0 - Husdawg, LLC)
    TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
    Ultra Street Fighter IV (HKLM-x32\...\Steam App 45760) (Version: - Capcom)
    Ultra Street Fighter IV (HKLM-x32\...\VWx0cmFTdHJlZXRGaWdodGVySVY=_is1) (Version: 1 - )
    Unity Web Player (HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\UnityWebPlayer) (Version: 4.6.5f1 - Unity Technologies ApS)
    VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    Winamp (HKLM-x32\...\Winamp) (Version: 5.56 - Nullsoft, Inc)
    WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
    WinRAR 5.10 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    28-05-2015 19:19:30 Removed SpyHunter
    28-05-2015 20:42:05 Revo Uninstaller Pro's restore point - Dropbox
    28-05-2015 20:48:08 CHrome
    28-05-2015 20:57:01 Revo Uninstaller Pro's restore point - Google Chrome

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 20:25 - 2013-08-22 20:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0EB26E79-DB36-4C28-906B-3780F18CF767} - \AutoPico Daily Restart No Task File <==== ATTENTION
    Task: {27CE2D81-430E-45EB-A0D0-BE88E0691AF5} - \CleanMem Mini Monitor No Task File <==== ATTENTION
    Task: {447F9C85-5D06-4258-B04E-6FB3E071A2FE} - \Clean System Memory No Task File <==== ATTENTION
    Task: {59AD778A-DA10-49A2-9ADA-7ED2766CCC49} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
    Task: {CB5B039D-B803-4BE7-B3C4-47A8C47EE0DC} - \Adobe Flash Player Updater No Task File <==== ATTENTION
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2013-08-30 19:47 - 2013-08-30 19:47 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
    2012-10-22 14:41 - 2012-10-22 14:41 - 00749056 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
    2012-10-22 14:42 - 2012-10-22 14:42 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
    2013-04-13 00:23 - 2013-04-13 00:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Windows:nlsPreferences
    AlternateDataStreams: C:\ProgramData\TEMP:41ADDB8A
    AlternateDataStreams: C:\ProgramData\TEMP:A064CECC
    AlternateDataStreams: C:\Users\Home\SkyDrive:ms-properties

    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\Control Panel\Desktop\\Wallpaper -> E:\Wpp\068 - TlnW6at.jpg
    DNS Servers: 8.8.8.8 - 8.8.4.4

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AIPS => 2
    MSCONFIG\Services: BstHdAndroidSvc => 2
    MSCONFIG\Services: BstHdLogRotatorSvc => 2
    MSCONFIG\Services: BstHdUpdaterSvc => 2
    MSCONFIG\Services: Freemake Improver => 2
    MSCONFIG\Services: FreemakeVideoCapture => 2
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: HWDeviceService64.exe => 2
    MSCONFIG\Services: IHProtect Service => 2
    MSCONFIG\Services: OpenVPNService => 3
    MSCONFIG\Services: Service KMSELDI => 2
    MSCONFIG\Services: Smartfren Connex EC176-2 UI. RunOuc => 2
    MSCONFIG\Services: Steam Client Service => 3
    MSCONFIG\Services: VIAKaraokeService => 2
    HKLM\...\StartupApproved\StartupFolder: => "IML64.lnk"
    HKLM\...\StartupApproved\Run: => "HDAudDeck"
    HKLM\...\StartupApproved\Run32: => "StartCCC"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKLM\...\StartupApproved\Run32: => "GamingMouseG7"
    HKLM\...\StartupApproved\Run32: => "DFX"
    HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
    HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
    HKLM\...\StartupApproved\Run32: => "Lightshot"
    HKLM\...\StartupApproved\Run32: => "wmagent.exe"
    HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\StartupApproved\StartupFolder: => "Rainmeter.lnk"
    HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\StartupApproved\StartupFolder: => "Y210 Recovery Installer.rar.lnk"
    HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\StartupApproved\Run: => "IDMan"
    HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
    HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\StartupApproved\Run: => "GarenaPlus"
    HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\StartupApproved\Run: => "CyberGhost"
    HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\StartupApproved\Run: => "LightShot"
    HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\StartupApproved\Run: => "Google Update"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
    FirewallRules: [{21FF6A40-D8F3-456D-970C-8F505FA2C614}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
    FirewallRules: [{3FE4EC6A-EF6B-44B2-87C1-070060C8966D}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
    FirewallRules: [{FB71492F-9DF2-4B67-825A-B7D42ACF0F6A}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
    FirewallRules: [{F76A451B-89E6-4754-850B-17B69F09EEE2}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
    FirewallRules: [{E685BA33-3BC6-47F8-AFDB-A3C183EE8377}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
    FirewallRules: [{94425F9B-7557-4EC8-ABDB-D77B3B4D4691}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
    FirewallRules: [{2154C88C-6469-44F1-9CDF-F5E73DA7CB8E}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
    FirewallRules: [{334649D7-D60B-40FC-9F85-8E2EAD57E41A}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
    FirewallRules: [{CAECAB55-50F9-47C1-A6AC-DE697FB329A6}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
    FirewallRules: [{4B9CD4CB-50FF-4838-B5D2-584C4D2D853C}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
    FirewallRules: [{EF0235A4-5640-48E3-9AF6-04E9ED63C66E}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
    FirewallRules: [{7AD50298-18DA-4308-831F-1EEA7BB46949}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
    FirewallRules: [{B89203A9-5D30-424C-820B-16CDFF21391B}] => (Allow) C:\Users\Home\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{ACA168C8-9478-4EA3-A398-9B4BB1BE9455}] => (Allow) C:\Users\Home\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [TCP Query User{8C63B07D-5564-4A36-B298-A2E5C60CA60F}D:\e\arcpool\arcpool\arcade pool ii.exe] => (Block) D:\e\arcpool\arcpool\arcade pool ii.exe
    FirewallRules: [UDP Query User{ACF602FF-D995-4984-BC9C-58B9E47ACCC5}D:\e\arcpool\arcpool\arcade pool ii.exe] => (Block) D:\e\arcpool\arcpool\arcade pool ii.exe
    FirewallRules: [TCP Query User{3BAA030D-D3AF-4D64-B501-631FA0EE523C}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe
    FirewallRules: [UDP Query User{F4964EA6-EC34-4A50-A9C7-67C0B7E85288}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe
    FirewallRules: [TCP Query User{D890B9E9-0CA9-4A17-9EA4-012E3F08EDF5}D:\locker\prog\handycacherc3.1.0.0.268\handycache.exe] => (Allow) D:\locker\prog\handycacherc3.1.0.0.268\handycache.exe
    FirewallRules: [UDP Query User{067C2261-AD86-4DE1-BA9C-3D7362B845DC}D:\locker\prog\handycacherc3.1.0.0.268\handycache.exe] => (Allow) D:\locker\prog\handycacherc3.1.0.0.268\handycache.exe
    FirewallRules: [TCP Query User{7D10BC07-A79B-4CC3-92F2-A8006B0C8772}D:\control panel.{21ec2020-3aea-1069-a2dd-08002b30309d}\prog\handycacherc3.1.0.0.268\handycache.exe] => (Allow) D:\control panel.{21ec2020-3aea-1069-a2dd-08002b30309d}\prog\handycacherc3.1.0.0.268\handycache.exe
    FirewallRules: [UDP Query User{6BA92B5F-1CCB-4642-96DE-C27F2ACCA754}D:\control panel.{21ec2020-3aea-1069-a2dd-08002b30309d}\prog\handycacherc3.1.0.0.268\handycache.exe] => (Allow) D:\control panel.{21ec2020-3aea-1069-a2dd-08002b30309d}\prog\handycacherc3.1.0.0.268\handycache.exe
    FirewallRules: [{D7374DC1-117B-476E-9D2B-8894A7C1DEE9}] => (Block) D:\control panel.{21ec2020-3aea-1069-a2dd-08002b30309d}\prog\handycacherc3.1.0.0.268\handycache.exe
    FirewallRules: [{5BDBAB66-3A1B-45AE-8005-F5137C03FA28}] => (Block) D:\control panel.{21ec2020-3aea-1069-a2dd-08002b30309d}\prog\handycacherc3.1.0.0.268\handycache.exe
    FirewallRules: [TCP Query User{9930AED4-962D-4643-9F7A-C4FB819CA5DF}D:\ro2\hc\handycache.exe] => (Allow) D:\ro2\hc\handycache.exe
    FirewallRules: [UDP Query User{2942EC3B-F09E-4818-ABE9-6B33C41A56DC}D:\ro2\hc\handycache.exe] => (Allow) D:\ro2\hc\handycache.exe
    FirewallRules: [{6469D9CD-2278-4E4D-B3E7-BD21EB2A39E9}] => (Block) D:\ro2\hc\handycache.exe
    FirewallRules: [{60A4CCA8-119D-4819-A2F0-1D26777F75CD}] => (Block) D:\ro2\hc\handycache.exe
    FirewallRules: [TCP Query User{6D27FDF9-847C-4127-8E4D-5497712DC5FD}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
    FirewallRules: [UDP Query User{86C52BFB-048B-4B9B-84D5-2229F4A833B4}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
    FirewallRules: [TCP Query User{A47F65BE-BD16-41DB-945F-2922ECDA2437}D:\locker\gam\dragon's tale\eclient.exe] => (Allow) D:\locker\gam\dragon's tale\eclient.exe
    FirewallRules: [UDP Query User{313503B7-B313-4C36-B9CD-AA7C2483E6F1}D:\locker\gam\dragon's tale\eclient.exe] => (Allow) D:\locker\gam\dragon's tale\eclient.exe
    FirewallRules: [{0A94E464-E541-44A3-AD3D-631FA47907CE}] => (Allow) C:\Users\Home\Downloads\LoLInstaller.exe
    FirewallRules: [{D472746F-2A65-4747-80BC-3AA3665643EF}] => (Allow) C:\Users\Home\Downloads\LoLInstaller.exe
    FirewallRules: [{94483A90-8A33-45DC-B61B-3AE1E7798600}] => (Allow) C:\GarenaDownload\Games\lolid\lolidInstaller.exe
    FirewallRules: [{450EC6DB-49A8-470A-ABC4-6F52EB2C6E3F}] => (Allow) C:\GarenaDownload\Games\lolid\lolidInstaller.exe
    FirewallRules: [{50D9FC16-190E-4BF2-A1DE-F4F5303F5E49}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
    FirewallRules: [{7794820F-1629-4054-A9DD-EE8E27E9E50D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
    FirewallRules: [{68647CBA-9D47-46F2-A105-9E74102B4E73}] => (Allow) E:\HearthStone\Battle.net\Battle.net.exe
    FirewallRules: [{9E94CF76-47B9-41E7-ADA8-064DD78BBB09}] => (Allow) E:\HearthStone\Battle.net\Battle.net.exe
    FirewallRules: [{EB8F8E12-67C3-4A47-8BD9-6F892A9D2AA1}] => (Allow) E:\HearthStone\Hearthstone\Hearthstone.exe
    FirewallRules: [{C87D17CE-265E-4923-A2F0-DA691FC8E551}] => (Allow) E:\HearthStone\Hearthstone\Hearthstone.exe
    FirewallRules: [{C42073C2-F2E9-475B-8F61-25DD60A87D2E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
    FirewallRules: [{A042371C-948F-4B3B-9CCA-4736912672A2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
    FirewallRules: [{36751F19-BD5D-47FB-A5C8-7D6C794B08D1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
    FirewallRules: [{6642DF43-62B2-4800-A273-68119F815704}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
    FirewallRules: [{E360AF24-361D-4F3F-B921-25887D4FA383}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
    FirewallRules: [{F0A03AA1-CDCB-4A6A-9CCA-F2C8021476E9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
    FirewallRules: [TCP Query User{8B234DA7-35DB-4521-8CE6-8340D8D1BA4C}C:\programdata\battle.net\agent\agent.3507\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3507\agent.exe
    FirewallRules: [UDP Query User{165FA3E9-7ADD-45DB-88DA-7F4615D86727}C:\programdata\battle.net\agent\agent.3507\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3507\agent.exe
    FirewallRules: [{6A2FE460-F822-4949-87F3-C3D44F03673B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
    FirewallRules: [{B3D45FE7-1BC8-4FE6-9CE8-C3A472C0CCD3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
    FirewallRules: [TCP Query User{48165FF4-C9B0-4D74-9406-BD26DF631DC4}E:\hearthstone\hearthstone\hearthstone.exe] => (Allow) E:\hearthstone\hearthstone\hearthstone.exe
    FirewallRules: [UDP Query User{3CCD4E59-A199-4AE8-9F31-797B45898AF1}E:\hearthstone\hearthstone\hearthstone.exe] => (Allow) E:\hearthstone\hearthstone\hearthstone.exe
    FirewallRules: [{F95BD2B2-C2AE-4731-A07E-17E25022A7C6}] => (Allow) E:\HearthStone\StarCraft II\StarCraft II.exe
    FirewallRules: [{48209402-0BD4-45FE-8031-2A4287968FFA}] => (Allow) E:\HearthStone\StarCraft II\StarCraft II.exe
    FirewallRules: [TCP Query User{79AFE7A0-7E1E-4EA1-8B9E-0B36E10FCC0F}E:\hearthstone\starcraft ii\versions\base32283\sc2.exe] => (Allow) E:\hearthstone\starcraft ii\versions\base32283\sc2.exe
    FirewallRules: [UDP Query User{64D59B9B-A39E-4861-AFA1-55D2817F28FE}E:\hearthstone\starcraft ii\versions\base32283\sc2.exe] => (Allow) E:\hearthstone\starcraft ii\versions\base32283\sc2.exe
    FirewallRules: [{585B90E4-4987-4B64-9E3E-F40E6EC42D2D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
    FirewallRules: [{E0065EA1-EB81-4EE0-B8A3-1F75F96C26F2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
    FirewallRules: [TCP Query User{98CA78CD-51BA-4B9F-9447-7CE99ADC3A11}E:\xde\xdecoin-qt.exe] => (Allow) E:\xde\xdecoin-qt.exe
    FirewallRules: [UDP Query User{16FA63CF-80AA-4C1D-A21D-ECB545C2D59F}E:\xde\xdecoin-qt.exe] => (Allow) E:\xde\xdecoin-qt.exe
    FirewallRules: [{DC6F768E-AF80-420F-AAD0-77E349CF3802}] => (Block) E:\xde\xdecoin-qt.exe
    FirewallRules: [{502EF45C-C6D8-4CB1-B52D-56A0223587E1}] => (Block) E:\xde\xdecoin-qt.exe
    FirewallRules: [{453B369F-E545-40FC-92CE-F8CD91D154A5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
    FirewallRules: [{B3E2E85C-4F92-4B8C-840D-EE588D2BC83C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
    FirewallRules: [{1A38FE85-AE11-4A00-8F4A-3DDE0CEC869B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
    FirewallRules: [{1C01CEC5-EF88-4DB5-BA21-D8129E6FF7BD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
    FirewallRules: [{E4F37EA0-085A-4DD4-B0B4-E0C869EC0A1B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
    FirewallRules: [{A56F1BD3-565D-4A9A-878A-662A9811FB4B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
    FirewallRules: [{8E383BA4-02A5-4964-9F56-5DB1C72797D2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
    FirewallRules: [{AD3C4114-8197-4CD0-9200-7582071EA11B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
    FirewallRules: [TCP Query User{210CC0D1-7939-405D-B290-10A69EE11CE0}D:\local disk e_112015848\hearthstone\hearthstone\hearthstone.exe] => (Allow) D:\local disk e_112015848\hearthstone\hearthstone\hearthstone.exe
    FirewallRules: [UDP Query User{623A8C16-23E4-4565-BABC-3CEFA2295807}D:\local disk e_112015848\hearthstone\hearthstone\hearthstone.exe] => (Allow) D:\local disk e_112015848\hearthstone\hearthstone\hearthstone.exe
    FirewallRules: [{11AEF7FD-44E9-4E82-B6DC-9B136E93D6B5}] => (Allow) E:\Steam\Steam.exe
    FirewallRules: [{7086952A-515E-4E07-8F16-BA89E7A77460}] => (Allow) E:\Steam\Steam.exe
    FirewallRules: [{3086A77E-94A6-400F-9CF3-89A4EEE332B3}] => (Allow) E:\Steam\bin\steamwebhelper.exe
    FirewallRules: [{AF3022C5-B984-444A-B61D-18CB79F60136}] => (Allow) E:\Steam\bin\steamwebhelper.exe
    FirewallRules: [{F11A6B78-0049-45C3-B37B-0253C81B2E89}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\dota.exe
    FirewallRules: [{711907E0-C5AC-4EAB-970B-AE4AC90F64FB}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\dota.exe
    FirewallRules: [{97B69781-FF32-41BF-8CE2-7DBFE127DFD6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
    FirewallRules: [{9338A320-AA4B-4A97-B28F-9C13BDAFC241}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
    FirewallRules: [{DE9CFB51-B749-4821-A0EF-D28CA5A935F9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
    FirewallRules: [{593D8951-231B-4579-9C40-4F6671E5EDCA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
    FirewallRules: [{DA8796A6-1F22-44DC-96A0-CBFA40BFEACC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
    FirewallRules: [{F05D071D-5572-429F-8495-0F4893A2F7D8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
    FirewallRules: [{EA6C4745-D480-43F6-9AD7-CC7520A2A900}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
    FirewallRules: [{9E6F0476-CE39-4D01-BCAB-F8F4FB432F97}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
    FirewallRules: [{798CF340-621E-4855-A529-276A12C0B6BF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
    FirewallRules: [{A9E92156-A2B6-499D-9191-0521F69197CB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
    FirewallRules: [TCP Query User{A09D91C7-9471-4558-9EDD-F80B5192953A}E:\iti\iticoin-qt.exe] => (Allow) E:\iti\iticoin-qt.exe
    FirewallRules: [UDP Query User{5FB1D89B-7EC7-4B1F-BE94-E5EC5232C022}E:\iti\iticoin-qt.exe] => (Allow) E:\iti\iticoin-qt.exe
    FirewallRules: [{ACA246E7-FA0F-4895-BCCF-21D6A772BBE0}] => (Block) E:\iti\iticoin-qt.exe
    FirewallRules: [{855CE4D3-75EE-4403-BA50-81876709823F}] => (Block) E:\iti\iticoin-qt.exe
    FirewallRules: [TCP Query User{17366C22-BBFD-4138-8E6D-2AE8902840B9}C:\program files (x86)\pro evolution soccer 2015\pes2015.exe] => (Block) C:\program files (x86)\pro evolution soccer 2015\pes2015.exe
    FirewallRules: [UDP Query User{4824CFB5-9E98-4BF5-B603-D96ACC234A3F}C:\program files (x86)\pro evolution soccer 2015\pes2015.exe] => (Block) C:\program files (x86)\pro evolution soccer 2015\pes2015.exe
    FirewallRules: [TCP Query User{4FE08B28-902B-42BA-A1AB-114D251733EB}D:\ro2\handycacherc3.1.0.0.268\handycache.exe] => (Allow) D:\ro2\handycacherc3.1.0.0.268\handycache.exe
    FirewallRules: [UDP Query User{2E3B72F6-8113-429B-A120-FC94FCCE6EFD}D:\ro2\handycacherc3.1.0.0.268\handycache.exe] => (Allow) D:\ro2\handycacherc3.1.0.0.268\handycache.exe
    FirewallRules: [{8F5B6030-F946-4BCF-BDE4-FC1CF75D802B}] => (Allow) C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{CB73DE48-5458-4002-970E-18307CF6C294}] => (Allow) C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{7FDF9642-453D-4299-8A63-73A766CA154E}] => (Allow) C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{318A2A3D-0667-46A6-BC2A-6C898FE9E81D}] => (Allow) C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{34712F63-914B-4AF1-A9AF-7BD186EB4FB9}] => (Allow) E:\adsdasd\fo3idInstaller.exe
    FirewallRules: [{EA38938E-CCE5-4789-BFCB-8ED0F4BC0494}] => (Allow) E:\adsdasd\fo3idInstaller.exe
    FirewallRules: [{5CAC08A4-FB19-406E-978F-32FEBFCA9202}] => (Allow) E:\Steam\steamapps\common\FreeStyle2\LauncherSteam.exe
    FirewallRules: [{64B4BA64-A93B-4045-8A4B-09D523F924C7}] => (Allow) E:\Steam\steamapps\common\FreeStyle2\LauncherSteam.exe
    FirewallRules: [TCP Query User{1C9C0C53-8C01-43E0-9DDC-27DBE3E95BC6}E:\steam\steamapps\common\freestyle2\freestyle2.exe] => (Allow) E:\steam\steamapps\common\freestyle2\freestyle2.exe
    FirewallRules: [UDP Query User{1F538570-2D24-4753-87A8-1693AF42A222}E:\steam\steamapps\common\freestyle2\freestyle2.exe] => (Allow) E:\steam\steamapps\common\freestyle2\freestyle2.exe
    FirewallRules: [{C3D3C9CA-F7DA-477F-B1BA-177AE80FA096}] => (Block) E:\steam\steamapps\common\freestyle2\freestyle2.exe
    FirewallRules: [{1B3A3CDE-316A-4930-8240-6E4077C4C44E}] => (Block) E:\steam\steamapps\common\freestyle2\freestyle2.exe
    FirewallRules: [{D0EF86ED-9244-4CDC-8F53-1B8482D60745}] => (Allow) E:\Steam\steamapps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
    FirewallRules: [{C91CAB48-35C5-4F8C-B0C5-DA18EE821977}] => (Allow) E:\Steam\steamapps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
    FirewallRules: [TCP Query User{4838ADF0-25EB-41AD-82CF-84661998D678}C:\program files (x86)\pro evolution soccer 2015\pes2015.exe] => (Block) C:\program files (x86)\pro evolution soccer 2015\pes2015.exe
    FirewallRules: [UDP Query User{A3F305CC-37A1-4F67-83BC-F85D1553952D}C:\program files (x86)\pro evolution soccer 2015\pes2015.exe] => (Block) C:\program files (x86)\pro evolution soccer 2015\pes2015.exe

    ==================== Faulty Device Manager Devices =============

    Name: VirtualBox Host-Only Ethernet Adapter
    Description: VirtualBox Host-Only Ethernet Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Oracle Corporation
    Service: VBoxNetAdp
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: TAP-Windows Adapter V9
    Description: TAP-Windows Adapter V9
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: TAP-Windows Provider V9
    Service: tap0901
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/28/2015 09:13:25 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: HOME-PC)
    Description: HRESULT:0x8004FF6F
    Description:You don’t need to install Microsoft Security Essentials. Your version of Windows includes an updated version of Windows Defender that provides the same level of protection as Microsoft Security Essentials, along with other significant improvements. <a>For more information on the differences and improvements, see online Help</a>. Error code:0x8004FF6F.

    Error: (05/28/2015 08:57:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (05/28/2015 08:57:01 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {6414cd97-1be6-4133-818a-84798866cb08}

    Error: (05/28/2015 08:48:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (05/28/2015 08:42:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (05/28/2015 08:42:03 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {6414cd97-1be6-4133-818a-84798866cb08}

    Error: (05/28/2015 08:21:48 PM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\Users\Home\Downloads\Programs\HitmanPro_x64.exe ; Description = Checkpoint by HitmanPro; Error = 0x8007043c).

    Error: (05/28/2015 08:21:00 PM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\Users\Home\Downloads\Programs\HitmanPro_x64.exe ; Description = Checkpoint by HitmanPro; Error = 0x8007043c).

    Error: (05/28/2015 08:10:41 PM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe" ; Description = Revo Uninstaller Pro's restore point - FreeStyle2: Street Basketball; Error = 0x8007043c).

    Error: (05/28/2015 08:10:16 PM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe" ; Description = Revo Uninstaller Pro's restore point - NetCut 2.1.4; Error = 0x8007043c).


    System errors:
    =============
    Error: (05/28/2015 08:59:28 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The Windows Firewall service terminated with the following service-specific error:
    %%5

    Error: (05/28/2015 08:40:43 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for FailureActions with the following error:
    %%5

    Error: (05/28/2015 08:40:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The BlueStacks Android Service service depends on the BlueStacks Hypervisor service which failed to start because of the following error:
    %%3

    Error: (05/28/2015 08:40:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The HuaweiHiSuiteService64.exe service failed to start due to the following error:
    %%2

    Error: (05/28/2015 08:40:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The BlueStacks Updater Service service failed to start due to the following error:
    %%2

    Error: (05/28/2015 08:40:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The BlueStacks Hypervisor service failed to start due to the following error:
    %%3

    Error: (05/28/2015 08:40:01 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The Windows Firewall service terminated with the following service-specific error:
    %%5

    Error: (05/28/2015 08:39:21 PM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \SystemRoot\SysWow64\Drivers\hwinterface.sys

    Error: (05/28/2015 08:38:51 PM) (Source: DCOM) (EventID: 10005) (User: HOME-PC)
    Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}

    Error: (05/28/2015 08:38:50 PM) (Source: DCOM) (EventID: 10005) (User: HOME-PC)
    Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}


    Microsoft Office:
    =========================
    Error: (05/28/2015 09:13:25 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: HOME-PC)
    Description: HRESULT:0x8004FF6F
    Description:You don’t need to install Microsoft Security Essentials. Your version of Windows includes an updated version of Windows Defender that provides the same level of protection as Microsoft Security Essentials, along with other significant improvements. <a>For more information on the differences and improvements, see online Help</a>. Error code:0x8004FF6F.

    Error: (05/28/2015 08:57:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description:
    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.

    Error: (05/28/2015 08:57:01 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: 0x80070005, Access is denied.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {6414cd97-1be6-4133-818a-84798866cb08}

    Error: (05/28/2015 08:48:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description:
    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.

    Error: (05/28/2015 08:42:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description:
    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.

    Error: (05/28/2015 08:42:03 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: 0x80070005, Access is denied.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {6414cd97-1be6-4133-818a-84798866cb08}

    Error: (05/28/2015 08:21:48 PM) (Source: System Restore) (EventID: 8193) (User: )
    Description: C:\Users\Home\Downloads\Programs\HitmanPro_x64.exe Checkpoint by HitmanPro0x8007043c

    Error: (05/28/2015 08:21:00 PM) (Source: System Restore) (EventID: 8193) (User: )
    Description: C:\Users\Home\Downloads\Programs\HitmanPro_x64.exe Checkpoint by HitmanPro0x8007043c

    Error: (05/28/2015 08:10:41 PM) (Source: System Restore) (EventID: 8193) (User: )
    Description: C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe" Revo Uninstaller Pro's restore point - FreeStyle2: Street Basketball0x8007043c

    Error: (05/28/2015 08:10:16 PM) (Source: System Restore) (EventID: 8193) (User: )
    Description: C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe" Revo Uninstaller Pro's restore point - NetCut 2.1.40x8007043c


    ==================== Memory info ===========================

    Processor: AMD A4-3300 APU with Radeon(tm) HD Graphics
    Percentage of memory in use: 33%
    Total physical RAM: 3561.99 MB
    Available physical RAM: 2365.76 MB
    Total Pagefile: 6121.99 MB
    Available Pagefile: 4004.72 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.84 MB

    ==================== Drives ================================

    Drive c: (Win 8) (Fixed) (Total:50.01 GB) (Free:15.35 GB) NTFS
    Drive d: (Data) (Fixed) (Total:117.42 GB) (Free:11.17 GB) NTFS
    Drive e: (BBB) (Fixed) (Total:200.58 GB) (Free:89.74 GB) NTFS
    Drive g: (Windows 7) (Fixed) (Total:97.66 GB) (Free:21.62 GB) NTFS
    Drive h: (NEW) (CDROM) (Total:3.28 GB) (Free:0 GB) UDF

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: FC5F84F5)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=318 GB) - (Type=OF Extended)

    ==================== End of log ============================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
      • Launch Malwarebytes Anti-Malware
      • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  5. JunSS

    JunSS TS Rookie Topic Starter Posts: 16

    RogueKiller V10.7.0.0 [May 25 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
    Started in : Normal mode
    User : Home [Administrator]
    Started from : C:\Users\Home\AppData\Local\Microsoft\Windows\INetCache\IE\2UIT8RWV\RogueKiller.exe
    Mode : Delete -- Date : 05/28/2015 23:06:15

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 73 ¤¤¤
    [PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Not selected
    [PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Not selected
    [PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Not selected
    [PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Not selected
    [PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict) | (default) : {8BA85C75-763B-4103-94EB-9470F12FE0F7} -> Not selected
    [PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress) | (default) : {CD55129A-B1A1-438E-A425-CEBC7DC684EE} -> Not selected
    [PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync) | (default) : {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} -> Not selected
    [PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate | (default) : {08244EE6-92F0-47f2-9FC9-929BAA2E7235} -> Not selected
    [PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict) | (default) : {8BA85C75-763B-4103-94EB-9470F12FE0F7} -> Not selected
    [PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress) | (default) : {CD55129A-B1A1-438E-A425-CEBC7DC684EE} -> Not selected
    [PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync) | (default) : {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} -> Not selected
    [PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SharingPrivate | (default) : {08244EE6-92F0-47f2-9FC9-929BAA2E7235} -> Not selected
    [PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -> Not selected
    [PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> Not selected
    [PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF} -> Not selected
    [PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> Not selected
    [PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -> Not selected
    [PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> Not selected
    [PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF} -> Not selected
    [PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> Not selected
    [PUM.Orphan] (X64) HKEY_USERS\RK_spirit indonesia_ON_G_59BA\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {47833539-D0C5-4125-9FA8-0819E2EAAC93} : -> Not selected
    [PUM.Orphan] (X86) HKEY_USERS\RK_spirit indonesia_ON_G_59BA\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {47833539-D0C5-4125-9FA8-0819E2EAAC93} : -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Lightshot : C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [7] -> Not selected
    [PUP] (X64) HKEY_USERS\RK_spirit indonesia_ON_G_59BA\Software\Microsoft\Windows\CurrentVersion\Run | LiveSupport : "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log [x][x][x] -> Not selected
    [PUP] (X86) HKEY_USERS\RK_spirit indonesia_ON_G_59BA\Software\Microsoft\Windows\CurrentVersion\Run | LiveSupport : "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log [x][x][x] -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HuaweiHiSuiteService64.exe ("C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe" -/service) -> Not selected
    [PUP] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_E3F0\ControlSet001\Services\IBUpdaterService ("C:\ProgramData\IBUpdaterService\ibsvc.exe" /SERVICE) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HuaweiHiSuiteService64.exe ("C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe" -/service) -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:50796;https=127.0.0.1:50796 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:50796;https=127.0.0.1:50796 -> Not selected
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:50796;https=127.0.0.1:50796 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:50796;https=127.0.0.1:50796 -> Not selected
    [PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Internet Explorer\Main | Start Page : http://id.hao123.com/?tn=pcf_inner_protection_01_hao123_id_ie -> Not selected
    [PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Internet Explorer\Main | Start Page : http://id.hao123.com/?tn=pcf_inner_protection_01_hao123_id_ie -> Not selected
    [PUM.HomePage] (X64) HKEY_USERS\RK_spirit indonesia_ON_G_59BA\Software\Microsoft\Internet Explorer\Main | Start Page : http://id.hao123.com/?tn=pcf_inner_protection_01_hao123_id_ie -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\RK_spirit indonesia_ON_G_59BA\Software\Microsoft\Internet Explorer\Main | Start Page : http://id.hao123.com/?tn=pcf_inner_protection_01_hao123_id_ie -> Not selected
    [PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Internet Explorer\Main | Default_Page_URL : -> Not selected
    [PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Internet Explorer\Main | Default_Page_URL : -> Not selected
    [PUM.HomePage] (X64) HKEY_USERS\RK_spirit indonesia_ON_G_59BA\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\RK_spirit indonesia_ON_G_59BA\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : -> Not selected
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1415457942-1267786245-2192413135-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Not selected
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1415457942-1267786245-2192413135-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_E3F0\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8D6F902B-9993-402D-AFFF-D04F1721324A} | NameServer : 10.17.3.252 10.17.125.230 [(Private Address) (XX)][(Private Address) (XX)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_E3F0\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A06D150E-737F-4220-AB48-4A625504A28A} | NameServer : 10.17.3.252 10.17.125.230 [(Private Address) (XX)][(Private Address) (XX)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_E3F0\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C2EDDB6E-7145-4E96-8B48-A541A41B62B7} | NameServer : 10.17.3.252 10.17.125.230 [(Private Address) (XX)][(Private Address) (XX)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_E3F0\ControlSet002\Services\Tcpip\Parameters\Interfaces\{109AFCA6-C954-461D-9975-19BF0754D9AF} | NameServer : 10.17.118.187 10.17.118.251 [(Private Address) (XX)][(Private Address) (XX)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_E3F0\ControlSet002\Services\Tcpip\Parameters\Interfaces\{73B4EF26-530D-4FBD-8665-D70E7D89DED7} | NameServer : 10.17.118.187 10.17.118.251 [(Private Address) (XX)][(Private Address) (XX)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_E3F0\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8D6F902B-9993-402D-AFFF-D04F1721324A} | NameServer : 10.17.118.187 10.17.118.251 [(Private Address) (XX)][(Private Address) (XX)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_E3F0\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A06D150E-737F-4220-AB48-4A625504A28A} | NameServer : 10.17.3.252 10.17.125.230 [(Private Address) (XX)][(Private Address) (XX)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_E3F0\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C2EDDB6E-7145-4E96-8B48-A541A41B62B7} | NameServer : 10.17.3.252 10.17.125.230 [(Private Address) (XX)][(Private Address) (XX)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_E3F0\ControlSet003\Services\Tcpip\Parameters\Interfaces\{109AFCA6-C954-461D-9975-19BF0754D9AF} | NameServer : 10.17.118.187 10.17.118.251 [(Private Address) (XX)][(Private Address) (XX)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_E3F0\ControlSet003\Services\Tcpip\Parameters\Interfaces\{73B4EF26-530D-4FBD-8665-D70E7D89DED7} | NameServer : 10.17.118.187 10.17.118.251 [(Private Address) (XX)][(Private Address) (XX)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_E3F0\ControlSet003\Services\Tcpip\Parameters\Interfaces\{8D6F902B-9993-402D-AFFF-D04F1721324A} | NameServer : 10.17.118.187 10.17.118.251 [(Private Address) (XX)][(Private Address) (XX)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_E3F0\ControlSet003\Services\Tcpip\Parameters\Interfaces\{A06D150E-737F-4220-AB48-4A625504A28A} | NameServer : 10.17.3.252 10.17.125.230 [(Private Address) (XX)][(Private Address) (XX)] -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_G_E3F0\ControlSet003\Services\Tcpip\Parameters\Interfaces\{C2EDDB6E-7145-4E96-8B48-A541A41B62B7} | NameServer : 10.17.3.252 10.17.125.230 [(Private Address) (XX)][(Private Address) (XX)] -> Not selected
    [PUM.StartMenu] (X64) HKEY_USERS\RK_spirit indonesia_ON_G_59BA\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Not selected
    [PUM.StartMenu] (X86) HKEY_USERS\RK_spirit indonesia_ON_G_59BA\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Not selected
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1415457942-1267786245-2192413135-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Not selected
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1415457942-1267786245-2192413135-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_CA25\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 1 ¤¤¤
    [Suspicious.Path][File] Y210 Recovery Installer.rar.lnk -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Y210 Recovery Installer.rar.lnk [LNK@] C:\ProgramData\{d406bd95-3834-533f-d406-6bd95383f654}\Y210 Recovery Installer.rar.exe --startup=1 -> Deleted

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 1 ¤¤¤
    [PUM.Proxy][FIREFX:Config] mvldvpgz.default : user_pref("network.proxy.type", 4); -> Not selected

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD5000AACS-00G8B1 ATA Device +++++
    --- User ---
    [MBR] 06cd13aa10a519a15cf33787d1a900ab
    [BSP] 7275acb36f79c4cecc94b6f051ce475a : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 100000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 871895745 | Size: 51207 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 205006849 | Size: 325629 MB
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_SCN_05282015_230528.log
     
  6. JunSS

    JunSS TS Rookie Topic Starter Posts: 16

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 5/28/2015
    Scan Time: 16:29:16
    Logfile:
    Administrator: Yes

    Version: 2.01.6.1022
    Malware Database: v2015.05.28.03
    Rootkit Database: v2015.05.24.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: Home

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 384314
    Time Elapsed: 22 min, 45 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 1
    PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [53b0efaa4d3d62d4c85da14056ad9a66],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 3
    Trojan.Agent, C:\Program Files\PowerISO\Crack (x64).exe, No Action By User, [6c976e2bcdbd8da9cb4082b7b64c867a],
    PUP.Optional.Amonetize, C:\Users\Home\AppData\Local\26159\a12135.exe, Quarantined, [7c8752475733da5cc4b123a8669b57a9],
    PUP.Optional.MyStartSearch.A, C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Good: (), Bad: ({"browser":{"show_home_button":false},"extensions":{"settings":{"aapbdbdomjkkjkaonfhkkikfgjllcleb":{"disable_reasons":32,"state":0},"abjcfabbhafbcdfjoecdgepllmpfceif":{"active_permissions":{"api":["contextMenus","storage","tabs"],"explicit_host":["https://ssl.google-analytics.com https://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js; object-src 'self'","description":"Docks your favourite stuff in a floating mobile-view window! Including Facebook chatting, Youtube videos and Hangouts calls","icons":{"128":"icon128.png","16":"icon16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDL/z0wb8ThEQnZZm1HdV5134PSWJmCBwnXerUQvPQTazt8RvItYsFhJJKpIyLuf7J0kgHdo4+WfVmwbQtCz7g4G7IxwZEh3r/tLyjeHDk9TMCwCG1OEmbLbQG3u0WpIvqEETQvwyXl/q37Pbhm3WPaNuikvuO5N6qxlRIw0crr+QIDAQAB","manifest_version":2,"name":"Picture in Picture Viewer","options_page":"options.html","permissions":["tabs","webRequest","webRequestBlocking","webNavigation","contextMenus","*://*/*"],"update_url":"https://chromeadblock.com https://*.google.com https://*.gstatic.com; object-src 'self'","current_locale":"en_US","default_locale":"en","description":"Bookmark Manager","externally_connectable":{"matches":["*://*.google.com/*"]},"icons":{"16":"icons/bookmarks16.png","32":"icons/bookmarks32.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDO1rEc7Du17LBzIOf1nXMC4JM4suAzgaswHRjJhaE4/fNIXxrTjqaDH5tpU7huX8RdVyuu3zggdP36mpqhLYNzCf9fgnvhZEGpsXYqedWXapQ4nrVca4Xg5SB8/K7oRS+dnMwwxYjED434qTyfiSiJoXVo7MXa+qBckMQ6Wf0t0QIDAQAB","manifest_version":2,"minimum_chrome_version":"42","name":"Bookmark Manager DEV","oauth2":{"client_id":"610799782257-avhfi6rijk0n02t94linmllq54ool5kf.apps.googleusercontent.com","scopes":["https://ssl.google-analytics.com; object-src 'self'","description":"Preloaded Extension Placeholder for Crhome","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjvF5pjuK8gRaw/2LoRYi37QqRd48B/FeO9yFtT6ueY84z/u0NrJ/xbPFc9OCGBi8RKIblVvcbY0ySGqdmp0QsUr/oXN0b06GL4iB8rMhlO082HhMzrClV8OKRJ+eJNhNBl8viwmtJs3MN0x9ljA4HQLaAPBA9a14IUKLjP0pWuwIDAQAB","manifest_version":2,"name":"Default Placeholder Extensions","permissions":["tabs","cookies","bookmarks",""],"version":"35.2.1","web_accessible_resources":["content.js"]},"path":"C:\\Program'>http://*/*","https://*/*","file://*","chrome://*/*","storage","management","webRequest","idle","webRequestBlocking","history","debugger","\u003Call_urls>"],"version":"35.2.1","web_accessible_resources":["content.js"]},"path":"C:\\Program Files\\Google\\Chrome\\Application\\Extensions\\chrome\\man","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"mbniclmhobmnbdlbpiphghaielnnpgdp":{"disable_reasons":32,"state":0},"mfehgcgbbipciphmccgaenjidiccnmng":{"active_permissions":{"api":["cloudPrintPrivate"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13076928208311557","location":5,"manifest":{"app":{"launch":{"web_url":"https://www.google.com/cloudprint"},"urls":["https://www.google.com/cloudprint/enable_chrome_connector"]},"description":"Cloud Print","display_in_launcher":false,"icons":{},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDqOhnwk4+HXVfGyaNsAQdU/js1Na56diW08oF1MhZiwzSnJsEaeuMN9od9q9N4ZdK3o1xXOSARrYdE+syV7Dl31nf6qz3A6K+D5NHe6sSB9yvYlIiN37jdWdrfxxE0pRYEVYZNTe3bzq3NkcYJlOdt1UPcpJB+isXpAGUKUvt7EQIDAQAB","name":"Cloud Print","permissions":["cloudPrintPrivate"],"version":"0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\43.0.2357.65\\resources\\cloud_print","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"mfffpogegjflfpflabcdkioaeobkgjik":{"active_permissions":{"api":["webRequest","webRequestBlocking"],"explicit_host":["\u003Call_urls>","chrome://favicon/*"],"manifest_permissions":[],"scriptable_host":["\u003Call_urls>"]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13076928253636823","location":5,"manifest":{"background":{"scripts":["channel.js","background.js"]},"content_scripts":[{"all_frames":true,"js":["channel.js","saml_injected.js"],"matches":["\u003Call_urls>"],"run_at":"document_start"}],"content_security_policy":"default-src 'self'; script-src 'self'; frame-src 'self' http: https:; style-src 'self'","description":"GAIA Component Extension","incognito":"split","key":"MIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQC4L17nAfeTd6Xhtx96WhQ6DSr8KdHeQmfzgCkieKLCgUkWdwB9G1DCuh0EPMDn1MdtSwUAT7xE36APEzi0X/UpKjOVyX8tCC3aQcLoRAE0aJAvCcGwK7qIaQaczHmHKvPC2lrRdzSoMMTC5esvHX+ZqIBMi123FOL0dGW6OPKzIwIBIw==","manifest_version":2,"name":"GaiaAuthExtension","permissions":["\u003Call_urls>","webRequest","webRequestBlocking"],"version":"0.0.1","web_accessible_resources":["main.css","main.html","main.js","offline.css","offline.html","offline.js","success.html","success.js","util.js"]},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\43.0.2357.65\\resources\\gaia_auth","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"mgndgikekgjfcpckkfioiadnlibdjbkf":{"active_permissions":{"api":[],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13076928208311557","location":5,"manifest":{"app":{"launch":{"web_url":"http://THIS-WILL-BE-REPLACED"}},"description":"A fast, simple, and secure web browser, built for the modern web.","display_in_launcher":true,"display_in_new_tab_page":false,"icons":{"128":"product_logo_128.png","16":"product_logo_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNuYLEQ1QPMcc5HfWI/9jiEf6FdJWqEtgRmIeI7qtjPLBM5oje+Ny2E2mTAhou5qdJiO2CHWdU1DQXY2F7Zu2gZaKZgHLfK4WimHxUT5Xd9/aro/R9PCzjguM1BLusiWYc9xlj1IsZpyiN1hcjU7SCnBhv1feQlv2WSB5KRiXwhQIDAQAB","name":"Chrome","version":"0.1"},"page_ordinal":"n","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\43.0.2357.65\\resources\\chrome_app","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"mpphfcjpaldmedbbomcdhgonmhjngfig":{"disable_reasons":32,"state":0},"nmladpigjlinmngadjgfogblnmddndcp":{"app_launcher_ordinal":"zg","disable_reasons":32,"page_ordinal":"n","state":0},"nmmhkkegccagdldgiimedpiccmgmieda":{"ack_external":true,"active_permissions":{"api":["identity","webview"],"explicit_host":["https://wallet-web.sandbox.google.com/*","https://wallet.google.com/*","https://www.google.com/*","https://www.googleapis.com/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":137,"events":["app.runtime.onLaunched","runtime.onConnectExternal"],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["identity","webview"],"explicit_host":["https://wallet-web.sandbox.google.com/*","https://wallet.google.com/*","https://www.google.com/*","https://www.googleapis.com/*"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13076928233488823","lastpingday":"13077270001802742","location":10,"manifest":{"app":{"background":{"scripts":["craw_background.js"]}},"current_locale":"en_US","default_locale":"en","description":"Google Wallet for digital goods","display_in_launcher":false,"display_in_new_tab_page":false,"icons":{"128":"images/icon_128.png","16":"images/icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrKfMnLqViEyokd1wk57FxJtW2XXpGXzIHBzv9vQI/01UsuP0IV5/lj0wx7zJ/xcibUgDeIxobvv9XD+zO1MdjMWuqJFcKuSS4Suqkje6u+pMrTSGOSHq1bmBVh0kpToN8YoJs/P/yrRd7FEtAXTaFTGxQL4C385MeXSjaQfiRiQIDAQAB","manifest_version":2,"minimum_chrome_version":"29","name":"Google Wallet","oauth2":{"auto_approve":true,"client_id":"203784468217.apps.googleusercontent.com","scopes":["","chrome://favicon/*"],"manifest_permissions":[],"scriptable_host":["file:///*","ftp://*/*","http://*/*","https://*/*"]},"commands":{},"content_settings":[],"creation_flags":9,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["storage","tabs","webNavigation","webRequest","webRequestBlocking"],"explicit_host":["\u003Call_urls>","chrome://favicon/*"],"manifest_permissions":[],"scriptable_host":["file:///*","ftp://*/*","http://*/*","https://*/*"]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13077247807358480","lastpingday":"13077270001802742","location":1,"manifest":{"background":{"page":"pdfHandler.html"},"content_scripts":[{"all_frames":true,"css":["contentstyle.css"],"js":["contentscript.js"],"matches":["http://*/*","https://*/*","ftp://*/*","file://*/*"],"run_at":"document_start"}],"content_security_policy":"script-src'>https://www.googleapis.com/auth/sierra","https://www.googleapis.com/auth/sierrasandbox","https://www.googleapis.com/auth/chromewebstore","https://www.googleapis.com/auth/chromewebstore.readonly"]},"permissions":["identity","webview","https://wallet.google.com/","https://wallet-web.sandbox.google.com/","https://www.google.com/","https://www.googleapis.com/*"],"update_url":"https://clients2.google.com/service/update2/crx","version":"0.1.1.0"},"path":"nmmhkkegccagdldgiimedpiccmgmieda\\0.1.1.0_0","preferences":{},"regular_only_preferences":{},"running":false,"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"oemmndcbldboiebfnladdacbdfmadadm":{"active_permissions":{"api":["storage","tabs","webNavigation","webRequest","webRequestBlocking"],"explicit_host":["\u003Call_urls>","chrome://favicon/*"],"manifest_permissions":[],"scriptable_host":["file:///*","ftp://*/*","http://*/*","https://*/*"]},"commands":{},"content_settings":[],"creation_flags":9,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["storage","tabs","webNavigation","webRequest","webRequestBlocking"],"explicit_host":["\u003Call_urls>","chrome://favicon/*"],"manifest_permissions":[],"scriptable_host":["file:///*","ftp://*/*","http://*/*","https://*/*"]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13077247807358480","lastpingday":"13077270001802742","location":1,"manifest":{"background":{"page":"pdfHandler.html"},"content_scripts":[{"all_frames":true,"css":["contentstyle.css"],"js":["contentscript.js"],"matches":["http://*/*","https://*/*","ftp://*/*","file://*/*"],"run_at":"document_start"}],"content_security_policy":"script-src 'self' 'unsafe-eval'; object-src 'self'","description":"Uses HTML5 to display PDF files directly in the browser.","file_browser_handlers":[{"default_title":"Open with PDF Viewer","file_filters":["filesystem:*.pdf"],"id":"open-as-pdf"}],"icons":{"128":"icon128.png","16":"icon16.png","48":"icon48.png"},"incognito":"split","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDb5PIb8ayK6vHvEIY1nJKRSCDE8iJ1T43qFN+5dvCVQrmyEkgqB9ZuZNT24Lwot96HV51VoITHKRNIVKI2Nrbfn0M49t7qtaP34g/GXJ7mAIbSzsY4+I+Wsz8EL2SNEIw6uH8RmXG7nZ29NJ7sk7jn17QmMsO2UJ01UT8hfOOOEQIDAQAB","manifest_version":2,"mime_types":["application/pdf"],"name":"PDF Viewer","options_page":"options/options.html","options_ui":{"chrome_style":true,"page":"options/options.html"},"page_action":{"default_icon":{"19":"icon19.png","38":"icon38.png"},"default_popup":"pageActionPopup.html","default_title":"Show PDF URL"},"permissions":["fileBrowserHandler","webRequest","webRequestBlocking","\u003Call_urls>","tabs","webNavigation","storage","streamsPrivate"],"storage":{"managed_schema":"preferences_schema.json"},"update_url":"https://clients2.google.com/service/update2/crx","version":"1.1.132","web_accessible_resources":["getFrameId","content/web/viewer.html","http:/*","https:/*","ftp:/*","file:/*","chrome-extension:/*","filesystem:/*","drive:*"]},"path":"oemmndcbldboiebfnladdacbdfmadadm\\1.1.132_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"pfjmpddhehfgenddjoejiakphgbkhknc":{"disable_reasons":32,"lastpingday":"13077270002512742","state":0},"pjkljhegncpnkpknbcohdijeoejaedia":{"active_permissions":{"api":["notifications"],"manifest_permissions":[]},"app_launcher_ordinal":"wn","commands":{},"content_settings":[],"creation_flags":9,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13076928310276840","lastpingday":"13077270001802742","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"en_US","default_locale":"en","description":"Fast, searchable email with less spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false}}},"google":{"services":{"last_username":"jun.ro70@gmail.com","username":"jun.ro70@gmail.com"}},"homepage":"","homepage_is_newtabpage":true,"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"FC724A054C8261FAC500B0D00B779A264513F3EDF3A4FE9663D71F11E180C83C"},"default_search_provider":{"keyword":"6A3BCD7409E5FAC77E904DB95B810C71FFEF20A231A7F1EB1DF0F24B42C049F1","name":"2F822171863DBF4ABE5B133CFF124C311EAF240CA2EBCA7EF426A3766704BC7D","search_url":"5002197665DA3F5D9AF60DB7FEF1C8BCDC5E47B0E29662F4719422E84FB9F9C5"},"default_search_provider_data":{"template_url_data":"A422F6AD49EB58B4B8765CD851C5253B475B7D48CF858CE1CE8A57442E2D02FC"},"extensions":{"settings":{"aapbdbdomjkkjkaonfhkkikfgjllcleb":"2E0E795D6739BA477B3AB093C16884DA02881EB645A921206C0B74A2CC014909","abjcfabbhafbcdfjoecdgepllmpfceif":"0254DEC3A56C0137C2BFE6BE3337B0E58618D4518F439F5287F348660152696D","ahfgeienlihckogmohjhadlkjgocpleb":"931804D0D89DCBE55857396DB7A2B54AC7E008AAF86575A978527ACB75BF5E41","babikeemlljheaiopgchfgnpogodbfci":"CB60E627C1FB59DE0F7E003F62AC9FDA2FA0DBAC2A43DA90A64293F088F08C40","bbfenppodikphgiphiipabngecoffcni":"1F99A4F0B0086B00EA464F79A38C3BE8654898ABE4A1B8DA1BC1950CF68FFD90","bcbpbenaemaebapiffhkjjnilcphggcn":"49A5C5C2B0AF217203C80F0117B1866560F1102D2FD0FA4D45D4BD4D98B68C4E","bepbmhgboaologfdajaanbcjmnhjmhfn":"48685D5D653316ED62088892F165EC1371D3EE2F3D7BA0DA4FA711FCF1BAFEAB","bicgmdmgbomnebambjpkkkjpbkiahike":"2A826A2042FAA2321FB952E5B670BA751522FFB0D0901164FE817B3A369B9144","blpcfgokakmgnkcojhhkbfbldkacnbeo":"A6780ADC979CE965337DEA4478A604C0D028FBFA39898937B882D733257D460E","cfhdojbkjhnklbpkdaibdccddilifddb":"45F86A8C51B6D05E48A5455D36A7B5AD3274F5DCCE806E0C77A2D20B50B1E4CE","coobgpohoikkiipiblmjeljniedjpjpf":"286F32CE5A0D851C057B5F349FA9A0B17024123D984892EF6ECEEFF0BE80C98C","ddkedpofhcigoiibhjfmlfpghobnbabn":"2029D9753638543CE1A4AF05D9DA2F936CD241FED91EBF6003FC4E0FD0B0A7B4","dhdgffkkebhmkfjojejmpbldmpobfkfo":"0EAF5B6FC6F43266771AF8C42A7A74FF5603532B516D43986200F13E3C504863","djflhoibgkdhkhhcedjiklpkjnoahfmg":"DBDED7F3EF266F3AAD2DBE867F2BE8121F1AD818E2E60A2F16AE3DF2AFFF7BC2","donooklgjecljcdaflphibjiigobinho":"BB6D1A8346988D9EEFF85F2865681580C8E7AC26BBE8A9A341AAC685069F79FC","dpdmlmpcpbjdllmdacjgdldbmhefmmkb":"1B34AE7A36727EF5F360E4AE6C8181EBF8DD94BF1708602A8337293F3B1B9DE8","dpplabbmogkhghncfbfdeeokoefdjegm":"9EE0A2A70FFEEC3C65B31224D47BB311501995B90102DD5CCA92889286F0E50C","eemcgdkfndhakfknompkggombfjjjeno":"6C0AAE96A1F3EED9E36C5BCBC7423081C94B3D7E7A42B32F5B37168EDA9DE36F","efaagmolahogmekmnmkigonhfcdiemnl":"51BD048B3784452E647AA7D906BA38C31C96E6E93AD09513505F629A56801837","efgochcggfpajofoidkjhelkaihdflpo":"ED973B8779A7B962083B0AEC56938C1C49FA75946F40A7CAF7EE6AE11CAC7CE2","eooefojkjcddbgjjeoabdloeapnbccmh":"6E1304DEAF488AFEC35EB2B3BD55164E5DDD13DC40D063106F35A42F35519DBF","fjeahcfaibacboijpccppebdpihhbflk":"EC9AF4D6F5C65E39B9713ABB47D9FDD35F2F0DBF22BAB617CA10BABECCC4BB68","fjnbnpbmkenffdnngjfgmeleoegfcffe":"92B87B23673EBCA6B5DE9B94996145E4EA129DED529DEA4652E09001DAAD01AE","flapeljaacmlecndmchagnbjhnblobfg":"9BA4F7400EB4811E0F9CD386BC6D46CF480C9C8B3661E84FDCB78797ACD85573","gaedmjdfmmahhbjefcbgaolhhanlaolb":"D445E5A8A8A3324F62292232DFAD9E3AC9299737D642590299006F061D2E91F7","gbkeegbaiigmenfmjfclcdgdpimamgkj":"F561A723CCA7CAF19D7BAD5FCBA9BE29A6E2AF4F6787A3792AA2E1931CDCE87F","gighmmpiobklfepjocnamgkkbiglidom":"A709EA667CAFF816BF0D735F68B9B64AA8FD5F33DD15BFA5EE72DA50C9FB083B","gmlllbghnfkpflemihljekbapjopfjik":"78427E61937CD3FA704E8B2D7DA7BEAB0C1F9C871761B3B15028247EB392ACE3","headobkbbbbgggkilpbjkmmpdmdkpjhl":"CC5EBE73531DA2DE8AA6A704FC0F35483CEBF4371239F49351DB754DA076EA54","inijnmkffhfbpknkajembojpfejgmnjn":"93D84D72DD47D8112AD51F121C9BF206433824064D7B7E7F99E2F3A1AEA68578","ipplilmaapjjklilmmaccfemdmhkoacd":"27E82E14976A98AEAD16E864C1EF2C1306B40E95CDF7CC42FA9008D2AEE084C8","jdbcdbdkiaadpbkggggekjcpmgjekkke":"1097F67B659D471ED0314345CA8E40745488E1B39A7D8AC0B38965E75DFCD167","jeaohhlajejodfjadcponpnjgkiikocn":"A3AB26F20B1F8D288D2B035E0F0DBDB17262367F277411DD01A09EC436876501","kejckknopfdplgggklalmeanigajfcol":"B503002FAD8519DB9D000AD67E176B1CE69141593DD4D5F5B56D763286FB8510","kmokinipfahjbfaicnjnmlobmbfiedmp":"0A8212028F594794BA93301722ECE7CD4C606319362D3B68C1D6A329ADDB2073","koiaokdomkpjdgniimnkhgbilbjgpeak":"8BB27EF3AB148D796C9522FD74690FF88C203BA14B223024AF278325B1F48535","lcccjopfndhhpdnjbbadijddmjbadpkn":"4BDD32E36B265CD7B4470781334E643D7A7A5139BFCD9C48B07F4B2D65305AF1","lccekmodgklaepjeofjdjpbminllajkg":"6F6B94ED792E25D5F976F3AC1479A85131D13BAFFD4348CBBA4F2DAE304678B3","lepfcadhgpghgblgpffcmabpfckadmbd":"F0DC5D18F95F6939FEDA1BD7A5A3B185801BD1BEA800DD8A681C3F1CB710B286","lfmhcpmkbdkbgbmkjoiopeeegenkdikp":"67BF398AD97F3137A69652A7CE9CE1BC8D2B204C7857A9390590D3F1604E2820","lojpenhmoajbiciapkjkiekmobleogjc":"25748F20AB1210CD8A72CFB588D41AF25F212CC103795436BBDA3C74D0EC909A","mbniclmhobmnbdlbpiphghaielnnpgdp":"304936278D599281DB412BC7C6779C75E4ABCCED629933F4BFD4A17D35CCD3CA","mfehgcgbbipciphmccgaenjidiccnmng":"3127630829B63609435AACA92F3A3830B009B622688C6F742C8889FDD84C3A32","mfffpogegjflfpflabcdkioaeobkgjik":"5A302ABF4DBE786311B20732929DD9D22589DB62D69CB6A6D9EF5C2AA4F57450","mgndgikekgjfcpckkfioiadnlibdjbkf":"5800DCEDAFBFEE985B4B913FE2EBF9DFFE04A55E9C7A94DF0606D64E2E05EBF2","mpphfcjpaldmedbbomcdhgonmhjngfig":"7388C62D65967D5E51FF6F6AB1DC8382FCC65BBB03B85E15BC3587AC9EB8DFEF","nmladpigjlinmngadjgfogblnmddndcp":"6B34485E6F5197343408D3F9A6FA3BD9EB6ADCC511851EFA017869180AC04FA9","nmmhkkegccagdldgiimedpiccmgmieda":"5812983064DDA262729192A90FBA4F90EFA9A85B10C329695177F2627BB4AD21","oemmndcbldboiebfnladdacbdfmadadm":"1888221C4FE127341A402DA58C5E7077563494EEC061A8B485085FEE6EC99638","pfjmpddhehfgenddjoejiakphgbkhknc":"9C39A8405DB5976413BEC6D7C7E84BE16F7FFE47E15999633DFE35AA0D361582","pjkljhegncpnkpknbcohdijeoejaedia":"C7C4C9767DBD50412BD4EB6EDDB19EB7637A172896EEA124942021930595813B"}},"google":{"services":{"last_username":"95ECB7BC196C6233813ED79AFA7B5A71B6C1911A9EF60127A1D545810C7D526C","username":"4A3F37CFA233F4E6ACA506F62053CAA3834F6A772D5018BC05F904485771A258"}},"homepage":"ABE0DDDB67E94623AA9F0B2E3D8BAF10FDFF2769A02954500B9CE36AC9E0BFD3","homepage_is_newtabpage":"CD52D0CDE9CE53BEEB8B9DF3DAFE360C347397BC1ED4FEA4BF66F19685162587","pinned_tabs":"885BAEFA39CB2727A99BEB49AA025BBDCB9508CFBFD4AF5AED2129B8F5E17C5F","prefs":{"preference_reset_time":"9EA3519C7E77F0192E9244CC98A5F3FF369F278A6CFC738BCF17C10FB197EB50"},"profile":{"reset_prompt_memento":"0AD227584A87055A23265D1A05D460B7855FAD4E4F4B42C441A9BCCA5A509CD7"},"safebrowsing":{"incidents_sent":"45F5EABAAA7EFCE39346558606F30EF783D243CAB3591BD971A76528CB73ED48"},"search_provider_overrides":"2ECF4B0891691B4C6EDD35038C9ED7207A1D0779E4026693B8F8FB725A7478C9","session":{"restore_on_startup":"0EF7B7576354532BC2E5FB1BA17D52CB6B584CD010132714F862637283814E6C","startup_urls":"225D482E4E52E311CB98E9AE0E1941D136D056670EA414FB887FE80377FBF101"},"software_reporter":{"prompt_reason":"3AD0A4B95A4BF5369279FAD77FB151AAC192A96EF6F64B48167B185A1FEFADC3","prompt_seed":"75FD9EFC32767362928D17CF832F64A61CF7E243D3B584996B26D4F783435999","prompt_version":"E79DE9E1B2E18A94ED36B543C29BB720A44F49FC15722A625C4DD50E2D3B8905"},"sync":{"remaining_rollback_tries":"891FC1409DB7DABAE01E5A4F93EEFD3F1924B1E9AB682F98558DD1A088C27764"}},"super_mac":"319F648198F1334B4F46B3E06D373ABBE7DCEC04BADE621A58D6C6C340602CFA"},"session":{"restore_on_startup":5,"startup_urls":["http://www.google.com","http://www.google.com/","http://search.conduit.com/?ctid=CT1547340&SearchSource=48","http://www.mysearchresults.com/?c=2600&t=03","http://search.babylon.com/?affID=11...HP_ss&mntrId=68c87b48000000000000e0cb4ec0c995","http://search.shareazaweb.net/","http://search.babylon.com/?affID=11...HP_ss&mntrId=08c39efb000000000000e0cb4ec58c6d","http://search.certified-toolbar.com?si=41460&home=true&tid=2937","http://home.sweetim.com/?crg=3.1010000.10009&barid={A1E05DEA-26B2-11E2-9E75-E0CB4EC58C6D}","http://search.babylon.com/?affID=11...HP_ss&mntrId=7228409d000000000000000000000000","http://home.sweetim.com/?crg=3.1010000.10011&barid={3BC1DDF5-5C4A-11E2-BFB6-00197E846A15}","http://isearch.babylon.com/?affID=120023&babsrc=HP_ss&mntrId=48552de0000000000000003067c30afc","http://www.delta-search.com/?affID=119294&babsrc=HP_ss&mntrId=2E08001E8C2655DF","http://websearch.helpmefindyour.info/?pid=821&r=2013/04/24&hid=1515876265&lg=EN&cc=ID","http://websearch.searchboxes.info/?pid=887&r=2013/07/24&hid=2139690387&lg=EN&cc=ID&unqvl=28","http://websearch.searchguru.info/?pid=821&r=2013/12/08&hid=7240186974202971102&lg=EN&cc=ID&unqvl=43","http://www.istartsurf.com/?type=hp&...id=WDCXWD5000AACS-00G8B1_WD-WCAUH011131911319","http://www.mystartsearch.com/?type=...id=WDCXWD5000AACS-00G8B1_WD-WCAUH011131911319"]},"sync":{"remaining_rollback_tries":0}}), %5

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  7. JunSS

    JunSS TS Rookie Topic Starter Posts: 16

    # AdwCleaner v4.205 - Logfile created 28/05/2015 at 23:28:09
    # Updated 21/05/2015 by Xplode
    # Database : 2015-05-25.3 [Server]
    # Operating system : Windows 8.1 Pro (x64)
    # Username : Home - HOME-PC
    # Running from : C:\Users\Home\Downloads\Programs\adwcleaner_4.205.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:50796;hxxps=127.0.0.1:50796
    Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
    Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.16384


    -\\ Mozilla Firefox v


    -\\ Google Chrome v


    *************************

    AdwCleaner[R0].txt - [21599 bytes] - [24/05/2015 14:56:51]
    AdwCleaner[R1].txt - [9736 bytes] - [28/05/2015 20:27:39]
    AdwCleaner[R2].txt - [1587 bytes] - [28/05/2015 23:26:53]
    AdwCleaner[S0].txt - [11723 bytes] - [24/05/2015 14:58:43]
    AdwCleaner[S1].txt - [2282 bytes] - [28/05/2015 20:32:17]
    AdwCleaner[S2].txt - [1292 bytes] - [28/05/2015 23:28:09]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1351 bytes] ##########
     
  8. JunSS

    JunSS TS Rookie Topic Starter Posts: 16

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.8.2 (05.28.2015:1)
    OS: Windows 8.1 Pro x64
    Ran by Home on Thu 05/28/2015 at 23:33:03.79
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Tasks



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1415457942-1267786245-2192413135-1001\Software\Microsoft\Internet Explorer\Main\\Start Page



    ~~~ Registry Keys



    ~~~ Files

    Successfully deleted: [File] C:\Users\Home\AppData\Roaming\appdataFr25.bin



    ~~~ Folders

    Successfully deleted: [Folder] C:\Users\Home\appdata\local\crashrpt





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Thu 05/28/2015 at 23:35:51.00
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  9. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  10. JunSS

    JunSS TS Rookie Topic Starter Posts: 16

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
    Ran by Home (administrator) on HOME-PC on 29-05-2015 07:40:04
    Running from C:\Users\Home\Desktop
    Loaded Profiles: Home (Available Profiles: Home)
    Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
    (Valve Corporation) E:\Steam\Steam.exe
    (Valve Corporation) E:\Steam\bin\steamwebhelper.exe
    (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    (Microsoft Corporation) C:\Windows\System32\calc.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
    (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
    Failed to access process -> FRST64.exe
    (Microsoft Corporation) C:\Windows\System32\WerFault.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5299320 2012-10-25] (VIA)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [GamingMouseG7] => C:\Program Files (x86)\AQUILA-X Gaming Mouse\mousehid.exe [741376 2012-06-03] ()
    HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
    HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-18] (Panda Security, S.L.)
    HKLM\...\Winlogon: [Userinit] C:\WINDOWS\SysWOW64\userinit.exe,
    HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3837520 2014-06-17] (Tonec Inc.)
    HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\MountPoints2: {11851c1c-264d-11e4-82cf-1078d241dde7} - "F:\AutoRun.exe"
    HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\MountPoints2: {873727fd-b3cb-11e4-83a1-1078d241dde7} - "I:\AutoRun.exe"
    HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\MountPoints2: {8737283c-b3cb-11e4-83a1-1078d241dde7} - "I:\AutoRun.exe"
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
    BootExecute: autocheck autochk * bootdelete
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
    ProxyServer: [.DEFAULT] => http=127.0.0.1:50796;https=127.0.0.1:50796
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSE1
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
    HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://u.msn.com/id-id/?ocid=iehp
    SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Tcpip\..\Interfaces\{749045DC-334A-4ED7-B313-4EC1C395DA00}: [NameServer] 8.8.8.8,8.8.4.4
    Tcpip\..\Interfaces\{AF710261-D09A-49E1-AD37-E069E7130235}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\mvldvpgz.default
    FF NetworkProxy: "socks", "31.186.175.155"
    FF NetworkProxy: "socks_port", 60088
    FF NetworkProxy: "type", 4
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-25] ()
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-25] ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
    FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-28] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-28] (Oracle Corporation)
    FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll No File
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
    FF Plugin HKU\S-1-5-21-1415457942-1267786245-2192413135-1001: @unity3d.com/UnityPlayer,version=1.0 -> Unity\WebPlayer\loader\npUnity3D32.dll No File
    FF Extension: Adblock Plus - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\mvldvpgz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-15]
    FF HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Home\AppData\Roaming\IDM\idmmzcc5
    FF Extension: IDM CC - C:\Users\Home\AppData\Roaming\IDM\idmmzcc5 [2014-06-27]

    Chrome:
    =======
    CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Translate) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-05-28]
    CHR Extension: (Magic Actions for YouTube™) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2015-05-28]
    CHR Extension: (Google Drive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-28]
    CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-28]
    CHR Extension: (Google Search) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-28]
    CHR Extension: (Tampermonkey) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-05-28]
    CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2015-05-28]
    CHR Extension: (Proxy SwitchySharp) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm [2015-05-28]
    CHR Extension: (Picture in Picture Viewer) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaagmolahogmekmnmkigonhfcdiemnl [2015-05-28]
    CHR Extension: (Twitch Mini Player) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\efgochcggfpajofoidkjhelkaihdflpo [2015-05-28]
    CHR Extension: (Twitch Mini Player) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjeahcfaibacboijpccppebdpihhbflk [2015-05-28]
    CHR Extension: (Stylish) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2015-05-28]
    CHR Extension: (Authy) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaedmjdfmmahhbjefcbgaolhhanlaolb [2015-05-28]
    CHR Extension: (AdBlock) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-28]
    CHR Extension: (ReChat for Twitch™) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipplilmaapjjklilmmaccfemdmhkoacd [2015-05-28]
    CHR Extension: (Office Apps) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdbcdbdkiaadpbkggggekjcpmgjekkke [2015-05-28]
    CHR Extension: (Auto Replay for YouTube™) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2015-05-28]
    CHR Extension: (Better Image Viewer) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmokinipfahjbfaicnjnmlobmbfiedmp [2015-05-28]
    CHR Extension: (Auto HD For YouTube™) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2015-05-28]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-28]
    CHR Extension: (Lightshot (screenshot tool)) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2015-05-28]
    CHR Extension: (LocalChromecast Player) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmladpigjlinmngadjgfogblnmddndcp [2015-05-28]
    CHR Extension: (Google Wallet) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-28]
    CHR Extension: (PDF Viewer) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\oemmndcbldboiebfnladdacbdfmadadm [2015-05-28]
    CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-28]
    CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 2
    CHR Extension: (No Name) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mppnoffgpafgpgbaigljliadgbnhljfl [2015-01-14]
    CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 5
    CHR Extension: (No Name) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-17]
    CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 6
    CHR Extension: (No Name) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-23]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
    S4 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-07-15] (Freemake) [File not signed]
    S4 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-07-15] (Ellora Assets Corp.) [File not signed]
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
    R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-18] (Panda Security, S.L.)
    S4 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2014-10-22] (The OpenVPN Project)
    R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
    R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-18] (Panda Security, S.L.)
    S4 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1006784 2014-06-22] (@ByELDI) [File not signed]
    S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
    S4 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [X]
    S2 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [X]
    S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [X]
    S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [X]
    S2 HuaweiHiSuiteService64.exe; "C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe" -/service [X]
    S4 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [X]
    S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 DFX11_1; C:\Windows\system32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows (R) Win 7 DDK provider)
    R3 GM3305Fltr; C:\Windows\system32\drivers\GM3305Fltr.sys [9600 2012-03-28] (LXD Development, Inc.)
    S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-05-28] ()
    S1 hwinterface; C:\Windows\SysWOW64\Drivers\hwinterface.sys [3026 2015-05-07] (Logix4u) [File not signed]
    U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
    R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-10] (Panda Security, S.L.)
    R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-10] (Panda Security, S.L.)
    R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-10] (Panda Security, S.L.)
    R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-10] (Panda Security, S.L.)
    R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [49936 2014-12-31] (Panda Security, S.L.)
    R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-10] (Panda Security, S.L.)
    R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-10] (Panda Security, S.L.)
    R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-10] (Panda Security, S.L.)
    R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-10] (Panda Security, S.L.)
    R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-10] (Panda Security, S.L.)
    R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-10] (Panda Security, S.L.)
    R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-10] (Panda Security, S.L.)
    R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-10] (Panda Security, S.L.)
    R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-12] (CACE Technologies, Inc.)
    R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2015-02-12] (Panda Security, S.L.)
    R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-12] (Panda Security, S.L.)
    R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-10] (Panda Security, S.L.)
    R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-12] (Panda Security, S.L.)
    R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-12] (Panda Security, S.L.)
    R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-12] (Panda Security, S.L.)
    R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-01-30] (Panda Security, S.L.)
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
    S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-05-28] ()
    S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [116296 2014-10-11] (Oracle Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
    S2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X]
    S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
    S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    S3 ewusbmbb; \SystemRoot\system32\DRIVERS\ewusbwwan.sys [X]
    S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
    S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
    S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-05-28 23:38 - 2015-05-28 23:38 - 00002244 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-05-28 23:38 - 2015-05-28 23:38 - 00002244 _____ () C:\ProgramData\Desktop\Google Chrome.lnk
    2015-05-28 23:38 - 2015-05-28 23:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-05-28 23:38 - 2015-05-28 23:38 - 00000000 ____D () C:\Program Files (x86)\GUM8B9F.tmp
    2015-05-28 23:35 - 2015-05-28 23:35 - 00001477 _____ () C:\Users\Home\Desktop\JRT.txt
    2015-05-28 23:33 - 2015-05-28 23:33 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-HOME-PC-Windows-8.1-Pro-(64-bit).dat
    2015-05-28 23:33 - 2015-05-28 23:33 - 00000000 ____D () C:\RegBackup
    2015-05-28 23:12 - 2015-05-28 23:12 - 02947143 _____ (Thisisu) C:\Users\Home\Desktop\JRT.exe
    2015-05-28 22:57 - 2015-05-28 23:09 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-05-28 22:57 - 2015-05-28 22:57 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
    2015-05-28 21:15 - 2015-05-28 21:15 - 00040487 _____ () C:\Users\Home\Desktop\Addition.txt
    2015-05-28 21:14 - 2015-05-29 07:40 - 00021350 _____ () C:\Users\Home\Desktop\FRST.txt
    2015-05-28 21:13 - 2015-05-28 21:13 - 00002259 _____ () C:\WINDOWS\epplauncher.mif
    2015-05-28 20:49 - 2015-05-29 07:40 - 00000000 ____D () C:\FRST
    2015-05-28 20:49 - 2015-05-28 20:49 - 02108928 _____ (Farbar) C:\Users\Home\Desktop\FRST64.exe
    2015-05-28 20:24 - 2015-05-28 20:24 - 00043664 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
    2015-05-28 20:21 - 2015-05-28 20:21 - 00085578 _____ () C:\WINDOWS\system32\.crusader
    2015-05-28 20:20 - 2015-05-28 20:20 - 00114978 _____ () C:\Users\Home\Documents\HitmanPro_20150528_2020.log
    2015-05-28 20:10 - 2015-05-28 20:21 - 00000000 ____D () C:\ProgramData\HitmanPro
    2015-05-28 17:57 - 2015-05-28 19:20 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
    2015-05-28 17:57 - 2015-05-28 19:19 - 00000000 ____D () C:\sh4ldr
    2015-05-28 17:56 - 2015-05-28 19:19 - 00000000 ____D () C:\WINDOWS\4E0C6314A8B84026AC15084E8B63AFB5.TMP
    2015-05-28 16:28 - 2015-05-28 23:09 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-05-28 16:27 - 2015-05-28 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-05-28 16:27 - 2015-05-28 16:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-05-28 16:27 - 2015-05-28 16:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-05-28 16:27 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2015-05-28 16:27 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2015-05-28 16:27 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2015-05-26 09:02 - 2015-05-26 09:02 - 00001041 _____ () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Captcha.lnk
    2015-05-24 15:07 - 2015-05-29 07:34 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1415457942-1267786245-2192413135-1001
    2015-05-24 15:02 - 2015-01-30 00:21 - 00061712 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
    2015-05-24 14:56 - 2015-05-28 23:28 - 00000000 ____D () C:\AdwCleaner
    2015-05-24 14:25 - 2015-05-24 14:25 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Panda Security
    2015-05-24 14:24 - 2015-05-24 14:26 - 00002217 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus.lnk
    2015-05-24 14:24 - 2015-05-24 14:25 - 00000000 ____D () C:\Program Files (x86)\Panda Security
    2015-05-24 14:24 - 2015-05-24 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
    2015-05-24 14:23 - 2015-05-24 14:25 - 00000000 ____D () C:\ProgramData\Panda Security
    2015-05-24 12:53 - 2015-05-24 12:53 - 00000000 _____ () C:\autoexec.bat
    2015-05-22 14:46 - 2015-05-22 14:46 - 01081072 _____ (Unity Technologies ApS) C:\Users\Home\Downloads\UnityWebPlayer.exe
    2015-05-20 10:10 - 2015-05-20 10:12 - 00000000 ____D () C:\murottal
    2015-05-19 12:54 - 2015-05-19 12:54 - 00000000 _____ () C:\Users\Home\AppData\Local\Temp.dat
    2015-05-12 22:54 - 2011-10-24 11:04 - 00223232 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_quusbmdm.sys
    2015-05-12 22:54 - 2011-10-24 10:51 - 00116864 _____ (Huawei Technologies Co., Ltd.) C:\WINDOWS\system32\Drivers\hw_usbdev.sys
    2015-05-12 22:54 - 2010-02-19 06:00 - 01533512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFUpdate_01007.dll
    2015-05-12 22:54 - 2010-02-19 06:00 - 00708168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WinUSBCoInstaller.dll
    2015-05-07 21:02 - 2015-05-07 21:02 - 00003026 _____ (Logix4u) C:\WINDOWS\SysWOW64\Drivers\hwinterface.sys
    2015-05-07 21:02 - 2015-05-07 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aplikasi Pengusir Nyamuk

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-05-29 07:16 - 2014-06-27 22:11 - 01751563 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-05-29 07:00 - 2013-08-22 22:36 - 00000000 ____D () C:\WINDOWS\system32\sru
    2015-05-29 06:55 - 2015-04-25 15:47 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-05-28 23:38 - 2014-06-27 08:20 - 00000000 ____D () C:\Program Files (x86)\Google
    2015-05-28 23:29 - 2013-08-22 21:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2015-05-28 23:28 - 2013-08-22 20:25 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
    2015-05-28 21:33 - 2014-06-27 08:39 - 00000000 ____D () C:\Users\Home\AppData\Roaming\DMCache
    2015-05-28 21:31 - 2014-06-27 08:34 - 00000000 ____D () C:\Program Files\OblyTile
    2015-05-28 21:29 - 2014-09-08 18:24 - 00000000 ____D () C:\Users\Home\AppData\Roaming\MultiBit
    2015-05-28 20:23 - 2014-06-27 22:05 - 00035054 _____ () C:\WINDOWS\PFRO.log
    2015-05-28 20:21 - 2015-03-27 13:48 - 00000000 ____D () C:\Users\Home\Downloads\langsung guak
    2015-05-28 20:11 - 2015-01-01 23:23 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2015-05-28 20:10 - 2014-11-16 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
    2015-05-28 20:10 - 2014-11-16 11:54 - 00000000 ____D () C:\Program Files\Oracle
    2015-05-28 20:09 - 2015-01-19 21:32 - 00000000 ____D () C:\Users\Home\AppData\Local\Deployment
    2015-05-28 20:09 - 2014-11-25 19:39 - 00000000 ____D () C:\Program Files (x86)\Naver
    2015-05-28 20:00 - 2015-02-14 21:28 - 00000000 ____D () C:\Users\Home\Documents\KONAMI
    2015-05-28 19:47 - 2014-11-21 15:17 - 00000000 ____D () C:\Program Files\PowerISO
    2015-05-28 19:02 - 2014-06-27 08:16 - 00000000 ____D () C:\Users\Home
    2015-05-28 18:36 - 2014-07-03 23:49 - 00007599 _____ () C:\Users\Home\AppData\Local\Resmon.ResmonCfg
    2015-05-28 17:58 - 2014-09-26 00:52 - 00000000 ____D () C:\Users\Home\AppData\Local\Battle.net
    2015-05-28 16:52 - 2014-07-14 02:34 - 00000000 ____D () C:\Users\Home\AppData\Local\26159
    2015-05-28 16:51 - 2014-06-27 08:17 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2015-05-28 16:47 - 2013-08-22 21:46 - 00016988 _____ () C:\WINDOWS\setupact.log
    2015-05-28 16:22 - 2013-08-22 22:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
    2015-05-27 01:27 - 2014-07-08 08:54 - 00000000 ____D () C:\Users\Home\AppData\Roaming\vlc
    2015-05-26 12:38 - 2014-06-27 08:39 - 00000000 ____D () C:\Users\Home\Downloads\Video
    2015-05-25 13:03 - 2015-01-30 18:03 - 00000000 ____D () C:\ProgramData\TEMP
    2015-05-24 15:01 - 2013-08-22 21:44 - 00392416 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
    2015-05-24 14:58 - 2015-02-12 09:12 - 00001198 _____ () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
    2015-05-24 14:58 - 2015-01-15 10:59 - 00000780 _____ () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\firefox.lnk
    2015-05-24 14:58 - 2014-06-27 08:28 - 00001227 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Feature Mananger.lnk
    2015-05-24 14:58 - 2014-06-27 08:17 - 00001004 _____ () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2015-05-24 14:41 - 2015-02-09 09:31 - 00000000 ____D () C:\WINDOWS\SysWOW64\HavijPro
    2015-05-24 12:51 - 2014-06-27 08:20 - 00000000 ____D () C:\Users\Home\AppData\Local\Google
    2015-05-24 12:24 - 2015-01-15 10:57 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Mozilla
    2015-05-24 11:59 - 2014-06-27 08:52 - 00000000 ____D () C:\Program Files\KMSpico
    2015-05-23 13:44 - 2014-07-03 19:43 - 00000000 ____D () C:\Users\Home\AppData\Roaming\MultiDoge
    2015-05-20 07:07 - 2013-08-22 22:20 - 00000000 ____D () C:\WINDOWS\CbsTemp
    2015-05-19 13:08 - 2014-12-05 08:17 - 00000000 ____D () C:\WINDOWS\Minidump
    2015-05-19 13:08 - 2014-06-30 08:44 - 00000000 ____D () C:\Users\Home\AppData\Roaming\uTorrent
    2015-05-18 05:39 - 2013-08-22 22:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
    2015-05-12 23:32 - 2014-06-27 08:39 - 00000000 ____D () C:\Users\Home\Downloads\Compressed
    2015-05-01 16:02 - 2014-07-19 14:52 - 00000000 ____D () C:\Users\Home\AppData\Roaming\dvdcss

    ==================== Files in the root of some directories =======

    2015-02-22 09:32 - 2015-03-12 06:53 - 0000079 _____ () C:\Users\Home\AppData\Roaming\captchakey
    2014-07-03 23:49 - 2015-05-28 18:36 - 0007599 _____ () C:\Users\Home\AppData\Local\Resmon.ResmonCfg
    2015-05-19 12:54 - 2015-05-19 12:54 - 0000000 _____ () C:\Users\Home\AppData\Local\Temp.dat
    2014-10-11 17:08 - 2014-10-11 17:08 - 0000003 _____ () C:\Users\Home\AppData\Local\updater.log
    2014-10-11 17:08 - 2015-04-23 05:46 - 0000424 _____ () C:\Users\Home\AppData\Local\UserProducts.xml

    Some files in TEMP:
    ====================
    C:\Users\Home\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Home\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2gjrzn.dll
    C:\Users\Home\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnwguld.dll
    C:\Users\Home\AppData\Local\Temp\EsgInstallerx64Stub.exe
    C:\Users\Home\AppData\Local\Temp\Quarantine.exe
    C:\Users\Home\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-05-25 11:01

    ==================== End of log ============================
     
  11. JunSS

    JunSS TS Rookie Topic Starter Posts: 16

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
    Ran by Home at 2015-05-29 07:40:56
    Running from C:\Users\Home\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1415457942-1267786245-2192413135-500 - Administrator - Disabled)
    Guest (S-1-5-21-1415457942-1267786245-2192413135-501 - Limited - Enabled)
    Home (S-1-5-21-1415457942-1267786245-2192413135-1001 - Administrator - Enabled) => C:\Users\Home

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Panda Free Antivirus (Enabled - Up to date) {5FD6C936-849B-5CE2-14BA-709E1D6FD1DA}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Panda Free Antivirus (Enabled - Up to date) {E4B728D2-A2A1-536C-2E0A-4BEC66E89B67}
    FW: Panda Firewall (Disabled) {67ED4813-CEF4-5DBA-3FE5-D9ABE3BC96A1}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
    Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
    AMD Catalyst Install Manager (HKLM\...\{13351E83-6DCD-4E97-2A8C-5D496259A47F}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
    AQUILA-X Gaming Mouse (HKLM-x32\...\{B1669080-7C2D-4BA9-AB6F-FD6A4B0CE8AF}) (Version: 1.00 - Gaming Mouse)
    AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    CleanMem (HKLM-x32\...\CleanMem) (Version: v2.4.3 - PcWinTech.com)
    Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
    Dropbox (HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
    Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.0 - Ellora Assets Corporation)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
    Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
    Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
    Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
    KMSpico v9.3 (HKLM\...\KMSpico_is1) (Version: 9.3 - )
    Lightshot-5.2.1.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.2.1.1 - Skillbrains)
    Livestreamer 1.12.1 (HKLM-x32\...\Livestreamer) (Version: - )
    Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
    Max Recorder (HKLM-x32\...\Max Recorder) (Version: 1.026.0.0 - Silver Vine, LLC)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    MultiBit 0.5.18 (HKLM-x32\...\MultiBit 0.5.18) (Version: 0.5.18 - )
    MultiDoge 0.1.2 (HKLM-x32\...\MultiDoge 0.1.2) (Version: 0.1.2 - )
    MultiDoge 0.1.3 (HKLM-x32\...\MultiDoge 0.1.3) (Version: 0.1.3 - )
    MultiDoge 0.1.4 (HKLM-x32\...\MultiDoge 0.1.4) (Version: 0.1.4 - )
    OpenVPN 2.3.4-I005 (HKLM\...\OpenVPN) (Version: 2.3.4-I005 - )
    Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
    Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
    Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.01.00.0000 - Panda Security)
    Panda Free Antivirus (Version: 7.81.00.0000 - Panda Security) Hidden
    Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
    Pro Evolution Soccer 2015 (HKLM-x32\...\UHJvRXZvbHV0aW9uU29jY2VyMjAxNQ==_is1) (Version: 1 - )
    Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
    SMPlayer 14.3.0 (HKLM-x32\...\SMPlayer) (Version: 14.3.0 - Ricardo Villalba)
    Stamina 2.5 (HKLM-x32\...\Stamina) (Version: - )
    Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
    System Requirements Lab Detection (HKLM-x32\...\{12BEDCF6-A533-4943-ADC8-9CF4759102C4}) (Version: 6.1.1.0 - Husdawg, LLC)
    TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
    Ultra Street Fighter IV (HKLM-x32\...\Steam App 45760) (Version: - Capcom)
    Ultra Street Fighter IV (HKLM-x32\...\VWx0cmFTdHJlZXRGaWdodGVySVY=_is1) (Version: 1 - )
    Unity Web Player (HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\UnityWebPlayer) (Version: 4.6.5f1 - Unity Technologies ApS)
    VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    Winamp (HKLM-x32\...\Winamp) (Version: 5.56 - Nullsoft, Inc)
    WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
    WinRAR 5.10 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

    ==================== Restore Points =========================


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 20:25 - 2013-08-22 20:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0EB26E79-DB36-4C28-906B-3780F18CF767} - \AutoPico Daily Restart No Task File <==== ATTENTION
    Task: {27CE2D81-430E-45EB-A0D0-BE88E0691AF5} - \CleanMem Mini Monitor No Task File <==== ATTENTION
    Task: {447F9C85-5D06-4258-B04E-6FB3E071A2FE} - \Clean System Memory No Task File <==== ATTENTION
    Task: {59AD778A-DA10-49A2-9ADA-7ED2766CCC49} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
    Task: {CB5B039D-B803-4BE7-B3C4-47A8C47EE0DC} - \Adobe Flash Player Updater No Task File <==== ATTENTION
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2013-04-13 00:23 - 2013-04-13 00:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
    2015-01-01 22:58 - 2015-04-17 00:40 - 00776192 _____ () E:\Steam\SDL2.dll
    2015-01-23 12:33 - 2015-04-23 09:16 - 04962816 _____ () E:\Steam\v8.dll
    2015-01-01 22:58 - 2015-05-15 08:58 - 02396352 _____ () E:\Steam\video.dll
    2015-01-23 12:33 - 2015-04-23 09:16 - 01556992 _____ () E:\Steam\icui18n.dll
    2015-01-23 12:33 - 2015-04-23 09:16 - 01187840 _____ () E:\Steam\icuuc.dll
    2015-01-01 22:58 - 2014-12-02 04:31 - 02396672 _____ () E:\Steam\libavcodec-56.dll
    2015-01-01 22:58 - 2014-12-02 04:31 - 00479744 _____ () E:\Steam\libavformat-56.dll
    2015-01-01 22:58 - 2014-12-02 04:31 - 00332800 _____ () E:\Steam\libavresample-2.dll
    2015-01-01 22:58 - 2014-12-02 04:31 - 00442880 _____ () E:\Steam\libavutil-54.dll
    2015-01-01 22:58 - 2014-12-02 04:31 - 00485888 _____ () E:\Steam\libswscale-3.dll
    2015-01-01 22:58 - 2015-05-15 08:57 - 00703168 _____ () E:\Steam\bin\chromehtml.DLL
    2015-01-01 22:58 - 2015-05-12 02:01 - 36302728 _____ () E:\Steam\bin\libcef.dll
    2015-05-14 09:02 - 2015-05-12 02:01 - 08958344 _____ () E:\Steam\bin\pdf.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Windows:nlsPreferences
    AlternateDataStreams: C:\ProgramData\TEMP:41ADDB8A
    AlternateDataStreams: C:\ProgramData\TEMP:A064CECC
    AlternateDataStreams: C:\Users\Home\SkyDrive:ms-properties

    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\Control Panel\Desktop\\Wallpaper -> E:\Wpp\068 - TlnW6at.jpg
    DNS Servers: 8.8.8.8 - 8.8.4.4

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AIPS => 2
    MSCONFIG\Services: BstHdAndroidSvc => 2
    MSCONFIG\Services: BstHdLogRotatorSvc => 2
    MSCONFIG\Services: BstHdUpdaterSvc => 2
    MSCONFIG\Services: Freemake Improver => 2
    MSCONFIG\Services: FreemakeVideoCapture => 2
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: HWDeviceService64.exe => 2
    MSCONFIG\Services: IHProtect Service => 2
    MSCONFIG\Services: OpenVPNService => 3
    MSCONFIG\Services: Service KMSELDI => 2
    MSCONFIG\Services: Smartfren Connex EC176-2 UI. RunOuc => 2
    MSCONFIG\Services: Steam Client Service => 3
    MSCONFIG\Services: VIAKaraokeService => 2
    HKLM\...\StartupApproved\StartupFolder: => "IML64.lnk"
    HKLM\...\StartupApproved\Run: => "HDAudDeck"
    HKLM\...\StartupApproved\Run32: => "StartCCC"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKLM\...\StartupApproved\Run32: => "GamingMouseG7"
    HKLM\...\StartupApproved\Run32: => "DFX"
    HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
    HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
    HKLM\...\StartupApproved\Run32: => "Lightshot"
    HKLM\...\StartupApproved\Run32: => "wmagent.exe"
    HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\StartupApproved\StartupFolder: => "Rainmeter.lnk"
    HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\StartupApproved\StartupFolder: => "Y210 Recovery Installer.rar.lnk"
    HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\StartupApproved\Run: => "IDMan"
    HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
    HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\StartupApproved\Run: => "GarenaPlus"
    HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\StartupApproved\Run: => "CyberGhost"
    HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\StartupApproved\Run: => "LightShot"
    HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\StartupApproved\Run: => "Google Update"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
    FirewallRules: [{21FF6A40-D8F3-456D-970C-8F505FA2C614}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
    FirewallRules: [{3FE4EC6A-EF6B-44B2-87C1-070060C8966D}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
    FirewallRules: [{FB71492F-9DF2-4B67-825A-B7D42ACF0F6A}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
    FirewallRules: [{F76A451B-89E6-4754-850B-17B69F09EEE2}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
    FirewallRules: [{E685BA33-3BC6-47F8-AFDB-A3C183EE8377}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
    FirewallRules: [{94425F9B-7557-4EC8-ABDB-D77B3B4D4691}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
    FirewallRules: [{2154C88C-6469-44F1-9CDF-F5E73DA7CB8E}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
    FirewallRules: [{334649D7-D60B-40FC-9F85-8E2EAD57E41A}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
    FirewallRules: [{CAECAB55-50F9-47C1-A6AC-DE697FB329A6}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
    FirewallRules: [{4B9CD4CB-50FF-4838-B5D2-584C4D2D853C}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
    FirewallRules: [{EF0235A4-5640-48E3-9AF6-04E9ED63C66E}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
    FirewallRules: [{7AD50298-18DA-4308-831F-1EEA7BB46949}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
    FirewallRules: [{B89203A9-5D30-424C-820B-16CDFF21391B}] => (Allow) C:\Users\Home\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{ACA168C8-9478-4EA3-A398-9B4BB1BE9455}] => (Allow) C:\Users\Home\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [TCP Query User{8C63B07D-5564-4A36-B298-A2E5C60CA60F}D:\e\arcpool\arcpool\arcade pool ii.exe] => (Block) D:\e\arcpool\arcpool\arcade pool ii.exe
    FirewallRules: [UDP Query User{ACF602FF-D995-4984-BC9C-58B9E47ACCC5}D:\e\arcpool\arcpool\arcade pool ii.exe] => (Block) D:\e\arcpool\arcpool\arcade pool ii.exe
    FirewallRules: [TCP Query User{3BAA030D-D3AF-4D64-B501-631FA0EE523C}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe
    FirewallRules: [UDP Query User{F4964EA6-EC34-4A50-A9C7-67C0B7E85288}C:\windows\syswow64\dplaysvr.exe] => (Block) C:\windows\syswow64\dplaysvr.exe
    FirewallRules: [TCP Query User{D890B9E9-0CA9-4A17-9EA4-012E3F08EDF5}D:\locker\prog\handycacherc3.1.0.0.268\handycache.exe] => (Allow) D:\locker\prog\handycacherc3.1.0.0.268\handycache.exe
    FirewallRules: [UDP Query User{067C2261-AD86-4DE1-BA9C-3D7362B845DC}D:\locker\prog\handycacherc3.1.0.0.268\handycache.exe] => (Allow) D:\locker\prog\handycacherc3.1.0.0.268\handycache.exe
    FirewallRules: [TCP Query User{7D10BC07-A79B-4CC3-92F2-A8006B0C8772}D:\control panel.{21ec2020-3aea-1069-a2dd-08002b30309d}\prog\handycacherc3.1.0.0.268\handycache.exe] => (Allow) D:\control panel.{21ec2020-3aea-1069-a2dd-08002b30309d}\prog\handycacherc3.1.0.0.268\handycache.exe
    FirewallRules: [UDP Query User{6BA92B5F-1CCB-4642-96DE-C27F2ACCA754}D:\control panel.{21ec2020-3aea-1069-a2dd-08002b30309d}\prog\handycacherc3.1.0.0.268\handycache.exe] => (Allow) D:\control panel.{21ec2020-3aea-1069-a2dd-08002b30309d}\prog\handycacherc3.1.0.0.268\handycache.exe
    FirewallRules: [{D7374DC1-117B-476E-9D2B-8894A7C1DEE9}] => (Block) D:\control panel.{21ec2020-3aea-1069-a2dd-08002b30309d}\prog\handycacherc3.1.0.0.268\handycache.exe
    FirewallRules: [{5BDBAB66-3A1B-45AE-8005-F5137C03FA28}] => (Block) D:\control panel.{21ec2020-3aea-1069-a2dd-08002b30309d}\prog\handycacherc3.1.0.0.268\handycache.exe
    FirewallRules: [TCP Query User{9930AED4-962D-4643-9F7A-C4FB819CA5DF}D:\ro2\hc\handycache.exe] => (Allow) D:\ro2\hc\handycache.exe
    FirewallRules: [UDP Query User{2942EC3B-F09E-4818-ABE9-6B33C41A56DC}D:\ro2\hc\handycache.exe] => (Allow) D:\ro2\hc\handycache.exe
    FirewallRules: [{6469D9CD-2278-4E4D-B3E7-BD21EB2A39E9}] => (Block) D:\ro2\hc\handycache.exe
    FirewallRules: [{60A4CCA8-119D-4819-A2F0-1D26777F75CD}] => (Block) D:\ro2\hc\handycache.exe
    FirewallRules: [TCP Query User{6D27FDF9-847C-4127-8E4D-5497712DC5FD}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
    FirewallRules: [UDP Query User{86C52BFB-048B-4B9B-84D5-2229F4A833B4}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
    FirewallRules: [TCP Query User{A47F65BE-BD16-41DB-945F-2922ECDA2437}D:\locker\gam\dragon's tale\eclient.exe] => (Allow) D:\locker\gam\dragon's tale\eclient.exe
    FirewallRules: [UDP Query User{313503B7-B313-4C36-B9CD-AA7C2483E6F1}D:\locker\gam\dragon's tale\eclient.exe] => (Allow) D:\locker\gam\dragon's tale\eclient.exe
    FirewallRules: [{0A94E464-E541-44A3-AD3D-631FA47907CE}] => (Allow) C:\Users\Home\Downloads\LoLInstaller.exe
    FirewallRules: [{D472746F-2A65-4747-80BC-3AA3665643EF}] => (Allow) C:\Users\Home\Downloads\LoLInstaller.exe
    FirewallRules: [{94483A90-8A33-45DC-B61B-3AE1E7798600}] => (Allow) C:\GarenaDownload\Games\lolid\lolidInstaller.exe
    FirewallRules: [{450EC6DB-49A8-470A-ABC4-6F52EB2C6E3F}] => (Allow) C:\GarenaDownload\Games\lolid\lolidInstaller.exe
    FirewallRules: [{50D9FC16-190E-4BF2-A1DE-F4F5303F5E49}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
    FirewallRules: [{7794820F-1629-4054-A9DD-EE8E27E9E50D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
    FirewallRules: [{68647CBA-9D47-46F2-A105-9E74102B4E73}] => (Allow) E:\HearthStone\Battle.net\Battle.net.exe
    FirewallRules: [{9E94CF76-47B9-41E7-ADA8-064DD78BBB09}] => (Allow) E:\HearthStone\Battle.net\Battle.net.exe
    FirewallRules: [{EB8F8E12-67C3-4A47-8BD9-6F892A9D2AA1}] => (Allow) E:\HearthStone\Hearthstone\Hearthstone.exe
    FirewallRules: [{C87D17CE-265E-4923-A2F0-DA691FC8E551}] => (Allow) E:\HearthStone\Hearthstone\Hearthstone.exe
    FirewallRules: [{C42073C2-F2E9-475B-8F61-25DD60A87D2E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
    FirewallRules: [{A042371C-948F-4B3B-9CCA-4736912672A2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
    FirewallRules: [{36751F19-BD5D-47FB-A5C8-7D6C794B08D1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
    FirewallRules: [{6642DF43-62B2-4800-A273-68119F815704}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
    FirewallRules: [{E360AF24-361D-4F3F-B921-25887D4FA383}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
    FirewallRules: [{F0A03AA1-CDCB-4A6A-9CCA-F2C8021476E9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
    FirewallRules: [TCP Query User{8B234DA7-35DB-4521-8CE6-8340D8D1BA4C}C:\programdata\battle.net\agent\agent.3507\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3507\agent.exe
    FirewallRules: [UDP Query User{165FA3E9-7ADD-45DB-88DA-7F4615D86727}C:\programdata\battle.net\agent\agent.3507\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3507\agent.exe
    FirewallRules: [{6A2FE460-F822-4949-87F3-C3D44F03673B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
    FirewallRules: [{B3D45FE7-1BC8-4FE6-9CE8-C3A472C0CCD3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
    FirewallRules: [TCP Query User{48165FF4-C9B0-4D74-9406-BD26DF631DC4}E:\hearthstone\hearthstone\hearthstone.exe] => (Allow) E:\hearthstone\hearthstone\hearthstone.exe
    FirewallRules: [UDP Query User{3CCD4E59-A199-4AE8-9F31-797B45898AF1}E:\hearthstone\hearthstone\hearthstone.exe] => (Allow) E:\hearthstone\hearthstone\hearthstone.exe
    FirewallRules: [{F95BD2B2-C2AE-4731-A07E-17E25022A7C6}] => (Allow) E:\HearthStone\StarCraft II\StarCraft II.exe
    FirewallRules: [{48209402-0BD4-45FE-8031-2A4287968FFA}] => (Allow) E:\HearthStone\StarCraft II\StarCraft II.exe
    FirewallRules: [TCP Query User{79AFE7A0-7E1E-4EA1-8B9E-0B36E10FCC0F}E:\hearthstone\starcraft ii\versions\base32283\sc2.exe] => (Allow) E:\hearthstone\starcraft ii\versions\base32283\sc2.exe
    FirewallRules: [UDP Query User{64D59B9B-A39E-4861-AFA1-55D2817F28FE}E:\hearthstone\starcraft ii\versions\base32283\sc2.exe] => (Allow) E:\hearthstone\starcraft ii\versions\base32283\sc2.exe
    FirewallRules: [{585B90E4-4987-4B64-9E3E-F40E6EC42D2D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
    FirewallRules: [{E0065EA1-EB81-4EE0-B8A3-1F75F96C26F2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
    FirewallRules: [TCP Query User{98CA78CD-51BA-4B9F-9447-7CE99ADC3A11}E:\xde\xdecoin-qt.exe] => (Allow) E:\xde\xdecoin-qt.exe
    FirewallRules: [UDP Query User{16FA63CF-80AA-4C1D-A21D-ECB545C2D59F}E:\xde\xdecoin-qt.exe] => (Allow) E:\xde\xdecoin-qt.exe
    FirewallRules: [{DC6F768E-AF80-420F-AAD0-77E349CF3802}] => (Block) E:\xde\xdecoin-qt.exe
    FirewallRules: [{502EF45C-C6D8-4CB1-B52D-56A0223587E1}] => (Block) E:\xde\xdecoin-qt.exe
    FirewallRules: [{453B369F-E545-40FC-92CE-F8CD91D154A5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
    FirewallRules: [{B3E2E85C-4F92-4B8C-840D-EE588D2BC83C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
    FirewallRules: [{1A38FE85-AE11-4A00-8F4A-3DDE0CEC869B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
    FirewallRules: [{1C01CEC5-EF88-4DB5-BA21-D8129E6FF7BD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
    FirewallRules: [{E4F37EA0-085A-4DD4-B0B4-E0C869EC0A1B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
    FirewallRules: [{A56F1BD3-565D-4A9A-878A-662A9811FB4B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
    FirewallRules: [{8E383BA4-02A5-4964-9F56-5DB1C72797D2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
    FirewallRules: [{AD3C4114-8197-4CD0-9200-7582071EA11B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
    FirewallRules: [TCP Query User{210CC0D1-7939-405D-B290-10A69EE11CE0}D:\local disk e_112015848\hearthstone\hearthstone\hearthstone.exe] => (Allow) D:\local disk e_112015848\hearthstone\hearthstone\hearthstone.exe
    FirewallRules: [UDP Query User{623A8C16-23E4-4565-BABC-3CEFA2295807}D:\local disk e_112015848\hearthstone\hearthstone\hearthstone.exe] => (Allow) D:\local disk e_112015848\hearthstone\hearthstone\hearthstone.exe
    FirewallRules: [{11AEF7FD-44E9-4E82-B6DC-9B136E93D6B5}] => (Allow) E:\Steam\Steam.exe
    FirewallRules: [{7086952A-515E-4E07-8F16-BA89E7A77460}] => (Allow) E:\Steam\Steam.exe
    FirewallRules: [{3086A77E-94A6-400F-9CF3-89A4EEE332B3}] => (Allow) E:\Steam\bin\steamwebhelper.exe
    FirewallRules: [{AF3022C5-B984-444A-B61D-18CB79F60136}] => (Allow) E:\Steam\bin\steamwebhelper.exe
    FirewallRules: [{F11A6B78-0049-45C3-B37B-0253C81B2E89}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\dota.exe
    FirewallRules: [{711907E0-C5AC-4EAB-970B-AE4AC90F64FB}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\dota.exe
    FirewallRules: [{97B69781-FF32-41BF-8CE2-7DBFE127DFD6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
    FirewallRules: [{9338A320-AA4B-4A97-B28F-9C13BDAFC241}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
    FirewallRules: [{DE9CFB51-B749-4821-A0EF-D28CA5A935F9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
    FirewallRules: [{593D8951-231B-4579-9C40-4F6671E5EDCA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
    FirewallRules: [{DA8796A6-1F22-44DC-96A0-CBFA40BFEACC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
    FirewallRules: [{F05D071D-5572-429F-8495-0F4893A2F7D8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
    FirewallRules: [{EA6C4745-D480-43F6-9AD7-CC7520A2A900}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
    FirewallRules: [{9E6F0476-CE39-4D01-BCAB-F8F4FB432F97}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
    FirewallRules: [{798CF340-621E-4855-A529-276A12C0B6BF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
    FirewallRules: [{A9E92156-A2B6-499D-9191-0521F69197CB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
    FirewallRules: [TCP Query User{A09D91C7-9471-4558-9EDD-F80B5192953A}E:\iti\iticoin-qt.exe] => (Allow) E:\iti\iticoin-qt.exe
    FirewallRules: [UDP Query User{5FB1D89B-7EC7-4B1F-BE94-E5EC5232C022}E:\iti\iticoin-qt.exe] => (Allow) E:\iti\iticoin-qt.exe
    FirewallRules: [{ACA246E7-FA0F-4895-BCCF-21D6A772BBE0}] => (Block) E:\iti\iticoin-qt.exe
    FirewallRules: [{855CE4D3-75EE-4403-BA50-81876709823F}] => (Block) E:\iti\iticoin-qt.exe
    FirewallRules: [TCP Query User{17366C22-BBFD-4138-8E6D-2AE8902840B9}C:\program files (x86)\pro evolution soccer 2015\pes2015.exe] => (Block) C:\program files (x86)\pro evolution soccer 2015\pes2015.exe
    FirewallRules: [UDP Query User{4824CFB5-9E98-4BF5-B603-D96ACC234A3F}C:\program files (x86)\pro evolution soccer 2015\pes2015.exe] => (Block) C:\program files (x86)\pro evolution soccer 2015\pes2015.exe
    FirewallRules: [TCP Query User{4FE08B28-902B-42BA-A1AB-114D251733EB}D:\ro2\handycacherc3.1.0.0.268\handycache.exe] => (Allow) D:\ro2\handycacherc3.1.0.0.268\handycache.exe
    FirewallRules: [UDP Query User{2E3B72F6-8113-429B-A120-FC94FCCE6EFD}D:\ro2\handycacherc3.1.0.0.268\handycache.exe] => (Allow) D:\ro2\handycacherc3.1.0.0.268\handycache.exe
    FirewallRules: [{8F5B6030-F946-4BCF-BDE4-FC1CF75D802B}] => (Allow) C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{CB73DE48-5458-4002-970E-18307CF6C294}] => (Allow) C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{7FDF9642-453D-4299-8A63-73A766CA154E}] => (Allow) C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{318A2A3D-0667-46A6-BC2A-6C898FE9E81D}] => (Allow) C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{34712F63-914B-4AF1-A9AF-7BD186EB4FB9}] => (Allow) E:\adsdasd\fo3idInstaller.exe
    FirewallRules: [{EA38938E-CCE5-4789-BFCB-8ED0F4BC0494}] => (Allow) E:\adsdasd\fo3idInstaller.exe
    FirewallRules: [{5CAC08A4-FB19-406E-978F-32FEBFCA9202}] => (Allow) E:\Steam\steamapps\common\FreeStyle2\LauncherSteam.exe
    FirewallRules: [{64B4BA64-A93B-4045-8A4B-09D523F924C7}] => (Allow) E:\Steam\steamapps\common\FreeStyle2\LauncherSteam.exe
    FirewallRules: [TCP Query User{1C9C0C53-8C01-43E0-9DDC-27DBE3E95BC6}E:\steam\steamapps\common\freestyle2\freestyle2.exe] => (Allow) E:\steam\steamapps\common\freestyle2\freestyle2.exe
    FirewallRules: [UDP Query User{1F538570-2D24-4753-87A8-1693AF42A222}E:\steam\steamapps\common\freestyle2\freestyle2.exe] => (Allow) E:\steam\steamapps\common\freestyle2\freestyle2.exe
    FirewallRules: [{C3D3C9CA-F7DA-477F-B1BA-177AE80FA096}] => (Block) E:\steam\steamapps\common\freestyle2\freestyle2.exe
    FirewallRules: [{1B3A3CDE-316A-4930-8240-6E4077C4C44E}] => (Block) E:\steam\steamapps\common\freestyle2\freestyle2.exe
    FirewallRules: [{D0EF86ED-9244-4CDC-8F53-1B8482D60745}] => (Allow) E:\Steam\steamapps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
    FirewallRules: [{C91CAB48-35C5-4F8C-B0C5-DA18EE821977}] => (Allow) E:\Steam\steamapps\common\Super Street Fighter IV - Arcade Edition\SSFIV.exe
    FirewallRules: [TCP Query User{4838ADF0-25EB-41AD-82CF-84661998D678}C:\program files (x86)\pro evolution soccer 2015\pes2015.exe] => (Block) C:\program files (x86)\pro evolution soccer 2015\pes2015.exe
    FirewallRules: [UDP Query User{A3F305CC-37A1-4F67-83BC-F85D1553952D}C:\program files (x86)\pro evolution soccer 2015\pes2015.exe] => (Block) C:\program files (x86)\pro evolution soccer 2015\pes2015.exe

    ==================== Faulty Device Manager Devices =============

    Name: VirtualBox Host-Only Ethernet Adapter
    Description: VirtualBox Host-Only Ethernet Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Oracle Corporation
    Service: VBoxNetAdp
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: TAP-Windows Adapter V9
    Description: TAP-Windows Adapter V9
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: TAP-Windows Provider V9
    Service: tap0901
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/29/2015 07:40:06 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program FRST64.exe version 27.5.2015.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: f58

    Start Time: 01d099a7e411c5c4

    Termination Time: 4294967295

    Application Path: C:\Users\Home\Desktop\FRST64.exe

    Report Id: 38f66cb2-059b-11e5-8400-1078d241dde7

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (05/29/2015 07:37:26 AM) (Source: Steam Client Service) (EventID: 1) (User: )
    Description: Error: Failed to add firewall exception for E:\Steam\steam.exe

    Error: (05/28/2015 09:13:25 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: HOME-PC)
    Description: HRESULT:0x8004FF6F
    Description:You don’t need to install Microsoft Security Essentials. Your version of Windows includes an updated version of Windows Defender that provides the same level of protection as Microsoft Security Essentials, along with other significant improvements. <a>For more information on the differences and improvements, see online Help</a>. Error code:0x8004FF6F.

    Error: (05/28/2015 08:57:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (05/28/2015 08:57:01 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {6414cd97-1be6-4133-818a-84798866cb08}

    Error: (05/28/2015 08:48:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (05/28/2015 08:42:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (05/28/2015 08:42:03 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {6414cd97-1be6-4133-818a-84798866cb08}

    Error: (05/28/2015 08:21:48 PM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\Users\Home\Downloads\Programs\HitmanPro_x64.exe ; Description = Checkpoint by HitmanPro; Error = 0x8007043c).

    Error: (05/28/2015 08:21:00 PM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\Users\Home\Downloads\Programs\HitmanPro_x64.exe ; Description = Checkpoint by HitmanPro; Error = 0x8007043c).


    System errors:
    =============
    Error: (05/29/2015 07:35:50 AM) (Source: DCOM) (EventID: 10010) (User: HOME-PC)
    Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

    Error: (05/29/2015 07:35:20 AM) (Source: DCOM) (EventID: 10010) (User: HOME-PC)
    Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

    Error: (05/29/2015 00:19:37 AM) (Source: volsnap) (EventID: 36) (User: )
    Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

    Error: (05/29/2015 00:10:55 AM) (Source: DCOM) (EventID: 10010) (User: HOME-PC)
    Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

    Error: (05/29/2015 00:10:24 AM) (Source: DCOM) (EventID: 10010) (User: HOME-PC)
    Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

    Error: (05/28/2015 11:33:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (05/28/2015 11:33:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Panda Devices Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

    Error: (05/28/2015 11:33:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (05/28/2015 11:33:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

    Error: (05/28/2015 11:33:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).


    Microsoft Office:
    =========================
    Error: (05/29/2015 07:40:06 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: FRST64.exe27.5.2015.1f5801d099a7e411c5c44294967295C:\Users\Home\Desktop\FRST64.exe38f66cb2-059b-11e5-8400-1078d241dde7

    Error: (05/29/2015 07:37:26 AM) (Source: Steam Client Service) (EventID: 1) (User: )
    Description: Failed to add firewall exception for E:\Steam\steam.exe

    Error: (05/28/2015 09:13:25 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: HOME-PC)
    Description: HRESULT:0x8004FF6F
    Description:You don’t need to install Microsoft Security Essentials. Your version of Windows includes an updated version of Windows Defender that provides the same level of protection as Microsoft Security Essentials, along with other significant improvements. <a>For more information on the differences and improvements, see online Help</a>. Error code:0x8004FF6F.

    Error: (05/28/2015 08:57:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description:
    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.

    Error: (05/28/2015 08:57:01 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: 0x80070005, Access is denied.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {6414cd97-1be6-4133-818a-84798866cb08}

    Error: (05/28/2015 08:48:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description:
    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.

    Error: (05/28/2015 08:42:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description:
    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.

    Error: (05/28/2015 08:42:03 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: 0x80070005, Access is denied.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {6414cd97-1be6-4133-818a-84798866cb08}

    Error: (05/28/2015 08:21:48 PM) (Source: System Restore) (EventID: 8193) (User: )
    Description: C:\Users\Home\Downloads\Programs\HitmanPro_x64.exe Checkpoint by HitmanPro0x8007043c

    Error: (05/28/2015 08:21:00 PM) (Source: System Restore) (EventID: 8193) (User: )
    Description: C:\Users\Home\Downloads\Programs\HitmanPro_x64.exe Checkpoint by HitmanPro0x8007043c


    ==================== Memory info ===========================

    Processor: AMD A4-3300 APU with Radeon(tm) HD Graphics
    Percentage of memory in use: 34%
    Total physical RAM: 3561.99 MB
    Available physical RAM: 2341.9 MB
    Total Pagefile: 6121.99 MB
    Available Pagefile: 4595.51 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.83 MB

    ==================== Drives ================================

    Drive c: (Win 8) (Fixed) (Total:50.01 GB) (Free:15.12 GB) NTFS
    Drive d: (Data) (Fixed) (Total:117.42 GB) (Free:11.17 GB) NTFS
    Drive e: (BBB) (Fixed) (Total:200.58 GB) (Free:89.64 GB) NTFS
    Drive g: (Windows 7) (Fixed) (Total:97.66 GB) (Free:21.32 GB) NTFS
    Drive h: (NEW) (CDROM) (Total:3.28 GB) (Free:0 GB) UDF

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: FC5F84F5)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=318 GB) - (Type=OF Extended)

    ==================== End of log ============================
     
  12. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

    JunSS likes this.
  13. JunSS

    JunSS TS Rookie Topic Starter Posts: 16

    Thank you


    Fix result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
    Ran by Home at 2015-05-29 09:45:58 Run:1
    Running from C:\Users\Home\Desktop
    Loaded Profiles: Home (Available Profiles: Home)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\MountPoints2: {11851c1c-264d-11e4-82cf-1078d241dde7} - "F:\AutoRun.exe"
    HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\MountPoints2: {873727fd-b3cb-11e4-83a1-1078d241dde7} - "I:\AutoRun.exe"
    HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\...\MountPoints2: {8737283c-b3cb-11e4-83a1-1078d241dde7} - "I:\AutoRun.exe"
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
    ProxyServer: [.DEFAULT] => http=127.0.0.1:50796;https=127.0.0.1:50796
    RemoveProxy:
    SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
    FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll No File
    FF Plugin HKU\S-1-5-21-1415457942-1267786245-2192413135-1001: @unity3d.com/UnityPlayer,version=1.0 -> Unity\WebPlayer\loader\npUnity3D32.dll No File
    CHR Extension: (No Name) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mppnoffgpafgpgbaigljliadgbnhljfl [2015-01-14]
    C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mppnoffgpafgpgbaigljliadgbnhljfl
    S4 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [X]
    S2 BstHdAndroidSvc; "C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android [X]
    S4 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [X]
    S2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [X]
    S2 HuaweiHiSuiteService64.exe; "C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe" -/service [X]
    S4 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [X]
    S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [X]
    S2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X]
    S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
    S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    S3 ewusbmbb; \SystemRoot\system32\DRIVERS\ewusbwwan.sys [X]
    S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
    S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
    S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X]
    2015-02-22 09:32 - 2015-03-12 06:53 - 0000079 _____ () C:\Users\Home\AppData\Roaming\captchakey
    2014-07-03 23:49 - 2015-05-28 18:36 - 0007599 _____ () C:\Users\Home\AppData\Local\Resmon.ResmonCfg
    2015-05-19 12:54 - 2015-05-19 12:54 - 0000000 _____ () C:\Users\Home\AppData\Local\Temp.dat
    2014-10-11 17:08 - 2014-10-11 17:08 - 0000003 _____ () C:\Users\Home\AppData\Local\updater.log
    2014-10-11 17:08 - 2015-04-23 05:46 - 0000424 _____ () C:\Users\Home\AppData\Local\UserProducts.xml
    C:\Users\Home\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Home\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2gjrzn.dll
    C:\Users\Home\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnwguld.dll
    C:\Users\Home\AppData\Local\Temp\EsgInstallerx64Stub.exe
    C:\Users\Home\AppData\Local\Temp\Quarantine.exe
    C:\Users\Home\AppData\Local\Temp\sqlite3.dll
    CustomCLSID: HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Home\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
    Task: {0EB26E79-DB36-4C28-906B-3780F18CF767} - \AutoPico Daily Restart No Task File <==== ATTENTION
    Task: {27CE2D81-430E-45EB-A0D0-BE88E0691AF5} - \CleanMem Mini Monitor No Task File <==== ATTENTION
    Task: {447F9C85-5D06-4258-B04E-6FB3E071A2FE} - \Clean System Memory No Task File <==== ATTENTION
    Task: {59AD778A-DA10-49A2-9ADA-7ED2766CCC49} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
    Task: {CB5B039D-B803-4BE7-B3C4-47A8C47EE0DC} - \Adobe Flash Player Updater No Task File <==== ATTENTION
    AlternateDataStreams: C:\Windows:nlsPreferences
    AlternateDataStreams: C:\ProgramData\TEMP:41ADDB8A
    AlternateDataStreams: C:\ProgramData\TEMP:A064CECC
    AlternateDataStreams: C:\Users\Home\SkyDrive:ms-properties


    *****************

    "HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11851c1c-264d-11e4-82cf-1078d241dde7}" => key Removed successfully
    HKCR\CLSID\{11851c1c-264d-11e4-82cf-1078d241dde7} => key not found.
    "HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{873727fd-b3cb-11e4-83a1-1078d241dde7}" => key Removed successfully
    HKCR\CLSID\{873727fd-b3cb-11e4-83a1-1078d241dde7} => key not found.
    "HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8737283c-b3cb-11e4-83a1-1078d241dde7}" => key Removed successfully
    HKCR\CLSID\{8737283c-b3cb-11e4-83a1-1078d241dde7} => key not found.
    "HKLM\SOFTWARE\Policies\Google" => key Removed successfully
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value Removed successfully
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value Removed successfully

    ========= RemoveProxy: =========

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully
    HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
    HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully


    ========= End of RemoveProxy: =========

    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}" => key Removed successfully
    HKCR\Wow6432Node\CLSID\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => key not found.
    "HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => key Removed successfully
    "HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin" => key Removed successfully
    "HKLM\Software\Wow6432Node\MozillaPlugins\@t.garena.com/garenatalk" => key Removed successfully
    HKU\S-1-5-21-1415457942-1267786245-2192413135-1001\Software\MozillaPlugins\FF Plugin HKU\S-1-5-21-1415457942-1267786245-2192413135-1001: @unity3d.com/UnityPlayer,version=1.0 -> Unity\WebPlayer\loader\npUnity3D32.dll No File => key not found.
    FF Plugin HKU\S-1-5-21-1415457942-1267786245-2192413135-1001: @unity3d.com/UnityPlayer,version=1.0 -> Unity\WebPlayer\loader\npUnity3D32.dll No File not found.
    C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mppnoffgpafgpgbaigljliadgbnhljfl => Moved successfully.
    "C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mppnoffgpafgpgbaigljliadgbnhljfl" => File/Folder not found.
    AIPS => Service Removed successfully
    BstHdAndroidSvc => Service Removed successfully
    BstHdLogRotatorSvc => Service Removed successfully
    BstHdUpdaterSvc => Service Removed successfully
    HuaweiHiSuiteService64.exe => Service Removed successfully
    HWDeviceService64.exe => Service Removed successfully
    rpcapd => Service Removed successfully
    BstHdDrv => Service Removed successfully
    EagleX64 => Service Removed successfully
    esgiguard => Service Removed successfully
    ewusbmbb => Service Removed successfully
    ew_hwusbdev => Service Removed successfully
    huawei_enumerator => Service Removed successfully
    hwdatacard => Service Removed successfully
    C:\Users\Home\AppData\Roaming\captchakey => Moved successfully.
    C:\Users\Home\AppData\Local\Resmon.ResmonCfg => Moved successfully.
    C:\Users\Home\AppData\Local\Temp.dat => Moved successfully.
    C:\Users\Home\AppData\Local\updater.log => Moved successfully.
    C:\Users\Home\AppData\Local\UserProducts.xml => Moved successfully.
    C:\Users\Home\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
    C:\Users\Home\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2gjrzn.dll => Moved successfully.
    C:\Users\Home\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnwguld.dll => Moved successfully.
    C:\Users\Home\AppData\Local\Temp\EsgInstallerx64Stub.exe => Moved successfully.
    C:\Users\Home\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Users\Home\AppData\Local\Temp\sqlite3.dll => Moved successfully.
    "HKU\S-1-5-21-1415457942-1267786245-2192413135-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key Removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0EB26E79-DB36-4C28-906B-3780F18CF767}" => key Removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EB26E79-DB36-4C28-906B-3780F18CF767}" => key Removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart" => key Removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{27CE2D81-430E-45EB-A0D0-BE88E0691AF5}" => key Removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27CE2D81-430E-45EB-A0D0-BE88E0691AF5}" => key Removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CleanMem Mini Monitor" => key Removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{447F9C85-5D06-4258-B04E-6FB3E071A2FE}" => key Removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{447F9C85-5D06-4258-B04E-6FB3E071A2FE}" => key Removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Clean System Memory" => key Removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{59AD778A-DA10-49A2-9ADA-7ED2766CCC49}" => key Removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59AD778A-DA10-49A2-9ADA-7ED2766CCC49}" => key Removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => key Removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB5B039D-B803-4BE7-B3C4-47A8C47EE0DC}" => key Removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB5B039D-B803-4BE7-B3C4-47A8C47EE0DC}" => key Removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => key Removed successfully
    C:\Windows => ":nlsPreferences" ADS Removed successfully.
    C:\ProgramData\TEMP => ":41ADDB8A" ADS Removed successfully.
    C:\ProgramData\TEMP => ":A064CECC" ADS Removed successfully.
    "C:\Users\Home\SkyDrive" => ":ms-properties" ADS not found.

    ==== End of Fixlog 09:46:01 ====
     
    Last edited: May 28, 2015
  14. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  15. JunSS

    JunSS TS Rookie Topic Starter Posts: 16

    Results of screen317's Security Check version 1.002
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Panda Free Antivirus
    Windows Defender
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Java 8 Update 40
    Java version 32-bit out of Date!
    Adobe Flash Player 17.0.0.169
    Google Chrome (43.0.2357.81)
    ````````Process Check: objlist.exe by Laurent````````
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````
     
  16. JunSS

    JunSS TS Rookie Topic Starter Posts: 16

    Farbar Service Scanner Version: 17-01-2015
    Ran by Home (administrator) on 29-05-2015 at 10:50:29
    Running from "C:\Users\Home\Desktop"
    Microsoft Windows 8.1 Pro (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============
    MpsSvc Service is not running. Checking service configuration:
    The start type of MpsSvc service is OK.
    The ImagePath of MpsSvc service is OK.
    The ServiceDll of MpsSvc service is OK.


    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is set to Demand. The default start type is Auto.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
     
  17. JunSS

    JunSS TS Rookie Topic Starter Posts: 16

    2015-05-29 03:58:54.002 Sophos Virus Removal Tool version 2.5.4
    2015-05-29 03:58:54.002 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

    2015-05-29 03:58:54.002 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2015-05-29 03:58:54.002 Windows version 6.2 SP 0.0 build 9200 SM=0x100 PT=0x1 WOW64
    2015-05-29 03:58:54.002 Checking for updates...
    2015-05-29 03:58:54.048 Update progress: proxy server not available
    2015-05-29 03:59:06.674 Option all = no
    2015-05-29 03:59:06.674 Option recurse = yes
    2015-05-29 03:59:06.674 Option archive = no
    2015-05-29 03:59:06.674 Option service = yes
    2015-05-29 03:59:06.674 Option confirm = yes
    2015-05-29 03:59:06.674 Option sxl = yes
    2015-05-29 03:59:06.674 Option max-data-age = 35
    2015-05-29 03:59:06.674 Option EnableSafeClean = yes
    2015-05-29 03:59:09.271 Option vdl-logging = yes
    2015-05-29 03:59:09.287 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-05-29 03:59:09.287 Machine ID: 374dd91138414bedb97a039ea4b90c6e
    2015-05-29 03:59:09.287 Component SVRTcli.exe version 2.5.4
    2015-05-29 03:59:09.287 Component control.dll version 2.5.4
    2015-05-29 03:59:09.287 Component SVRTservice.exe version 2.5.4
    2015-05-29 03:59:09.287 Component engine\osdp.dll version 1.44.1.2200
    2015-05-29 03:59:09.287 Component engine\veex.dll version 3.60.0.2200
    2015-05-29 03:59:09.287 Component engine\savi.dll version 8.1.7.2200
    2015-05-29 03:59:09.287 Component rkdisk.dll version 1.5.30.0
    2015-05-29 03:59:09.287 Version info: Product version 2.5.4
    2015-05-29 03:59:09.287 Version info: Detection engine 3.60.0
    2015-05-29 03:59:09.287 Version info: Detection data 5.14
    2015-05-29 03:59:09.287 Version info: Build date 4/28/2015
    2015-05-29 03:59:09.287 Version info: Data files added 353
    2015-05-29 03:59:09.287 Version info: Last successful update (not yet updated)
    2015-05-29 04:01:04.198 Downloading updates...
    2015-05-29 04:01:04.210 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2015-05-29 04:01:04.210 Update progress: [I49502] Found supplement SAVIW32 LATEST
    2015-05-29 04:01:04.210 Update progress: [I49502] Found supplement IDE515 LATEST
    2015-05-29 04:01:04.210 Update progress: [I49502] Found supplement IDE516 LATEST
    2015-05-29 04:01:04.210 Update progress: [I49502] Found supplement IDE517 LATEST
    2015-05-29 04:01:04.210 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2015-05-29 04:01:04.210 Update progress: [I19463] Syncing product SAVIW32 54
    2015-05-29 04:01:13.349 Update progress: [I19463] Syncing product IDE515 171
    2015-05-29 04:01:15.224 Installing updates...
    2015-05-29 04:01:16.059 Error level 1
    2015-05-29 04:01:16.106 Update progress: [I19463] Syncing product IDE516 178
    2015-05-29 04:01:16.106 Update progress: [I19463] Syncing product IDE517 10
    2015-05-29 04:01:29.630 Update successful
    2015-05-29 04:01:42.245 Option all = no
    2015-05-29 04:01:42.245 Option recurse = yes
    2015-05-29 04:01:42.245 Option archive = no
    2015-05-29 04:01:42.245 Option service = yes
    2015-05-29 04:01:42.245 Option confirm = yes
    2015-05-29 04:01:42.245 Option sxl = yes
    2015-05-29 04:01:42.245 Option max-data-age = 35
    2015-05-29 04:01:42.245 Option EnableSafeClean = yes
    2015-05-29 04:01:42.573 Option vdl-logging = yes
    2015-05-29 04:01:42.589 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-05-29 04:01:42.589 Machine ID: 374dd91138414bedb97a039ea4b90c6e
    2015-05-29 04:01:42.589 Component SVRTcli.exe version 2.5.4
    2015-05-29 04:01:42.589 Component control.dll version 2.5.4
    2015-05-29 04:01:42.589 Component SVRTservice.exe version 2.5.4
    2015-05-29 04:01:42.589 Component engine\osdp.dll version 1.44.1.2200
    2015-05-29 04:01:42.589 Component engine\veex.dll version 3.60.0.2200
    2015-05-29 04:01:42.589 Component engine\savi.dll version 8.1.7.2200
    2015-05-29 04:01:42.589 Component rkdisk.dll version 1.5.30.0
    2015-05-29 04:01:42.589 Version info: Product version 2.5.4
    2015-05-29 04:01:42.589 Version info: Detection engine 3.60.0
    2015-05-29 04:01:42.589 Version info: Detection data 5.14G
    2015-05-29 04:01:42.589 Version info: Build date 4/28/2015
    2015-05-29 04:01:42.589 Version info: Data files added 353
    2015-05-29 04:01:42.589 Version info: Last successful update 5/29/2015 11:01:29 AM

    2015-05-29 04:35:32.693 Could not open C:\hiberfil.sys
    2015-05-29 04:35:32.956 Could not open C:\pagefile.sys
    2015-05-29 04:36:30.736 >>> Virus 'Troj/Agent-WFN' found in file C:\Program Files\VS Revo Group\Revo Uninstaller Pro\x64.exe
    2015-05-29 04:41:12.250 >>> Virus 'Mal/Generic-S' found in file C:\Program Files (x86)\Internet Download Manager\patch.exe
    2015-05-29 04:46:09.176 Could not open C:\swapfile.sys
    2015-05-29 04:46:09.603 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-29 04:46:09.605 Could not open C:\System Volume Information\{a01cb594-0556-11e5-8400-1078d241dde7}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-29 04:47:11.024 Could not open C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Current Session
    2015-05-29 04:47:11.025 Could not open C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
    2015-05-29 04:47:11.169 Could not check C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOCK (virus scan failed)
    2015-05-29 04:47:11.199 Could not check C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK (virus scan failed)
    2015-05-29 04:47:21.432 Could not check C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\LOCK (virus scan failed)
    2015-05-29 04:47:21.440 Could not check C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\GCM Store\LOCK (virus scan failed)
    2015-05-29 04:47:21.807 Could not check C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abjcfabbhafbcdfjoecdgepllmpfceif\LOCK (virus scan failed)
    2015-05-29 04:47:21.851 Could not check C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK (virus scan failed)
    2015-05-29 04:47:22.488 Could not check C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK (virus scan failed)
    2015-05-29 04:47:22.901 Could not check C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\gmlllbghnfkpflemihljekbapjopfjik\LOCK (virus scan failed)
    2015-05-29 04:47:23.542 Could not open C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 1\Current Session
    2015-05-29 04:47:23.543 Could not open C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 1\Current Tabs
    2015-05-29 04:47:23.548 Could not check C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 1\Extension Rules\LOCK (virus scan failed)
    2015-05-29 04:47:23.556 Could not check C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 1\Extension State\LOCK (virus scan failed)
    2015-05-29 04:47:24.646 Could not check C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 1\GCM Store\LOCK (virus scan failed)
    2015-05-29 04:47:24.704 Could not check C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 1\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK (virus scan failed)
    2015-05-29 04:47:24.794 Could not check C:\Users\Home\AppData\Local\Google\Chrome\User Data\Profile 1\Session Storage\LOCK (virus scan failed)
    2015-05-29 04:47:25.611 Could not check C:\Users\Home\AppData\Local\Google\Chrome\User Data\System Profile\Extension Rules\LOCK (virus scan failed)
    2015-05-29 04:47:25.619 Could not check C:\Users\Home\AppData\Local\Google\Chrome\User Data\System Profile\Extension State\LOCK (virus scan failed)
    2015-05-29 04:47:26.676 Could not check C:\Users\Home\AppData\Local\Google\Chrome\User Data\System Profile\GCM Store\LOCK (virus scan failed)
    2015-05-29 04:47:26.725 Could not check C:\Users\Home\AppData\Local\Google\Chrome\User Data\System Profile\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK (virus scan failed)
    2015-05-29 04:59:06.310 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
    2015-05-29 04:59:06.364 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    2015-05-29 04:59:11.542 Could not open C:\Windows\System32\config\BBI
    2015-05-29 04:59:11.596 Could not open C:\Windows\System32\config\COMPONENTS
    2015-05-29 04:59:11.714 Could not open C:\Windows\System32\config\RegBack\DEFAULT
    2015-05-29 04:59:11.716 Could not open C:\Windows\System32\config\RegBack\SAM
    2015-05-29 04:59:11.723 Could not open C:\Windows\System32\config\RegBack\SECURITY
    2015-05-29 04:59:11.752 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
    2015-05-29 04:59:11.771 Could not open C:\Windows\System32\config\RegBack\SYSTEM
    2015-05-29 05:22:53.094 Could not check D:\DASAR-DASAR POLITIK ISLAM.ppt (corrupt)
    2015-05-29 05:23:05.095 Password protected file D:\E\E lama\document\BISNIS & FINANSIAL\Copy of Software Property Loan Calculator - Seminar ' Bagaimana Memb.xls
    2015-05-29 05:23:07.500 Password protected file D:\E\E lama\document\BISNIS & FINANSIAL\Software Property Loan Calculator - Seminar ' Bagaimana Memb.xls
    2015-05-29 05:23:17.007 Could not check D:\E\E lama\document\TRAINER & MENULIS\PERUSAAHAAN TRAINING\FR-PMBL-02 SPESIFIKASI BARANG.xls (corrupt)
    2015-05-29 05:24:32.152 Could not check D:\FD abbi\Surat utk BNI.docx (corrupt)
    2015-05-29 05:29:33.613 >>> Virus 'Mal/HckPk-A' found in file D:\Local Disk E_112015848\nando\urDrive\Resources\MaxthonPortable\Bin\MxCrashReport.exe
    2015-05-29 05:30:12.968 Password protected file D:\Local Disk E_112015848\New Folder\DATA ANAK KI DES2012 27122012.xlsx
    2015-05-29 05:30:19.101 >>> Virus 'Mal/HckPk-A' found in file D:\Local Disk E_112015848\New Folder\Firefox Setup 18.0.1.exe
    2015-05-29 05:36:17.252 >>> Virus 'Mal/Generic-S' found in file E:\Capcaaaaaaaaaaa\Eat\earnanytimeTest\EarnAnyTime.exe
    2015-05-29 05:36:40.375 >>> Virus 'Mal/Generic-S' found in file E:\Capcaaaaaaaaaaa\WEIWEI\Captcha.exe
    2015-05-29 05:55:47.103 >>> Virus 'Troj/Agent-WFN' found in file G:\Program Files\VS Revo Group\Revo Uninstaller Pro\x64.exe
    2015-05-29 06:16:01.857 Could not open G:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-29 06:16:01.904 Could not open G:\System Volume Information\{64f9dc11-b374-11e4-ba24-1078d241dde7}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-29 06:16:01.904 Could not open G:\System Volume Information\{d7b7af86-b4a2-11e4-94e0-1078d241dde7}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-29 06:16:01.904 Could not open G:\System Volume Information\{dfd8f883-9492-11e4-ba62-1078d241dde7}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-05-29 06:25:25.630 >>> Virus 'Mal/VMProtBad-A' found in file G:\Users\spirit indonesia\Downloads\Compressed\[files.indowebster.com]-123415P13C\123415P13C\buddha.dll
    2015-05-29 06:25:41.857 >>> Virus 'Troj/Agent-UHF' found in file G:\Users\spirit indonesia\Downloads\Compressed\[www.indowebster.com]-corel_draw_x4-portable\CorelDraw Graphics Suite X4\CorelDRAW X4.exe
    2015-05-29 06:27:26.985 >>> Virus 'Troj/Agent-WFN' found in file G:\Users\spirit indonesia\Downloads\Revo.Uninstaller.Pro.3.0.8.kuyhaa\Revo.Uninstaller.Pro.3.0.8\Patch\x64.exe
    2015-05-29 06:27:34.115 >>> Virus 'Troj/Agent-WFN' found in file G:\Users\spirit indonesia\Downloads\Revo.Uninstaller.Pro.3.0.8.kuyhaa\Revo.Uninstaller.Pro.3.0.8\Patch\x86.exe
    2015-05-29 07:25:24.410 The following items will be cleaned up:
    2015-05-29 07:25:24.505 Troj/Agent-WFN
    2015-05-29 07:25:24.505 Mal/Generic-S
    2015-05-29 07:25:24.505 Mal/HckPk-A
    2015-05-29 07:25:24.505 Mal/VMProtBad-A
    2015-05-29 07:25:24.505 Troj/Agent-UHF
     
  18. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    [​IMG] Is your Windows firewall working and on? FSS log seems to be indicating some issue.

    [​IMG] Update Adobe Flash Player: http://get.adobe.com/flashplayer/
    Make sure you UN-check Yes, install McAfee Security Scan Plus

    NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
    NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

    [​IMG] Update your Java version here: http://www.java.com/en/download/manual.jsp
    Alternate download: http://www.filehippo.com/search?q=java

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
    Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.
     
  19. JunSS

    JunSS TS Rookie Topic Starter Posts: 16

    Whenever I try open firewall setting from control panel
    that windows froze
     
  20. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Download Windows Repair (All in One) from this site

    Install the program then run it.

    NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
    NOTE 2. Disable your antivirus program before running Windows Repair.


    Go to Step 3 and click on Check button next to 1. See If Check Disk Is Needed.
    If the tool that the Check Disk is needed click on Do It button next to 2. Check Disk.
    In that case make sure you restart computer.

    [​IMG]


    Once the above is done go to Step 4 and allow it to run System File Check by clicking on Do It button:

    [​IMG]


    Go to Step 5 and under "System Restore" click on Create button:

    [​IMG]


    Go to Repairs tab and click Open Repairs button.

    [​IMG]

    In next window....
    Leave all checkmarks as they're.
    Click on Start Repairs button.

    [​IMG]

    Post Windows Repair log which is located in the following folder:
    64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
    32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
     
  21. JunSS

    JunSS TS Rookie Topic Starter Posts: 16

    Tweaking.com - Windows Repair v3.2.0
    --------------------------------------------------------------------------------

    System Variables
    --------------------------------------------------------------------------------
    OS: Windows 8.1 Pro
    OS Architecture: 64-bit
    OS Version: 6.3.9600
    OS Service Pack:
    Computer Name: HOME-PC
    Windows Drive: C:\
    Windows Path: C:\WINDOWS
    Program Files: C:\Program Files
    Program Files (x86): C:\Program Files (x86)
    Current Profile: C:\Users\Home
    Current Profile SID: S-1-5-21-1415457942-1267786245-2192413135-1001
    Current Profile Classes: S-1-5-21-1415457942-1267786245-2192413135-1001_Classes
    Profiles Location: C:\Users
    Profiles Location 2: C:\WINDOWS\ServiceProfiles
    Local Settings AppData: C:\Users\Home\AppData\Local
    --------------------------------------------------------------------------------

    System Information
    --------------------------------------------------------------------------------
    System Up Time: 0 Days 02:53:55

    Process Count: 56
    Commit Total: 1.96 GB
    Commit Limit: 5.85 GB
    Commit Peak: 3.58 GB
    Handle Count: 20615
    Kernel Total: 266.59 MB
    Kernel Paged: 201.71 MB
    Kernel Non Paged: 64.88 MB
    System Cache: 1.98 GB
    Thread Count: 739
    --------------------------------------------------------------------------------

    Memory Before Cleaning with CleanMem
    --------------------------------------------------------------------------------
    Memory Total: 3.48 GB
    Memory Used: 1.47 GB(42.2007%)
    Memory Avail.: 2.01 GB
    --------------------------------------------------------------------------------

    Cleaning Memory Before Starting Repairs...

    Memory After Cleaning with CleanMem
    --------------------------------------------------------------------------------
    Memory Total: 3.48 GB
    Memory Used: 1.18 GB(33.9142%)
    Memory Avail.: 2.30 GB
    --------------------------------------------------------------------------------

    Starting Repairs...
    Started at (5/30/2015 10:02:03)

    Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
    Total Missing 'InstallDate' Fixed: 66

    01 - Reset Registry Permissions
    Restore Windows 8 Default Registry Permissions
    Start (5/30/2015 10:02:05)


    Decompressing & Updating Windows Permission File hkud.txt
    Done, 0.3 seconds.


    Decompressing & Updating Windows Permission File hkcu.txt
    Done, 0.29 seconds.


    Decompressing & Updating Windows Permission File hkcr.txt
    Done, 1.25 seconds.


    Decompressing & Updating Windows Permission File hklm.txt
    Done, 3.25 seconds.

    Running Repair Under System Account
    Running Repair Under Current User Account
    Done (5/30/2015 10:09:19)

    03 - Reset Service Permissions
    Start (5/30/2015 10:09:19)

    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (5/30/2015 10:09:29)

    04 - Register System Files
    Start (5/30/2015 10:09:29)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (5/30/2015 10:10:30)

    05 - Repair WMI
    Start (5/30/2015 10:10:30)

    Starting Security Center So We Can Export The Security Info.

    Exporting Antivirus Info...
    Panda Free Antivirus Exported.
    Windows Defender Exported.

    Exporting AntiSpyware Info...
    Windows Defender Exported.
    Panda Free Antivirus Exported.

    Exporting 3rd Party Firewall Info...
    Panda Firewall Exported.

    Running Repair Under Current User Account
    Done (5/30/2015 10:17:50)

    06 - Repair Windows Firewall
    Start (5/30/2015 10:17:50)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (5/30/2015 10:18:23)

    07 - Repair Internet Explorer
    Start (5/30/2015 10:18:23)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (5/30/2015 10:18:50)

    10 - Remove Policies Set By Infections
    Start (5/30/2015 10:18:50)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (5/30/2015 10:18:55)

    11 - Repair Start Menu Icons Removed By Infections
    Start (5/30/2015 10:18:55)
    Running Repair Under System Account
    Done (5/30/2015 10:18:56)

    12 - Repair Icons
    Start (5/30/2015 10:18:56)
    Running Repair Under Current User Account
    Done (5/30/2015 10:18:57)

    13 - Repair Winsock & DNS Cache
    Start (5/30/2015 10:18:57)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (5/30/2015 10:19:12)

    15 - Repair Proxy Settings
    Start (5/30/2015 10:19:12)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (5/30/2015 10:19:14)

    17 - Repair Windows Updates
    Start (5/30/2015 10:19:14)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
    Done (5/30/2015 10:19:54)

    21 - Repair MSI (Windows Installer)
    Start (5/30/2015 10:19:54)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (5/30/2015 10:20:08)

    23.01 - Repair bat Association
    Start (5/30/2015 10:20:08)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (5/30/2015 10:20:10)

    23.02 - Repair cmd Association
    Start (5/30/2015 10:20:10)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (5/30/2015 10:20:12)

    23.03 - Repair com Association
    Start (5/30/2015 10:20:12)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (5/30/2015 10:20:14)

    23.04 - Repair Directory Association
    Start (5/30/2015 10:20:14)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (5/30/2015 10:20:16)

    23.05 - Repair Drive Association
    Start (5/30/2015 10:20:16)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (5/30/2015 10:20:19)

    23.06 - Repair exe Association
    Start (5/30/2015 10:20:19)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (5/30/2015 10:20:21)

    23.07 - Repair Folder Association
    Start (5/30/2015 10:20:21)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (5/30/2015 10:20:23)

    23.08 - Repair inf Association
    Start (5/30/2015 10:20:23)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (5/30/2015 10:20:25)

    23.09 - Repair lnk (Shortcuts) Association
    Start (5/30/2015 10:20:25)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (5/30/2015 10:20:27)

    23.10 - Repair msc Association
    Start (5/30/2015 10:20:27)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (5/30/2015 10:20:30)

    23.11 - Repair reg Association
    Start (5/30/2015 10:20:30)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (5/30/2015 10:20:32)

    23.12 - Repair scr Association
    Start (5/30/2015 10:20:32)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (5/30/2015 10:20:34)

    25 - Repair Print Spooler
    Start (5/30/2015 10:20:34)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (5/30/2015 10:20:51)

    26 - Restore Important Windows Services
    Start (5/30/2015 10:20:51)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (5/30/2015 10:21:03)

    27 - Set Windows Services To Default Startup
    Start (5/30/2015 10:21:03)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (5/30/2015 10:21:07)

    28.01 - Repair Windows 8 App Store
    Start (5/30/2015 10:21:07)

    Decompressing & Updating Windows Permission File hkcu.txt
    Done, 0.25 seconds.

    Running Repair Under Current User Account
    Done (5/30/2015 10:22:16)

    29 - Repair Windows 8 Component Store
    Start (5/30/2015 10:22:16)
    Running Repair Under Current User Account
    Done (5/30/2015 10:36:25)

    30 - Restore Windows 8 COM+ Unmarshalers
    Start (5/30/2015 10:36:25)
    Running Repair Under System Account
    Processing ACL of: <classes_root\Unmarshalers>

    SetACL finished with error(s):
    SetACL error message: The call to SetNamedSecurityInfo () failed
    Operating system error message: Access is denied.

    Done (5/30/2015 10:36:26)

    31 - Repair Windows 'New' Submenu
    Start (5/30/2015 10:36:26)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (5/30/2015 10:36:29)

    33 - Repair Performance Counters
    Start (5/30/2015 10:36:29)
    Running Repair Under Current User Account
    Done (5/30/2015 10:36:32)

    Cleaning up empty logs...

    All Selected Repairs Done.
    Done at (5/30/2015 10:36:32)
    Total Repair Time: 00:34:31


    ...YOU MUST RESTART YOUR SYSTEM...
     
  22. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    See if you can access firewall settings now.
     
  23. JunSS

    JunSS TS Rookie Topic Starter Posts: 16

    I can
     
  24. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  25. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    The issue seems to be resolved.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...