Hello there, I'd like a little help here
There are dozens of conhost.exe instances running, dozens of cmd.exe, ctfmon even notepad and others system processes, I can't stop them, I cant kill the processes outside the safe mode, in the safe mode I can kill all of them, and after some seconds one will appear and will start to replicate into others.
They are drawing almost 100% from CPU. The PC is really slow, I am using anti-virus ESET NOD32 Antivirus 8, the scans do not detect viruses, they dont even detect most of the processes running, I am fightining against this thing already for ten hours, no "normal way" can make it go away. (it will only run if the internet is on)
I think they are downloading more viruses; malwarebytes anti malware detected more than 30 viruses named trojanfakeMS.ed and is still finding more since last night, sometimes pops out that it blocked a suspicious internet adress, they are always different (the adresses).
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-05-2015
Ran by TheThunderT (administrator) on THETHUNDERTMACH on 11-05-2015 01:19:43
Running from C:\Users\TheThunderT\Downloads
Loaded Profiles: TheThunderT (Available profiles: TheThunderT & Thunder`s Disciple)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Hi-Rez Studios) C:\Program Files\Hi-Rez Studios\HiPatchService.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [747264 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5088456 2015-01-28] (ESET)
HKU\S-1-5-21-954720486-3091679152-3473616162-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-954720486-3091679152-3473616162-1001\...\Run: [DownloadAccelerator] => C:\Program Files\DAP\DAP.EXE [3865232 2013-09-22] (Speedbit Ltd.)
HKU\S-1-5-21-954720486-3091679152-3473616162-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6278424 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-954720486-3091679152-3473616162-1001\...\MountPoints2: {facf3b77-23dd-11e3-ad63-002354fbdf37} - G:\SETUP.EXE
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-09-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-954720486-3091679152-3473616162-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll [2014-05-18] (IObit)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO: SpeedBit Link Verification Helper -> {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} -> C:\Program Files\DAP\LinkVerifier.dll [2013-09-22] (Speedbit Ltd.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: 91.121.69.54 l2authd.lineage2.com
Tcpip\Parameters: [DhcpNameServer] 200.189.80.121 200.189.80.107
FireFox:
========
FF ProfilePath: C:\Users\TheThunderT\AppData\Roaming\Mozilla\Firefox\Profiles\loems2jl.default
FF NewTab: about:blank
FF SelectedSearchEngine: Google
FF NetworkProxy: "autoconfig_url", "http://111.13.109.51/"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-24] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-03-16] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-954720486-3091679152-3473616162-1001: facebook.com/fbDesktopPlugin -> C:\Users\TheThunderT\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll [2013-03-07] (Facebook, Inc.)
FF Plugin HKU\S-1-5-21-954720486-3091679152-3473616162-1001: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-11-17] (The Happy Cloud)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\TheThunderT\AppData\Roaming\Mozilla\Firefox\Profiles\loems2jl.default\searchplugins\ZenSearch.xml [2014-05-12]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xml [2014-11-29]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xml [2014-11-29]
FF Extension: ZenSearch - C:\Users\TheThunderT\AppData\Roaming\Mozilla\Firefox\Profiles\loems2jl.default\Extensions\ZenSearch@ZenSearch.com [2014-04-30]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-11-29]
FF HKLM\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files\DAP\daplinkchecker
FF Extension: DAP Link Checker - C:\Program Files\DAP\daplinkchecker [2013-09-22]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-03-21]
FF HKU\S-1-5-21-954720486-3091679152-3473616162-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: No Name - C:\Users\TheThunderT\AppData\Roaming\Mozilla\Firefox\Profiles\loems2jl.default\extensions\ascsurfingprotection@iobit.com [Not Found]
Chrome:
=======
CHR HomePage: Default ->
CHR DefaultSearchKeyword: Default ->
CHR DefaultSearchURL: Default ->
CHR Profile: C:\Users\TheThunderT\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\TheThunderT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-10]
CHR Extension: (Bookmark Manager) - C:\Users\TheThunderT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\TheThunderT\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-19]
CHR Extension: (Skype Click to Call) - C:\Users\TheThunderT\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-11-09]
CHR Extension: (Google Wallet) - C:\Users\TheThunderT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-12]
CHR Extension: (Speedbit New Tab) - C:\Users\TheThunderT\AppData\Local\Google\Chrome\User Data\Default\Extensions\palpbfjgianahgbbeodmcohjdmaelbeo [2014-09-12]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM\...\Chrome\Extension: [palpbfjgianahgbbeodmcohjdmaelbeo] - C:\Program Files\Common Files\SpeedBit\SBUpdate\SpeedbitNewTab.crx [2013-10-06]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1349576 2015-01-28] (ESET)
S4 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
S4 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2012-02-27] (SEIKO EPSON CORPORATION)
R2 HiPatchService; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [9216 2015-01-12] (Hi-Rez Studios) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S4 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S4 MySQL; C:\Program Files\MySQL\MySQL Server 6.0\my.ini [9258 2014-06-25] () [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
S4 npggsvc; C:\Windows\system32\GameMon.des [3071632 2014-05-06] (INCA Internet Co., Ltd.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S4 SBUpd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe /service [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 apf003; C:\Windows\system32\apf003.sys [13232 2013-09-25] () [File not signed]
S3 apf005; C:\Windows\system32\apf005.sys [14160 2014-06-16] ()
R3 AVEO; C:\Windows\System32\DRIVERS\AVEOdcnt.sys [278528 2011-10-24] (AVEO)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-01-04] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [193464 2015-01-30] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [135808 2015-01-30] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [123424 2015-01-30] (ESET)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-09-22] (GFI Software)
S3 ip100Avista; C:\Windows\System32\DRIVERS\ipfnd51.sys [29824 2007-09-03] (IC Plus Corp. )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [50704 2010-01-26] (CACE Technologies, Inc.)
S3 NPPTNT2; C:\Windows\system32\npptNT2.sys [4682 2009-04-06] (INCA Internet Co., Ltd.) [File not signed]
S3 SBUpdd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [31640 2014-03-04] ()
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [X]
S1 SBRE; \SystemRoot\system32\drivers\SBREDrv.sys [X]
U3 TrueSight; \??\C:\Windows\System32\drivers\TrueSight.sys [X]
S3 XDva405; \??\C:\Windows\system32\XDva405.sys [X]
S3 XDva423; \??\C:\Windows\system32\XDva423.sys [X]
S3 XFDriver; \??\C:\Program Files\Xfire2\XFDriver.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-11 01:19 - 2015-05-11 01:20 - 00017055 _____ () C:\Users\TheThunderT\Downloads\FRST.txt
2015-05-11 01:19 - 2015-05-11 01:19 - 00000000 ____D () C:\FRST
2015-05-11 01:09 - 2015-05-11 01:09 - 01141248 _____ (Farbar) C:\Users\TheThunderT\Downloads\FRST.exe
2015-05-11 00:59 - 2015-05-11 01:00 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-11 00:57 - 2015-05-11 00:57 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-11 00:57 - 2015-05-11 00:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-11 00:57 - 2015-05-11 00:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-11 00:57 - 2015-05-11 00:57 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-11 00:57 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-11 00:57 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-11 00:57 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-11 00:50 - 2015-05-11 00:51 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\TheThunderT\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-11 00:50 - 2015-05-11 00:51 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\TheThunderT\Downloads\mbam-setup-2.1.6.1022 (1).exe
2015-05-11 00:41 - 2015-05-11 00:41 - 00114384 _____ () C:\Users\TheThunderT\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-11 00:41 - 2015-05-11 00:41 - 00001184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-11 00:41 - 2015-05-11 00:41 - 00001184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-11 00:41 - 2015-05-11 00:41 - 00000552 _____ () C:\Windows\system32\spsys.log
2015-05-11 00:40 - 2015-05-11 00:40 - 00444656 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-11 00:18 - 2015-05-11 00:18 - 00001603 _____ () C:\Users\TheThunderT\Documents\asdsagadfgdafg.txt
2015-05-10 19:42 - 2015-05-10 20:44 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-05-10 19:15 - 2015-05-10 19:16 - 04993624 _____ () C:\Users\TheThunderT\Desktop\RogueKillerCMD.exe
2015-05-10 17:21 - 2015-05-10 17:21 - 00000000 ____D () C:\Users\TheThunderT\AppData\Local\ESET
2015-05-10 15:46 - 2015-05-10 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-05-10 15:46 - 2015-05-10 15:46 - 00000000 ____D () C:\ProgramData\ESET
2015-05-10 15:46 - 2015-05-10 15:46 - 00000000 ____D () C:\Program Files\ESET
2015-05-10 15:40 - 2015-02-24 04:23 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-05-10 15:38 - 2015-05-11 00:47 - 00459599 _____ () C:\Windows\WindowsUpdate.log
2015-05-10 15:30 - 2015-05-11 00:40 - 00000327 _____ () C:\Windows\setupact.log
2015-05-10 15:30 - 2015-05-10 15:30 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-10 15:29 - 2015-05-10 18:51 - 00478386 _____ () C:\Windows\PFRO.log
2015-05-10 15:24 - 2015-05-10 15:25 - 67321856 _____ () C:\Users\TheThunderT\Downloads\eav_nt32_enu.msi
2015-05-10 15:20 - 2015-05-10 15:20 - 00000000 ____D () C:\zoek_backup
2015-05-10 15:14 - 2015-05-10 15:14 - 01308672 _____ () C:\Users\TheThunderT\Downloads\zoek.exe
2015-05-10 15:12 - 2015-05-10 15:27 - 00000000 ____D () C:\AdwCleaner
2015-05-10 15:09 - 2015-05-10 15:09 - 02204160 _____ () C:\Users\TheThunderT\Downloads\adwcleaner_4.203.exe
2015-05-10 15:03 - 2015-05-10 15:03 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-05-10 14:58 - 2015-05-10 14:58 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\TheThunderT\Downloads\revosetup.exe
2015-05-10 14:34 - 2015-05-10 14:34 - 00001374 _____ () C:\Users\TheThunderT\Desktop\cc_20150510_143334.reg
2015-05-10 14:33 - 2015-05-10 14:33 - 00010220 _____ () C:\Users\TheThunderT\Desktop\cc_20150510_143220.reg
2015-05-10 14:31 - 2015-05-10 14:31 - 00030098 _____ () C:\Users\TheThunderT\Desktop\cc_20150510_143042.reg
2015-05-10 14:19 - 2015-05-10 14:19 - 00000000 ____D () C:\Windows\system32\vbox
2015-05-10 13:57 - 2015-05-10 13:59 - 00372182 _____ () C:\Users\TheThunderT\Desktop\cc_20150510_135544.reg
2015-05-10 13:16 - 2015-05-10 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-05-10 13:16 - 2015-05-10 13:16 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-10 13:11 - 2015-05-10 13:12 - 06484352 _____ (Piriform Ltd) C:\Users\TheThunderT\Downloads\ccsetup505 (1).exe
2015-05-10 00:49 - 2015-05-10 00:49 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-05-10 00:45 - 2015-05-10 00:45 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\TheThunderT\Downloads\tdsskiller.exe
2015-05-09 23:45 - 2015-05-10 18:51 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-05-09 23:44 - 2015-05-09 23:44 - 05481336 _____ (Avast Software s.r.o.) C:\Users\TheThunderT\Downloads\avast_free_antivirus_setup_online_cnet.exe
2015-05-09 22:45 - 2015-05-10 00:54 - 00000000 __SHD () C:\ProgramData\Windows Search 5.3.10
2015-05-09 21:18 - 2015-05-09 21:18 - 00000000 ___HD () C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
2015-05-09 21:05 - 2015-05-09 21:05 - 00000000 ____D () C:\Users\TheThunderT\Downloads\l2tower
2015-05-04 10:37 - 2015-05-04 10:37 - 00055693 _____ () C:\Users\TheThunderT\Downloads\p.txt
2015-05-04 10:37 - 2015-05-04 10:37 - 00055693 _____ () C:\Users\TheThunderT\Downloads\p (1).txt
2015-04-29 22:33 - 2015-04-29 22:33 - 00021782 _____ () C:\Users\TheThunderT\Downloads\game.of.thrones.high.sparrow.(2015).por.1cd.(6116667).zip
2015-04-28 22:29 - 2015-05-04 03:31 - 00048640 _____ () C:\Users\TheThunderT\Downloads\BPS.xls
2015-04-24 00:13 - 2015-04-24 00:21 - 540805585 _____ () C:\Users\TheThunderT\Downloads\l2WoE-Pach 2.1.rar
2015-04-22 21:47 - 2015-04-22 21:47 - 00000000 __SHD () C:\Users\TheThunderT\AppData\Local\EmieBrowserModeList
2015-04-17 14:38 - 2015-03-25 00:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-17 14:38 - 2015-03-25 00:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-17 14:38 - 2015-03-25 00:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-17 14:38 - 2015-03-25 00:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-17 14:38 - 2015-03-25 00:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-17 14:38 - 2015-03-25 00:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-17 14:38 - 2015-03-25 00:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-17 14:38 - 2015-03-25 00:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-17 14:38 - 2015-03-25 00:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-17 14:38 - 2015-03-25 00:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-17 14:38 - 2015-03-10 00:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-17 14:38 - 2015-03-10 00:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-17 14:38 - 2015-02-25 00:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-11 01:01 - 2013-09-22 19:52 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-11 00:47 - 2013-09-22 20:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-11 00:40 - 2014-04-30 18:46 - 00000390 _____ () C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2015-05-11 00:40 - 2013-09-22 20:29 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-11 00:40 - 2013-09-22 19:52 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-11 00:40 - 2009-07-14 01:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-10 23:57 - 2013-08-30 00:43 - 00000000 ____D () C:\Users\TheThunderT
2015-05-10 23:56 - 2009-07-13 23:37 - 00000000 __RHD () C:\Users\Default
2015-05-10 18:00 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-05-10 17:23 - 2013-09-22 20:18 - 00000952 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-954720486-3091679152-3473616162-1001UA.job
2015-05-10 15:30 - 2013-09-22 21:02 - 00000000 ____D () C:\Users\TheThunderT\AppData\Local\adawarebp
2015-05-10 15:27 - 2013-09-24 22:28 - 00000000 ____D () C:\Users\Thunder`s Disciple
2015-05-10 15:00 - 2013-10-23 09:05 - 00000000 ____D () C:\Program Files\Wondershare
2015-05-10 14:50 - 2013-09-22 23:22 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-05-10 14:47 - 2013-09-22 20:04 - 00000000 ____D () C:\Users\TheThunderT\AppData\Roaming\uTorrent
2015-05-10 14:41 - 2015-03-21 11:18 - 00000000 ____D () C:\Program Files\Yahoo!
2015-05-10 14:36 - 2013-09-22 21:02 - 00000000 ____D () C:\Program Files\Ad-Aware Antivirus
2015-05-10 13:43 - 2014-10-01 23:07 - 00000000 ____D () C:\Users\TheThunderT\AppData\Roaming\PhotoScape
2015-05-10 13:43 - 2014-09-12 22:02 - 00000000 ____D () C:\Program Files\Steam
2015-05-10 13:43 - 2013-09-22 20:37 - 00000000 ____D () C:\Users\TheThunderT\AppData\Roaming\DAEMON Tools Lite
2015-05-10 13:42 - 2014-03-19 16:55 - 00000000 ____D () C:\Users\TheThunderT\AppData\Roaming\TS3Client
2015-05-10 13:40 - 2013-09-22 20:23 - 00000000 ____D () C:\Windows\Minidump
2015-05-10 13:40 - 2013-09-22 09:25 - 00000000 ____D () C:\Windows\Panther
2015-05-10 12:39 - 2013-09-22 20:16 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-05-10 12:39 - 2013-09-22 20:16 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-10 01:16 - 2015-01-18 15:35 - 00000000 ____D () C:\Program Files\BEAST Cabal
2015-05-09 21:55 - 2013-09-22 23:07 - 00000000 ____D () C:\Users\TheThunderT\AppData\Roaming\Skype
2015-05-09 21:20 - 2015-01-29 01:58 - 00000000 ____D () C:\Program Files\Lineage II
2015-05-09 20:23 - 2013-09-22 20:18 - 00000930 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-954720486-3091679152-3473616162-1001Core.job
2015-05-04 10:04 - 2013-09-22 21:44 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-04 10:04 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-04 10:03 - 2013-09-22 21:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-04 10:02 - 2009-07-13 23:04 - 00000513 _____ () C:\Windows\win.ini
2015-05-04 09:52 - 2014-10-03 20:53 - 00000000 ___RD () C:\Program Files\Skype
2015-05-04 09:52 - 2013-09-22 23:07 - 00000000 ____D () C:\ProgramData\Skype
2015-04-22 15:28 - 2009-07-14 01:53 - 00032572 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-21 21:53 - 2015-03-28 19:50 - 00000109 _____ () C:\Users\TheThunderT\Documents\aaaaaaaaaaaaaa.txt
2015-04-19 13:39 - 2013-11-06 15:47 - 00000000 ____D () C:\Program Files\VDownloader
2015-04-17 17:46 - 2013-11-06 15:47 - 00000000 ____D () C:\Users\TheThunderT\AppData\Local\VDownloader
2015-04-17 00:55 - 2014-04-20 01:48 - 00000000 ____D () C:\Program Files\Common Files\Steam
==================== Files in the root of some directories =======
2013-11-06 15:47 - 2010-01-26 10:11 - 0444283 _____ () C:\Program Files\Common Files\WinPcapNmap.exe
2014-11-27 23:24 - 2014-11-27 23:24 - 0000017 _____ () C:\Users\TheThunderT\AppData\Local\resmon.resmoncfg
2013-11-06 15:47 - 2010-05-28 22:37 - 0015086 _____ () C:\ProgramData\Amazon.ico
2014-03-21 10:27 - 2014-03-21 10:27 - 0000464 _____ () C:\ProgramData\HirezPipeError.txt
2015-03-21 10:51 - 2015-03-21 11:21 - 0000363 _____ () C:\ProgramData\hpzinstall.log
2013-11-06 15:47 - 2010-07-20 12:53 - 0071926 _____ () C:\ProgramData\MercadoLivre.ico
Some content of TEMP:
====================
C:\Users\TheThunderT\AppData\Local\Temp\dllnt_dump.dll
C:\Users\TheThunderT\AppData\Local\Temp\InstHelper.exe
C:\Users\TheThunderT\AppData\Local\Temp\Quarantine.exe
C:\Users\TheThunderT\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-04 08:11
==================== End Of Log ============================
There are dozens of conhost.exe instances running, dozens of cmd.exe, ctfmon even notepad and others system processes, I can't stop them, I cant kill the processes outside the safe mode, in the safe mode I can kill all of them, and after some seconds one will appear and will start to replicate into others.
They are drawing almost 100% from CPU. The PC is really slow, I am using anti-virus ESET NOD32 Antivirus 8, the scans do not detect viruses, they dont even detect most of the processes running, I am fightining against this thing already for ten hours, no "normal way" can make it go away. (it will only run if the internet is on)
I think they are downloading more viruses; malwarebytes anti malware detected more than 30 viruses named trojanfakeMS.ed and is still finding more since last night, sometimes pops out that it blocked a suspicious internet adress, they are always different (the adresses).
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-05-2015
Ran by TheThunderT (administrator) on THETHUNDERTMACH on 11-05-2015 01:19:43
Running from C:\Users\TheThunderT\Downloads
Loaded Profiles: TheThunderT (Available profiles: TheThunderT & Thunder`s Disciple)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Hi-Rez Studios) C:\Program Files\Hi-Rez Studios\HiPatchService.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [747264 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5088456 2015-01-28] (ESET)
HKU\S-1-5-21-954720486-3091679152-3473616162-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-954720486-3091679152-3473616162-1001\...\Run: [DownloadAccelerator] => C:\Program Files\DAP\DAP.EXE [3865232 2013-09-22] (Speedbit Ltd.)
HKU\S-1-5-21-954720486-3091679152-3473616162-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6278424 2015-04-23] (Piriform Ltd)
HKU\S-1-5-21-954720486-3091679152-3473616162-1001\...\MountPoints2: {facf3b77-23dd-11e3-ad63-002354fbdf37} - G:\SETUP.EXE
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-09-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-954720486-3091679152-3473616162-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll [2014-05-18] (IObit)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO: SpeedBit Link Verification Helper -> {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} -> C:\Program Files\DAP\LinkVerifier.dll [2013-09-22] (Speedbit Ltd.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: 91.121.69.54 l2authd.lineage2.com
Tcpip\Parameters: [DhcpNameServer] 200.189.80.121 200.189.80.107
FireFox:
========
FF ProfilePath: C:\Users\TheThunderT\AppData\Roaming\Mozilla\Firefox\Profiles\loems2jl.default
FF NewTab: about:blank
FF SelectedSearchEngine: Google
FF NetworkProxy: "autoconfig_url", "http://111.13.109.51/"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-24] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-03-16] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-954720486-3091679152-3473616162-1001: facebook.com/fbDesktopPlugin -> C:\Users\TheThunderT\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll [2013-03-07] (Facebook, Inc.)
FF Plugin HKU\S-1-5-21-954720486-3091679152-3473616162-1001: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-11-17] (The Happy Cloud)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\TheThunderT\AppData\Roaming\Mozilla\Firefox\Profiles\loems2jl.default\searchplugins\ZenSearch.xml [2014-05-12]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\buscape.xml [2014-11-29]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mercadolivre.xml [2014-11-29]
FF Extension: ZenSearch - C:\Users\TheThunderT\AppData\Roaming\Mozilla\Firefox\Profiles\loems2jl.default\Extensions\ZenSearch@ZenSearch.com [2014-04-30]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-11-29]
FF HKLM\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files\DAP\daplinkchecker
FF Extension: DAP Link Checker - C:\Program Files\DAP\daplinkchecker [2013-09-22]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-03-21]
FF HKU\S-1-5-21-954720486-3091679152-3473616162-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: No Name - C:\Users\TheThunderT\AppData\Roaming\Mozilla\Firefox\Profiles\loems2jl.default\extensions\ascsurfingprotection@iobit.com [Not Found]
Chrome:
=======
CHR HomePage: Default ->
CHR DefaultSearchKeyword: Default ->
CHR DefaultSearchURL: Default ->
CHR Profile: C:\Users\TheThunderT\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\TheThunderT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-10]
CHR Extension: (Bookmark Manager) - C:\Users\TheThunderT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\TheThunderT\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-19]
CHR Extension: (Skype Click to Call) - C:\Users\TheThunderT\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-11-09]
CHR Extension: (Google Wallet) - C:\Users\TheThunderT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-12]
CHR Extension: (Speedbit New Tab) - C:\Users\TheThunderT\AppData\Local\Google\Chrome\User Data\Default\Extensions\palpbfjgianahgbbeodmcohjdmaelbeo [2014-09-12]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM\...\Chrome\Extension: [palpbfjgianahgbbeodmcohjdmaelbeo] - C:\Program Files\Common Files\SpeedBit\SBUpdate\SpeedbitNewTab.crx [2013-10-06]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1349576 2015-01-28] (ESET)
S4 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
S4 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2012-02-27] (SEIKO EPSON CORPORATION)
R2 HiPatchService; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [9216 2015-01-12] (Hi-Rez Studios) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S4 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S4 MySQL; C:\Program Files\MySQL\MySQL Server 6.0\my.ini [9258 2014-06-25] () [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
S4 npggsvc; C:\Windows\system32\GameMon.des [3071632 2014-05-06] (INCA Internet Co., Ltd.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S4 SBUpd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe /service [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 apf003; C:\Windows\system32\apf003.sys [13232 2013-09-25] () [File not signed]
S3 apf005; C:\Windows\system32\apf005.sys [14160 2014-06-16] ()
R3 AVEO; C:\Windows\System32\DRIVERS\AVEOdcnt.sys [278528 2011-10-24] (AVEO)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-01-04] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [193464 2015-01-30] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [135808 2015-01-30] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [123424 2015-01-30] (ESET)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-09-22] (GFI Software)
S3 ip100Avista; C:\Windows\System32\DRIVERS\ipfnd51.sys [29824 2007-09-03] (IC Plus Corp. )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [50704 2010-01-26] (CACE Technologies, Inc.)
S3 NPPTNT2; C:\Windows\system32\npptNT2.sys [4682 2009-04-06] (INCA Internet Co., Ltd.) [File not signed]
S3 SBUpdd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [31640 2014-03-04] ()
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [X]
S1 SBRE; \SystemRoot\system32\drivers\SBREDrv.sys [X]
U3 TrueSight; \??\C:\Windows\System32\drivers\TrueSight.sys [X]
S3 XDva405; \??\C:\Windows\system32\XDva405.sys [X]
S3 XDva423; \??\C:\Windows\system32\XDva423.sys [X]
S3 XFDriver; \??\C:\Program Files\Xfire2\XFDriver.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-11 01:19 - 2015-05-11 01:20 - 00017055 _____ () C:\Users\TheThunderT\Downloads\FRST.txt
2015-05-11 01:19 - 2015-05-11 01:19 - 00000000 ____D () C:\FRST
2015-05-11 01:09 - 2015-05-11 01:09 - 01141248 _____ (Farbar) C:\Users\TheThunderT\Downloads\FRST.exe
2015-05-11 00:59 - 2015-05-11 01:00 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-11 00:57 - 2015-05-11 00:57 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-11 00:57 - 2015-05-11 00:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-11 00:57 - 2015-05-11 00:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-11 00:57 - 2015-05-11 00:57 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-11 00:57 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-11 00:57 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-11 00:57 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-11 00:50 - 2015-05-11 00:51 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\TheThunderT\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-11 00:50 - 2015-05-11 00:51 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\TheThunderT\Downloads\mbam-setup-2.1.6.1022 (1).exe
2015-05-11 00:41 - 2015-05-11 00:41 - 00114384 _____ () C:\Users\TheThunderT\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-11 00:41 - 2015-05-11 00:41 - 00001184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-11 00:41 - 2015-05-11 00:41 - 00001184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-11 00:41 - 2015-05-11 00:41 - 00000552 _____ () C:\Windows\system32\spsys.log
2015-05-11 00:40 - 2015-05-11 00:40 - 00444656 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-11 00:18 - 2015-05-11 00:18 - 00001603 _____ () C:\Users\TheThunderT\Documents\asdsagadfgdafg.txt
2015-05-10 19:42 - 2015-05-10 20:44 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-05-10 19:15 - 2015-05-10 19:16 - 04993624 _____ () C:\Users\TheThunderT\Desktop\RogueKillerCMD.exe
2015-05-10 17:21 - 2015-05-10 17:21 - 00000000 ____D () C:\Users\TheThunderT\AppData\Local\ESET
2015-05-10 15:46 - 2015-05-10 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-05-10 15:46 - 2015-05-10 15:46 - 00000000 ____D () C:\ProgramData\ESET
2015-05-10 15:46 - 2015-05-10 15:46 - 00000000 ____D () C:\Program Files\ESET
2015-05-10 15:40 - 2015-02-24 04:23 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-05-10 15:38 - 2015-05-11 00:47 - 00459599 _____ () C:\Windows\WindowsUpdate.log
2015-05-10 15:30 - 2015-05-11 00:40 - 00000327 _____ () C:\Windows\setupact.log
2015-05-10 15:30 - 2015-05-10 15:30 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-10 15:29 - 2015-05-10 18:51 - 00478386 _____ () C:\Windows\PFRO.log
2015-05-10 15:24 - 2015-05-10 15:25 - 67321856 _____ () C:\Users\TheThunderT\Downloads\eav_nt32_enu.msi
2015-05-10 15:20 - 2015-05-10 15:20 - 00000000 ____D () C:\zoek_backup
2015-05-10 15:14 - 2015-05-10 15:14 - 01308672 _____ () C:\Users\TheThunderT\Downloads\zoek.exe
2015-05-10 15:12 - 2015-05-10 15:27 - 00000000 ____D () C:\AdwCleaner
2015-05-10 15:09 - 2015-05-10 15:09 - 02204160 _____ () C:\Users\TheThunderT\Downloads\adwcleaner_4.203.exe
2015-05-10 15:03 - 2015-05-10 15:03 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-05-10 14:58 - 2015-05-10 14:58 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\TheThunderT\Downloads\revosetup.exe
2015-05-10 14:34 - 2015-05-10 14:34 - 00001374 _____ () C:\Users\TheThunderT\Desktop\cc_20150510_143334.reg
2015-05-10 14:33 - 2015-05-10 14:33 - 00010220 _____ () C:\Users\TheThunderT\Desktop\cc_20150510_143220.reg
2015-05-10 14:31 - 2015-05-10 14:31 - 00030098 _____ () C:\Users\TheThunderT\Desktop\cc_20150510_143042.reg
2015-05-10 14:19 - 2015-05-10 14:19 - 00000000 ____D () C:\Windows\system32\vbox
2015-05-10 13:57 - 2015-05-10 13:59 - 00372182 _____ () C:\Users\TheThunderT\Desktop\cc_20150510_135544.reg
2015-05-10 13:16 - 2015-05-10 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-05-10 13:16 - 2015-05-10 13:16 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-10 13:11 - 2015-05-10 13:12 - 06484352 _____ (Piriform Ltd) C:\Users\TheThunderT\Downloads\ccsetup505 (1).exe
2015-05-10 00:49 - 2015-05-10 00:49 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-05-10 00:45 - 2015-05-10 00:45 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\TheThunderT\Downloads\tdsskiller.exe
2015-05-09 23:45 - 2015-05-10 18:51 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-05-09 23:44 - 2015-05-09 23:44 - 05481336 _____ (Avast Software s.r.o.) C:\Users\TheThunderT\Downloads\avast_free_antivirus_setup_online_cnet.exe
2015-05-09 22:45 - 2015-05-10 00:54 - 00000000 __SHD () C:\ProgramData\Windows Search 5.3.10
2015-05-09 21:18 - 2015-05-09 21:18 - 00000000 ___HD () C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
2015-05-09 21:05 - 2015-05-09 21:05 - 00000000 ____D () C:\Users\TheThunderT\Downloads\l2tower
2015-05-04 10:37 - 2015-05-04 10:37 - 00055693 _____ () C:\Users\TheThunderT\Downloads\p.txt
2015-05-04 10:37 - 2015-05-04 10:37 - 00055693 _____ () C:\Users\TheThunderT\Downloads\p (1).txt
2015-04-29 22:33 - 2015-04-29 22:33 - 00021782 _____ () C:\Users\TheThunderT\Downloads\game.of.thrones.high.sparrow.(2015).por.1cd.(6116667).zip
2015-04-28 22:29 - 2015-05-04 03:31 - 00048640 _____ () C:\Users\TheThunderT\Downloads\BPS.xls
2015-04-24 00:13 - 2015-04-24 00:21 - 540805585 _____ () C:\Users\TheThunderT\Downloads\l2WoE-Pach 2.1.rar
2015-04-22 21:47 - 2015-04-22 21:47 - 00000000 __SHD () C:\Users\TheThunderT\AppData\Local\EmieBrowserModeList
2015-04-17 14:38 - 2015-03-25 00:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-17 14:38 - 2015-03-25 00:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-17 14:38 - 2015-03-25 00:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-17 14:38 - 2015-03-25 00:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-17 14:38 - 2015-03-25 00:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-17 14:38 - 2015-03-25 00:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-17 14:38 - 2015-03-25 00:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-17 14:38 - 2015-03-25 00:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-17 14:38 - 2015-03-25 00:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-17 14:38 - 2015-03-25 00:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-17 14:38 - 2015-03-10 00:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-17 14:38 - 2015-03-10 00:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-17 14:38 - 2015-02-25 00:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-11 01:01 - 2013-09-22 19:52 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-11 00:47 - 2013-09-22 20:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-11 00:40 - 2014-04-30 18:46 - 00000390 _____ () C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2015-05-11 00:40 - 2013-09-22 20:29 - 00000000 ____D () C:\ProgramData\TEMP
2015-05-11 00:40 - 2013-09-22 19:52 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-11 00:40 - 2009-07-14 01:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-10 23:57 - 2013-08-30 00:43 - 00000000 ____D () C:\Users\TheThunderT
2015-05-10 23:56 - 2009-07-13 23:37 - 00000000 __RHD () C:\Users\Default
2015-05-10 18:00 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-05-10 17:23 - 2013-09-22 20:18 - 00000952 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-954720486-3091679152-3473616162-1001UA.job
2015-05-10 15:30 - 2013-09-22 21:02 - 00000000 ____D () C:\Users\TheThunderT\AppData\Local\adawarebp
2015-05-10 15:27 - 2013-09-24 22:28 - 00000000 ____D () C:\Users\Thunder`s Disciple
2015-05-10 15:00 - 2013-10-23 09:05 - 00000000 ____D () C:\Program Files\Wondershare
2015-05-10 14:50 - 2013-09-22 23:22 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-05-10 14:47 - 2013-09-22 20:04 - 00000000 ____D () C:\Users\TheThunderT\AppData\Roaming\uTorrent
2015-05-10 14:41 - 2015-03-21 11:18 - 00000000 ____D () C:\Program Files\Yahoo!
2015-05-10 14:36 - 2013-09-22 21:02 - 00000000 ____D () C:\Program Files\Ad-Aware Antivirus
2015-05-10 13:43 - 2014-10-01 23:07 - 00000000 ____D () C:\Users\TheThunderT\AppData\Roaming\PhotoScape
2015-05-10 13:43 - 2014-09-12 22:02 - 00000000 ____D () C:\Program Files\Steam
2015-05-10 13:43 - 2013-09-22 20:37 - 00000000 ____D () C:\Users\TheThunderT\AppData\Roaming\DAEMON Tools Lite
2015-05-10 13:42 - 2014-03-19 16:55 - 00000000 ____D () C:\Users\TheThunderT\AppData\Roaming\TS3Client
2015-05-10 13:40 - 2013-09-22 20:23 - 00000000 ____D () C:\Windows\Minidump
2015-05-10 13:40 - 2013-09-22 09:25 - 00000000 ____D () C:\Windows\Panther
2015-05-10 12:39 - 2013-09-22 20:16 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-05-10 12:39 - 2013-09-22 20:16 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-10 01:16 - 2015-01-18 15:35 - 00000000 ____D () C:\Program Files\BEAST Cabal
2015-05-09 21:55 - 2013-09-22 23:07 - 00000000 ____D () C:\Users\TheThunderT\AppData\Roaming\Skype
2015-05-09 21:20 - 2015-01-29 01:58 - 00000000 ____D () C:\Program Files\Lineage II
2015-05-09 20:23 - 2013-09-22 20:18 - 00000930 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-954720486-3091679152-3473616162-1001Core.job
2015-05-04 10:04 - 2013-09-22 21:44 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-04 10:04 - 2009-07-13 23:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-04 10:03 - 2013-09-22 21:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-04 10:02 - 2009-07-13 23:04 - 00000513 _____ () C:\Windows\win.ini
2015-05-04 09:52 - 2014-10-03 20:53 - 00000000 ___RD () C:\Program Files\Skype
2015-05-04 09:52 - 2013-09-22 23:07 - 00000000 ____D () C:\ProgramData\Skype
2015-04-22 15:28 - 2009-07-14 01:53 - 00032572 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-21 21:53 - 2015-03-28 19:50 - 00000109 _____ () C:\Users\TheThunderT\Documents\aaaaaaaaaaaaaa.txt
2015-04-19 13:39 - 2013-11-06 15:47 - 00000000 ____D () C:\Program Files\VDownloader
2015-04-17 17:46 - 2013-11-06 15:47 - 00000000 ____D () C:\Users\TheThunderT\AppData\Local\VDownloader
2015-04-17 00:55 - 2014-04-20 01:48 - 00000000 ____D () C:\Program Files\Common Files\Steam
==================== Files in the root of some directories =======
2013-11-06 15:47 - 2010-01-26 10:11 - 0444283 _____ () C:\Program Files\Common Files\WinPcapNmap.exe
2014-11-27 23:24 - 2014-11-27 23:24 - 0000017 _____ () C:\Users\TheThunderT\AppData\Local\resmon.resmoncfg
2013-11-06 15:47 - 2010-05-28 22:37 - 0015086 _____ () C:\ProgramData\Amazon.ico
2014-03-21 10:27 - 2014-03-21 10:27 - 0000464 _____ () C:\ProgramData\HirezPipeError.txt
2015-03-21 10:51 - 2015-03-21 11:21 - 0000363 _____ () C:\ProgramData\hpzinstall.log
2013-11-06 15:47 - 2010-07-20 12:53 - 0071926 _____ () C:\ProgramData\MercadoLivre.ico
Some content of TEMP:
====================
C:\Users\TheThunderT\AppData\Local\Temp\dllnt_dump.dll
C:\Users\TheThunderT\AppData\Local\Temp\InstHelper.exe
C:\Users\TheThunderT\AppData\Local\Temp\Quarantine.exe
C:\Users\TheThunderT\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-04 08:11
==================== End Of Log ============================