Solved Cannot open several website, other program cannot connect to internet

vickonovianto · Mar 20, 2015

I cannot open several websites, such as microsoft.com, http://www.bbc.co.uk/learningenglish. Facebook.com is also very slow. And other program cannot connect to internet, such as my iTunes cannot download apps, Malwarebytes Anti Malware cannot update, etc. I also notice the process iexplore.exe is always running.

vickonovianto · Mar 20, 2015

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by admin (administrator) on ADMIN-PC on 21-03-2015 10:31:38
Running from D:\
Loaded Profiles: admin (Available profiles: admin)
Platform: Microsoft Windows 7 Ultimate (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
() C:\Program Files\Garena Plus\ggdllhost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
() C:\Windows\System32\PnkBstrA.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(TeamViewer GmbH) D:\Data\Games\Team Viewer 9\TeamViewer_Service.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(BlueStack Systems) C:\Program Files\BlueStacks\HD-Network.exe
(Tonec Inc.) C:\Program Files\IDM\Internet Download Manager\IEMonitor.exe
(BlueStack Systems) C:\Program Files\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files\BlueStacks\HD-SharedFolder.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files\IDM\Internet Download Manager\idmBroker.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(INNORIX) C:\Windows\System32\innosvcd.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [2047088 2010-12-23] (VIA)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-02-17] (LogMeIn Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-02-13] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\...\Run: [IDMan] => C:\Program Files\IDM\Internet Download Manager\IDMan.exe [3890768 2015-02-28] (Tonec Inc.)
HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\...\Run: [Okqwics] => C:\Windows\System32\regsvr32.exe C:\Users\admin\AppData\Local\AVDworks\New.dll
HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\S-1-5-18\...\Run: [Bitdefender Wallet] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => "C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe"
HKU\S-1-5-18\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x20000000
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download MicroSoft Office Pro 2007 Full Version + Key By -=BGood577= [WBRG] Torrent - KickassTorrents.lnk
ShortcutTarget: Download MicroSoft Office Pro 2007 Full Version + Key By -=BGood577= [WBRG] Torrent - KickassTorrents.lnk -> C:\ProgramData\{87b87851-f649-aead-87b8-87851f64e147}\Download MicroSoft Office Pro 2007 Full Version + Key By -=BGood577= [WBRG] Torrent - KickassTorrents.exe (No File)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\slui.lnk
ShortcutTarget: slui.lnk -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\IEUpdate\slui.exe (No File)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\syskey.lnk
ShortcutTarget: syskey.lnk -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\IEUpdate\syskey.exe (No File)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tabcal.lnk
ShortcutTarget: tabcal.lnk -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\IEUpdate\tabcal.exe (No File)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WOWDEB.lnk
ShortcutTarget: WOWDEB.lnk -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\IEUpdate\WOWDEB.EXE (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\IDM\Internet Download Manager\IDMShellExt.dll (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Local Policy Restriction on IP: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{70d5cbed-af3f-49bd-a9bb-89911ba40d92} <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:57593;https=127.0.0.1:57593
ProxyServer: [S-1-5-21-1380481859-1212219880-2585911621-1000] => cache.itb.ac.id:8080
HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://plasa.msn.com/?rd=1&ucc=ID&dcc=ID&opt=0&ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\IDM\Internet Download Manager\IDMIECC.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-02-13] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-03] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-02-13] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-03] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
Toolbar: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-01-23] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{515E0BE1-5E90-47D0-88F7-E09BD12DBAFC}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{5897E3A2-9727-4A42-8EB5-9424E4FCA0E5}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{9D152133-7846-4DAC-B21E-A7253D1E1963}: [NameServer] 208.67.222.222,208.67.220.220

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\1h0mjti4.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-08] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-15] (CANON INC.)
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin: @innorix.com/innogmp -> C:\Program Files\INNORIX\npinnogmp.dll [2013-04-04] (INNORIX)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-02-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-02-13] (Oracle Corporation)
FF Plugin: @kamuse.com/npKLiveMBCPlugin -> C:\Users\admin\AppData\Roaming\KLive\MBC\npKLiveMBCPlugin.dll [2011-08-25] (kamuse)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-01-16] ( Garena)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-12-19] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1380481859-1212219880-2585911621-1000: @catalinahub.com/CatalinaGroup Update;version=3 -> C:\Users\admin\AppData\Local\CatalinaGroup\Update\1.3.25.203\npCatalinaUpdate3.dll No File
FF Plugin HKU\S-1-5-21-1380481859-1212219880-2585911621-1000: @catalinahub.com/CatalinaGroup Update;version=9 -> C:\Users\admin\AppData\Local\CatalinaGroup\Update\1.3.25.203\npCatalinaUpdate3.dll No File
FF Plugin HKU\S-1-5-21-1380481859-1212219880-2585911621-1000: @innorix.com/innogmp -> C:\Program Files\INNORIX\npinnogmp.dll [2013-04-04] (INNORIX)
FF Plugin HKU\S-1-5-21-1380481859-1212219880-2585911621-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\admin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1380481859-1212219880-2585911621-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-22] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2003-07-15] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2011-09-06] (Adobe Systems Inc.)
FF Extension: anonymoX - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\1h0mjti4.default\Extensions\client@anonymox.net.xpi [2015-03-19]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-09-01]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-01]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - D:\Data\Avast\WebRep\FF
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-02-08]
FF HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\admin\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\admin\AppData\Roaming\IDM\idmmzcc5 [2015-02-28]
FF HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\admin\AppData\Roaming\IDM\idmmzcc5
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox 4.0 Beta 6\firefox.exe

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-04]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-31]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-16]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-07-31]
CHR Extension: (AdBlock) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (IDM Integration Module) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2015-02-28]
CHR Extension: (No Name) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-31]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-05]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\IDM\Internet Download Manager\IDMGCExt.crx [2015-02-24]
CHR HKLM\...\Chrome\Extension: [okcnagmljeeakjmdbbflcanhlienmofh] - No Path Or update_url value
CHR HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\admin\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-07-29]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-09-20] (Adobe Systems) [File not signed]
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
S3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [402192 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [774928 2014-05-21] (BlueStack Systems, Inc.)
S3 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2\bin\fbguard.exe [81920 2011-02-01] (Firebird Project) [File not signed]
S3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2\bin\fbserver.exe [2764800 2011-02-01] (Firebird Project) [File not signed]
S3 GSService; C:\Windows\system32\GSService.exe [444640 2014-07-28] ()
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1848680 2015-02-17] (LogMeIn Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-06] ()
R2 Innosvcd; C:\Windows\system32\innosvcd.exe [193144 2013-04-04] (INNORIX)
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [411920 2015-02-16] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-27] (Microsoft Corporation) [File not signed]
S3 npggsvc; C:\Windows\system32\GameMon.des [5161056 2014-01-16] (INCA Internet Co., Ltd.)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [32568 2013-08-22] (The OpenVPN Project)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [1910128 2015-02-20] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-10-18] ()
S3 STSService; C:\Program Files\SoundTaxi Media Suite\STSService.exe [421376 2011-03-22] () [File not signed]
R2 TeamViewer9; D:\Data\Games\Team Viewer 9\TeamViewer_Service.exe [4799760 2014-09-13] (TeamViewer GmbH)
S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2010-12-15] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [189720 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-10-20] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-30] (AVG Technologies)
R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [47456 2014-03-11] (Baidu, Inc.)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [113424 2014-05-21] (BlueStack Systems)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [39624 2013-11-13] (AnchorFree Inc.)
S3 ISODrive; D:\Data\UltraISO\drivers\ISODrive.sys [73728 2008-05-24] (EZB Systems, Inc.) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-09-21] (Intel Corporation)
S3 OEM; C:\Windows\System32\DRIVERS\hs60x5usbser.sys [107000 2012-03-08] (QUALCOMM Incorporated)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2011-12-22] (Duplex Secure Ltd.)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [33512 2012-07-25] (AnchorFree Inc)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-11-13] (Anchorfree Inc.)
R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2014-06-06] (TeamViewer GmbH)
R3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023k.sys [11136 2007-09-01] (Microsoft Corporation)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1153648 2010-12-15] (VIA Technologies, Inc.)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [X]
S3 PCFApiUtil; \??\C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys [X]
S3 XDva392; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-21 10:29 - 2015-03-21 10:31 - 00000000 ____D () C:\FRST
2015-03-19 17:07 - 2015-03-19 17:09 - 00000000 _____ () C:\Users\admin\AppData\Local\{A2D7BD5C-678B-4B02-94A8-5B08DEE0CDCA}
2015-03-19 17:07 - 2015-03-19 17:09 - 00000000 _____ () C:\Users\admin\AppData\Local\{1AD142FE-67A3-4557-965B-2DDC569DA78A}
2015-03-18 17:02 - 2015-03-18 17:03 - 00000000 _____ () C:\Users\admin\AppData\Local\{E32997FB-EE08-400D-A9C2-A58B04C11250}
2015-03-18 17:02 - 2015-03-18 17:03 - 00000000 _____ () C:\Users\admin\AppData\Local\{46C92CE2-094E-4FD1-A87D-27790563DBA3}
2015-03-17 19:26 - 2015-03-17 19:27 - 00062217 _____ () C:\Users\admin\Downloads\Pro Evolution Soccer 2015-RELOADED [www.OMGTORRENT.com].torrent
2015-03-16 14:26 - 2015-03-16 14:26 - 00000000 ____D () C:\Program Files\Mozilla Firefox 4.0 Beta 6
2015-03-14 23:55 - 2015-03-14 23:55 - 00001039 _____ () C:\Users\admin\Desktop\Gemscool Indonesia Game Portal.lnk
2015-03-14 23:55 - 2015-03-14 23:55 - 00000925 _____ () C:\Users\admin\Desktop\Point Blank.lnk
2015-03-14 23:55 - 2015-03-14 23:55 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PointBlank Online
2015-03-14 21:58 - 2015-03-14 22:00 - 00000000 ____D () C:\Users\admin\AppData\Local\Sublime Text 3
2015-03-14 21:58 - 2015-03-14 21:58 - 00001049 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk
2015-03-14 21:58 - 2015-03-14 21:58 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Sublime Text 3
2015-03-14 21:58 - 2015-03-14 21:58 - 00000000 ____D () C:\Program Files\Sublime Text 3
2015-03-14 21:48 - 2015-03-14 21:48 - 00000985 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 2.lnk
2015-03-14 21:48 - 2015-03-14 21:48 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Sublime Text 2
2015-03-14 21:48 - 2015-03-14 21:48 - 00000000 ____D () C:\Program Files\Sublime Text 2
2015-03-14 20:08 - 2015-03-14 20:08 - 00000000 ____D () C:\Users\admin\AppData\Local\GitHub,_Inc
2015-03-14 18:24 - 2015-03-14 18:24 - 00000675 _____ () C:\Users\Public\Desktop\Git Bash.lnk
2015-03-14 18:24 - 2015-03-14 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2015-03-13 00:18 - 2015-03-13 00:18 - 00143208 _____ () C:\Windows\Minidump\031315-32744-01.dmp
2015-03-12 21:17 - 2015-03-12 21:17 - 00001059 _____ () C:\Users\Public\Desktop\New Success Intermediate ActiveBook.lnk
2015-03-12 21:17 - 2015-03-12 21:17 - 00000000 ___HD () C:\Program Files\InstallJammer Registry
2015-03-12 21:17 - 2015-03-12 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pearson
2015-03-12 21:08 - 2015-03-12 21:08 - 00000000 __SHD () C:\Windows\ftpcache
2015-03-12 21:07 - 2015-03-12 21:07 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Longman
2015-03-12 21:07 - 2015-03-12 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Longman
2015-03-12 16:37 - 2015-03-12 16:37 - 00001488 _____ () C:\Users\admin\Downloads\UTS_.zip
2015-03-10 01:47 - 2015-03-10 01:47 - 00001759 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-03-10 01:47 - 2015-03-10 01:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-10 01:46 - 2015-03-10 01:47 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-03-10 01:46 - 2015-03-10 01:46 - 00000000 ____D () C:\Program Files\iPod
2015-03-01 07:58 - 2015-03-14 21:04 - 00000000 ____D () C:\Users\admin\.atom
2015-03-01 07:57 - 2015-03-14 20:26 - 00002088 _____ () C:\Users\admin\Desktop\Atom.lnk
2015-03-01 07:57 - 2015-03-01 07:58 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Atom
2015-03-01 07:55 - 2015-03-14 20:24 - 00000000 ____D () C:\Users\admin\AppData\Local\atom
2015-03-01 07:55 - 2015-03-01 07:58 - 00000000 ____D () C:\Users\admin\AppData\Local\SquirrelTemp
2015-03-01 07:50 - 2015-03-01 07:50 - 00000000 ____D () C:\Users\admin\Documents\GitHub
2015-03-01 07:50 - 2015-03-01 07:50 - 00000000 ____D () C:\Users\admin\.ssh
2015-03-01 07:49 - 2015-03-14 20:16 - 00000000 ____D () C:\Users\admin\AppData\Roaming\GitHub
2015-03-01 07:49 - 2015-03-14 20:16 - 00000000 ____D () C:\Users\admin\AppData\Local\GitHub
2015-03-01 07:49 - 2015-03-01 07:49 - 00002146 _____ () C:\Users\admin\Desktop\Git Shell.lnk
2015-03-01 07:49 - 2015-03-01 07:49 - 00000058 _____ () C:\Users\admin\.gitconfig
2015-03-01 07:48 - 2015-03-14 20:26 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2015-03-01 07:48 - 2015-03-01 07:48 - 00000308 _____ () C:\Users\admin\Desktop\GitHub.appref-ms
2015-02-28 10:36 - 2015-02-28 10:36 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-02-28 10:32 - 2015-02-28 10:32 - 00013332 _____ () C:\Users\admin\Downloads\[kickass.to]internet.download.manager.idm.6.23.build.2.final.incl.crack.atom.torrent
2015-02-28 10:10 - 2015-02-28 10:10 - 00000000 ____D () C:\ProgramData\Avg_Update_0215av
2015-02-27 21:07 - 2015-02-27 21:24 - 00000000 ____D () C:\Users\admin\AppData\Local\Temporary Projects
2015-02-27 19:33 - 2015-02-27 19:35 - 00000000 _____ () C:\Users\admin\AppData\Local\{C44B1E1A-3498-4F00-B71E-FB709A551C3C}
2015-02-27 19:33 - 2015-02-27 19:35 - 00000000 _____ () C:\Users\admin\AppData\Local\{587072C4-0EF0-43FF-AE94-9291A47B864B}
2015-02-24 20:41 - 2014-11-29 07:37 - 00115752 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2015-02-24 10:05 - 2015-02-24 10:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-24 09:26 - 2015-02-24 09:26 - 00018542 _____ () C:\Users\admin\Downloads\[kickass.to]microsoft.visio.pro.2013.sp1.vl.x86.en.us.torrent
2015-02-24 08:37 - 2015-02-24 08:37 - 00043951 _____ () C:\Users\admin\Downloads\[kickass.to]microsoft.visio.pro.2013.sp1.vl.x64.en.us.torrent
2015-02-24 08:21 - 2015-03-21 07:05 - 00000000 ____D () C:\Users\admin\AppData\Local\AVDworks
2015-02-24 08:20 - 2015-03-10 23:20 - 00000000 ____D () C:\Users\admin\AppData\Local\Agcpworks
2015-02-24 07:32 - 2015-02-24 07:32 - 00034502 _____ () C:\Users\admin\Downloads\Microsoft Visio Professional.torrent
2015-02-24 05:57 - 2015-02-24 05:57 - 00000000 ____D () C:\Users\admin\Documents\W7
2015-02-24 05:56 - 2015-02-24 05:57 - 00000000 ____D () C:\Users\admin\Documents\W6
2015-02-19 08:05 - 2015-02-19 08:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-02-19 08:05 - 2015-02-19 08:05 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-21 10:31 - 2014-12-27 00:39 - 00000000 ____D () C:\Users\admin\AppData\Local\LogMeIn Hamachi
2015-03-21 10:31 - 2012-07-21 23:27 - 00000000 ____D () C:\Users\admin\AppData\Roaming\DMCache
2015-03-21 10:12 - 2009-07-14 11:34 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-21 10:12 - 2009-07-14 11:34 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-21 10:07 - 2014-07-31 20:30 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-21 10:05 - 2014-07-31 20:30 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce820314248fdf.job
2015-03-21 10:04 - 2014-11-02 01:00 - 00020026 _____ () C:\Windows\setupact.log
2015-03-21 10:04 - 2009-07-14 11:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-21 09:48 - 2012-04-08 06:56 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-21 08:47 - 2012-03-31 14:15 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1380481859-1212219880-2585911621-1000UA.job
2015-03-21 08:36 - 2013-10-02 18:25 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-21 07:32 - 2015-01-06 23:04 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-21 05:57 - 2014-11-04 04:33 - 00047467 _____ () C:\Windows\WindowsUpdate.log
2015-03-20 20:47 - 2012-03-31 14:15 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1380481859-1212219880-2585911621-1000Core.job
2015-03-20 19:31 - 2011-09-20 05:59 - 00783728 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-19 17:19 - 2014-02-11 02:06 - 00000000 ____D () C:\SPB_Data
2015-03-19 17:05 - 2011-10-26 18:34 - 00000000 ____D () C:\Users\admin\AppData\Roaming\uTorrent
2015-03-16 19:32 - 2012-09-21 10:36 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-16 18:54 - 2014-06-08 15:13 - 00000000 ____D () C:\Users\admin\AppData\Local\CrashDumps
2015-03-15 23:01 - 2014-11-03 08:53 - 00341194 _____ () C:\Windows\PFRO.log
2015-03-15 19:26 - 2014-01-04 08:32 - 00000000 ____D () C:\Users\admin\Documents\Bandicam
2015-03-15 08:48 - 2012-09-27 23:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-14 20:05 - 2013-05-02 13:31 - 00000000 ____D () C:\Users\admin\AppData\Local\Deployment
2015-03-13 23:59 - 2011-10-26 18:31 - 00000000 ____D () C:\Users\admin\AppData\Local\RipTiger
2015-03-13 00:18 - 2013-04-21 11:51 - 00000000 ____D () C:\Windows\Minidump
2015-03-12 20:43 - 2009-07-14 09:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-12 19:48 - 2015-01-07 07:27 - 00129832 _____ () C:\zoek-results.log
2015-03-10 17:52 - 2015-01-06 23:04 - 00001070 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-10 17:52 - 2015-01-06 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-10 17:52 - 2015-01-06 23:04 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-10 01:47 - 2012-11-23 16:18 - 00000000 ____D () C:\Program Files\iTunes
2015-03-10 01:46 - 2011-09-20 18:30 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-07 00:06 - 2014-11-09 01:39 - 00000000 ____D () C:\Users\admin\Desktop\Tor Browser
2015-03-01 08:37 - 2009-07-14 09:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-03-01 07:58 - 2011-09-20 05:00 - 00000000 ____D () C:\Users\admin
2015-02-28 06:12 - 2014-09-29 21:45 - 00000000 ____D () C:\Users\admin\Documents\Visual Studio 2008
2015-02-27 22:09 - 2014-07-01 20:01 - 00000000 ____D () C:\Users\admin\AppData\Roaming\.minecraft
2015-02-24 17:25 - 2012-04-08 06:56 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-24 17:25 - 2011-09-20 18:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-24 17:21 - 2009-07-14 11:33 - 00453568 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-24 17:20 - 2011-09-20 05:03 - 00115864 _____ () C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-24 10:06 - 2011-09-20 05:29 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-24 10:05 - 2011-09-20 05:10 - 00000000 ____D () C:\Program Files\Common Files\Designer
2015-02-24 10:05 - 2009-07-14 09:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-24 10:04 - 2011-09-20 05:29 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-02-20 21:18 - 2013-08-27 20:17 - 00000000 ____D () C:\Users\admin\AppData\Roaming\GarenaPlus
2015-02-20 21:18 - 2013-08-27 20:13 - 00000000 ____D () C:\ProgramData\GarenaMessenger
2015-02-19 08:52 - 2013-06-21 18:20 - 00000000 ____D () C:\Users\admin\AppData\Local\CSO

==================== Files in the root of some directories =======

2013-10-02 15:51 - 2013-10-02 15:51 - 0000160 _____ () C:\Users\admin\AppData\Roaming\ICARE_ACTIVITY.LOG
2014-06-04 12:29 - 2014-10-18 15:34 - 0138576 _____ () C:\Users\admin\AppData\Roaming\PnkBstrK.sys
2011-12-22 16:15 - 2014-03-14 00:10 - 0003150 _____ () C:\Users\admin\AppData\Roaming\Rim.Desktop.Exception.log
2011-12-22 16:14 - 2014-03-13 22:49 - 0002245 _____ () C:\Users\admin\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2011-12-22 16:15 - 2014-03-14 00:10 - 0001078 _____ () C:\Users\admin\AppData\Roaming\Rim.DesktopHelper.Exception.log
2013-08-27 22:02 - 2014-02-14 04:58 - 0045270 _____ () C:\Users\admin\AppData\Roaming\room_v3.dat
2015-01-31 07:19 - 2015-01-31 07:19 - 0000000 ____H () C:\Users\admin\AppData\Local\BIT276D.tmp
2015-01-31 07:19 - 2015-01-31 07:19 - 0000000 ____H () C:\Users\admin\AppData\Local\BIT2829.tmp
2015-01-20 22:33 - 2015-01-20 22:33 - 0000000 ____H () C:\Users\admin\AppData\Local\BIT2EDC.tmp
2015-01-20 22:33 - 2015-01-20 22:33 - 0000000 ____H () C:\Users\admin\AppData\Local\BIT3044.tmp
2015-01-22 16:51 - 2015-01-22 16:51 - 0000000 ____H () C:\Users\admin\AppData\Local\BITEF2E.tmp
2015-01-22 16:51 - 2015-01-22 16:51 - 0000000 ____H () C:\Users\admin\AppData\Local\BITF113.tmp
2014-11-16 11:53 - 2014-11-16 11:53 - 0007597 _____ () C:\Users\admin\AppData\Local\Resmon.ResmonCfg
2015-03-19 17:07 - 2015-03-19 17:09 - 0000000 _____ () C:\Users\admin\AppData\Local\{1AD142FE-67A3-4557-965B-2DDC569DA78A}
2015-01-22 16:50 - 2015-01-22 16:50 - 0000000 _____ () C:\Users\admin\AppData\Local\{3C7EB1C3-A1E4-4026-B49A-B6D3519C3F1C}
2015-01-22 16:50 - 2015-01-22 16:50 - 0000000 _____ () C:\Users\admin\AppData\Local\{44ED26BF-F402-4764-9F29-0C9ADC9EEB1D}
2015-03-18 17:02 - 2015-03-18 17:03 - 0000000 _____ () C:\Users\admin\AppData\Local\{46C92CE2-094E-4FD1-A87D-27790563DBA3}
2015-01-08 10:14 - 2015-01-08 10:14 - 0000000 _____ () C:\Users\admin\AppData\Local\{4B96569B-0EC0-4114-BDC3-3C6AFB118504}
2015-01-20 22:32 - 2015-01-20 22:32 - 0000000 _____ () C:\Users\admin\AppData\Local\{4BEF06CE-F36F-423E-8822-264D901ABF44}
2015-02-27 19:33 - 2015-02-27 19:35 - 0000000 _____ () C:\Users\admin\AppData\Local\{587072C4-0EF0-43FF-AE94-9291A47B864B}
2015-01-08 10:14 - 2015-01-08 10:14 - 0000000 _____ () C:\Users\admin\AppData\Local\{8CAA9C65-EE8D-4296-ACD9-62651D27DFFF}
2015-02-16 19:10 - 2015-02-16 19:10 - 0000000 _____ () C:\Users\admin\AppData\Local\{8E658E09-D036-4EA6-A4D6-4E00C88D1BED}
2015-02-16 19:10 - 2015-02-16 19:10 - 0000000 _____ () C:\Users\admin\AppData\Local\{9CEC9CB6-F346-45A4-8D30-C319CACDB681}
2015-03-19 17:07 - 2015-03-19 17:09 - 0000000 _____ () C:\Users\admin\AppData\Local\{A2D7BD5C-678B-4B02-94A8-5B08DEE0CDCA}
2015-01-20 22:32 - 2015-01-20 22:32 - 0000000 _____ () C:\Users\admin\AppData\Local\{AC362A9C-19FF-4A97-AF4B-27A4602CCA70}
2015-02-27 19:33 - 2015-02-27 19:35 - 0000000 _____ () C:\Users\admin\AppData\Local\{C44B1E1A-3498-4F00-B71E-FB709A551C3C}
2015-03-18 17:02 - 2015-03-18 17:03 - 0000000 _____ () C:\Users\admin\AppData\Local\{E32997FB-EE08-400D-A9C2-A58B04C11250}
2015-01-31 07:18 - 2015-01-31 07:20 - 0000000 _____ () C:\Users\admin\AppData\Local\{EEB81C14-3071-49A7-B693-C2BD4FA00545}
2015-01-31 07:18 - 2015-01-31 07:20 - 0000000 _____ () C:\Users\admin\AppData\Local\{F6249803-CE9A-4FC5-BA0B-4613EFDBBF9D}
2014-03-29 16:17 - 2014-03-29 16:17 - 1743757 _____ () C:\ProgramData\1396080444.bdinstall.bin
2014-05-28 19:00 - 2014-05-28 19:00 - 0695260 _____ () C:\ProgramData\1401274575.bdinstall.bin
2014-05-28 18:05 - 2014-05-28 18:05 - 0047927 _____ () C:\ProgramData\1401275126.bdinstall.bin
2014-06-05 21:30 - 2014-06-05 21:30 - 0014768 _____ () C:\ProgramData\1401978631.bdinstall.bin
2014-06-05 21:31 - 2014-06-05 21:31 - 0014768 _____ () C:\ProgramData\1401978676.bdinstall.bin
2014-06-06 19:52 - 2014-06-06 19:52 - 0014768 _____ () C:\ProgramData\1402059130.bdinstall.bin
2014-06-10 17:20 - 2014-06-10 17:20 - 0014768 _____ () C:\ProgramData\1402395617.bdinstall.bin
2014-06-10 17:20 - 2014-06-10 17:20 - 0014768 _____ () C:\ProgramData\1402395649.bdinstall.bin
2014-06-10 17:21 - 2014-06-10 17:21 - 0014768 _____ () C:\ProgramData\1402395693.bdinstall.bin
2014-06-10 17:21 - 2014-06-10 17:21 - 0014768 _____ () C:\ProgramData\1402395702.bdinstall.bin
2014-06-10 17:22 - 2014-06-10 17:22 - 0014768 _____ () C:\ProgramData\1402395723.bdinstall.bin
2014-06-10 17:24 - 2014-06-10 17:24 - 0014768 _____ () C:\ProgramData\1402395878.bdinstall.bin
2014-06-10 17:33 - 2014-06-10 17:33 - 0014768 _____ () C:\ProgramData\1402396393.bdinstall.bin
2014-06-10 17:33 - 2014-06-10 17:33 - 0014768 _____ () C:\ProgramData\1402396404.bdinstall.bin
2014-06-10 17:34 - 2014-06-10 17:34 - 0014768 _____ () C:\ProgramData\1402396439.bdinstall.bin
2014-06-10 17:34 - 2014-06-10 17:34 - 0014768 _____ () C:\ProgramData\1402396449.bdinstall.bin
2014-06-10 17:36 - 2014-06-10 17:36 - 0014768 _____ () C:\ProgramData\1402396570.bdinstall.bin
2014-06-10 17:36 - 2014-06-10 17:36 - 0014768 _____ () C:\ProgramData\1402396598.bdinstall.bin
2014-05-17 00:09 - 2013-01-07 11:04 - 0000037 _____ () C:\ProgramData\ttrainer8.data

Files to move or delete:
====================
C:\Users\admin\ntuserdirect_MyManager.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-15 09:58

==================== End Of Log ============================

vickonovianto · Mar 20, 2015

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by admin at 2015-03-21 10:32:31
Running from D:\
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
Accurate 3 Enterprise Edition (HKLM\...\Accurate 3 Enterprise Edition) (Version: - )
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Advertising Center (Version: 0.0.0.1 - Nero AG) Hidden
Age of Empires III - The Asian Dynasties (HKLM\...\InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The Asian Dynasties (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM\...\InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (Version: 1.00.0000 - Microsoft Game Studios) Hidden
AMD Catalyst Install Manager (HKLM\...\{B448BC74-1CB7-7A57-3313-5E075AFB413E}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Atom (HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\...\atom) (Version: 0.187.0 - GitHub Inc.)
Avenue Flo - Special Delivery Just For Fun Games (HKLM\...\Avenue Flo - Special Delivery Just For Fun Games) (Version: - )
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4800 - AVG Technologies)
AVG 2014 (Version: 14.0.4257 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4800 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 3.2.0.18 - AVG Technologies)
Bandicam (HKLM\...\Bandicam) (Version: 1.9.2.455 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM\...\BandiMPEG1) (Version: - Bandisoft.com)
Battlefield 3™ (HKLM\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
BlueStacks App Player (HKLM\...\BlueStacks App Player) (Version: 0.8.10.3096 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM\...\{0BED0B96-70B8-4893-884B-DC485DC8C1B7}) (Version: 0.8.10.3096 - BlueStack Systems, Inc.)
Boutique Boulevard (HKLM\...\Boutique Boulevard) (Version: 1.00 - Big Fish Games)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: - )
Canon MP Navigator EX 4.0 (HKLM\...\MP Navigator EX 4.0) (Version: - )
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version: - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version: - )
CCleaner, версия 4.14.4808 (HKLM\...\{80BD3FC0-9C5F-4ADA-83C7-91DC8E24D0B2}_is1) (Version: 4.14.4808 - Salat Production)
CodeBlocks (HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\...\CodeBlocks) (Version: 12.11 - The Code::Blocks Team)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Cooking Academy - Restaurant Royale (HKLM\...\Cooking Academy - Restaurant RoyaleFinal) (Version: Final - AllSmartGames)
Counter-Strike Online Game Client (HKLM\...\Counter-Strike Online) (Version: Game Client - Megaxus)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Declan's Korean Dictionary v1.1 (HKLM\...\Declan's Korean Dictionary_is1) (Version: 1.1.1127 - Declan Software, Inc.)
Delicious - Emily's Tea Garden (HKLM\...\Delicious - Emily's Tea Garden) (Version: 1.0.7.1 - GameHouse, Inc.)
Delicious 9 - Emilys Honeymoon Cruise (HKLM\...\Delicious 9 - Emilys Honeymoon Cruise1.1) (Version: 1.1 - Foxy Games)
Delicious Emilys True Love Premium Edition (HKLM\...\Delicious Emilys True Love Premium Editionv1.0.0.0) (Version: v1.0.0.0 - GameHouse)
Diner Dash - Flo Through Time 1.00 (HKLM\...\Diner Dash - Flo Through Time 1.00) (Version: - )
Diner Dash Seasonal Snack Pack (HKLM\...\Diner Dash Seasonal Snack Pack1.0) (Version: 1.0 - AllSmartGames)
doxygen 1.8.9.1 (HKLM\...\doxygen_is1) (Version: 1.8.9.1 - Dimitri van Heesch)
Dropbox (HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\...\Dropbox) (Version: 2.4.10 - Dropbox, Inc.)
EMS SQL Manager 2007 Lite for MySQL (HKLM\...\{8ABA2354-20F6-480F-A4C5-63B30DBC6B20}) (Version: 4.4.2.1 - EMS)
Entity Framework Designer for Visual Studio 2012 - enu (HKLM\...\{AFA4B0BF-3289-495A-B949-BA91F39B1A44}) (Version: 11.1.21009.00 - Microsoft Corporation)
Epson Easy Photo Print 2 (HKLM\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
EPSON TX111 Series Printer Uninstall (HKLM\...\EPSON TX111 Series) (Version: - SEIKO EPSON Corporation)
Exact Audio Copy PSP Edition 1.0 (HKLM\...\Exact Audio Copy PSP Edition) (Version: 1.0 - Andre Wiethoff)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
First Class Flurry (HKLM\...\First Class Flurry1.0) (Version: 1.0 - Adnan_Boy 2008)
FontNav (Version: 5.0 - Corel Corporation) Hidden
Fraps (HKLM\...\Fraps) (Version: - )
Free Pascal 2.6.2 (HKLM\...\FreePascal_is1) (Version: - Free Pascal Team)
Garena - FIFA ONLINE 3(English) (HKLM\...\FO3) (Version: - Garena Online Pte Ltd.)
Garena - FIFA ONLINE 3(Indonesia) (HKLM\...\FO3ID) (Version: - Garena Online Pte Ltd.)
Genymotion version 2.3.1 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 2.3.1 - Genymobile)
GeoGebra 4.4 (HKLM\...\GeoGebra 4.4) (Version: 4.4.5.0 - International GeoGebra Institute)
Git version 1.9.5-preview20141217 (HKLM\...\Git_is1) (Version: 1.9.5-preview20141217 - The Git Development Community)
GitHub (HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\...\5f7eb300e2ea4ebf) (Version: 2.9.1.0 - GitHub, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Drive (HKLM\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Gourmet Chef Challenge Around the World version 3.107 (HKLM\...\Gourmet Chef Challenge Around the World_is1) (Version: 3.107 - )
Grand Theft Auto IV - Episodes From Liberty City (HKLM\...\{8ED35B48-AFBD-4F32-8271-2257AD8B907E}_is1) (Version: - )
Grand Theft Auto San Andreas + MultiPlayer [0.3e] (HKLM\...\{E1D22FE1-AB5F-42CA-9480-6F70B96DDD88}_is1) (Version: 0.3(e) - RePack by -=M@N=-)
Happy Chef (HKLM\...\Happy Chef1.0) (Version: 1.0 - Foxy Games)
Happy Chef 2 (HKLM\...\Happy Chef 2v1.29.07.2013) (Version: v1.29.07.2013 - Nordcurrent)
Haskell Platform 2013.2.0.0 (HKLM\...\HaskellPlatform-2013.2.0.0) (Version: - Haskell.org)
Hell's Kitchen (HKLM\...\Hell's Kitchen1.0) (Version: 1.0 - Adnan_Boy 2008)
Hostile Makeover - A Fashion Murder Mystery Game (HKLM\...\Hostile Makeover - A Fashion Murder Mystery Game1.0) (Version: 1.0 - AllSmartGames)
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version: - Tonec Inc.)
iTunes (HKLM\...\{3A9FE6B1-EE7F-40AC-B831-AC7C9ABB58A0}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java SE Development Kit 8 Update 31 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180310}) (Version: 8.0.310.13 - Oracle Corporation)
Kamus 2.04 (HKLM\...\Kamus2) (Version: 2.04 - Ebta Setiawan)
K-Lite Mega Codec Pack 10.9.0 (HKLM\...\KLiteCodecPack_is1) (Version: 10.9.0 - )
Kudos 2 (HKLM\...\Kudos 21.01) (Version: 1.01 - Adnan_Boy 2008)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Life Quest 2 - Metropoville (HKLM\...\Life Quest 2 - Metropovillev1.0.0) (Version: v1.0.0 - Big Fish Games)
LINE (HKLM\...\LINE) (Version: 3.9.1.188 - LINE Corporation)
LiveUSB Creator (remove only) (HKLM\...\LiveUSB Creator) (Version: - )
LogMeIn Hamachi (HKLM\...\LogMeIn Hamachi) (Version: 2.2.0.319 - LogMeIn, Inc.)
LogMeIn Hamachi (Version: 2.2.0.319 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MBC Live (HKLM\...\MBCLive) (Version: - )
MCShield ::Anti-Malware Tool:: (HKLM\...\MCShield) (Version: 3.0.5.28 - MyCity)
Media Go Video Playback Engine 1.64.101.02270 (HKLM\...\{7D62ABA3-35EC-623E-2C5F-1B3332CB705B}) (Version: 1.64.101.02270 - Sony)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{D9DA2981-3298-4F1A-9192-F2CF5BD91145}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English (HKLM\...\{0C19D563-5F25-4621-BF10-01F741BD283F}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (HKLM\...\Microsoft Visual Basic 2008 Express Edition with SP1 - ENU) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Web Deploy 3.0 (HKLM\...\{E43AC95E-66B0-4CEC-AADD-C9BFEF5A4C0A}) (Version: 3.1236.1631 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (HKLM\...\{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}) (Version: 3.5.30729 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (HKLM\...\{044F9133-B8D7-4d11-BF39-803FA20F5C8B}) (Version: 6.1.5295.17011 - Microsoft Corporation)
Minecraft 1.8 (HKLM\...\Minecraft 1.8) (Version: 1.8 - Mojang)
Minecraft1.7.2 (HKLM\...\Minecraft1.7.2) (Version: - )
ModooMarble (Remove only) (HKLM\...\{7B2562F1-02DC-415F-8960-446E64BE9BBE}_is1) (Version: 1.0 - PT.CJ Internet Indonesia)
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MySQL Installer (HKLM\...\{F0A890B5-DE46-4468-A1DF-8F4DE5C478D0}) (Version: 1.3.6.0 - Oracle Corporation)
MySQL Server 5.0 (HKLM\...\{DBACBFE4-F79E-4AFB-A7C3-463555B8446B}) (Version: 5.0.67 - MySQL AB)
Need For Speed™ World (HKLM\...\{3AF1B16A-7DC9-4C80-BAEC-70B088A7C5B8}) (Version: 1.0.0.0 - Electronic Arts)
New Success Intermediate ActiveBook (HKLM\...\9781408249123-Pearson) (Version: - Pearson Education)
Notepad++ (HKLM\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
OpenVPN 2.3.2-I003 (HKLM\...\OpenVPN) (Version: 2.3.2-I003 - )
Opera Stable 25.0.1614.68 (HKLM\...\Opera 25.0.1614.68) (Version: 25.0.1614.68 - Opera Software ASA)
Oracle VM VirtualBox 4.2.12 (HKLM\...\{5FA29565-1B72-488F-B975-E3C76F179F36}) (Version: 4.2.12 - Oracle Corporation)
Origin (HKLM\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Plants vs. Zombies™ (HKLM\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Point Blank Online (HKLM\...\Point Blank Online) (Version: 20100113 - Gemscool)
PointblnakPTS_New version 1.5 (HKLM\...\{7F22FDB9-0BA3-4098-BDEB-4C9C93482B32}_is1) (Version: 1.5 - Bypassnet)
PremiumSoft Navicat 11.0 for MySQL (HKLM\...\PremiumSoft Navicat for MySQL_is1) (Version: 11.0.18 - PremiumSoft CyberTech Ltd.)
PremiumSoft Navicat 11.1 for SQL Server (HKLM\...\PremiumSoft Navicat for SQL Server_is1) (Version: 11.1.9 - PremiumSoft CyberTech Ltd.)
Presto! MaxReader 4.5 LE (HKLM\...\{333210DA-4E7F-402A-ABBF-41D70CF00503}) (Version: 4.50.02 - NewSoft Technology Corporation)
Pro Evolution Soccer 2014 (HKLM\...\{5EFD3544-2371-4900-8ACA-F157BA80FB0C}) (Version: 1.00.0000 - KONAMI)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)
Puzzler World 2 (HKLM\...\Puzzler World 21.0) (Version: 1.0 - Foxy Games)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RipTiger 4.5.1 (HKLM\...\{AFD4597D-56CC-447F-AA68-C1BF1AEA448E}_is1) (Version: 4.5.1 - cyan soft ltd)
Shop-n-Spree 3 - Shopping Paradise (HKLM\...\Shop-n-Spree 3 - Shopping Paradise1.0) (Version: 1.0 - Foxy Games)
SimCity™ (HKLM\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Smartfren andro max E860 UI (HKLM\...\{90C99F3E-56DB-4965-B524-1D0E1851E03A}) (Version: - )
SoundTaxi Media Suite 4.2.0 (HKLM\...\STMediaSuite) (Version: 4.2.0 - Ramka Ltd.)
SoundTaxi Media Suite 4.5.1 (HKLM\...\{EF4C657F-632F-4CED-A220-F4C1C724241C}_is1) (Version: 4.5.1 - cyan soft ltd)
SQL Server System CLR Types (HKLM\...\{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}) (Version: 10.0.1600.22 - Microsoft Corporation)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version: - )
Sublime Text Build 3065 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TDM-GCC (HKLM\...\TDM-GCC) (Version: 1.1309.0 - TDM)
Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
TeXstudio 2.5.2 (HKLM\...\TeXstudio_is1) (Version: 2.5.2 - Benito van der Zander)
The Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.62.153 - Electronic Arts)
The Sims™ 3 Fast Lane Stuff (HKLM\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Into the Future (HKLM\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
The Sims™ 3 Island Paradise (HKLM\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
The Sims™ 3 Pets (HKLM\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Seasons (HKLM\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 Town Life Stuff (HKLM\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
The Sims™ 3 University Life (HKLM\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
The Sims™ 4 Create A Sim Demo (HKLM\...\{6908ED99-F02B-4E99-A202-3FAC99C510ED}) (Version: 1.0.237.100 - Electronic Arts Inc.)
Trivia Machine Reloaded (HKLM\...\Trivia Machine Reloadedv1.1) (Version: v1.1 - HipSoft)
TweetDeck (HKLM\...\{85D70219-700E-4728-A80D-C394DEF6247E}) (Version: 3.0.2 - Twitter, Inc.)
Typing Trainer 8.0 (HKLM\...\{218081EE-C83D-46A6-9382-9AB77B99AAA1}_is1) (Version: - Typing Innovation Group Ltd)
Unity Web Player (HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update Manager (Version: 4.60 - Corel Corporation) Hidden
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Virtual Families 2 - Our Dream House (HKLM\...\Virtual Families 2 - Our Dream House1.0) (Version: 1.0 - Foxy Games)
Virtual Villagers 4 - The Tree of Life (HKLM\...\Virtual Villagers 4 - The Tree of Life1.0) (Version: 1.0 - AllSmartGames)
Virtual Villagers The Secret City (HKLM\...\Virtual Villagers The Secret City_is1) (Version: - )
Visual Prolog 7.5 Personal Edition (HKLM\...\{17AF2321-4AD8-4727-B3BE-C2BE1EB49478}) (Version: 1.0.0 - Prolog Development Center)
Visual Prolog Examples (HKLM\...\{FBAD7F9E-EEE5-4C00-962B-856E793AABBA}) (Version: 1.0.0 - Prolog Development Center)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wedding Salon (HKLM\...\Wedding Salon1.0) (Version: 1.0 - Foxy Games)
Windows 7 USB/DVD Download Tool (HKLM\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Xilisoft Video Converter Ultimate 6 (HKLM\...\Xilisoft Video Converter Ultimate 6) (Version: 6.0.7.0707 - Xilisoft)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Youda Sushi Chef (HKLM\...\Youda Sushi Chef1.3.0.0) (Version: 1.3.0.0 - Adnan_Boy 2008)
Youda Sushi Chef 2 (HKLM\...\Youda Sushi Chef 2Final) (Version: Final - AllSmartGames)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{02C1231D-E588-4C33-AEF6-145B4BA256EB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{037FB476-15E0-4ED1-B11A-E420B750B1A8}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{0C1EB979-8EC7-46E8-8097-246957D6B94C}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{1434DD3D-0AF6-41E0-BB71-8C86010D9AF5}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{2837E0FE-686B-4CB0-BE53-0EA097EAF71B}\InprocServer32 -> C:\Windows\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\admin\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{47F64EC4-1AD6-4168-9D4C-00F3842F7CFB}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{4B66DD3F-2E6E-4F7C-B38C-E32608820825}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{53DBCD97-3FDF-4B60-975B-2596B57482EF}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\BBWebSLLauncher.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{5AFAFE48-7107-4FE5-B21A-86A4254541DD}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{5B7524C8-2446-40E9-9474-94A779DBA224}\InprocServer32 -> C:\Windows\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\admin\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{621D3650-F1D3-414C-97F9-03A02B211261}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{623E415A-22EF-4DAA-A2FF-E68E77A673C9}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{73D320C0-FACA-4553-9D5F-070F9E4DC5C8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\InprocServer32 -> C:\Windows\Downloaded Program Files\dwusplay.dll (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\admin\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{8BF2F61B-E8C2-4A67-85D0-D6A69F9FD948}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{915C2CEB-216B-4B7C-89E4-9ED3512D58D9}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{92C5E738-7372-4CD6-BE57-15833624EBF3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{9CAAD2EA-177B-4D07-871F-47255B5D30F3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{AD046C04-9CC6-4424-A8E2-1F8BB9D0B29D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{B391A1DB-28C8-4506-A43C-5BD6051F16BA}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{BA3D0120-E617-4F66-ADCA-585CC2FB86DB}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{C8992C14-DF59-4518-808F-CCFBB5850282}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\admin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{D41C1E5B-0566-4BB1-BE72-1A5407349CA6}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{E42CE23D-69F9-480A-A15F-BFF5E4D170C3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{E50C953D-311A-481B-8F8D-C55E65AF7417}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{E9880553-B8A7-4960-A668-95C68BED571E}\InprocServer32 -> C:\Windows\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{E9A93328-79D4-4AED-A778-146E7191F8BC}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{EB59852D-B38E-4A4C-94BA-6731836E5538}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{EE7F6B66-AC97-41CF-BD88-372DDB786DB6}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{F1522EC1-F84F-4CE2-A38C-F9384B0DFD41}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> D:\Data\SOFTWARE INSTALLER\office 2007\Download MicroSoft Office Pro 2007 Full Version + Key By -=BG (the data entry has 52 more characters).
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{F4CBF20B-F634-4095-B64A-2EBCDD9E560E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{F6CF0104-4F4A-4EBE-999D-A12D838E65B5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{FFF2D28F-E4EE-44D9-8104-8E71556757F6}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)

==================== Restore Points =========================

21-03-2015 00:29:18 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 09:04 - 2015-03-12 19:42 - 00001796 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 adobeereg.com
127.0.0.1 www.adobeereg.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 125.252.224.90
127.0.0.1 125.252.224.91
127.0.0.1 hl2rcv.adobe.com

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06284F36-5749-45C5-BA17-2185F91D2B59} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {0737CFBC-5880-4F14-992E-BFE037AE874D} - System32\Tasks\ntkrnlpa => C:\Users\admin\AppData\Roaming\Microsoft\Windows\IEUpdate\ntkrnlpa.exe
Task: {1CD2311E-821C-4969-815A-8A12D4A05C57} - System32\Tasks\Opera scheduled Autoupdate 1415471294 => C:\Program Files\Opera\launcher.exe [2014-10-29] (Opera Software)
Task: {1FCB3531-9048-4E7F-B781-9F3AA70A9C54} - System32\Tasks\{84827F1A-DB38-41C9-B0A3-CCE0D350A549} => pcalua.exe -a "D:\Data\Games\Marine Park Empire\VSetting.exe" -d "D:\Data\Games\Marine Park Empire"
Task: {23723E25-19B5-4488-92DD-731F89FDA0A7} - System32\Tasks\{98311E6E-FE96-4F79-B380-1E60838C29C0} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Task: {2BB82A17-3209-4CC6-9717-54BDDF9D5A6E} - System32\Tasks\{3F95531A-AD2B-44F9-904F-BA56A0D64CC7} => pcalua.exe -a "D:\Data\SOFTWARE INSTALLER\office 2003\OFFICE2003PRO\office2003.exe" -d "D:\Data\SOFTWARE INSTALLER\office 2003\OFFICE2003PRO"
Task: {3C6E5D4E-CCA9-46A5-B8EC-91B6DB9BC58C} - System32\Tasks\{68441373-41AA-4019-AFB5-A2364F0B7D7C} => pcalua.exe -a "D:\Data\TD-8817\USB Driver\Win2k_XP\Setup.exe" -d "D:\Data\TD-8817\USB Driver\Win2k_XP"
Task: {3D709738-E7E0-408D-B431-017CBE6A8612} - System32\Tasks\LocationNotifications => C:\Users\admin\AppData\Roaming\Microsoft\Windows\IEUpdate\LocationNotifications.exe
Task: {3E3B39BB-903B-4B54-8A28-0F4BCBBB5952} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {41D30E25-42DE-4F98-8E9E-D223D3FA0C1F} - System32\Tasks\{9940E129-94BD-49DC-81A8-E9D32157B647} => pcalua.exe -a E:\setup.exe -d E:\
Task: {452D485E-EEF1-443B-84C6-3F4A5B549583} - System32\Tasks\{501B4426-EA36-402C-B09B-328F4E078F7E} => pcalua.exe -a "E:\AOE 3 EXPANSION\War chifs.exe" -d "E:\AOE 3 EXPANSION"
Task: {479D22A0-7418-4717-8E12-D3912F3011FF} - System32\Tasks\{DEDB7669-E194-4604-BFC0-AEAA77DAA8D4} => pcalua.exe -a D:\Data\C++\tubes1stima\new\zoek.com -d D:\Data\C++\tubes1stima\new
Task: {5881CCBB-3F0F-4E55-9390-5291BCFE435C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {5B922E50-4277-48EB-B78E-609E0706D753} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {73CCC22B-6257-4769-8DA7-27250977F741} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1380481859-1212219880-2585911621-1000UA => C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {7D36D661-B17E-4E06-9E75-467AC91C995F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1380481859-1212219880-2585911621-1000Core => C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {85DAADAA-A287-4F30-A833-6F8561144403} - System32\Tasks\{F4331E3B-EE15-47A0-A3AD-E55D5D56771F} => pcalua.exe -a "D:\Data\SOFTWARE INSTALLER\Microsoft Visio Professional\Microsoft Visio Professional.exe" -d "D:\Data\SOFTWARE INSTALLER\Microsoft Visio Professional"
Task: {86E92CF0-2D87-4B3D-848B-F291E3F5E7A4} - System32\Tasks\{7A08418A-343A-4467-88E6-14CEB64A2094} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {8AD4CAAF-A772-47C8-B02C-11EAA02AA1E6} - System32\Tasks\{E53DFB75-2130-4F8D-B869-42D6797CC2FB} => pcalua.exe -a D:\Data\jdk-8u31-windows-i586.exe -d C:\Users\admin\AppData\Roaming\IDM
Task: {8F34DE50-2FC7-4FA7-B083-9E06C6E9BE37} - System32\Tasks\grpconv => C:\Users\admin\AppData\Roaming\Microsoft\Windows\IEUpdate\grpconv.exe
Task: {9302F945-65B7-4BA5-8B25-0D8D5AED914E} - System32\Tasks\{34627E88-8746-4B63-B60C-41D0AEFBEF63} => pcalua.exe -a C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe -c /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
Task: {930B9B57-28FD-4AA6-8F16-28893A8A8541} - System32\Tasks\gg_uac_daemon_admin => C:\Program Files\Garena Plus\ggdllhost.exe [2015-01-20] ()
Task: {93DB1D6C-3965-4C64-85A0-A703F1EC7D8A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9F7D34E0-8B5F-4FC7-B013-387BCC5EDF84} - System32\Tasks\{9CE9EC86-7B73-4543-B038-9BA0D818A1DC} => pcalua.exe -a "D:\Data\Games\Discovery - A Seek and Find Adventure\Discovery - A Seek and Find Adventure\Uninstall.exe" -d "D:\Data\Games\Discovery - A Seek and Find Adventure\Discovery - A Seek and Find Adventure"
Task: {A32D897D-035E-4BBF-9B2B-933F5586CF16} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-31] (Google Inc.)
Task: {A35820A8-7853-4F14-A15D-F26593D4B829} - System32\Tasks\{0880C059-5BF8-4B0C-9D66-B132337275F1} => pcalua.exe -a G:\SC4_uninst.exe -d G:\
Task: {A36F6CA4-34E8-48D0-A480-31A7998282AF} - System32\Tasks\syskey => C:\Users\admin\AppData\Roaming\Microsoft\Windows\IEUpdate\syskey.exe
Task: {A435BBFC-8B7B-4BC0-962A-A026FCED7646} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {A8FB1550-47D3-423F-B512-0FADF521F33A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-24] (Adobe Systems Incorporated)
Task: {B18693A4-DA59-40B9-9BFB-B48B479B053B} - System32\Tasks\klcp_update => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2014-12-13] ()
Task: {B22BB078-994E-4737-909C-85D91F327836} - System32\Tasks\{45A5638E-CE9E-45F2-8DA3-1AE4722FE1F0} => pcalua.exe -a C:\Users\admin\AppData\Local\Temp\dlmF3E0.tmp\caesar4_demo_en.exe -d C:\Users\admin\Downloads
Task: {B28FAAF3-FFD1-492A-9865-6C285EE78955} - System32\Tasks\{6ADE60D7-9F2A-4DF0-8836-9E79AF84D940} => pcalua.exe -a D:\Data\C++\tubes1stima\new\zoek.scr -d D:\Data\C++\tubes1stima\new -c /S
Task: {BAE76ED0-4A70-41E4-88E2-E5B39E6BE29E} - System32\Tasks\{4517BB71-6CE1-4565-8F92-E9271B0ADA9C} => pcalua.exe -a E:\rld-sim3.part1.exe -d E:\
Task: {BAE7D7DD-048E-4492-B729-8061A6A9D6BF} - System32\Tasks\{2C66C202-71B1-44A8-8736-A8B0E1BFF01E} => pcalua.exe -a G:\eauninstall.exe -d G:\
Task: {BC2D6E7D-34FC-4759-8D68-FF4D860ECCD5} - System32\Tasks\{89F044CC-8181-47A4-BED2-6E8FB2BA6554} => pcalua.exe -a "D:\Data\Games\Need For Speed Carbon\Support\Need for Speed Carbon_uninst.exe" -d "D:\Data\Games\Need For Speed Carbon\Support"
Task: {BCF7610F-506F-463A-81DC-7FF26FEE92C0} - System32\Tasks\tabcal => C:\Users\admin\AppData\Roaming\Microsoft\Windows\IEUpdate\tabcal.exe
Task: {BD6FC539-7761-4B36-83B6-4E74E3A22CE6} - System32\Tasks\GoogleUpdater => Rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";document.write((new%20ActiveXObject("WScript.Shell")).RegRead("HKCU\\software\\microsoft\\internet explorer\\zergling_rush"))
Task: {BF641E23-3353-47F6-86B2-D3A9C3206679} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-31] (Google Inc.)
Task: {CEE4EE10-04F7-48C3-B58C-ACC4D07FEEB7} - System32\Tasks\djoin => C:\Users\admin\AppData\Roaming\Microsoft\Windows\IEUpdate\djoin.exe
Task: {D335D799-79A3-428D-9253-0266FB1DAF29} - System32\Tasks\GoogleUpdateTaskMachineCore1ce820314248fdf => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-31] (Google Inc.)
Task: {ED1E7414-397C-413B-8605-5F46CB6D142D} - System32\Tasks\HOSTNAME => C:\Users\admin\AppData\Roaming\Microsoft\Windows\IEUpdate\HOSTNAME.EXE
Task: {F07197BD-4D7C-4A2D-B309-301A4F79DE29} - System32\Tasks\{4B2DA71E-77D7-4C45-9A9D-BE67B958ADF7} => pcalua.exe -a "E:\AOE3Y ASIA DYNASTY\AOE3Y ASIA DYNASTY.exe" -d "E:\AOE3Y ASIA DYNASTY"
Task: {F723F7EE-576C-4BB3-83E2-FF12D439E283} - \Buenosearch No Task File <==== ATTENTION
Task: {F750CC50-F30C-477B-BD10-D9F83557F358} - System32\Tasks\{924101DE-4CB5-4C65-8C78-3397D03F971C} => pcalua.exe -a "C:\Program Files\Plus-HD-9.4\Uninstall.exe" -c /fcp=1
Task: {FAF45159-4EEA-4F53-B7D4-FC91ADB7BB36} - System32\Tasks\{A148AC2E-6045-488F-9421-7056639D437C} => pcalua.exe -a "D:\Data\Games\SimCity 4\EAUninstall.exe"
Task: {FCD32565-0D0A-4C84-8B8B-D26131FEA2CF} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-04-02] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1380481859-1212219880-2585911621-1000Core.job => C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1380481859-1212219880-2585911621-1000UA.job => C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce820314248fdf.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-06-24 18:07 - 2014-09-11 13:06 - 00019216 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\TeamViewer_PrintProcessor.dll
2015-03-21 07:05 - 2015-03-21 07:05 - 00193536 _____ () C:\Users\admin\AppData\Local\AVDworks\New.dll
2013-11-21 18:27 - 2015-01-20 19:20 - 00055896 _____ () C:\Program Files\Garena Plus\ggdllhost.exe
2013-11-21 18:27 - 2015-01-20 19:20 - 00560216 _____ () C:\Program Files\Garena Plus\ggspawn.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-09-20 05:15 - 2010-12-23 06:27 - 00080496 _____ () C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll
2011-09-20 05:15 - 2010-12-23 06:27 - 00113264 _____ () C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
2011-09-20 05:15 - 2010-12-23 06:27 - 00623216 _____ () C:\Program Files\VIA\VIAudioi\VDeck\Skin.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2014-06-10 19:55 - 2014-10-18 15:33 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\admin\Downloads\BlueStacks-SplitInstaller_native (1).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\BlueStacks-SplitInstaller_native_b.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\cbsidlm-cbsi188-Caesar_IV_demo-ORG-10573828.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\chromeinstall-7u55.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\Crossfire_downloader (1).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\Crossfire_downloader.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\CrossFire_NA.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\Drama Downloader__3834_il1765 (1).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\Drama Downloader__3834_il1765 (2).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\Drama Downloader__3834_il1765 (3).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\Drama Downloader__3834_il1765 (4).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\Drama Downloader__3834_il1765 (5).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\Drama Downloader__3834_il1765.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\IE11-Windows6.1.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\npp.6.5.5.Installer.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\TypingTrainer.exe:BDU
AlternateDataStreams: C:\ProgramData\TEMP:0DE97E88
AlternateDataStreams: C:\ProgramData\TEMP:19C3BC3A
AlternateDataStreams: C:\ProgramData\TEMP:371A321E
AlternateDataStreams: C:\ProgramData\TEMP:3B07E6F4
AlternateDataStreams: C:\ProgramData\TEMP:436DEE1E
AlternateDataStreams: C:\ProgramData\TEMP:471AD3D0
AlternateDataStreams: C:\ProgramData\TEMP:4B244549
AlternateDataStreams: C:\ProgramData\TEMP:517B507A
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:5ED747B8
AlternateDataStreams: C:\ProgramData\TEMP:69FD6BF0
AlternateDataStreams: C:\ProgramData\TEMP:98F0614F
AlternateDataStreams: C:\ProgramData\TEMP:A636021B
AlternateDataStreams: C:\ProgramData\TEMP:AF9BF410
AlternateDataStreams: C:\ProgramData\TEMP:B6AF2226
AlternateDataStreams: C:\ProgramData\TEMP

48500F8
AlternateDataStreams: C:\ProgramData\TEMP

A9A5EA8
AlternateDataStreams: C:\ProgramData\TEMP

E6EED8B

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 3
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: BackupStack => 2
MSCONFIG\Services: BAVSvc => 2
MSCONFIG\Services: BrowserProtect => 2
MSCONFIG\Services: DefaultTabSearch => 2
MSCONFIG\Services: DefaultTabUpdate => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: PnkBstrA => 2
MSCONFIG\Services: Sony Ericsson PCCompanion => 3
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: Facebook Update => "C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: GarenaPlus => "C:\Program Files\Garena Plus\GarenaMessenger.exe" -autolaunch
MSCONFIG\startupreg: iCloudServices => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: IDMan => C:\Program Files\IDM\Internet Download Manager\IDMan.exe /onboot
MSCONFIG\startupreg: InFX => "C:\Users\admin\AppData\Roaming\StratFX\nircmd.exe" exec hide "C:\Users\admin\AppData\Roaming\StratFX\begin.bat"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Malwarebytes Anti-Exploit => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

vickonovianto · Mar 20, 2015

==================== Accounts: =============================

admin (S-1-5-21-1380481859-1212219880-2585911621-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-1380481859-1212219880-2585911621-500 - Administrator - Disabled)
Guest (S-1-5-21-1380481859-1212219880-2585911621-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/20/2015 06:33:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: powershell.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc414
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000096
Fault offset: 0x045800a2
Faulting process id: 0x%9
Faulting application start time: 0xpowershell.exe0
Faulting application path: powershell.exe1
Faulting module path: powershell.exe2
Report Id: powershell.exe3

Error: (03/19/2015 06:33:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: powershell.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc414
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000096
Fault offset: 0x04f500a2
Faulting process id: 0x%9
Faulting application start time: 0xpowershell.exe0
Faulting application path: powershell.exe1
Faulting module path: powershell.exe2
Report Id: powershell.exe3

Error: (03/19/2015 04:40:56 AM) (Source: MsiInstaller) (EventID: 11335) (User: admin-PC)
Description: Product: Graphviz -- Error 1335. The cabinet file '_A057D37B226D37D3A6866009EEA8AB30' required for this installation is corrupt and cannot be used. This could indicate a network error, an error reading from the CD-ROM, or a problem with this package.

Error: (03/19/2015 04:39:31 AM) (Source: MsiInstaller) (EventID: 11335) (User: admin-PC)
Description: Product: Graphviz -- Error 1335. The cabinet file '_A057D37B226D37D3A6866009EEA8AB30' required for this installation is corrupt and cannot be used. This could indicate a network error, an error reading from the CD-ROM, or a problem with this package.

Error: (03/19/2015 04:35:09 AM) (Source: MsiInstaller) (EventID: 11335) (User: admin-PC)
Description: Product: Graphviz -- Error 1335. The cabinet file '_A057D37B226D37D3A6866009EEA8AB30' required for this installation is corrupt and cannot be used. This could indicate a network error, an error reading from the CD-ROM, or a problem with this package.

Error: (03/19/2015 04:34:30 AM) (Source: MsiInstaller) (EventID: 11335) (User: admin-PC)
Description: Product: Graphviz -- Error 1335. The cabinet file '_A057D37B226D37D3A6866009EEA8AB30' required for this installation is corrupt and cannot be used. This could indicate a network error, an error reading from the CD-ROM, or a problem with this package.

Error: (03/19/2015 04:34:29 AM) (Source: MsiInstaller) (EventID: 11335) (User: admin-PC)
Description: Product: Graphviz -- Error 1335. The cabinet file '_A057D37B226D37D3A6866009EEA8AB30' required for this installation is corrupt and cannot be used. This could indicate a network error, an error reading from the CD-ROM, or a problem with this package.

Error: (03/19/2015 04:34:28 AM) (Source: MsiInstaller) (EventID: 11335) (User: admin-PC)
Description: Product: Graphviz -- Error 1335. The cabinet file '_A057D37B226D37D3A6866009EEA8AB30' required for this installation is corrupt and cannot be used. This could indicate a network error, an error reading from the CD-ROM, or a problem with this package.

Error: (03/19/2015 04:34:27 AM) (Source: MsiInstaller) (EventID: 11335) (User: admin-PC)
Description: Product: Graphviz -- Error 1335. The cabinet file '_A057D37B226D37D3A6866009EEA8AB30' required for this installation is corrupt and cannot be used. This could indicate a network error, an error reading from the CD-ROM, or a problem with this package.

Error: (03/18/2015 06:33:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: powershell.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc414
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x04530117
Faulting process id: 0x%9
Faulting application start time: 0xpowershell.exe0
Faulting application path: powershell.exe1
Faulting module path: powershell.exe2
Report Id: powershell.exe3

System errors:
=============
Error: (03/21/2015 10:30:40 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (03/21/2015 10:30:38 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (03/21/2015 10:30:37 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (03/21/2015 10:30:37 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (03/21/2015 10:06:24 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (03/21/2015 10:04:25 AM) (Source: sptd) (EventID: 4) (User: )
Description: Driver detected an internal error in its data structures for .

Error: (03/20/2015 09:27:36 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (03/20/2015 05:24:44 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (03/20/2015 05:22:49 PM) (Source: sptd) (EventID: 4) (User: )
Description: Driver detected an internal error in its data structures for .

Error: (03/19/2015 08:49:48 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2310 CPU @ 2.90GHz
Percentage of memory in use: 50%
Total physical RAM: 3062.66 MB
Available physical RAM: 1524.55 MB
Total Pagefile: 6130.93 MB
Available Pagefile: 4546.66 MB
Total Virtual: 2047.88 MB
Available Virtual: 1882.77 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:97.66 GB) (Free:7.56 GB) NTFS
Drive d: (Data) (Fixed) (Total:368.01 GB) (Free:47.84 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E8707DFE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Broni · Mar 21, 2015

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
- Launch Malwarebytes Anti-Malware
- A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

vickonovianto · Mar 22, 2015

RogueKiller V10.5.6.0 [Mar 21 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : admin [Administrator]
Started from : D:\RogueKiller.exe
Mode : Delete -- Date : 03/22/2015 13:24:51

¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] explorer.exe(1908) -- C:\Users\admin\AppData\Local\AVDworks\New.dll[-] -> Unloaded

¤¤¤ Registry : 24 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC} -> Deleted
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0WinSecurityProvider | (default) : {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} -> Deleted
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:57593;https=127.0.0.1:57593 -> Not selected
[PUM.Proxy] HKEY_USERS\S-1-5-21-1380481859-1212219880-2585911621-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : cache.itb.ac.id:8080 -> Not selected
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:57593;https=127.0.0.1:57593 -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 91.194.254.105 8.8.8.8 [(Unknown Country?) (XX)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 91.194.254.105 8.8.8.8 [(Unknown Country?) (XX)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 91.194.254.105 8.8.8.8 [(Unknown Country?) (XX)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{515E0BE1-5E90-47D0-88F7-E09BD12DBAFC} | DhcpNameServer : 95.170.82.117 180.131.145.145 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5897E3A2-9727-4A42-8EB5-9424E4FCA0E5} | DhcpNameServer : 91.194.254.105 8.8.8.8 [(Unknown Country?) (XX)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ABCEA481-9394-440C-A25C-9D64BB895D48} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{515E0BE1-5E90-47D0-88F7-E09BD12DBAFC} | DhcpNameServer : 95.170.82.117 180.131.145.145 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5897E3A2-9727-4A42-8EB5-9424E4FCA0E5} | DhcpNameServer : 91.194.254.105 8.8.8.8 [(Unknown Country?) (XX)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ABCEA481-9394-440C-A25C-9D64BB895D48} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{515E0BE1-5E90-47D0-88F7-E09BD12DBAFC} | DhcpNameServer : 95.170.82.117 180.131.145.145 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5897E3A2-9727-4A42-8EB5-9424E4FCA0E5} | DhcpNameServer : 91.194.254.105 8.8.8.8 [(Unknown Country?) (XX)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{ABCEA481-9394-440C-A25C-9D64BB895D48} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Not selected
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1380481859-1212219880-2585911621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-1380481859-1212219880-2585911621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected

¤¤¤ Tasks : 7 ¤¤¤
[Suspicious.Path] \\djoin -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\IEUpdate\djoin.exe -> Deleted
[Suspicious.Path] \\grpconv -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\IEUpdate\grpconv.exe -> Deleted
[Suspicious.Path] \\HOSTNAME -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\IEUpdate\HOSTNAME.EXE -> Deleted
[Suspicious.Path] \\LocationNotifications -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\IEUpdate\LocationNotifications.exe -> Deleted
[Suspicious.Path] \\ntkrnlpa -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\IEUpdate\ntkrnlpa.exe -> Deleted
[Suspicious.Path] \\syskey -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\IEUpdate\syskey.exe -> Deleted
[Suspicious.Path] \\tabcal -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\IEUpdate\tabcal.exe -> Deleted

¤¤¤ Files : 1 ¤¤¤
[Suspicious.Path][File] Download MicroSoft Office Pro 2007 Full Version + Key By -=BGood577= [WBRG] Torrent - KickassTorrents.lnk -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download MicroSoft Office Pro 2007 Full Version + Key By -=BGood577= [WBRG] Torrent - KickassTorrents.lnk [LNK@] C:\ProgramData\{87b87851-f649-aead-87b8-87851f64e147}\Download MicroSoft Office Pro 2007 Full Version + Key By -=BGood577= [WBRG] Torrent - KickassTorrents.exe --startup=1 -> Deleted

¤¤¤ Hosts File : 21 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 practivate.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ereg.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate.wip3.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 wip3.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 3dns-3.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 3dns-2.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adobe-dns.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adobe-dns-2.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adobe-dns-3.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ereg.wip3.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate-sea.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 wwis-dubc1-vip60.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate-sjc0.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adobe.activate.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adobeereg.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.adobeereg.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 wwis-dubc1-vip60.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 125.252.224.90
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 125.252.224.91
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 hl2rcv.adobe.com

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 7 ¤¤¤
[IE:Addon] System : Easy Photo Print [{9421DD08-935F-4701-A9CA-22DF90AC4EA6}] -> Deleted
[IE:Addon] System : Canon Easy-WebPrint EX [{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}] -> Deleted
[IE:Addon] System : Adobe Acrobat Create PDF Toolbar [{47833539-D0C5-4125-9FA8-0819E2EAAC93}] -> Deleted
[FIREFX:Addon] 1h0mjti4.default : anonymoX [client@anonymox.net] -> Deleted
[FIREFX:Addon] 1h0mjti4.default : Adobe Acrobat - Create PDF [web2pdfextension@web2pdf.adobedotcom] -> Deleted
[FIREFX:Addon] 1h0mjti4.default : IDM CC [mozilla_cc@internetdownloadmanager.com] -> Deleted
[PUP][FIREFX:Addon] 1h0mjti4.default : Hotspot Shield Extension [afproxy@anchorfree.com] -> Deleted

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKX-001CA0 ATA Device +++++
--- User ---
[MBR] a73e3c477a04f47a55dc422d3dbd7b2d
[BSP] 77ab8fb9955aa48289097150fce2b791 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 100000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 205006848 | Size: 376838 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_SCN_03222015_132101.log

vickonovianto · Mar 22, 2015

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/22/2015
Scan Time: 13:30:42
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.11.20.06
Rootkit Database: v2014.11.18.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7
CPU: x86
File System: NTFS
User: admin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 350911
Time Elapsed: 11 min, 2 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

vickonovianto · Mar 22, 2015

# AdwCleaner v4.112 - Logfile created 22/03/2015 at 14:16:14
# Updated 09/03/2015 by Xplode
# Database : 2015-03-21.2 [Server]
# Operating system : Windows 7 Ultimate (x86)
# Username : admin - ADMIN-PC
# Running from : C:\Users\admin\Desktop\adwcleaner_4.112.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\hosts
Folder Deleted : C:\Program Files\BuyNssAve
Folder Deleted : C:\Program Files\BuyyNsave
Folder Deleted : C:\Program Files\unisaeLaes
Folder Deleted : C:\Program Files\unIsalless
Folder Deleted : C:\Users\admin\AppData\Roaming\ProgSense
File Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-devtools_devtools_0.localstorage
File Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-devtools_devtools_0.localstorage-journal
File Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage
File Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage-journal

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D37BD00-E9FD-40D1-80E7-1795E510ECAA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544704450}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Key Deleted : HKCU\Software\ProgSense
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shop-n-Spree 3 - Shopping Paradise1.0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B696D3C37BD0D6C33A65D38BEC459181
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\B696D3C37BD0D6C33A65D38BEC459181
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\B696D3C37BD0D6C33A65D38BEC459181
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - cache.itb.ac.id:8080

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16545

-\\ Mozilla Firefox v36.0.4 (x86 en-US)

-\\ Google Chrome v41.0.2272.101

[C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

-\\ Chromium v

[C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

-\\ Opera v25.0.1614.68

[C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [49261 bytes] - [06/01/2015 22:35:29]
AdwCleaner[R1].txt - [3457 bytes] - [22/03/2015 13:52:13]
AdwCleaner[S0].txt - [54544 bytes] - [06/01/2015 22:46:23]
AdwCleaner[S1].txt - [4028 bytes] - [22/03/2015 14:16:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4087 bytes] ##########

vickonovianto · Mar 22, 2015

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.5 (03.17.2015:1)
OS: Windows 7 Ultimate x86
Ran by admin on Sun 03/22/2015 at 14:21:43.16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update greygray
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440544954468}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440544954468}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110511701150}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110511951168}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\admin\AppData\Roaming\baidu security"
Successfully deleted: [Folder] "\thinstall"
Successfully deleted: [Folder] "C:\Program Files\baidu security"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/22/2015 at 14:24:35.36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

vickonovianto · Mar 22, 2015

I still cannot open several websites, such as microsoft.com. Facebook.com is also still very slow. And other program cannot connect to internet, such as Malwarebytes Anti Malware cannot update, etc. But now I can open http://www.bbc.co.uk/learningenglish.

Broni · Mar 22, 2015

1. Uninstall Malwarebytes' Anti-Malware using Add/Remove (Programs & Features) programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility.
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here.

See if it'll update now.
If so post fresh log.
If not continue with the following....

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

vickonovianto · Mar 23, 2015

ComboFix 15-03-23.01 - admin 03/24/2015 0:35.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3063.1771 [GMT 7:00]
Running from: c:\users\admin\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\programdata\1396080444.bdinstall.bin
c:\programdata\1401274575.bdinstall.bin
c:\programdata\1401275126.bdinstall.bin
c:\programdata\1401978631.bdinstall.bin
c:\programdata\1401978676.bdinstall.bin
c:\programdata\1402059130.bdinstall.bin
c:\programdata\1402395617.bdinstall.bin
c:\programdata\1402395649.bdinstall.bin
c:\programdata\1402395693.bdinstall.bin
c:\programdata\1402395702.bdinstall.bin
c:\programdata\1402395723.bdinstall.bin
c:\programdata\1402395878.bdinstall.bin
c:\programdata\1402396393.bdinstall.bin
c:\programdata\1402396404.bdinstall.bin
c:\programdata\1402396439.bdinstall.bin
c:\programdata\1402396449.bdinstall.bin
c:\programdata\1402396570.bdinstall.bin
c:\programdata\1402396598.bdinstall.bin
c:\users\admin\Documents\~WRL1634.tmp
c:\windows\system32\coMPstuii.dll
D:\setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2015-02-23 to 2015-03-23 )))))))))))))))))))))))))))))))
.
.
2074-05-07 11:38 . 2006-11-21 13:48 203576 ------w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe
2015-03-22 06:15 . 2015-03-22 06:15 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-03-22 06:15 . 2015-03-22 06:26 -------- d-----w- c:\programdata\RogueKiller
2015-03-22 02:13 . 2015-03-22 02:14 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 6
2015-03-21 03:29 . 2015-03-21 03:32 -------- d-----w- C:\FRST
2015-03-18 20:43 . 2015-03-18 20:43 -------- d-----w- c:\program files\doxygen
2015-03-14 14:58 . 2015-03-14 15:00 -------- d-----w- c:\users\admin\AppData\Local\Sublime Text 3
2015-03-14 14:58 . 2015-03-14 14:58 -------- d-----w- c:\users\admin\AppData\Roaming\Sublime Text 3
2015-03-14 14:58 . 2015-03-14 14:58 -------- d-----w- c:\program files\Sublime Text 3
2015-03-14 14:48 . 2015-03-14 14:48 -------- d-----w- c:\users\admin\AppData\Roaming\Sublime Text 2
2015-03-14 14:48 . 2015-03-14 14:48 -------- d-----w- c:\program files\Sublime Text 2
2015-03-12 14:17 . 2015-03-12 14:17 -------- d--h--w- c:\program files\InstallJammer Registry
2015-03-12 14:08 . 2015-03-12 14:08 -------- d-sh--w- c:\windows\ftpcache
2015-03-09 18:46 . 2015-03-09 18:46 -------- d-----w- c:\program files\iPod
2015-03-09 18:46 . 2015-03-09 18:47 -------- d-----w- c:\programdata\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-03-01 00:58 . 2015-03-14 14:04 -------- d-----w- c:\users\admin\.atom
2015-03-01 00:57 . 2015-03-01 00:58 -------- d-----w- c:\users\admin\AppData\Roaming\Atom
2015-03-01 00:55 . 2015-03-14 13:24 -------- d-----w- c:\users\admin\AppData\Local\atom
2015-03-01 00:55 . 2015-03-01 00:58 -------- d-----w- c:\users\admin\AppData\Local\SquirrelTemp
2015-03-01 00:50 . 2015-03-01 00:50 -------- d-----w- c:\users\admin\.ssh
2015-03-01 00:49 . 2015-03-14 13:16 -------- d-----w- c:\users\admin\AppData\Local\GitHub
2015-03-01 00:49 . 2015-03-14 13:16 -------- d-----w- c:\users\admin\AppData\Roaming\GitHub
2015-02-28 03:10 . 2015-02-28 03:10 -------- d-----w- c:\programdata\Avg_Update_0215av
2015-02-27 14:07 . 2015-02-27 14:24 -------- d-----w- c:\users\admin\AppData\Local\Temporary Projects
2015-02-24 13:41 . 2014-11-29 00:37 115752 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2015-02-24 03:05 . 2015-02-24 03:05 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2015-02-24 01:21 . 2015-03-23 13:09 -------- d-----w- c:\users\admin\AppData\Local\AVDworks
2015-02-24 01:20 . 2015-03-10 16:20 -------- d-----w- c:\users\admin\AppData\Local\Agcpworks
2015-02-24 01:19 . 2015-02-24 01:19 1610752 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityHelper.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-17 11:43 . 2015-03-17 11:43 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\39d8d2d8e613dacc3f3e425ce7f13d67\WMP x264 Codec Pack.exe
2015-03-17 11:43 . 2015-03-17 11:43 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\28e300da2ff2c2841cdb71373bc72170\WMP x264 Codec Pack.exe
2015-03-17 11:43 . 2015-03-17 11:43 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\03430d5d85fadc83f015a694d9376a73\WMP x264 Codec Pack.exe
2015-03-14 03:43 . 2015-03-14 03:43 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\fe4551ec6d342ef41164c1dac4a9cb26\Total Codec Pack.exe
2015-03-14 03:43 . 2015-03-14 03:43 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\fe3ffd2af530bec1f0fb6d9f96d576bc\Total Codec Pack.exe
2015-03-14 03:43 . 2015-03-14 03:43 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\e20885afd2d6105c7987c72cd3aa85d9\Total Codec Pack.exe
2015-03-14 03:43 . 2015-03-14 03:43 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\de30df4dcad9d0d2188cb12d1d428abe\Total Codec Pack.exe
2015-03-14 03:43 . 2015-03-14 03:43 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\c85704bb576f18c3ec859bfa111dd3f7\Total Codec Pack.exe
2015-03-14 03:43 . 2015-03-14 03:43 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\a4cf723e4a21f5bca7805a2875589f89\Total Codec Pack.exe
2015-03-14 03:43 . 2015-03-14 03:43 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\9b6f724b60339cac0dcd3b553fbd5d4e\Total Codec Pack.exe
2015-03-14 03:43 . 2015-03-14 03:43 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\9a3dfeeb8a7d0b60c3502a288a7f3ce1\Total Codec Pack.exe
2015-03-14 03:43 . 2015-03-14 03:43 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\8343da516817d696ea396879c9e9003e\Total Codec Pack.exe
2015-03-14 03:43 . 2015-03-14 03:43 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\5960162c555f7323e52e17e5deb00ad6\Total Codec Pack.exe
2015-03-14 03:43 . 2015-03-14 03:43 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\5522eb87020c0cdef925f213ca9b2b26\Total Codec Pack.exe
2015-03-14 03:43 . 2015-03-14 03:43 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\26e71696d2e063bc21c3c83f91fe37ff\Total Codec Pack.exe
2015-03-14 03:43 . 2015-03-14 03:43 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\1c32f158b04e9d9f484eb1e4ae6ef7b3\Total Codec Pack.exe
2015-03-14 03:43 . 2015-03-14 03:43 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\18fa99187d52939087cd6c542590b00e\Total Codec Pack.exe
2015-03-14 03:43 . 2015-03-14 03:43 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\188755cff03e222400eeb2a11aeaea68\Total Codec Pack.exe
2015-03-14 03:43 . 2015-03-14 03:43 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\12babf9b087f2101d7b723717155fcb4\Total Codec Pack.exe
2015-03-14 03:43 . 2015-03-14 03:43 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\0f3a756a6adbad0a43efdaf54a4dc25a\Total Codec Pack.exe
2015-03-14 03:43 . 2015-03-14 03:43 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\0588e9e089e5d2300b5b2b17bf829d5e\Total Codec Pack.exe
2015-03-14 03:43 . 2015-03-14 03:43 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\00254a729f3d99f72becd3b97beefb8b\Total Codec Pack.exe
2015-03-13 17:04 . 2015-03-13 17:04 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\fa659efe2dc1358a252e1b3d8b3b13a4\Total Codec Pack.exe
2015-03-13 17:04 . 2015-03-13 17:04 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\ed5e1c54fb35f1ebb0198b5e6a9f275f\Total Codec Pack.exe
2015-03-13 17:04 . 2015-03-13 17:04 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\b516bae3578381c74ab73567d03714eb\Total Codec Pack.exe
2015-03-13 17:04 . 2015-03-13 17:04 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\aaac5067c396d24196ba87d0a5c94327\Total Codec Pack.exe
2015-03-13 17:04 . 2015-03-13 17:04 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\98fee94735462aea38e625a49beb8c0b\Total Codec Pack.exe
2015-03-13 17:04 . 2015-03-13 17:04 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\808919ea019560401b516da14b0588b1\Total Codec Pack.exe
2015-03-13 17:04 . 2015-03-13 17:04 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\5a70ecff56af555da2ae47003196bc99\Total Codec Pack.exe
2015-03-13 17:04 . 2015-03-13 17:04 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\330162ce91f637fcd6c43fd5ae48b04c\Total Codec Pack.exe
2015-03-13 17:04 . 2015-03-13 17:04 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\326c7d91fa2d463213b380a79cd0521e\Total Codec Pack.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\fe5f0606391e1b3a67fcf91ded957196\TuneUp Utilities.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\fca2fbae34034ee7fe73f31e53507c09\Movavi Video Editor.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\fc2a76dc197f9defdd03b1965157d68d\Universal Simlock Remover.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\fb5dfc549b8b6affd7bc7d9cd9b341ad\InterMapper.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\f8d95bf5cd6352afeb8a8d1ef2c18ec6\Sapphire Plug-ins AE.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\f7220dc4e1be51be54157ae10731c24a\FlippingBook PDF Publisher.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\f6b9644b011ec3fd6f588f90e19c017f\MixMeister Fusion.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\f32d967baa57a2e0e2958779ff8faf12\Charles.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\eab61493d0df54d30c2ad9462e3bee27\91 PC Suite for Android.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\ea5e79d678e842fafac38766b44f4a54\AVS Audio Editor.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\e02c1cfd596c439a6d6c826bc1ff88df\ArcSoft TotalMedia.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\c2306a0b158b8ab018edbba1b9b9f775\3D Issue Professional.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\b08f84ce08997ab3cbd46af884ef9bc6\Sequencher.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\b07006a1eeadc2069604372e36047a9b\Nero Burning Rom.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\ad3fff69609316ac85dd648706b127f7\DeskScapes.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\ab0bb2fe40090c72f357b98d9fbe9030\ESET NOD32 Antivirus.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\a4eeebd9ad07f67f634a63fbaf5566d2\WinToFlash.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\9cc867e7a58c9d750717063a5fab65fa\Namo WebEditor (formerly SJ Namo WebEditor 2008 Suite).exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\926166af5b31f99c8f02e2fd157cde06\Aimersoft DVD Studio Pack.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\8ede4dc86b5a9ef59f9b287e68db777b\Zend Guard.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\8e8b06023caa27ef926fd02404d76a58\IDEAL Administration.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\8a085f1ccd0645951cba1b0f72453155\@RISK.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\8121bb898c1381151afeef5775156929\KMPlayer.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\7aeaf46c38b871dbaf6fd53de148f4bf\VIPRE Internet Security.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\7810c7c452d7a2cfa1342e3045938401\MixMeister Fusion + Video.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\775ac99fee31593774d9bcbc8cc87587\iZotope Ozone.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\72d328ce205f8949cc769727df068d49\NetSupport School.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\71c0ebd36f6b7dabd74f17133d823fd0\Retina Network Security Scanner.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\6f0afe7c9542b2a814cec8651e5c60a3\DVD-lab PRO.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\6dc570c32271499434defaa72ceeecb1\DameWare Remote Support.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\6b1ec46c9710696d097e233d48b07262\SRS HD Audio Lab (formerly SRS Audio Sandbox).exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\676237a88e9c56eea9d1fe06b1e69344\EZ Photo Calendar Creator.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\653adebd49bb6a1f2457e81a1297390d\Portrait Professional.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\58b394cfbc5a5c88d1f3d8cf25a8562e\Snagit.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\4fb47afa680b2e956192a3ddb27d8a61\UltraEdit.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\4c1faed2b681e3c4d925cd3726f74cfa\K7 TotalSecurity.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\4b1863f313043b754f7027a3e36d71c2\CopyTo.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\4a539c02f2b553240554eca7c61e29d2\ShadowProtect Desktop Edition.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\49a7f87925e6e6b9eaf24517160f17e1\ESET Smart Security.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\43ead8a56025f0a444a3c235aa64be13\CyberLink LabelPrint.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\4276e0c108cce6452e2b96cab30ce480\ESF Database Migration Toolkit Standard.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\3d876cec8c903c77fb0ea1cec85b8259\ZC Dream Photo Editor Pro.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\32c7c4617c2f124442f4d9e634ce0b39\SmartDraw.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\303f547e4d3583f6a66e3123cf1d7d93\Photo Slideshow Maker Professional.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\2a9777aa0a1ee159b01f6fee648f4f79\Adobe Director.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\23cab078d5bbf34d714c57f40ea3eb6f\Artisteer Standard Edition.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\22c5a059d6ed480fdc5acb52653650be\Kiwi Syslog Server.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\1ce4711eed04c93bdd7ed7a680ab291b\Sendblaster Free Edition.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\18474902db40b9986a3eb37c55dd8702\Recover My Files.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\12e248fb174f1aa1ed2153e725848165\VisualCron.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\0c378a9cfc79d75d5746a89300aaa7d5\Magic Burning Studio.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\0a7e99987399cff54359c212c5eea819\AVS Audio Converter.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\051b2101aeebbb2a2d4c743e24e6d2f2\Solid Converter PDF.exe
2015-03-13 15:33 . 2015-03-13 15:33 54525952 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\031f5a6f6ed4d08174464e3e0c217001\AKVIS Sketch.exe
2015-03-13 15:32 . 2015-03-13 15:32 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\f2a1cbf2a2362efa2ef657332b901ab0\WMP x264 Codec Pack.exe
2015-03-13 15:32 . 2015-03-13 15:32 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\efb98e99eedf98634aa58e0d9270816e\WMP x264 Codec Pack.exe
2015-03-13 15:32 . 2015-03-13 15:32 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\e8c87d099adeba5b52dabecb40f27bf7\WMP x264 Codec Pack.exe
2015-03-13 15:32 . 2015-03-13 15:32 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\e743528acf4010f84595a60e4968243c\WMP x264 Codec Pack.exe
2015-03-13 15:32 . 2015-03-13 15:32 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\e6d6952a666f977ad46199fbdf21591e\WMP x264 Codec Pack.exe
2015-03-13 15:32 . 2015-03-13 15:32 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\e4d76ce6842aed2585d46aa03bd6a658\WMP x264 Codec Pack.exe
2015-03-13 15:32 . 2015-03-13 15:32 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\e43a71bca640ee65e36575e8c5f2237a\WMP x264 Codec Pack.exe
2015-03-13 15:32 . 2015-03-13 15:32 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\e329aadffb093f88647031080a7c3190\WMP x264 Codec Pack.exe
2015-03-13 15:32 . 2015-03-13 15:32 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\de4eb97efe9edad41bcef39b148d4f28\WMP x264 Codec Pack.exe
2015-03-13 15:32 . 2015-03-13 15:32 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\dd3d5659bc23a8351edead3936c8d6e0\WMP x264 Codec Pack.exe
2015-03-13 15:32 . 2015-03-13 15:32 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\d9b87462ceef00ebb1f21187658eb5b1\WMP x264 Codec Pack.exe
2015-03-13 15:32 . 2015-03-13 15:32 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\d6f2b3b2ec680fa24764fa02972402d7\WMP x264 Codec Pack.exe
2015-03-13 15:32 . 2015-03-13 15:32 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\d45c3e99b3dee4341d58dfcb888ec81d\WMP x264 Codec Pack.exe
2015-03-13 15:32 . 2015-03-13 15:32 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\d447908840bf527518af74efb430f333\WMP x264 Codec Pack.exe
2015-03-13 15:32 . 2015-03-13 15:32 12582912 ----a-w- c:\programdata\Microsoft\Security\Client\SecurityCache\data\cddf3211e22940d2d011a4fa81001123\WMP x264 Codec Pack.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-02-19 07:24 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-02-19 07:24 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-02-19 07:24 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-02-19 07:24 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-02-19 07:24 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-02-19 07:24 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2014-04-21 08:02 23008 ----a-w- c:\program files\IDM\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\IDM\Internet Download Manager\IDMan.exe" [2015-02-28 3890768]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2010-12-22 2047088]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-02-12 60712]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-12-16 5188112]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2015-02-17 3978600]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-02-13 157480]
"combofix"="c:\combofix\CF16507.3XE" [2015-03-23 301568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoAutorun"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Scripts\Logoff\0\0]
"Script"=c:\program files\Bitdefender\Bitdefender\support.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApplePhotoStreams]
2013-11-20 08:43 59720 ----a-w- c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent]
2014-05-21 14:03 832272 ----a-w- c:\program files\BlueStacks\HD-Agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-12 13:42 138096 ----atw- c:\users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarenaPlus]
2015-01-20 12:20 9981528 ----a-w- c:\program files\Garena Plus\GarenaMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCloudServices]
2013-11-20 08:43 59720 ----a-w- c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2015-02-28 03:34 3890768 ----a-r- c:\program files\IDM\Internet Download Manager\IDMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InFX]
2013-08-11 08:41 44032 ----a-w- c:\users\admin\AppData\Roaming\StratFX\nircmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2015-02-13 00:55 157480 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2015-02-17 11:21 3978600 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-10-02 07:23 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2013-01-17 09:08 267792 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-12-22 717296]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [2014-12-16 3247120]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2015-02-17 1848680]
R3 Blackberry Device Manager;Blackberry Device Manager;c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [2013-01-18 577536]
R3 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2\bin\fbguard.exe [2011-02-01 81920]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Plus\Room\safedrv.sys [x]
R3 GSService;GSService;c:\windows\system32\GSService.exe [2014-07-28 444640]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2013-07-25 18944]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2014-01-15 5161056]
R3 OEM;USB Modem and USB Serial;c:\windows\system32\DRIVERS\hs60x5usbser.sys [2012-03-08 107000]
R3 Origin Client Service;Origin Client Service;d:\origin\OriginClientService.exe [2015-02-20 1910128]
R3 PCFApiUtil;PCFApiUtil;c:\program files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys [x]
R3 STSService;STSService;c:\program files\SoundTaxi Media Suite\STSService.exe [2011-03-21 421376]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2013-04-12 104720]
R3 XDva392;XDva392; [x]
R4 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2010-12-14 27760]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2014-06-17 147736]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2014-06-17 241944]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2014-06-17 27416]
S0 Bhbase;Baidu Hook Base;c:\windows\System32\drivers\Bhbase.sys [2014-03-11 47456]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2014-06-30 121624]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2014-07-21 200984]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2014-06-17 21272]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2014-10-24 189720]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2014-10-20 197400]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2014-08-30 42784]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2013-11-13 39624]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2013-04-12 188176]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2013-04-12 94480]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-04-30 217088]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [2014-12-16 289328]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [2014-05-21 113424]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [2014-05-21 385808]
S2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files\BlueStacks\HD-UpdaterService.exe [2014-05-21 774928]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2014-11-29 115752]
S2 Innosvcd;Innosvcd;c:\windows\system32\innosvcd.exe [2013-04-04 193144]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [2015-02-16 411920]
S2 TeamViewer9;TeamViewer 9;d:\data\Games\Team Viewer 9\TeamViewer_Service.exe [2014-09-12 4799760]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2013-07-05 78848]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-10-21 68208]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-09-21 41088]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-11-13 37064]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2014-06-06 25088]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2013-04-12 115984]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-12-14 1153648]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-21 07:37 1061704 ----a-w- c:\program files\Google\Chrome\Application\41.0.2272.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 10:25]
.
2015-03-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1380481859-1212219880-2585911621-1000Core.job
- c:\users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-31 13:42]
.
2015-03-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1380481859-1212219880-2585911621-1000UA.job
- c:\users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-31 13:42]
.
2015-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce820314248fdf.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-07-31 13:30]
.
2015-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-07-31 13:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: Download all links with IDM - c:\program files\IDM\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\IDM\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 91.194.254.105 8.8.8.8
TCP: Interfaces\{515E0BE1-5E90-47D0-88F7-E09BD12DBAFC}: NameServer = 8.8.8.8
TCP: Interfaces\{5897E3A2-9727-4A42-8EB5-9424E4FCA0E5}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{9D152133-7846-4DAC-B21E-A7253D1E1963}: NameServer = 208.67.222.222,208.67.220.220
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\1h0mjti4.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2014-06-08 15:12; quick_start@gmail.com; c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\1h0mjti4.default\extensions\quick_start@gmail.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKU-Default-Run-Bitdefender Wallet Agent - c:\program files\Bitdefender\Bitdefender\pmbxag.exe
HKU-Default-Run-Bitdefender Wallet - c:\program files\Bitdefender\Bitdefender\pwdmanui.exe
HKU-Default-Run-Bitdefender Wallet Application Agent - c:\program files\Bitdefender\Bitdefender\bdapppassmgr.exe
MSConfigStartUp-Malwarebytes Anti-Exploit - c:\program files\Malwarebytes Anti-Exploit\mbae.exe
MSConfigStartUp-Messenger (Yahoo!) - c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
AddRemove-AVG Web TuneUp - c:\program files\AVG Web TuneUp\UNINSTALL.exe
AddRemove-Exact Audio Copy PSP Edition - c:\program files\Exact Audio Copy PSP Edition\uninst.exe
AddRemove-TeXstudio_is1 - d:\data\Protext Latex\TeXstudio\Data\unins000.exe
AddRemove-Yahoo! Messenger - c:\progra~1\Yahoo!\MESSEN~1\UNWISE.EXE
AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1380481859-1212219880-2585911621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2]
@Denied: (Full) (Everyone)
.
[HKEY_USERS\S-1-5-21-1380481859-1212219880-2585911621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f07c0317-e30a-11e0-b826-878dbc7a65f3}\shell]
@="AutoRun"
.
[HKEY_USERS\S-1-5-21-1380481859-1212219880-2585911621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f07c031a-e30a-11e0-b826-878dbc7a65f3}\shell]
@="None"
.
[HKEY_USERS\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):f5,4a,ed,ba,01,d4,4f,23,ff,28,c1,bc,e4,94,ce,02,b6,0a,5f,05,aa,
29,6a,e2,cf,af,14,dc,61,e7,36,4d,86,c3,11,37,cd,5a,e6,9f,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{602d3363-c9cb-468b-82cd-1aed85b52b18}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000ef
"Therad"=dword:00000026
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,75,07,18,dd,fb,11,42,94,27,b7,99,0d,2a,ba,05,1a,a2,02,c9,3e,9b,f9,\
.
[HKEY_USERS\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):9b,15,e6,1a,80,90,e2,46,9c,13,f4,7f,5b,f6,29,32,e3,e4,a2,e4,a3,
f6,fb,84,6c,03,09,ad,32,34,6d,f7,76,56,7b,f6,88,69,23,09,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{b9afe023-29f5-4bb9-b8fb-9dc9cee56eb7}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000041
"Therad"=dword:0000001c
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Garena Plus\ggdllhost.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\conhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\IDM\Internet Download Manager\IEMonitor.exe
c:\program files\Common Files\Apple\Internet Services\APSDaemon.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\sppsvc.exe
c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
.
**************************************************************************
.
Completion time: 2015-03-24 00:55:45 - machine was rebooted
ComboFix-quarantined-files.txt 2015-03-23 17:55
.
Pre-Run: 10,649,100,288 bytes free
Post-Run: 10,296,672,256 bytes free
.
- - End Of File - - 87945258C324A257CA9C5F77D4AB67C1
A36C5E4F47E84449FF07ED3517B43A31

vickonovianto · Mar 23, 2015

I cannot download Malwarebytes Anti Malware and I still cannot open several websites, such as microsoft.com. Facebook.com is also still very slow. And other program cannot connect to internet, such as Malwarebytes Anti Malware cannot update, etc. http://www.bbc.co.uk/learningenglish becomes slow again.

Broni · Mar 23, 2015

See if same issue is present in safe mode with networking.
How to start Windows in Safe Mode

Next...

Re-run Farbar Recovery Scan Tool (FRST) you ran at the very beginning of this topic.

Double-click to run it. When the tool opens click Yes to disclaimer.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

vickonovianto · Mar 24, 2015

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by admin (administrator) on ADMIN-PC on 24-03-2015 19:04:32
Running from D:\
Loaded Profiles: admin (Available profiles: admin)
Platform: Microsoft Windows 7 Ultimate (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Windows\System32\PnkBstrA.exe
(TeamViewer GmbH) D:\Data\Games\Team Viewer 9\TeamViewer_Service.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Service.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(BlueStack Systems) C:\Program Files\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files\BlueStacks\HD-BlockDevice.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
() C:\Program Files\Garena Plus\ggdllhost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(BlueStack Systems) C:\Program Files\BlueStacks\HD-SharedFolder.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Tonec Inc.) C:\Program Files\IDM\Internet Download Manager\IDMan.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Tonec Inc.) C:\Program Files\IDM\Internet Download Manager\IEMonitor.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [2047088 2010-12-23] (VIA)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-02-17] (LogMeIn Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-02-13] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\...\Run: [IDMan] => C:\Program Files\IDM\Internet Download Manager\IDMan.exe [3890768 2015-02-28] (Tonec Inc.)
HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x20000000
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\IDM\Internet Download Manager\IDMShellExt.dll (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Local Policy Restriction on IP: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{70d5cbed-af3f-49bd-a9bb-89911ba40d92} <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:57593;https=127.0.0.1:57593
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\IDM\Internet Download Manager\IDMIECC.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-02-13] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-02-13] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Toolbar: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-01-23] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 91.194.254.105 8.8.8.8
Tcpip\..\Interfaces\{515E0BE1-5E90-47D0-88F7-E09BD12DBAFC}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{5897E3A2-9727-4A42-8EB5-9424E4FCA0E5}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{9D152133-7846-4DAC-B21E-A7253D1E1963}: [NameServer] 208.67.222.222,208.67.220.220

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\1h0mjti4.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-08] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-15] (CANON INC.)
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin: @innorix.com/innogmp -> C:\Program Files\INNORIX\npinnogmp.dll [2013-04-04] (INNORIX)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-02-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-02-13] (Oracle Corporation)
FF Plugin: @kamuse.com/npKLiveMBCPlugin -> C:\Users\admin\AppData\Roaming\KLive\MBC\npKLiveMBCPlugin.dll [2011-08-25] (kamuse)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-01-16] ( Garena)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-12-19] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1380481859-1212219880-2585911621-1000: @catalinahub.com/CatalinaGroup Update;version=3 -> C:\Users\admin\AppData\Local\CatalinaGroup\Update\1.3.25.203\npCatalinaUpdate3.dll No File
FF Plugin HKU\S-1-5-21-1380481859-1212219880-2585911621-1000: @catalinahub.com/CatalinaGroup Update;version=9 -> C:\Users\admin\AppData\Local\CatalinaGroup\Update\1.3.25.203\npCatalinaUpdate3.dll No File
FF Plugin HKU\S-1-5-21-1380481859-1212219880-2585911621-1000: @innorix.com/innogmp -> C:\Program Files\INNORIX\npinnogmp.dll [2013-04-04] (INNORIX)
FF Plugin HKU\S-1-5-21-1380481859-1212219880-2585911621-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\admin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1380481859-1212219880-2585911621-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-22] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2003-07-15] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2011-09-06] (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-09-01]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-01]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - D:\Data\Avast\WebRep\FF
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-02-08]
FF HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\admin\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\admin\AppData\Roaming\IDM\idmmzcc5 [2015-02-28]
FF HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\admin\AppData\Roaming\IDM\idmmzcc5
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox 4.0 Beta 6\firefox.exe

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-04]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-31]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-16]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-07-31]
CHR Extension: (AdBlock) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (IDM Integration Module) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2015-02-28]
CHR Extension: (No Name) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-31]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-05]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\IDM\Internet Download Manager\IDMGCExt.crx [2015-02-24]
CHR HKLM\...\Chrome\Extension: [okcnagmljeeakjmdbbflcanhlienmofh] - No Path Or update_url value
CHR HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\admin\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-07-29]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-09-20] (Adobe Systems) [File not signed]
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
S3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [402192 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [774928 2014-05-21] (BlueStack Systems, Inc.)
S3 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2\bin\fbguard.exe [81920 2011-02-01] (Firebird Project) [File not signed]
S3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2\bin\fbserver.exe [2764800 2011-02-01] (Firebird Project) [File not signed]
S3 GSService; C:\Windows\system32\GSService.exe [444640 2014-07-28] ()
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1848680 2015-02-17] (LogMeIn Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-06] ()
S2 Innosvcd; C:\Windows\system32\innosvcd.exe [193144 2013-04-04] (INNORIX)
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [411920 2015-02-16] (LogMeIn, Inc.)
S3 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-27] (Microsoft Corporation) [File not signed]
S3 npggsvc; C:\Windows\system32\GameMon.des [5161056 2014-01-16] (INCA Internet Co., Ltd.)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [32568 2013-08-22] (The OpenVPN Project)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [1910128 2015-02-20] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-10-18] ()
S3 STSService; C:\Program Files\SoundTaxi Media Suite\STSService.exe [421376 2011-03-22] () [File not signed]
R2 TeamViewer9; D:\Data\Games\Team Viewer 9\TeamViewer_Service.exe [4799760 2014-09-13] (TeamViewer GmbH)
S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2010-12-15] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [189720 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-10-20] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-30] (AVG Technologies)
R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [47456 2014-03-11] (Baidu, Inc.)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [113424 2014-05-21] (BlueStack Systems)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [39624 2013-11-13] (AnchorFree Inc.)
S3 ISODrive; D:\Data\UltraISO\drivers\ISODrive.sys [73728 2008-05-24] (EZB Systems, Inc.) [File not signed]
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-09-21] (Intel Corporation)
S3 OEM; C:\Windows\System32\DRIVERS\hs60x5usbser.sys [107000 2012-03-08] (QUALCOMM Incorporated)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2011-12-22] (Duplex Secure Ltd.)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [33512 2012-07-25] (AnchorFree Inc)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-11-13] (Anchorfree Inc.)
R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2014-06-06] (TeamViewer GmbH)
R3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023k.sys [11136 2007-09-01] (Microsoft Corporation)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1153648 2010-12-15] (VIA Technologies, Inc.)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 catchme; \??\C:\Users\admin\AppData\Local\Temp\catchme.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [X]
S3 PCFApiUtil; \??\C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys [X]
S3 XDva392; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-24 00:55 - 2015-03-24 00:55 - 00042268 _____ () C:\ComboFix.txt
2015-03-24 00:33 - 2011-06-26 13:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-24 00:33 - 2010-11-08 00:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-24 00:33 - 2009-04-20 11:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-24 00:33 - 2000-08-31 07:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-24 00:33 - 2000-08-31 07:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-24 00:33 - 2000-08-31 07:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-24 00:33 - 2000-08-31 07:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-24 00:33 - 2000-08-31 07:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-24 00:32 - 2015-03-24 00:55 - 00000000 ____D () C:\Qoobox
2015-03-24 00:32 - 2015-03-24 00:54 - 00000000 ____D () C:\Windows\erdnt
2015-03-23 23:25 - 2015-03-24 00:32 - 05616289 ____R (Swearware) C:\Users\admin\Desktop\ComboFix.exe
2015-03-22 14:24 - 2015-03-22 14:24 - 00001773 _____ () C:\Users\admin\Desktop\JRT.txt
2015-03-22 14:21 - 2015-03-22 14:21 - 01388672 _____ (Thisisu) C:\Users\admin\Desktop\JRT.exe
2015-03-22 13:51 - 2015-03-22 13:50 - 02171392 _____ () C:\Users\admin\Desktop\adwcleaner_4.112.exe
2015-03-22 13:15 - 2015-03-22 13:26 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-22 13:15 - 2015-03-22 13:15 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-03-22 13:13 - 2015-03-22 13:13 - 00000737 _____ () C:\Users\admin\Desktop\RogueKiller.exe - Shortcut.lnk
2015-03-22 09:13 - 2015-03-22 09:14 - 00000000 ____D () C:\Program Files\Mozilla Firefox 4.0 Beta 6
2015-03-21 10:29 - 2015-03-24 19:04 - 00000000 ____D () C:\FRST
2015-03-19 17:07 - 2015-03-19 17:09 - 00000000 _____ () C:\Users\admin\AppData\Local\{A2D7BD5C-678B-4B02-94A8-5B08DEE0CDCA}
2015-03-19 17:07 - 2015-03-19 17:09 - 00000000 _____ () C:\Users\admin\AppData\Local\{1AD142FE-67A3-4557-965B-2DDC569DA78A}
2015-03-18 17:02 - 2015-03-18 17:03 - 00000000 _____ () C:\Users\admin\AppData\Local\{E32997FB-EE08-400D-A9C2-A58B04C11250}
2015-03-18 17:02 - 2015-03-18 17:03 - 00000000 _____ () C:\Users\admin\AppData\Local\{46C92CE2-094E-4FD1-A87D-27790563DBA3}
2015-03-17 19:26 - 2015-03-17 19:27 - 00062217 _____ () C:\Users\admin\Downloads\Pro Evolution Soccer 2015-RELOADED [www.OMGTORRENT.com].torrent
2015-03-14 23:55 - 2015-03-14 23:55 - 00001039 _____ () C:\Users\admin\Desktop\Gemscool Indonesia Game Portal.lnk
2015-03-14 23:55 - 2015-03-14 23:55 - 00000925 _____ () C:\Users\admin\Desktop\Point Blank.lnk
2015-03-14 23:55 - 2015-03-14 23:55 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PointBlank Online
2015-03-14 21:58 - 2015-03-14 22:00 - 00000000 ____D () C:\Users\admin\AppData\Local\Sublime Text 3
2015-03-14 21:58 - 2015-03-14 21:58 - 00001049 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk
2015-03-14 21:58 - 2015-03-14 21:58 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Sublime Text 3
2015-03-14 21:58 - 2015-03-14 21:58 - 00000000 ____D () C:\Program Files\Sublime Text 3
2015-03-14 21:48 - 2015-03-14 21:48 - 00000985 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 2.lnk
2015-03-14 21:48 - 2015-03-14 21:48 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Sublime Text 2
2015-03-14 21:48 - 2015-03-14 21:48 - 00000000 ____D () C:\Program Files\Sublime Text 2
2015-03-14 20:08 - 2015-03-14 20:08 - 00000000 ____D () C:\Users\admin\AppData\Local\GitHub,_Inc
2015-03-14 18:24 - 2015-03-14 18:24 - 00000675 _____ () C:\Users\Public\Desktop\Git Bash.lnk
2015-03-14 18:24 - 2015-03-14 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2015-03-13 00:18 - 2015-03-13 00:18 - 00143208 _____ () C:\Windows\Minidump\031315-32744-01.dmp
2015-03-12 21:17 - 2015-03-12 21:17 - 00001059 _____ () C:\Users\Public\Desktop\New Success Intermediate ActiveBook.lnk
2015-03-12 21:17 - 2015-03-12 21:17 - 00000000 ___HD () C:\Program Files\InstallJammer Registry
2015-03-12 21:17 - 2015-03-12 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pearson
2015-03-12 21:08 - 2015-03-12 21:08 - 00000000 __SHD () C:\Windows\ftpcache
2015-03-12 21:07 - 2015-03-12 21:07 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Longman
2015-03-12 21:07 - 2015-03-12 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Longman
2015-03-12 16:37 - 2015-03-12 16:37 - 00001488 _____ () C:\Users\admin\Downloads\UTS_.zip
2015-03-10 01:47 - 2015-03-10 01:47 - 00001759 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-03-10 01:47 - 2015-03-10 01:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-10 01:46 - 2015-03-10 01:47 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-03-10 01:46 - 2015-03-10 01:46 - 00000000 ____D () C:\Program Files\iPod
2015-03-01 07:58 - 2015-03-14 21:04 - 00000000 ____D () C:\Users\admin\.atom
2015-03-01 07:57 - 2015-03-14 20:26 - 00002088 _____ () C:\Users\admin\Desktop\Atom.lnk
2015-03-01 07:57 - 2015-03-01 07:58 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Atom
2015-03-01 07:55 - 2015-03-14 20:24 - 00000000 ____D () C:\Users\admin\AppData\Local\atom
2015-03-01 07:55 - 2015-03-01 07:58 - 00000000 ____D () C:\Users\admin\AppData\Local\SquirrelTemp
2015-03-01 07:50 - 2015-03-01 07:50 - 00000000 ____D () C:\Users\admin\Documents\GitHub
2015-03-01 07:50 - 2015-03-01 07:50 - 00000000 ____D () C:\Users\admin\.ssh
2015-03-01 07:49 - 2015-03-14 20:16 - 00000000 ____D () C:\Users\admin\AppData\Roaming\GitHub
2015-03-01 07:49 - 2015-03-14 20:16 - 00000000 ____D () C:\Users\admin\AppData\Local\GitHub
2015-03-01 07:49 - 2015-03-01 07:49 - 00002146 _____ () C:\Users\admin\Desktop\Git Shell.lnk
2015-03-01 07:49 - 2015-03-01 07:49 - 00000058 _____ () C:\Users\admin\.gitconfig
2015-03-01 07:48 - 2015-03-14 20:26 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2015-03-01 07:48 - 2015-03-01 07:48 - 00000308 _____ () C:\Users\admin\Desktop\GitHub.appref-ms
2015-02-28 10:36 - 2015-02-28 10:36 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-02-28 10:32 - 2015-02-28 10:32 - 00013332 _____ () C:\Users\admin\Downloads\[kickass.to]internet.download.manager.idm.6.23.build.2.final.incl.crack.atom.torrent
2015-02-28 10:10 - 2015-02-28 10:10 - 00000000 ____D () C:\ProgramData\Avg_Update_0215av
2015-02-27 21:07 - 2015-02-27 21:24 - 00000000 ____D () C:\Users\admin\AppData\Local\Temporary Projects
2015-02-27 19:33 - 2015-02-27 19:35 - 00000000 _____ () C:\Users\admin\AppData\Local\{C44B1E1A-3498-4F00-B71E-FB709A551C3C}
2015-02-27 19:33 - 2015-02-27 19:35 - 00000000 _____ () C:\Users\admin\AppData\Local\{587072C4-0EF0-43FF-AE94-9291A47B864B}
2015-02-24 20:41 - 2014-11-29 07:37 - 00115752 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2015-02-24 10:05 - 2015-02-24 10:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-24 09:26 - 2015-02-24 09:26 - 00018542 _____ () C:\Users\admin\Downloads\[kickass.to]microsoft.visio.pro.2013.sp1.vl.x86.en.us.torrent
2015-02-24 08:37 - 2015-02-24 08:37 - 00043951 _____ () C:\Users\admin\Downloads\[kickass.to]microsoft.visio.pro.2013.sp1.vl.x64.en.us.torrent
2015-02-24 08:21 - 2015-03-23 20:09 - 00000000 ____D () C:\Users\admin\AppData\Local\AVDworks
2015-02-24 08:20 - 2015-03-10 23:20 - 00000000 ____D () C:\Users\admin\AppData\Local\Agcpworks
2015-02-24 07:32 - 2015-02-24 07:32 - 00034502 _____ () C:\Users\admin\Downloads\Microsoft Visio Professional.torrent
2015-02-24 05:57 - 2015-02-24 05:57 - 00000000 ____D () C:\Users\admin\Documents\W7
2015-02-24 05:56 - 2015-02-24 05:57 - 00000000 ____D () C:\Users\admin\Documents\W6

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-24 19:04 - 2012-07-21 23:27 - 00000000 ____D () C:\Users\admin\AppData\Roaming\DMCache
2015-03-24 19:03 - 2014-12-27 00:39 - 00000000 ____D () C:\Users\admin\AppData\Local\LogMeIn Hamachi
2015-03-24 19:03 - 2014-07-31 20:30 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce820314248fdf.job
2015-03-24 19:02 - 2014-11-02 01:00 - 00020866 _____ () C:\Windows\setupact.log
2015-03-24 19:02 - 2009-07-14 11:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-24 10:31 - 2014-11-04 04:33 - 00078000 _____ () C:\Windows\WindowsUpdate.log
2015-03-24 10:08 - 2014-07-31 20:30 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-24 09:48 - 2012-04-08 06:56 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-24 09:39 - 2009-07-14 11:34 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-24 09:39 - 2009-07-14 11:34 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-24 09:38 - 2013-10-02 18:25 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-24 02:47 - 2012-03-31 14:15 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1380481859-1212219880-2585911621-1000UA.job
2015-03-24 00:55 - 2013-05-02 13:31 - 00000000 ____D () C:\Users\admin\AppData\Local\Apps\2.0
2015-03-24 00:55 - 2009-07-14 09:37 - 00000000 __RHD () C:\Users\Default
2015-03-24 00:55 - 2009-07-14 09:37 - 00000000 ___RD () C:\Users\Public
2015-03-24 00:49 - 2009-07-14 09:04 - 00000215 _____ () C:\Windows\system.ini
2015-03-24 00:47 - 2014-11-03 08:53 - 00373732 _____ () C:\Windows\PFRO.log
2015-03-23 23:59 - 2014-01-04 08:32 - 00000000 ____D () C:\Users\admin\Documents\Bandicam
2015-03-23 20:47 - 2012-03-31 14:15 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1380481859-1212219880-2585911621-1000Core.job
2015-03-23 20:06 - 2014-06-08 15:13 - 00000000 ____D () C:\Users\admin\AppData\Local\CrashDumps
2015-03-22 14:17 - 2012-09-21 10:36 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-22 14:16 - 2015-01-06 22:35 - 00000000 ____D () C:\AdwCleaner
2015-03-22 12:34 - 2011-09-20 05:59 - 00783728 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-21 21:47 - 2011-10-26 18:34 - 00000000 ____D () C:\Users\admin\AppData\Roaming\uTorrent
2015-03-19 17:19 - 2014-02-11 02:06 - 00000000 ____D () C:\SPB_Data
2015-03-15 08:48 - 2012-09-27 23:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-14 20:05 - 2013-05-02 13:31 - 00000000 ____D () C:\Users\admin\AppData\Local\Deployment
2015-03-13 23:59 - 2011-10-26 18:31 - 00000000 ____D () C:\Users\admin\AppData\Local\RipTiger
2015-03-13 00:18 - 2013-04-21 11:51 - 00000000 ____D () C:\Windows\Minidump
2015-03-12 20:43 - 2009-07-14 09:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-12 19:48 - 2015-01-07 07:27 - 00129832 _____ () C:\zoek-results.log
2015-03-10 01:47 - 2012-11-23 16:18 - 00000000 ____D () C:\Program Files\iTunes
2015-03-10 01:46 - 2011-09-20 18:30 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-07 00:06 - 2014-11-09 01:39 - 00000000 ____D () C:\Users\admin\Desktop\Tor Browser
2015-03-01 08:37 - 2009-07-14 09:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-03-01 07:58 - 2011-09-20 05:00 - 00000000 ____D () C:\Users\admin
2015-02-28 06:12 - 2014-09-29 21:45 - 00000000 ____D () C:\Users\admin\Documents\Visual Studio 2008
2015-02-27 22:09 - 2014-07-01 20:01 - 00000000 ____D () C:\Users\admin\AppData\Roaming\.minecraft
2015-02-24 17:25 - 2012-04-08 06:56 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-24 17:25 - 2011-09-20 18:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-24 17:21 - 2009-07-14 11:33 - 00453568 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-24 17:20 - 2011-09-20 05:03 - 00115864 _____ () C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-24 10:06 - 2011-09-20 05:29 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-24 10:05 - 2011-09-20 05:10 - 00000000 ____D () C:\Program Files\Common Files\Designer
2015-02-24 10:05 - 2009-07-14 09:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-24 10:04 - 2011-09-20 05:29 - 00000000 ____D () C:\Program Files\Microsoft Office

==================== Files in the root of some directories =======

2013-10-02 15:51 - 2013-10-02 15:51 - 0000160 _____ () C:\Users\admin\AppData\Roaming\ICARE_ACTIVITY.LOG
2014-06-04 12:29 - 2014-10-18 15:34 - 0138576 _____ () C:\Users\admin\AppData\Roaming\PnkBstrK.sys
2011-12-22 16:15 - 2014-03-14 00:10 - 0003150 _____ () C:\Users\admin\AppData\Roaming\Rim.Desktop.Exception.log
2011-12-22 16:14 - 2014-03-13 22:49 - 0002245 _____ () C:\Users\admin\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2011-12-22 16:15 - 2014-03-14 00:10 - 0001078 _____ () C:\Users\admin\AppData\Roaming\Rim.DesktopHelper.Exception.log
2013-08-27 22:02 - 2014-02-14 04:58 - 0045270 _____ () C:\Users\admin\AppData\Roaming\room_v3.dat
2015-01-31 07:19 - 2015-01-31 07:19 - 0000000 ____H () C:\Users\admin\AppData\Local\BIT276D.tmp
2015-01-31 07:19 - 2015-01-31 07:19 - 0000000 ____H () C:\Users\admin\AppData\Local\BIT2829.tmp
2015-01-20 22:33 - 2015-01-20 22:33 - 0000000 ____H () C:\Users\admin\AppData\Local\BIT2EDC.tmp
2015-01-20 22:33 - 2015-01-20 22:33 - 0000000 ____H () C:\Users\admin\AppData\Local\BIT3044.tmp
2015-01-22 16:51 - 2015-01-22 16:51 - 0000000 ____H () C:\Users\admin\AppData\Local\BITEF2E.tmp
2015-01-22 16:51 - 2015-01-22 16:51 - 0000000 ____H () C:\Users\admin\AppData\Local\BITF113.tmp
2014-11-16 11:53 - 2014-11-16 11:53 - 0007597 _____ () C:\Users\admin\AppData\Local\Resmon.ResmonCfg
2015-03-19 17:07 - 2015-03-19 17:09 - 0000000 _____ () C:\Users\admin\AppData\Local\{1AD142FE-67A3-4557-965B-2DDC569DA78A}
2015-01-22 16:50 - 2015-01-22 16:50 - 0000000 _____ () C:\Users\admin\AppData\Local\{3C7EB1C3-A1E4-4026-B49A-B6D3519C3F1C}
2015-01-22 16:50 - 2015-01-22 16:50 - 0000000 _____ () C:\Users\admin\AppData\Local\{44ED26BF-F402-4764-9F29-0C9ADC9EEB1D}
2015-03-18 17:02 - 2015-03-18 17:03 - 0000000 _____ () C:\Users\admin\AppData\Local\{46C92CE2-094E-4FD1-A87D-27790563DBA3}
2015-01-08 10:14 - 2015-01-08 10:14 - 0000000 _____ () C:\Users\admin\AppData\Local\{4B96569B-0EC0-4114-BDC3-3C6AFB118504}
2015-01-20 22:32 - 2015-01-20 22:32 - 0000000 _____ () C:\Users\admin\AppData\Local\{4BEF06CE-F36F-423E-8822-264D901ABF44}
2015-02-27 19:33 - 2015-02-27 19:35 - 0000000 _____ () C:\Users\admin\AppData\Local\{587072C4-0EF0-43FF-AE94-9291A47B864B}
2015-01-08 10:14 - 2015-01-08 10:14 - 0000000 _____ () C:\Users\admin\AppData\Local\{8CAA9C65-EE8D-4296-ACD9-62651D27DFFF}
2015-02-16 19:10 - 2015-02-16 19:10 - 0000000 _____ () C:\Users\admin\AppData\Local\{8E658E09-D036-4EA6-A4D6-4E00C88D1BED}
2015-02-16 19:10 - 2015-02-16 19:10 - 0000000 _____ () C:\Users\admin\AppData\Local\{9CEC9CB6-F346-45A4-8D30-C319CACDB681}
2015-03-19 17:07 - 2015-03-19 17:09 - 0000000 _____ () C:\Users\admin\AppData\Local\{A2D7BD5C-678B-4B02-94A8-5B08DEE0CDCA}
2015-01-20 22:32 - 2015-01-20 22:32 - 0000000 _____ () C:\Users\admin\AppData\Local\{AC362A9C-19FF-4A97-AF4B-27A4602CCA70}
2015-02-27 19:33 - 2015-02-27 19:35 - 0000000 _____ () C:\Users\admin\AppData\Local\{C44B1E1A-3498-4F00-B71E-FB709A551C3C}
2015-03-18 17:02 - 2015-03-18 17:03 - 0000000 _____ () C:\Users\admin\AppData\Local\{E32997FB-EE08-400D-A9C2-A58B04C11250}
2015-01-31 07:18 - 2015-01-31 07:20 - 0000000 _____ () C:\Users\admin\AppData\Local\{EEB81C14-3071-49A7-B693-C2BD4FA00545}
2015-01-31 07:18 - 2015-01-31 07:20 - 0000000 _____ () C:\Users\admin\AppData\Local\{F6249803-CE9A-4FC5-BA0B-4613EFDBBF9D}
2014-05-17 00:09 - 2013-01-07 11:04 - 0000037 _____ () C:\ProgramData\ttrainer8.data

Files to move or delete:
====================
C:\Users\admin\ntuserdirect_MyManager.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-15 09:58

==================== End Of Log ============================

vickonovianto · Mar 24, 2015

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by admin at 2015-03-24 19:05:43
Running from D:\
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
Accurate 3 Enterprise Edition (HKLM\...\Accurate 3 Enterprise Edition) (Version: - )
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Advertising Center (Version: 0.0.0.1 - Nero AG) Hidden
Age of Empires III - The Asian Dynasties (HKLM\...\InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The Asian Dynasties (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM\...\InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (Version: 1.00.0000 - Microsoft Game Studios) Hidden
AMD Catalyst Install Manager (HKLM\...\{B448BC74-1CB7-7A57-3313-5E075AFB413E}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Atom (HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\...\atom) (Version: 0.187.0 - GitHub Inc.)
Avenue Flo - Special Delivery Just For Fun Games (HKLM\...\Avenue Flo - Special Delivery Just For Fun Games) (Version: - )
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4800 - AVG Technologies)
AVG 2014 (Version: 14.0.4257 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4800 - AVG Technologies) Hidden
Bandicam (HKLM\...\Bandicam) (Version: 1.9.2.455 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM\...\BandiMPEG1) (Version: - Bandisoft.com)
Battlefield 3™ (HKLM\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
BlueStacks App Player (HKLM\...\BlueStacks App Player) (Version: 0.8.10.3096 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM\...\{0BED0B96-70B8-4893-884B-DC485DC8C1B7}) (Version: 0.8.10.3096 - BlueStack Systems, Inc.)
Boutique Boulevard (HKLM\...\Boutique Boulevard) (Version: 1.00 - Big Fish Games)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: - )
Canon MP Navigator EX 4.0 (HKLM\...\MP Navigator EX 4.0) (Version: - )
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version: - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version: - )
CCleaner, версия 4.14.4808 (HKLM\...\{80BD3FC0-9C5F-4ADA-83C7-91DC8E24D0B2}_is1) (Version: 4.14.4808 - Salat Production)
CodeBlocks (HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\...\CodeBlocks) (Version: 12.11 - The Code::Blocks Team)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Cooking Academy - Restaurant Royale (HKLM\...\Cooking Academy - Restaurant RoyaleFinal) (Version: Final - AllSmartGames)
Counter-Strike Online Game Client (HKLM\...\Counter-Strike Online) (Version: Game Client - Megaxus)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Declan's Korean Dictionary v1.1 (HKLM\...\Declan's Korean Dictionary_is1) (Version: 1.1.1127 - Declan Software, Inc.)
Delicious - Emily's Tea Garden (HKLM\...\Delicious - Emily's Tea Garden) (Version: 1.0.7.1 - GameHouse, Inc.)
Delicious 9 - Emilys Honeymoon Cruise (HKLM\...\Delicious 9 - Emilys Honeymoon Cruise1.1) (Version: 1.1 - Foxy Games)
Delicious Emilys True Love Premium Edition (HKLM\...\Delicious Emilys True Love Premium Editionv1.0.0.0) (Version: v1.0.0.0 - GameHouse)
Diner Dash - Flo Through Time 1.00 (HKLM\...\Diner Dash - Flo Through Time 1.00) (Version: - )
Diner Dash Seasonal Snack Pack (HKLM\...\Diner Dash Seasonal Snack Pack1.0) (Version: 1.0 - AllSmartGames)
doxygen 1.8.9.1 (HKLM\...\doxygen_is1) (Version: 1.8.9.1 - Dimitri van Heesch)
Dropbox (HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\...\Dropbox) (Version: 2.4.10 - Dropbox, Inc.)
EMS SQL Manager 2007 Lite for MySQL (HKLM\...\{8ABA2354-20F6-480F-A4C5-63B30DBC6B20}) (Version: 4.4.2.1 - EMS)
Entity Framework Designer for Visual Studio 2012 - enu (HKLM\...\{AFA4B0BF-3289-495A-B949-BA91F39B1A44}) (Version: 11.1.21009.00 - Microsoft Corporation)
Epson Easy Photo Print 2 (HKLM\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
EPSON TX111 Series Printer Uninstall (HKLM\...\EPSON TX111 Series) (Version: - SEIKO EPSON Corporation)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
First Class Flurry (HKLM\...\First Class Flurry1.0) (Version: 1.0 - Adnan_Boy 2008)
FontNav (Version: 5.0 - Corel Corporation) Hidden
Fraps (HKLM\...\Fraps) (Version: - )
Free Pascal 2.6.2 (HKLM\...\FreePascal_is1) (Version: - Free Pascal Team)
Garena - FIFA ONLINE 3(English) (HKLM\...\FO3) (Version: - Garena Online Pte Ltd.)
Garena - FIFA ONLINE 3(Indonesia) (HKLM\...\FO3ID) (Version: - Garena Online Pte Ltd.)
Genymotion version 2.3.1 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 2.3.1 - Genymobile)
GeoGebra 4.4 (HKLM\...\GeoGebra 4.4) (Version: 4.4.5.0 - International GeoGebra Institute)
Git version 1.9.5-preview20141217 (HKLM\...\Git_is1) (Version: 1.9.5-preview20141217 - The Git Development Community)
GitHub (HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\...\5f7eb300e2ea4ebf) (Version: 2.9.1.0 - GitHub, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Drive (HKLM\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Gourmet Chef Challenge Around the World version 3.107 (HKLM\...\Gourmet Chef Challenge Around the World_is1) (Version: 3.107 - )
Grand Theft Auto IV - Episodes From Liberty City (HKLM\...\{8ED35B48-AFBD-4F32-8271-2257AD8B907E}_is1) (Version: - )
Grand Theft Auto San Andreas + MultiPlayer [0.3e] (HKLM\...\{E1D22FE1-AB5F-42CA-9480-6F70B96DDD88}_is1) (Version: 0.3(e) - RePack by -=M@N=-)
Happy Chef (HKLM\...\Happy Chef1.0) (Version: 1.0 - Foxy Games)
Happy Chef 2 (HKLM\...\Happy Chef 2v1.29.07.2013) (Version: v1.29.07.2013 - Nordcurrent)
Haskell Platform 2013.2.0.0 (HKLM\...\HaskellPlatform-2013.2.0.0) (Version: - Haskell.org)
Hell's Kitchen (HKLM\...\Hell's Kitchen1.0) (Version: 1.0 - Adnan_Boy 2008)
Hostile Makeover - A Fashion Murder Mystery Game (HKLM\...\Hostile Makeover - A Fashion Murder Mystery Game1.0) (Version: 1.0 - AllSmartGames)
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version: - Tonec Inc.)
iTunes (HKLM\...\{3A9FE6B1-EE7F-40AC-B831-AC7C9ABB58A0}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java SE Development Kit 8 Update 31 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180310}) (Version: 8.0.310.13 - Oracle Corporation)
Kamus 2.04 (HKLM\...\Kamus2) (Version: 2.04 - Ebta Setiawan)
K-Lite Mega Codec Pack 10.9.0 (HKLM\...\KLiteCodecPack_is1) (Version: 10.9.0 - )
Kudos 2 (HKLM\...\Kudos 21.01) (Version: 1.01 - Adnan_Boy 2008)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Life Quest 2 - Metropoville (HKLM\...\Life Quest 2 - Metropovillev1.0.0) (Version: v1.0.0 - Big Fish Games)
LINE (HKLM\...\LINE) (Version: 3.9.1.188 - LINE Corporation)
LiveUSB Creator (remove only) (HKLM\...\LiveUSB Creator) (Version: - )
LogMeIn Hamachi (HKLM\...\LogMeIn Hamachi) (Version: 2.2.0.319 - LogMeIn, Inc.)
LogMeIn Hamachi (Version: 2.2.0.319 - LogMeIn, Inc.) Hidden
MBC Live (HKLM\...\MBCLive) (Version: - )
MCShield ::Anti-Malware Tool:: (HKLM\...\MCShield) (Version: 3.0.5.28 - MyCity)
Media Go Video Playback Engine 1.64.101.02270 (HKLM\...\{7D62ABA3-35EC-623E-2C5F-1B3332CB705B}) (Version: 1.64.101.02270 - Sony)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{D9DA2981-3298-4F1A-9192-F2CF5BD91145}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English (HKLM\...\{0C19D563-5F25-4621-BF10-01F741BD283F}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (HKLM\...\Microsoft Visual Basic 2008 Express Edition with SP1 - ENU) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Web Deploy 3.0 (HKLM\...\{E43AC95E-66B0-4CEC-AADD-C9BFEF5A4C0A}) (Version: 3.1236.1631 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (HKLM\...\{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}) (Version: 3.5.30729 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (HKLM\...\{044F9133-B8D7-4d11-BF39-803FA20F5C8B}) (Version: 6.1.5295.17011 - Microsoft Corporation)
Minecraft 1.8 (HKLM\...\Minecraft 1.8) (Version: 1.8 - Mojang)
Minecraft1.7.2 (HKLM\...\Minecraft1.7.2) (Version: - )
ModooMarble (Remove only) (HKLM\...\{7B2562F1-02DC-415F-8960-446E64BE9BBE}_is1) (Version: 1.0 - PT.CJ Internet Indonesia)
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MySQL Installer (HKLM\...\{F0A890B5-DE46-4468-A1DF-8F4DE5C478D0}) (Version: 1.3.6.0 - Oracle Corporation)
MySQL Server 5.0 (HKLM\...\{DBACBFE4-F79E-4AFB-A7C3-463555B8446B}) (Version: 5.0.67 - MySQL AB)
Need For Speed™ World (HKLM\...\{3AF1B16A-7DC9-4C80-BAEC-70B088A7C5B8}) (Version: 1.0.0.0 - Electronic Arts)
New Success Intermediate ActiveBook (HKLM\...\9781408249123-Pearson) (Version: - Pearson Education)
Notepad++ (HKLM\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
OpenVPN 2.3.2-I003 (HKLM\...\OpenVPN) (Version: 2.3.2-I003 - )
Opera Stable 25.0.1614.68 (HKLM\...\Opera 25.0.1614.68) (Version: 25.0.1614.68 - Opera Software ASA)
Oracle VM VirtualBox 4.2.12 (HKLM\...\{5FA29565-1B72-488F-B975-E3C76F179F36}) (Version: 4.2.12 - Oracle Corporation)
Origin (HKLM\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Plants vs. Zombies™ (HKLM\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Point Blank Online (HKLM\...\Point Blank Online) (Version: 20100113 - Gemscool)
PointblnakPTS_New version 1.5 (HKLM\...\{7F22FDB9-0BA3-4098-BDEB-4C9C93482B32}_is1) (Version: 1.5 - Bypassnet)
PremiumSoft Navicat 11.0 for MySQL (HKLM\...\PremiumSoft Navicat for MySQL_is1) (Version: 11.0.18 - PremiumSoft CyberTech Ltd.)
PremiumSoft Navicat 11.1 for SQL Server (HKLM\...\PremiumSoft Navicat for SQL Server_is1) (Version: 11.1.9 - PremiumSoft CyberTech Ltd.)
Presto! MaxReader 4.5 LE (HKLM\...\{333210DA-4E7F-402A-ABBF-41D70CF00503}) (Version: 4.50.02 - NewSoft Technology Corporation)
Pro Evolution Soccer 2014 (HKLM\...\{5EFD3544-2371-4900-8ACA-F157BA80FB0C}) (Version: 1.00.0000 - KONAMI)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)
Puzzler World 2 (HKLM\...\Puzzler World 21.0) (Version: 1.0 - Foxy Games)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RipTiger 4.5.1 (HKLM\...\{AFD4597D-56CC-447F-AA68-C1BF1AEA448E}_is1) (Version: 4.5.1 - cyan soft ltd)
SimCity™ (HKLM\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Smartfren andro max E860 UI (HKLM\...\{90C99F3E-56DB-4965-B524-1D0E1851E03A}) (Version: - )
SoundTaxi Media Suite 4.2.0 (HKLM\...\STMediaSuite) (Version: 4.2.0 - Ramka Ltd.)
SoundTaxi Media Suite 4.5.1 (HKLM\...\{EF4C657F-632F-4CED-A220-F4C1C724241C}_is1) (Version: 4.5.1 - cyan soft ltd)
SQL Server System CLR Types (HKLM\...\{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}) (Version: 10.0.1600.22 - Microsoft Corporation)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version: - )
Sublime Text Build 3065 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TDM-GCC (HKLM\...\TDM-GCC) (Version: 1.1309.0 - TDM)
Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
The Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.62.153 - Electronic Arts)
The Sims™ 3 Fast Lane Stuff (HKLM\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Into the Future (HKLM\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
The Sims™ 3 Island Paradise (HKLM\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
The Sims™ 3 Pets (HKLM\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Seasons (HKLM\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 Town Life Stuff (HKLM\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
The Sims™ 3 University Life (HKLM\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
The Sims™ 4 Create A Sim Demo (HKLM\...\{6908ED99-F02B-4E99-A202-3FAC99C510ED}) (Version: 1.0.237.100 - Electronic Arts Inc.)
Trivia Machine Reloaded (HKLM\...\Trivia Machine Reloadedv1.1) (Version: v1.1 - HipSoft)
TweetDeck (HKLM\...\{85D70219-700E-4728-A80D-C394DEF6247E}) (Version: 3.0.2 - Twitter, Inc.)
Typing Trainer 8.0 (HKLM\...\{218081EE-C83D-46A6-9382-9AB77B99AAA1}_is1) (Version: - Typing Innovation Group Ltd)
Unity Web Player (HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update Manager (Version: 4.60 - Corel Corporation) Hidden
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Virtual Families 2 - Our Dream House (HKLM\...\Virtual Families 2 - Our Dream House1.0) (Version: 1.0 - Foxy Games)
Virtual Villagers 4 - The Tree of Life (HKLM\...\Virtual Villagers 4 - The Tree of Life1.0) (Version: 1.0 - AllSmartGames)
Virtual Villagers The Secret City (HKLM\...\Virtual Villagers The Secret City_is1) (Version: - )
Visual Prolog 7.5 Personal Edition (HKLM\...\{17AF2321-4AD8-4727-B3BE-C2BE1EB49478}) (Version: 1.0.0 - Prolog Development Center)
Visual Prolog Examples (HKLM\...\{FBAD7F9E-EEE5-4C00-962B-856E793AABBA}) (Version: 1.0.0 - Prolog Development Center)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wedding Salon (HKLM\...\Wedding Salon1.0) (Version: 1.0 - Foxy Games)
Windows 7 USB/DVD Download Tool (HKLM\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Xilisoft Video Converter Ultimate 6 (HKLM\...\Xilisoft Video Converter Ultimate 6) (Version: 6.0.7.0707 - Xilisoft)
Youda Sushi Chef (HKLM\...\Youda Sushi Chef1.3.0.0) (Version: 1.3.0.0 - Adnan_Boy 2008)
Youda Sushi Chef 2 (HKLM\...\Youda Sushi Chef 2Final) (Version: Final - AllSmartGames)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{02C1231D-E588-4C33-AEF6-145B4BA256EB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{037FB476-15E0-4ED1-B11A-E420B750B1A8}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{0C1EB979-8EC7-46E8-8097-246957D6B94C}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{1434DD3D-0AF6-41E0-BB71-8C86010D9AF5}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{2837E0FE-686B-4CB0-BE53-0EA097EAF71B}\InprocServer32 -> C:\Windows\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\admin\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{47F64EC4-1AD6-4168-9D4C-00F3842F7CFB}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{4B66DD3F-2E6E-4F7C-B38C-E32608820825}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{53DBCD97-3FDF-4B60-975B-2596B57482EF}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\BBWebSLLauncher.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{5AFAFE48-7107-4FE5-B21A-86A4254541DD}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{5B7524C8-2446-40E9-9474-94A779DBA224}\InprocServer32 -> C:\Windows\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\admin\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{621D3650-F1D3-414C-97F9-03A02B211261}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{623E415A-22EF-4DAA-A2FF-E68E77A673C9}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{73D320C0-FACA-4553-9D5F-070F9E4DC5C8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\InprocServer32 -> C:\Windows\Downloaded Program Files\dwusplay.dll (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\admin\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{8BF2F61B-E8C2-4A67-85D0-D6A69F9FD948}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{915C2CEB-216B-4B7C-89E4-9ED3512D58D9}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{92C5E738-7372-4CD6-BE57-15833624EBF3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{9CAAD2EA-177B-4D07-871F-47255B5D30F3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{AD046C04-9CC6-4424-A8E2-1F8BB9D0B29D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{B391A1DB-28C8-4506-A43C-5BD6051F16BA}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{BA3D0120-E617-4F66-ADCA-585CC2FB86DB}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{C8992C14-DF59-4518-808F-CCFBB5850282}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\admin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{D41C1E5B-0566-4BB1-BE72-1A5407349CA6}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{E42CE23D-69F9-480A-A15F-BFF5E4D170C3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{E50C953D-311A-481B-8F8D-C55E65AF7417}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{E9880553-B8A7-4960-A668-95C68BED571E}\InprocServer32 -> C:\Windows\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{E9A93328-79D4-4AED-A778-146E7191F8BC}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{EB59852D-B38E-4A4C-94BA-6731836E5538}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{EE7F6B66-AC97-41CF-BD88-372DDB786DB6}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{F1522EC1-F84F-4CE2-A38C-F9384B0DFD41}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{F4CBF20B-F634-4095-B64A-2EBCDD9E560E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{F6CF0104-4F4A-4EBE-999D-A12D838E65B5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{FFF2D28F-E4EE-44D9-8104-8E71556757F6}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)

==================== Restore Points =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 09:04 - 2015-03-24 00:49 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06284F36-5749-45C5-BA17-2185F91D2B59} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {1CD2311E-821C-4969-815A-8A12D4A05C57} - System32\Tasks\Opera scheduled Autoupdate 1415471294 => C:\Program Files\Opera\launcher.exe [2014-10-29] (Opera Software)
Task: {1FCB3531-9048-4E7F-B781-9F3AA70A9C54} - System32\Tasks\{84827F1A-DB38-41C9-B0A3-CCE0D350A549} => pcalua.exe -a "D:\Data\Games\Marine Park Empire\VSetting.exe" -d "D:\Data\Games\Marine Park Empire"
Task: {23723E25-19B5-4488-92DD-731F89FDA0A7} - System32\Tasks\{98311E6E-FE96-4F79-B380-1E60838C29C0} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Task: {2BB82A17-3209-4CC6-9717-54BDDF9D5A6E} - System32\Tasks\{3F95531A-AD2B-44F9-904F-BA56A0D64CC7} => pcalua.exe -a "D:\Data\SOFTWARE INSTALLER\office 2003\OFFICE2003PRO\office2003.exe" -d "D:\Data\SOFTWARE INSTALLER\office 2003\OFFICE2003PRO"
Task: {34E26711-DA07-4C93-BDD6-FE9E2A6A3073} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-04-02] ()
Task: {3C6E5D4E-CCA9-46A5-B8EC-91B6DB9BC58C} - System32\Tasks\{68441373-41AA-4019-AFB5-A2364F0B7D7C} => pcalua.exe -a "D:\Data\TD-8817\USB Driver\Win2k_XP\Setup.exe" -d "D:\Data\TD-8817\USB Driver\Win2k_XP"
Task: {3E3B39BB-903B-4B54-8A28-0F4BCBBB5952} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {41D30E25-42DE-4F98-8E9E-D223D3FA0C1F} - System32\Tasks\{9940E129-94BD-49DC-81A8-E9D32157B647} => pcalua.exe -a E:\setup.exe -d E:\
Task: {452D485E-EEF1-443B-84C6-3F4A5B549583} - System32\Tasks\{501B4426-EA36-402C-B09B-328F4E078F7E} => pcalua.exe -a "E:\AOE 3 EXPANSION\War chifs.exe" -d "E:\AOE 3 EXPANSION"
Task: {479D22A0-7418-4717-8E12-D3912F3011FF} - System32\Tasks\{DEDB7669-E194-4604-BFC0-AEAA77DAA8D4} => pcalua.exe -a D:\Data\C++\tubes1stima\new\zoek.com -d D:\Data\C++\tubes1stima\new
Task: {5881CCBB-3F0F-4E55-9390-5291BCFE435C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {5B922E50-4277-48EB-B78E-609E0706D753} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {73CCC22B-6257-4769-8DA7-27250977F741} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1380481859-1212219880-2585911621-1000UA => C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {7D36D661-B17E-4E06-9E75-467AC91C995F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1380481859-1212219880-2585911621-1000Core => C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {85DAADAA-A287-4F30-A833-6F8561144403} - System32\Tasks\{F4331E3B-EE15-47A0-A3AD-E55D5D56771F} => pcalua.exe -a "D:\Data\SOFTWARE INSTALLER\Microsoft Visio Professional\Microsoft Visio Professional.exe" -d "D:\Data\SOFTWARE INSTALLER\Microsoft Visio Professional"
Task: {86E92CF0-2D87-4B3D-848B-F291E3F5E7A4} - System32\Tasks\{7A08418A-343A-4467-88E6-14CEB64A2094} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {8AD4CAAF-A772-47C8-B02C-11EAA02AA1E6} - System32\Tasks\{E53DFB75-2130-4F8D-B869-42D6797CC2FB} => pcalua.exe -a D:\Data\jdk-8u31-windows-i586.exe -d C:\Users\admin\AppData\Roaming\IDM
Task: {9302F945-65B7-4BA5-8B25-0D8D5AED914E} - System32\Tasks\{34627E88-8746-4B63-B60C-41D0AEFBEF63} => pcalua.exe -a C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe -c /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
Task: {93DB1D6C-3965-4C64-85A0-A703F1EC7D8A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9F7D34E0-8B5F-4FC7-B013-387BCC5EDF84} - System32\Tasks\{9CE9EC86-7B73-4543-B038-9BA0D818A1DC} => pcalua.exe -a "D:\Data\Games\Discovery - A Seek and Find Adventure\Discovery - A Seek and Find Adventure\Uninstall.exe" -d "D:\Data\Games\Discovery - A Seek and Find Adventure\Discovery - A Seek and Find Adventure"
Task: {A32D897D-035E-4BBF-9B2B-933F5586CF16} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-31] (Google Inc.)
Task: {A35820A8-7853-4F14-A15D-F26593D4B829} - System32\Tasks\{0880C059-5BF8-4B0C-9D66-B132337275F1} => pcalua.exe -a G:\SC4_uninst.exe -d G:\
Task: {A435BBFC-8B7B-4BC0-962A-A026FCED7646} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {A8FB1550-47D3-423F-B512-0FADF521F33A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-24] (Adobe Systems Incorporated)
Task: {B18693A4-DA59-40B9-9BFB-B48B479B053B} - System32\Tasks\klcp_update => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2014-12-13] ()
Task: {B22BB078-994E-4737-909C-85D91F327836} - System32\Tasks\{45A5638E-CE9E-45F2-8DA3-1AE4722FE1F0} => pcalua.exe -a C:\Users\admin\AppData\Local\Temp\dlmF3E0.tmp\caesar4_demo_en.exe -d C:\Users\admin\Downloads
Task: {B28FAAF3-FFD1-492A-9865-6C285EE78955} - System32\Tasks\{6ADE60D7-9F2A-4DF0-8836-9E79AF84D940} => pcalua.exe -a D:\Data\C++\tubes1stima\new\zoek.scr -d D:\Data\C++\tubes1stima\new -c /S
Task: {BAE76ED0-4A70-41E4-88E2-E5B39E6BE29E} - System32\Tasks\{4517BB71-6CE1-4565-8F92-E9271B0ADA9C} => pcalua.exe -a E:\rld-sim3.part1.exe -d E:\
Task: {BAE7D7DD-048E-4492-B729-8061A6A9D6BF} - System32\Tasks\{2C66C202-71B1-44A8-8736-A8B0E1BFF01E} => pcalua.exe -a G:\eauninstall.exe -d G:\
Task: {BC2D6E7D-34FC-4759-8D68-FF4D860ECCD5} - System32\Tasks\{89F044CC-8181-47A4-BED2-6E8FB2BA6554} => pcalua.exe -a "D:\Data\Games\Need For Speed Carbon\Support\Need for Speed Carbon_uninst.exe" -d "D:\Data\Games\Need For Speed Carbon\Support"
Task: {BD6FC539-7761-4B36-83B6-4E74E3A22CE6} - System32\Tasks\GoogleUpdater => Rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";document.write((new%20ActiveXObject("WScript.Shell")).RegRead("HKCU\\software\\microsoft\\internet explorer\\zergling_rush"))
Task: {BF641E23-3353-47F6-86B2-D3A9C3206679} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-31] (Google Inc.)
Task: {D335D799-79A3-428D-9253-0266FB1DAF29} - System32\Tasks\GoogleUpdateTaskMachineCore1ce820314248fdf => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-31] (Google Inc.)
Task: {ED577D4C-5C08-40DC-979F-A760FFBDEE20} - System32\Tasks\gg_uac_daemon_admin => C:\Program Files\Garena Plus\ggdllhost.exe [2015-01-20] ()
Task: {F07197BD-4D7C-4A2D-B309-301A4F79DE29} - System32\Tasks\{4B2DA71E-77D7-4C45-9A9D-BE67B958ADF7} => pcalua.exe -a "E:\AOE3Y ASIA DYNASTY\AOE3Y ASIA DYNASTY.exe" -d "E:\AOE3Y ASIA DYNASTY"
Task: {F723F7EE-576C-4BB3-83E2-FF12D439E283} - \Buenosearch No Task File <==== ATTENTION
Task: {F750CC50-F30C-477B-BD10-D9F83557F358} - System32\Tasks\{924101DE-4CB5-4C65-8C78-3397D03F971C} => pcalua.exe -a "C:\Program Files\Plus-HD-9.4\Uninstall.exe" -c /fcp=1
Task: {FAF45159-4EEA-4F53-B7D4-FC91ADB7BB36} - System32\Tasks\{A148AC2E-6045-488F-9421-7056639D437C} => pcalua.exe -a "D:\Data\Games\SimCity 4\EAUninstall.exe"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1380481859-1212219880-2585911621-1000Core.job => C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1380481859-1212219880-2585911621-1000UA.job => C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce820314248fdf.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-06-24 18:07 - 2014-09-11 13:06 - 00019216 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\TeamViewer_PrintProcessor.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-03-31 07:34 - 2012-01-20 14:55 - 00427520 _____ () C:\Program Files\TeraCopy\TeraCopyExt.dll
2012-06-18 22:24 - 2012-06-18 22:24 - 00260096 _____ () D:\Data\Notepad++\NppShell_05.dll
2014-06-10 19:55 - 2014-10-18 15:33 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2011-09-20 05:15 - 2010-12-23 06:27 - 00080496 _____ () C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll
2011-09-20 05:15 - 2010-12-23 06:27 - 00113264 _____ () C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
2011-09-20 05:15 - 2010-12-23 06:27 - 00623216 _____ () C:\Program Files\VIA\VIAudioi\VDeck\Skin.dll
2013-11-21 18:27 - 2015-01-20 19:20 - 00055896 _____ () C:\Program Files\Garena Plus\ggdllhost.exe
2013-11-21 18:27 - 2015-01-20 19:20 - 00560216 _____ () C:\Program Files\Garena Plus\ggspawn.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\admin\Downloads\BlueStacks-SplitInstaller_native (1).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\BlueStacks-SplitInstaller_native_b.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\cbsidlm-cbsi188-Caesar_IV_demo-ORG-10573828.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\chromeinstall-7u55.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\Crossfire_downloader (1).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\Crossfire_downloader.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\CrossFire_NA.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\Drama Downloader__3834_il1765 (1).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\Drama Downloader__3834_il1765 (2).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\Drama Downloader__3834_il1765 (3).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\Drama Downloader__3834_il1765 (4).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\Drama Downloader__3834_il1765 (5).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\Drama Downloader__3834_il1765.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\IE11-Windows6.1.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\npp.6.5.5.Installer.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\TypingTrainer.exe:BDU
AlternateDataStreams: C:\ProgramData\TEMP:0DE97E88
AlternateDataStreams: C:\ProgramData\TEMP:19C3BC3A
AlternateDataStreams: C:\ProgramData\TEMP:371A321E
AlternateDataStreams: C:\ProgramData\TEMP:3B07E6F4
AlternateDataStreams: C:\ProgramData\TEMP:436DEE1E
AlternateDataStreams: C:\ProgramData\TEMP:471AD3D0
AlternateDataStreams: C:\ProgramData\TEMP:4B244549
AlternateDataStreams: C:\ProgramData\TEMP:517B507A
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:5ED747B8
AlternateDataStreams: C:\ProgramData\TEMP:69FD6BF0
AlternateDataStreams: C:\ProgramData\TEMP:98F0614F
AlternateDataStreams: C:\ProgramData\TEMP:A636021B
AlternateDataStreams: C:\ProgramData\TEMP:AF9BF410
AlternateDataStreams: C:\ProgramData\TEMP:B6AF2226
AlternateDataStreams: C:\ProgramData\TEMP

48500F8
AlternateDataStreams: C:\ProgramData\TEMP

A9A5EA8
AlternateDataStreams: C:\ProgramData\TEMP

E6EED8B

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4

vickonovianto · Mar 24, 2015

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 3
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: BackupStack => 2
MSCONFIG\Services: BAVSvc => 2
MSCONFIG\Services: BrowserProtect => 2
MSCONFIG\Services: DefaultTabSearch => 2
MSCONFIG\Services: DefaultTabUpdate => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: PnkBstrA => 2
MSCONFIG\Services: Sony Ericsson PCCompanion => 3
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: Facebook Update => "C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: GarenaPlus => "C:\Program Files\Garena Plus\GarenaMessenger.exe" -autolaunch
MSCONFIG\startupreg: iCloudServices => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: IDMan => C:\Program Files\IDM\Internet Download Manager\IDMan.exe /onboot
MSCONFIG\startupreg: InFX => "C:\Users\admin\AppData\Roaming\StratFX\nircmd.exe" exec hide "C:\Users\admin\AppData\Roaming\StratFX\begin.bat"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

==================== Accounts: =============================

admin (S-1-5-21-1380481859-1212219880-2585911621-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-1380481859-1212219880-2585911621-500 - Administrator - Disabled)
Guest (S-1-5-21-1380481859-1212219880-2585911621-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/24/2015 00:48:28 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/24/2015 00:11:35 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (03/23/2015 08:24:07 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (03/23/2015 08:24:06 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (03/23/2015 08:23:11 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (03/23/2015 08:06:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: taskhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc0f9
Faulting module name: New.dll, version: 0.0.0.0, time stamp: 0x550a9b5e
Exception code: 0xc0000005
Fault offset: 0x00001758
Faulting process id: 0x6cc
Faulting application start time: 0xtaskhost.exe0
Faulting application path: taskhost.exe1
Faulting module path: taskhost.exe2
Report Id: taskhost.exe3

Error: (03/23/2015 08:06:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: taskhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc0f9
Faulting module name: New.dll, version: 0.0.0.0, time stamp: 0x550a9b5e
Exception code: 0xc0000005
Fault offset: 0x00001758
Faulting process id: 0x6cc
Faulting application start time: 0xtaskhost.exe0
Faulting application path: taskhost.exe1
Faulting module path: taskhost.exe2
Report Id: taskhost.exe3

Error: (03/22/2015 08:02:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: taskhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc0f9
Faulting module name: New.dll, version: 0.0.0.0, time stamp: 0x550a9b5e
Exception code: 0xc0000005
Fault offset: 0x00001758
Faulting process id: 0x690
Faulting application start time: 0xtaskhost.exe0
Faulting application path: taskhost.exe1
Faulting module path: taskhost.exe2
Report Id: taskhost.exe3

Error: (03/22/2015 08:02:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: taskhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc0f9
Faulting module name: New.dll, version: 0.0.0.0, time stamp: 0x550a9b5e
Exception code: 0xc0000005
Fault offset: 0x00001758
Faulting process id: 0x690
Faulting application start time: 0xtaskhost.exe0
Faulting application path: taskhost.exe1
Faulting module path: taskhost.exe2
Report Id: taskhost.exe3

Error: (03/22/2015 08:01:51 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

System errors:
=============
Error: (03/24/2015 07:03:44 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (03/24/2015 07:02:08 PM) (Source: sptd) (EventID: 4) (User: )
Description: Driver detected an internal error in its data structures for .

Error: (03/24/2015 09:33:39 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (03/24/2015 09:33:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error:
%%1053

Error: (03/24/2015 09:33:22 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.

Error: (03/24/2015 09:32:13 AM) (Source: sptd) (EventID: 4) (User: )
Description: Driver detected an internal error in its data structures for .

Error: (03/24/2015 09:29:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/24/2015 09:29:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/24/2015 09:29:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/24/2015 09:29:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2310 CPU @ 2.90GHz
Percentage of memory in use: 47%
Total physical RAM: 3062.66 MB
Available physical RAM: 1610.65 MB
Total Pagefile: 6130.93 MB
Available Pagefile: 4687.4 MB
Total Virtual: 2047.88 MB
Available Virtual: 1909.64 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:97.66 GB) (Free:10.53 GB) NTFS
Drive d: (Data) (Fixed) (Total:368.01 GB) (Free:46.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E8707DFE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368 GB) - (Type=07 NTFS)

==================== End Of Log ============================

vickonovianto · Mar 24, 2015

When booting in safe mode with networking, I still cannot download Malwarebytes Anti Malware and I still cannot open several websites, such as microsoft.com. Facebook.com is also still very slow. And other program cannot connect to internet, such as Malwarebytes Anti Malware cannot update, etc.http://www.bbc.co.uk/learningenglish becomes slow again.

Broni · Mar 24, 2015

It looks like we have issue with malicious proxies. Let see if the fix listed below will help.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

vickonovianto · Mar 25, 2015

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by admin at 2015-03-25 20:24:36 Run:1
Running from D:\
Loaded Profiles: admin (Available profiles: admin)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Local Policy Restriction on IP: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{70d5cbed-af3f-49bd-a9bb-89911ba40d92} <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:57593;https=127.0.0.1:57593
RemoveProxy:
Toolbar: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Toolbar: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll No File
FF Plugin HKU\S-1-5-21-1380481859-1212219880-2585911621-1000: @catalinahub.com/CatalinaGroup Update;version=3 -> C:\Users\admin\AppData\Local\CatalinaGroup\Update\1.3.25.203\npCatalinaUpdate3.dll No File
FF Plugin HKU\S-1-5-21-1380481859-1212219880-2585911621-1000: @catalinahub.com/CatalinaGroup Update;version=9 -> C:\Users\admin\AppData\Local\CatalinaGroup\Update\1.3.25.203\npCatalinaUpdate3.dll No File
CHR HKLM\...\Chrome\Extension: [okcnagmljeeakjmdbbflcanhlienmofh] - No Path Or update_url value
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 catchme; \??\C:\Users\admin\AppData\Local\Temp\catchme.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [X]
S3 PCFApiUtil; \??\C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys [X]
S3 XDva392; No ImagePath
2013-10-02 15:51 - 2013-10-02 15:51 - 0000160 _____ () C:\Users\admin\AppData\Roaming\ICARE_ACTIVITY.LOG
2014-06-04 12:29 - 2014-10-18 15:34 - 0138576 _____ () C:\Users\admin\AppData\Roaming\PnkBstrK.sys
2011-12-22 16:15 - 2014-03-14 00:10 - 0003150 _____ () C:\Users\admin\AppData\Roaming\Rim.Desktop.Exception.log
2011-12-22 16:14 - 2014-03-13 22:49 - 0002245 _____ () C:\Users\admin\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2011-12-22 16:15 - 2014-03-14 00:10 - 0001078 _____ () C:\Users\admin\AppData\Roaming\Rim.DesktopHelper.Exception.log
2013-08-27 22:02 - 2014-02-14 04:58 - 0045270 _____ () C:\Users\admin\AppData\Roaming\room_v3.dat
2015-01-31 07:19 - 2015-01-31 07:19 - 0000000 ____H () C:\Users\admin\AppData\Local\BIT276D.tmp
2015-01-31 07:19 - 2015-01-31 07:19 - 0000000 ____H () C:\Users\admin\AppData\Local\BIT2829.tmp
2015-01-20 22:33 - 2015-01-20 22:33 - 0000000 ____H () C:\Users\admin\AppData\Local\BIT2EDC.tmp
2015-01-20 22:33 - 2015-01-20 22:33 - 0000000 ____H () C:\Users\admin\AppData\Local\BIT3044.tmp
2015-01-22 16:51 - 2015-01-22 16:51 - 0000000 ____H () C:\Users\admin\AppData\Local\BITEF2E.tmp
2015-01-22 16:51 - 2015-01-22 16:51 - 0000000 ____H () C:\Users\admin\AppData\Local\BITF113.tmp
2014-11-16 11:53 - 2014-11-16 11:53 - 0007597 _____ () C:\Users\admin\AppData\Local\Resmon.ResmonCfg
2015-03-19 17:07 - 2015-03-19 17:09 - 0000000 _____ () C:\Users\admin\AppData\Local\{1AD142FE-67A3-4557-965B-2DDC569DA78A}
2015-01-22 16:50 - 2015-01-22 16:50 - 0000000 _____ () C:\Users\admin\AppData\Local\{3C7EB1C3-A1E4-4026-B49A-B6D3519C3F1C}
2015-01-22 16:50 - 2015-01-22 16:50 - 0000000 _____ () C:\Users\admin\AppData\Local\{44ED26BF-F402-4764-9F29-0C9ADC9EEB1D}
2015-03-18 17:02 - 2015-03-18 17:03 - 0000000 _____ () C:\Users\admin\AppData\Local\{46C92CE2-094E-4FD1-A87D-27790563DBA3}
2015-01-08 10:14 - 2015-01-08 10:14 - 0000000 _____ () C:\Users\admin\AppData\Local\{4B96569B-0EC0-4114-BDC3-3C6AFB118504}
2015-01-20 22:32 - 2015-01-20 22:32 - 0000000 _____ () C:\Users\admin\AppData\Local\{4BEF06CE-F36F-423E-8822-264D901ABF44}
2015-02-27 19:33 - 2015-02-27 19:35 - 0000000 _____ () C:\Users\admin\AppData\Local\{587072C4-0EF0-43FF-AE94-9291A47B864B}
2015-01-08 10:14 - 2015-01-08 10:14 - 0000000 _____ () C:\Users\admin\AppData\Local\{8CAA9C65-EE8D-4296-ACD9-62651D27DFFF}
2015-02-16 19:10 - 2015-02-16 19:10 - 0000000 _____ () C:\Users\admin\AppData\Local\{8E658E09-D036-4EA6-A4D6-4E00C88D1BED}
2015-02-16 19:10 - 2015-02-16 19:10 - 0000000 _____ () C:\Users\admin\AppData\Local\{9CEC9CB6-F346-45A4-8D30-C319CACDB681}
2015-03-19 17:07 - 2015-03-19 17:09 - 0000000 _____ () C:\Users\admin\AppData\Local\{A2D7BD5C-678B-4B02-94A8-5B08DEE0CDCA}
2015-01-20 22:32 - 2015-01-20 22:32 - 0000000 _____ () C:\Users\admin\AppData\Local\{AC362A9C-19FF-4A97-AF4B-27A4602CCA70}
2015-02-27 19:33 - 2015-02-27 19:35 - 0000000 _____ () C:\Users\admin\AppData\Local\{C44B1E1A-3498-4F00-B71E-FB709A551C3C}
2015-03-18 17:02 - 2015-03-18 17:03 - 0000000 _____ () C:\Users\admin\AppData\Local\{E32997FB-EE08-400D-A9C2-A58B04C11250}
2015-01-31 07:18 - 2015-01-31 07:20 - 0000000 _____ () C:\Users\admin\AppData\Local\{EEB81C14-3071-49A7-B693-C2BD4FA00545}
2015-01-31 07:18 - 2015-01-31 07:20 - 0000000 _____ () C:\Users\admin\AppData\Local\{F6249803-CE9A-4FC5-BA0B-4613EFDBBF9D}
2014-05-17 00:09 - 2013-01-07 11:04 - 0000037 _____ () C:\ProgramData\ttrainer8.data
C:\Users\admin\ntuserdirect_MyManager.dat
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{02C1231D-E588-4C33-AEF6-145B4BA256EB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{0C1EB979-8EC7-46E8-8097-246957D6B94C}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{1434DD3D-0AF6-41E0-BB71-8C86010D9AF5}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{4B66DD3F-2E6E-4F7C-B38C-E32608820825}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{73D320C0-FACA-4553-9D5F-070F9E4DC5C8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{8BF2F61B-E8C2-4A67-85D0-D6A69F9FD948}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{AD046C04-9CC6-4424-A8E2-1F8BB9D0B29D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{BA3D0120-E617-4F66-ADCA-585CC2FB86DB}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{D41C1E5B-0566-4BB1-BE72-1A5407349CA6}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{EE7F6B66-AC97-41CF-BD88-372DDB786DB6}\localserver32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{F4CBF20B-F634-4095-B64A-2EBCDD9E560E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{F6CF0104-4F4A-4EBE-999D-A12D838E65B5}\InprocServer32 -> No File Path
Task: {23723E25-19B5-4488-92DD-731F89FDA0A7} - System32\Tasks\{98311E6E-FE96-4F79-B380-1E60838C29C0} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
C:\Program Files\AVAST Software
Task: {3E3B39BB-903B-4B54-8A28-0F4BCBBB5952} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {F723F7EE-576C-4BB3-83E2-FF12D439E283} - \Buenosearch No Task File <==== ATTENTION
AlternateDataStreams: C:\Users\admin\Downloads\BlueStacks-SplitInstaller_native (1).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\BlueStacks-SplitInstaller_native_b.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\cbsidlm-cbsi188-Caesar_IV_demo-ORG-10573828.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\chromeinstall-7u55.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\Crossfire_downloader (1).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\Crossfire_downloader.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\CrossFire_NA.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\Drama Downloader__3834_il1765 (1).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\Drama Downloader__3834_il1765 (2).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\Drama Downloader__3834_il1765 (3).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\Drama Downloader__3834_il1765 (4).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\Drama Downloader__3834_il1765 (5).exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\Drama Downloader__3834_il1765.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\IE11-Windows6.1.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\npp.6.5.5.Installer.exe:BDU
AlternateDataStreams: C:\Users\admin\Downloads\TypingTrainer.exe:BDU
AlternateDataStreams: C:\ProgramData\TEMP:0DE97E88
AlternateDataStreams: C:\ProgramData\TEMP:19C3BC3A
AlternateDataStreams: C:\ProgramData\TEMP:371A321E
AlternateDataStreams: C:\ProgramData\TEMP:3B07E6F4
AlternateDataStreams: C:\ProgramData\TEMP:436DEE1E
AlternateDataStreams: C:\ProgramData\TEMP:471AD3D0
AlternateDataStreams: C:\ProgramData\TEMP:4B244549
AlternateDataStreams: C:\ProgramData\TEMP:517B507A
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\ProgramData\TEMP:5ED747B8
AlternateDataStreams: C:\ProgramData\TEMP:69FD6BF0
AlternateDataStreams: C:\ProgramData\TEMP:98F0614F
AlternateDataStreams: C:\ProgramData\TEMP:A636021B
AlternateDataStreams: C:\ProgramData\TEMP:AF9BF410
AlternateDataStreams: C:\ProgramData\TEMP:B6AF2226
AlternateDataStreams: C:\ProgramData\TEMP

48500F8
AlternateDataStreams: C:\ProgramData\TEMP

A9A5EA8
AlternateDataStreams: C:\ProgramData\TEMP

E6EED8B

*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
Local Policy Restriction on IP: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{70d5cbed-af3f-49bd-a9bb-89911ba40d92} <======= ATTENTION => Error: No automatic fix found for this entry.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.

========= End of RemoveProxy: =========

HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => value deleted successfully.
HKCR\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => Key not found.
HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
"HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6" => Key deleted successfully.
"HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\Software\MozillaPlugins\@catalinahub.com/CatalinaGroup Update;version=3" => Key deleted successfully.
C:\Users\admin\AppData\Local\CatalinaGroup\Update\1.3.25.203\npCatalinaUpdate3.dll not found.
"HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\Software\MozillaPlugins\@catalinahub.com/CatalinaGroup Update;version=9" => Key deleted successfully.
C:\Users\admin\AppData\Local\CatalinaGroup\Update\1.3.25.203\npCatalinaUpdate3.dll not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\okcnagmljeeakjmdbbflcanhlienmofh" => Key deleted successfully.
BprotectEx => Service deleted successfully.
catchme => Service deleted successfully.
EagleXNt => Service deleted successfully.
GGSAFERDriver => Service deleted successfully.
PCFApiUtil => Service deleted successfully.
XDva392 => Service deleted successfully.
C:\Users\admin\AppData\Roaming\ICARE_ACTIVITY.LOG => Moved successfully.
C:\Users\admin\AppData\Roaming\PnkBstrK.sys => Moved successfully.
C:\Users\admin\AppData\Roaming\Rim.Desktop.Exception.log => Moved successfully.
C:\Users\admin\AppData\Roaming\Rim.Desktop.HttpServerSetup.log => Moved successfully.
C:\Users\admin\AppData\Roaming\Rim.DesktopHelper.Exception.log => Moved successfully.
C:\Users\admin\AppData\Roaming\room_v3.dat => Moved successfully.
C:\Users\admin\AppData\Local\BIT276D.tmp => Moved successfully.
C:\Users\admin\AppData\Local\BIT2829.tmp => Moved successfully.
C:\Users\admin\AppData\Local\BIT2EDC.tmp => Moved successfully.
C:\Users\admin\AppData\Local\BIT3044.tmp => Moved successfully.
C:\Users\admin\AppData\Local\BITEF2E.tmp => Moved successfully.
C:\Users\admin\AppData\Local\BITF113.tmp => Moved successfully.
C:\Users\admin\AppData\Local\Resmon.ResmonCfg => Moved successfully.
C:\Users\admin\AppData\Local\{1AD142FE-67A3-4557-965B-2DDC569DA78A} => Moved successfully.
C:\Users\admin\AppData\Local\{3C7EB1C3-A1E4-4026-B49A-B6D3519C3F1C} => Moved successfully.
C:\Users\admin\AppData\Local\{44ED26BF-F402-4764-9F29-0C9ADC9EEB1D} => Moved successfully.
C:\Users\admin\AppData\Local\{46C92CE2-094E-4FD1-A87D-27790563DBA3} => Moved successfully.
C:\Users\admin\AppData\Local\{4B96569B-0EC0-4114-BDC3-3C6AFB118504} => Moved successfully.
C:\Users\admin\AppData\Local\{4BEF06CE-F36F-423E-8822-264D901ABF44} => Moved successfully.
C:\Users\admin\AppData\Local\{587072C4-0EF0-43FF-AE94-9291A47B864B} => Moved successfully.
C:\Users\admin\AppData\Local\{8CAA9C65-EE8D-4296-ACD9-62651D27DFFF} => Moved successfully.
C:\Users\admin\AppData\Local\{8E658E09-D036-4EA6-A4D6-4E00C88D1BED} => Moved successfully.
C:\Users\admin\AppData\Local\{9CEC9CB6-F346-45A4-8D30-C319CACDB681} => Moved successfully.
C:\Users\admin\AppData\Local\{A2D7BD5C-678B-4B02-94A8-5B08DEE0CDCA} => Moved successfully.
C:\Users\admin\AppData\Local\{AC362A9C-19FF-4A97-AF4B-27A4602CCA70} => Moved successfully.
C:\Users\admin\AppData\Local\{C44B1E1A-3498-4F00-B71E-FB709A551C3C} => Moved successfully.
C:\Users\admin\AppData\Local\{E32997FB-EE08-400D-A9C2-A58B04C11250} => Moved successfully.
C:\Users\admin\AppData\Local\{EEB81C14-3071-49A7-B693-C2BD4FA00545} => Moved successfully.
C:\Users\admin\AppData\Local\{F6249803-CE9A-4FC5-BA0B-4613EFDBBF9D} => Moved successfully.
C:\ProgramData\ttrainer8.data => Moved successfully.
C:\Users\admin\ntuserdirect_MyManager.dat => Moved successfully.
"HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{02C1231D-E588-4C33-AEF6-145B4BA256EB}" => Key deleted successfully.
"HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{0C1EB979-8EC7-46E8-8097-246957D6B94C}" => Key deleted successfully.
"HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{1434DD3D-0AF6-41E0-BB71-8C86010D9AF5}" => Key deleted successfully.
"HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{4B66DD3F-2E6E-4F7C-B38C-E32608820825}" => Key deleted successfully.
"HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{73D320C0-FACA-4553-9D5F-070F9E4DC5C8}" => Key deleted successfully.
"HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{8BF2F61B-E8C2-4A67-85D0-D6A69F9FD948}" => Key deleted successfully.
"HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{AD046C04-9CC6-4424-A8E2-1F8BB9D0B29D}" => Key deleted successfully.
"HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{BA3D0120-E617-4F66-ADCA-585CC2FB86DB}" => Key deleted successfully.
"HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{D41C1E5B-0566-4BB1-BE72-1A5407349CA6}" => Key deleted successfully.
"HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{EE7F6B66-AC97-41CF-BD88-372DDB786DB6}" => Key deleted successfully.
"HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{F4CBF20B-F634-4095-B64A-2EBCDD9E560E}" => Key deleted successfully.
"HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{F6CF0104-4F4A-4EBE-999D-A12D838E65B5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23723E25-19B5-4488-92DD-731F89FDA0A7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23723E25-19B5-4488-92DD-731F89FDA0A7}" => Key deleted successfully.
C:\Windows\System32\Tasks\{98311E6E-FE96-4F79-B380-1E60838C29C0} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{98311E6E-FE96-4F79-B380-1E60838C29C0}" => Key deleted successfully.
"C:\Program Files\AVAST Software" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3E3B39BB-903B-4B54-8A28-0F4BCBBB5952}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E3B39BB-903B-4B54-8A28-0F4BCBBB5952}" => Key deleted successfully.
C:\Windows\System32\Tasks\avast! Emergency Update => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avast! Emergency Update" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F723F7EE-576C-4BB3-83E2-FF12D439E283}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F723F7EE-576C-4BB3-83E2-FF12D439E283}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Buenosearch" => Key deleted successfully.
C:\Users\admin\Downloads\BlueStacks-SplitInstaller_native (1).exe => ":BDU" ADS removed successfully.
C:\Users\admin\Downloads\BlueStacks-SplitInstaller_native_b.exe => ":BDU" ADS removed successfully.
C:\Users\admin\Downloads\cbsidlm-cbsi188-Caesar_IV_demo-ORG-10573828.exe => ":BDU" ADS removed successfully.
C:\Users\admin\Downloads\chromeinstall-7u55.exe => ":BDU" ADS removed successfully.
C:\Users\admin\Downloads\Crossfire_downloader (1).exe => ":BDU" ADS removed successfully.
C:\Users\admin\Downloads\Crossfire_downloader.exe => ":BDU" ADS removed successfully.
C:\Users\admin\Downloads\CrossFire_NA.exe => ":BDU" ADS removed successfully.
C:\Users\admin\Downloads\Drama Downloader__3834_il1765 (1).exe => ":BDU" ADS removed successfully.
C:\Users\admin\Downloads\Drama Downloader__3834_il1765 (2).exe => ":BDU" ADS removed successfully.
C:\Users\admin\Downloads\Drama Downloader__3834_il1765 (3).exe => ":BDU" ADS removed successfully.
C:\Users\admin\Downloads\Drama Downloader__3834_il1765 (4).exe => ":BDU" ADS removed successfully.
C:\Users\admin\Downloads\Drama Downloader__3834_il1765 (5).exe => ":BDU" ADS removed successfully.
C:\Users\admin\Downloads\Drama Downloader__3834_il1765.exe => ":BDU" ADS removed successfully.
C:\Users\admin\Downloads\IE11-Windows6.1.exe => ":BDU" ADS removed successfully.
C:\Users\admin\Downloads\npp.6.5.5.Installer.exe => ":BDU" ADS removed successfully.
C:\Users\admin\Downloads\TypingTrainer.exe => ":BDU" ADS removed successfully.
C:\ProgramData\TEMP => ":0DE97E88" ADS removed successfully.
C:\ProgramData\TEMP => ":19C3BC3A" ADS removed successfully.
C:\ProgramData\TEMP => ":371A321E" ADS removed successfully.
C:\ProgramData\TEMP => ":3B07E6F4" ADS removed successfully.
C:\ProgramData\TEMP => ":436DEE1E" ADS removed successfully.
C:\ProgramData\TEMP => ":471AD3D0" ADS removed successfully.
C:\ProgramData\TEMP => ":4B244549" ADS removed successfully.
C:\ProgramData\TEMP => ":517B507A" ADS removed successfully.
C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully.
C:\ProgramData\TEMP => ":5ED747B8" ADS removed successfully.
C:\ProgramData\TEMP => ":69FD6BF0" ADS removed successfully.
C:\ProgramData\TEMP => ":98F0614F" ADS removed successfully.
C:\ProgramData\TEMP => ":A636021B" ADS removed successfully.
C:\ProgramData\TEMP => ":AF9BF410" ADS removed successfully.
C:\ProgramData\TEMP => ":B6AF2226" ADS removed successfully.
C:\ProgramData\TEMP => "

48500F8" ADS removed successfully.
C:\ProgramData\TEMP => "

A9A5EA8" ADS removed successfully.
C:\ProgramData\TEMP => "

E6EED8B" ADS removed successfully.

==== End of Fixlog 20:24:37 ====

vickonovianto · Mar 25, 2015

Facebook.com has become faster a bit but some icons not displayed, bbc learning can be opened, but microsoft.com cannot be opened. Malwarebytes Anti Malware still cannot update.

Broni · Mar 25, 2015

Re-run FRST one more time and give me fresh logs.
Make sure you checkmark Addition.txt box so both logs will be produced.

vickonovianto · Mar 26, 2015

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by admin (administrator) on ADMIN-PC on 26-03-2015 16:21:05
Running from D:\
Loaded Profiles: admin (Available profiles: admin)
Platform: Microsoft Windows 7 Ultimate (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
() C:\Program Files\Garena Plus\ggdllhost.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Tonec Inc.) C:\Program Files\IDM\Internet Download Manager\IDMan.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
() C:\Windows\System32\PnkBstrA.exe
(TeamViewer GmbH) D:\Data\Games\Team Viewer 9\TeamViewer_Service.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Service.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(BlueStack Systems) C:\Program Files\BlueStacks\HD-Network.exe
(Tonec Inc.) C:\Program Files\IDM\Internet Download Manager\IEMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(BlueStack Systems) C:\Program Files\BlueStacks\HD-BlockDevice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(BlueStack Systems) C:\Program Files\BlueStacks\HD-SharedFolder.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(INNORIX) C:\Windows\System32\innosvcd.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HDAudDeck] => C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [2047088 2010-12-23] (VIA)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-02-17] (LogMeIn Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-02-13] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\...\Run: [IDMan] => C:\Program Files\IDM\Internet Download Manager\IDMan.exe [3890768 2015-02-28] (Tonec Inc.)
HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x20000000
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\IDM\Internet Download Manager\IDMShellExt.dll (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Local Policy Restriction on IP: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{70d5cbed-af3f-49bd-a9bb-89911ba40d92} <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\IDM\Internet Download Manager\IDMIECC.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-02-13] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-02-13] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-01-23] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 91.194.254.105 8.8.8.8
Tcpip\..\Interfaces\{515E0BE1-5E90-47D0-88F7-E09BD12DBAFC}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{5897E3A2-9727-4A42-8EB5-9424E4FCA0E5}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{9D152133-7846-4DAC-B21E-A7253D1E1963}: [NameServer] 208.67.222.222,208.67.220.220

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\1h0mjti4.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-08] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-15] (CANON INC.)
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-08] (Google)
FF Plugin: @innorix.com/innogmp -> C:\Program Files\INNORIX\npinnogmp.dll [2013-04-04] (INNORIX)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-02-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-02-13] (Oracle Corporation)
FF Plugin: @kamuse.com/npKLiveMBCPlugin -> C:\Users\admin\AppData\Roaming\KLive\MBC\npKLiveMBCPlugin.dll [2011-08-25] (kamuse)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-01-16] ( Garena)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-12-19] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1380481859-1212219880-2585911621-1000: @innorix.com/innogmp -> C:\Program Files\INNORIX\npinnogmp.dll [2013-04-04] (INNORIX)
FF Plugin HKU\S-1-5-21-1380481859-1212219880-2585911621-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\admin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1380481859-1212219880-2585911621-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-22] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2003-07-15] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2011-09-06] (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-09-01]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-01]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - D:\Data\Avast\WebRep\FF
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-02-08]
FF HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\admin\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\admin\AppData\Roaming\IDM\idmmzcc5 [2015-02-28]
FF HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\admin\AppData\Roaming\IDM\idmmzcc5
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox 4.0 Beta 6\firefox.exe

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-04]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-31]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-16]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-07-31]
CHR Extension: (AdBlock) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (IDM Integration Module) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2015-02-28]
CHR Extension: (No Name) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-31]
CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-05]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\IDM\Internet Download Manager\IDMGCExt.crx [2015-02-24]
CHR HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\admin\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-07-29]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-09-20] (Adobe Systems) [File not signed]
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)
S3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [402192 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-21] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [774928 2014-05-21] (BlueStack Systems, Inc.)
S3 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2\bin\fbguard.exe [81920 2011-02-01] (Firebird Project) [File not signed]
S3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2\bin\fbserver.exe [2764800 2011-02-01] (Firebird Project) [File not signed]
S3 GSService; C:\Windows\system32\GSService.exe [444640 2014-07-28] ()
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1848680 2015-02-17] (LogMeIn Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-06] ()
R2 Innosvcd; C:\Windows\system32\innosvcd.exe [193144 2013-04-04] (INNORIX)
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [411920 2015-02-16] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-27] (Microsoft Corporation) [File not signed]
S3 npggsvc; C:\Windows\system32\GameMon.des [5161056 2014-01-16] (INCA Internet Co., Ltd.)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [32568 2013-08-22] (The OpenVPN Project)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [1910128 2015-02-20] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-10-18] ()
S3 STSService; C:\Program Files\SoundTaxi Media Suite\STSService.exe [421376 2011-03-22] () [File not signed]
R2 TeamViewer9; D:\Data\Games\Team Viewer 9\TeamViewer_Service.exe [4799760 2014-09-13] (TeamViewer GmbH)
S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2010-12-15] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [189720 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-10-20] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-30] (AVG Technologies)
R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [47456 2014-03-11] (Baidu, Inc.)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [113424 2014-05-21] (BlueStack Systems)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [39624 2013-11-13] (AnchorFree Inc.)
S3 ISODrive; D:\Data\UltraISO\drivers\ISODrive.sys [73728 2008-05-24] (EZB Systems, Inc.) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-26] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-09-21] (Intel Corporation)
S3 OEM; C:\Windows\System32\DRIVERS\hs60x5usbser.sys [107000 2012-03-08] (QUALCOMM Incorporated)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2011-12-22] (Duplex Secure Ltd.)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [33512 2012-07-25] (AnchorFree Inc)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-11-13] (Anchorfree Inc.)
R3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2014-06-06] (TeamViewer GmbH)
R3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023k.sys [11136 2007-09-01] (Microsoft Corporation)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1153648 2010-12-15] (VIA Technologies, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-25 20:38 - 2015-03-26 16:13 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-25 20:38 - 2015-03-25 20:38 - 00001070 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-25 20:38 - 2015-03-25 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-25 20:38 - 2015-03-25 20:38 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-25 20:38 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-25 20:38 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-25 20:38 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-24 00:55 - 2015-03-24 00:55 - 00042268 _____ () C:\ComboFix.txt
2015-03-24 00:33 - 2011-06-26 13:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-24 00:33 - 2010-11-08 00:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-24 00:33 - 2009-04-20 11:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-24 00:33 - 2000-08-31 07:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-24 00:33 - 2000-08-31 07:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-24 00:33 - 2000-08-31 07:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-24 00:33 - 2000-08-31 07:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-24 00:33 - 2000-08-31 07:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-24 00:32 - 2015-03-24 00:55 - 00000000 ____D () C:\Qoobox
2015-03-24 00:32 - 2015-03-24 00:54 - 00000000 ____D () C:\Windows\erdnt
2015-03-23 23:25 - 2015-03-24 00:32 - 05616289 ____R (Swearware) C:\Users\admin\Desktop\ComboFix.exe
2015-03-22 14:24 - 2015-03-22 14:24 - 00001773 _____ () C:\Users\admin\Desktop\JRT.txt
2015-03-22 14:21 - 2015-03-22 14:21 - 01388672 _____ (Thisisu) C:\Users\admin\Desktop\JRT.exe
2015-03-22 13:51 - 2015-03-22 13:50 - 02171392 _____ () C:\Users\admin\Desktop\adwcleaner_4.112.exe
2015-03-22 13:15 - 2015-03-22 13:26 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-22 13:15 - 2015-03-22 13:15 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-03-22 13:13 - 2015-03-22 13:13 - 00000737 _____ () C:\Users\admin\Desktop\RogueKiller.exe - Shortcut.lnk
2015-03-22 09:13 - 2015-03-22 09:14 - 00000000 ____D () C:\Program Files\Mozilla Firefox 4.0 Beta 6
2015-03-21 10:29 - 2015-03-26 16:21 - 00000000 ____D () C:\FRST
2015-03-17 19:26 - 2015-03-17 19:27 - 00062217 _____ () C:\Users\admin\Downloads\Pro Evolution Soccer 2015-RELOADED [www.OMGTORRENT.com].torrent
2015-03-14 23:55 - 2015-03-14 23:55 - 00001039 _____ () C:\Users\admin\Desktop\Gemscool Indonesia Game Portal.lnk
2015-03-14 23:55 - 2015-03-14 23:55 - 00000925 _____ () C:\Users\admin\Desktop\Point Blank.lnk
2015-03-14 23:55 - 2015-03-14 23:55 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PointBlank Online
2015-03-14 21:58 - 2015-03-14 22:00 - 00000000 ____D () C:\Users\admin\AppData\Local\Sublime Text 3
2015-03-14 21:58 - 2015-03-14 21:58 - 00001049 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 3.lnk
2015-03-14 21:58 - 2015-03-14 21:58 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Sublime Text 3
2015-03-14 21:58 - 2015-03-14 21:58 - 00000000 ____D () C:\Program Files\Sublime Text 3
2015-03-14 21:48 - 2015-03-14 21:48 - 00000985 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sublime Text 2.lnk
2015-03-14 21:48 - 2015-03-14 21:48 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Sublime Text 2
2015-03-14 21:48 - 2015-03-14 21:48 - 00000000 ____D () C:\Program Files\Sublime Text 2
2015-03-14 20:08 - 2015-03-14 20:08 - 00000000 ____D () C:\Users\admin\AppData\Local\GitHub,_Inc
2015-03-14 18:24 - 2015-03-14 18:24 - 00000675 _____ () C:\Users\Public\Desktop\Git Bash.lnk
2015-03-14 18:24 - 2015-03-14 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2015-03-13 00:18 - 2015-03-13 00:18 - 00143208 _____ () C:\Windows\Minidump\031315-32744-01.dmp
2015-03-12 21:17 - 2015-03-12 21:17 - 00001059 _____ () C:\Users\Public\Desktop\New Success Intermediate ActiveBook.lnk
2015-03-12 21:17 - 2015-03-12 21:17 - 00000000 ___HD () C:\Program Files\InstallJammer Registry
2015-03-12 21:17 - 2015-03-12 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pearson
2015-03-12 21:08 - 2015-03-12 21:08 - 00000000 __SHD () C:\Windows\ftpcache
2015-03-12 21:07 - 2015-03-12 21:07 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Longman
2015-03-12 21:07 - 2015-03-12 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Longman
2015-03-12 16:37 - 2015-03-12 16:37 - 00001488 _____ () C:\Users\admin\Downloads\UTS_.zip
2015-03-10 01:47 - 2015-03-10 01:47 - 00001759 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-03-10 01:47 - 2015-03-10 01:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-10 01:46 - 2015-03-10 01:47 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-03-10 01:46 - 2015-03-10 01:46 - 00000000 ____D () C:\Program Files\iPod
2015-03-01 07:58 - 2015-03-14 21:04 - 00000000 ____D () C:\Users\admin\.atom
2015-03-01 07:57 - 2015-03-14 20:26 - 00002088 _____ () C:\Users\admin\Desktop\Atom.lnk
2015-03-01 07:57 - 2015-03-01 07:58 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Atom
2015-03-01 07:55 - 2015-03-14 20:24 - 00000000 ____D () C:\Users\admin\AppData\Local\atom
2015-03-01 07:55 - 2015-03-01 07:58 - 00000000 ____D () C:\Users\admin\AppData\Local\SquirrelTemp
2015-03-01 07:50 - 2015-03-01 07:50 - 00000000 ____D () C:\Users\admin\Documents\GitHub
2015-03-01 07:50 - 2015-03-01 07:50 - 00000000 ____D () C:\Users\admin\.ssh
2015-03-01 07:49 - 2015-03-14 20:16 - 00000000 ____D () C:\Users\admin\AppData\Roaming\GitHub
2015-03-01 07:49 - 2015-03-14 20:16 - 00000000 ____D () C:\Users\admin\AppData\Local\GitHub
2015-03-01 07:49 - 2015-03-01 07:49 - 00002146 _____ () C:\Users\admin\Desktop\Git Shell.lnk
2015-03-01 07:49 - 2015-03-01 07:49 - 00000058 _____ () C:\Users\admin\.gitconfig
2015-03-01 07:48 - 2015-03-14 20:26 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2015-03-01 07:48 - 2015-03-01 07:48 - 00000308 _____ () C:\Users\admin\Desktop\GitHub.appref-ms
2015-02-28 10:36 - 2015-02-28 10:36 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-02-28 10:32 - 2015-02-28 10:32 - 00013332 _____ () C:\Users\admin\Downloads\[kickass.to]internet.download.manager.idm.6.23.build.2.final.incl.crack.atom.torrent
2015-02-28 10:10 - 2015-02-28 10:10 - 00000000 ____D () C:\ProgramData\Avg_Update_0215av
2015-02-27 21:07 - 2015-02-27 21:24 - 00000000 ____D () C:\Users\admin\AppData\Local\Temporary Projects
2015-02-24 20:41 - 2014-11-29 07:37 - 00115752 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2015-02-24 10:05 - 2015-02-24 10:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-24 09:26 - 2015-02-24 09:26 - 00018542 _____ () C:\Users\admin\Downloads\[kickass.to]microsoft.visio.pro.2013.sp1.vl.x86.en.us.torrent
2015-02-24 08:37 - 2015-02-24 08:37 - 00043951 _____ () C:\Users\admin\Downloads\[kickass.to]microsoft.visio.pro.2013.sp1.vl.x64.en.us.torrent
2015-02-24 08:21 - 2015-03-23 20:09 - 00000000 ____D () C:\Users\admin\AppData\Local\AVDworks
2015-02-24 08:20 - 2015-03-10 23:20 - 00000000 ____D () C:\Users\admin\AppData\Local\Agcpworks
2015-02-24 07:32 - 2015-02-24 07:32 - 00034502 _____ () C:\Users\admin\Downloads\Microsoft Visio Professional.torrent
2015-02-24 05:57 - 2015-02-24 05:57 - 00000000 ____D () C:\Users\admin\Documents\W7
2015-02-24 05:56 - 2015-02-24 05:57 - 00000000 ____D () C:\Users\admin\Documents\W6

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-26 16:20 - 2014-12-27 00:39 - 00000000 ____D () C:\Users\admin\AppData\Local\LogMeIn Hamachi
2015-03-26 16:20 - 2013-10-02 18:25 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-26 16:19 - 2009-07-14 11:34 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-26 16:19 - 2009-07-14 11:34 - 00016944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-26 16:17 - 2014-11-09 01:28 - 00000000 ____D () C:\Program Files\Opera
2015-03-26 16:16 - 2014-11-04 04:33 - 00117744 _____ () C:\Windows\WindowsUpdate.log
2015-03-26 16:12 - 2014-11-03 08:53 - 00374092 _____ () C:\Windows\PFRO.log
2015-03-26 16:12 - 2014-11-02 01:00 - 00021034 _____ () C:\Windows\setupact.log
2015-03-26 16:12 - 2014-07-31 20:30 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce820314248fdf.job
2015-03-26 16:12 - 2009-07-14 11:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-25 20:48 - 2012-04-08 06:56 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-25 20:47 - 2012-03-31 14:15 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1380481859-1212219880-2585911621-1000UA.job
2015-03-25 20:47 - 2012-03-31 14:15 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1380481859-1212219880-2585911621-1000Core.job
2015-03-25 20:29 - 2012-07-21 23:27 - 00000000 ____D () C:\Users\admin\AppData\Roaming\DMCache
2015-03-25 20:24 - 2011-09-20 05:00 - 00000000 ____D () C:\Users\admin
2015-03-25 05:07 - 2014-07-31 20:30 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-24 00:55 - 2013-05-02 13:31 - 00000000 ____D () C:\Users\admin\AppData\Local\Apps\2.0
2015-03-24 00:55 - 2009-07-14 09:37 - 00000000 __RHD () C:\Users\Default
2015-03-24 00:55 - 2009-07-14 09:37 - 00000000 ___RD () C:\Users\Public
2015-03-24 00:49 - 2009-07-14 09:04 - 00000215 _____ () C:\Windows\system.ini
2015-03-23 23:59 - 2014-01-04 08:32 - 00000000 ____D () C:\Users\admin\Documents\Bandicam
2015-03-23 20:06 - 2014-06-08 15:13 - 00000000 ____D () C:\Users\admin\AppData\Local\CrashDumps
2015-03-22 14:17 - 2012-09-21 10:36 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-22 14:16 - 2015-01-06 22:35 - 00000000 ____D () C:\AdwCleaner
2015-03-22 12:34 - 2011-09-20 05:59 - 00783728 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-21 21:47 - 2011-10-26 18:34 - 00000000 ____D () C:\Users\admin\AppData\Roaming\uTorrent
2015-03-19 17:19 - 2014-02-11 02:06 - 00000000 ____D () C:\SPB_Data
2015-03-15 08:48 - 2012-09-27 23:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-14 20:05 - 2013-05-02 13:31 - 00000000 ____D () C:\Users\admin\AppData\Local\Deployment
2015-03-13 23:59 - 2011-10-26 18:31 - 00000000 ____D () C:\Users\admin\AppData\Local\RipTiger
2015-03-13 00:18 - 2013-04-21 11:51 - 00000000 ____D () C:\Windows\Minidump
2015-03-12 20:43 - 2009-07-14 09:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-12 19:48 - 2015-01-07 07:27 - 00129832 _____ () C:\zoek-results.log
2015-03-10 01:47 - 2012-11-23 16:18 - 00000000 ____D () C:\Program Files\iTunes
2015-03-10 01:46 - 2011-09-20 18:30 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-07 00:06 - 2014-11-09 01:39 - 00000000 ____D () C:\Users\admin\Desktop\Tor Browser
2015-03-01 08:37 - 2009-07-14 09:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-28 06:12 - 2014-09-29 21:45 - 00000000 ____D () C:\Users\admin\Documents\Visual Studio 2008
2015-02-27 22:09 - 2014-07-01 20:01 - 00000000 ____D () C:\Users\admin\AppData\Roaming\.minecraft
2015-02-24 17:25 - 2012-04-08 06:56 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-24 17:25 - 2011-09-20 18:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-24 17:21 - 2009-07-14 11:33 - 00453568 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-24 17:20 - 2011-09-20 05:03 - 00115864 _____ () C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-24 10:06 - 2011-09-20 05:29 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-24 10:05 - 2011-09-20 05:10 - 00000000 ____D () C:\Program Files\Common Files\Designer
2015-02-24 10:05 - 2009-07-14 09:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-24 10:04 - 2011-09-20 05:29 - 00000000 ____D () C:\Program Files\Microsoft Office

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-25 00:50

==================== End Of Log ============================

vickonovianto · Mar 26, 2015

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by admin at 2015-03-26 16:22:01
Running from D:\
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
Accurate 3 Enterprise Edition (HKLM\...\Accurate 3 Enterprise Edition) (Version: - )
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Advertising Center (Version: 0.0.0.1 - Nero AG) Hidden
Age of Empires III - The Asian Dynasties (HKLM\...\InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The Asian Dynasties (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM\...\InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (Version: 1.00.0000 - Microsoft Game Studios) Hidden
AMD Catalyst Install Manager (HKLM\...\{B448BC74-1CB7-7A57-3313-5E075AFB413E}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Atom (HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\...\atom) (Version: 0.187.0 - GitHub Inc.)
Avenue Flo - Special Delivery Just For Fun Games (HKLM\...\Avenue Flo - Special Delivery Just For Fun Games) (Version: - )
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4800 - AVG Technologies)
AVG 2014 (Version: 14.0.4311 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4800 - AVG Technologies) Hidden
Bandicam (HKLM\...\Bandicam) (Version: 1.9.2.455 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM\...\BandiMPEG1) (Version: - Bandisoft.com)
Battlefield 3™ (HKLM\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
BlueStacks App Player (HKLM\...\BlueStacks App Player) (Version: 0.8.10.3096 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM\...\{0BED0B96-70B8-4893-884B-DC485DC8C1B7}) (Version: 0.8.10.3096 - BlueStack Systems, Inc.)
Boutique Boulevard (HKLM\...\Boutique Boulevard) (Version: 1.00 - Big Fish Games)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: - )
Canon MP Navigator EX 4.0 (HKLM\...\MP Navigator EX 4.0) (Version: - )
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version: - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version: - )
CCleaner, версия 4.14.4808 (HKLM\...\{80BD3FC0-9C5F-4ADA-83C7-91DC8E24D0B2}_is1) (Version: 4.14.4808 - Salat Production)
CodeBlocks (HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\...\CodeBlocks) (Version: 12.11 - The Code::Blocks Team)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Cooking Academy - Restaurant Royale (HKLM\...\Cooking Academy - Restaurant RoyaleFinal) (Version: Final - AllSmartGames)
Counter-Strike Online Game Client (HKLM\...\Counter-Strike Online) (Version: Game Client - Megaxus)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Declan's Korean Dictionary v1.1 (HKLM\...\Declan's Korean Dictionary_is1) (Version: 1.1.1127 - Declan Software, Inc.)
Delicious - Emily's Tea Garden (HKLM\...\Delicious - Emily's Tea Garden) (Version: 1.0.7.1 - GameHouse, Inc.)
Delicious 9 - Emilys Honeymoon Cruise (HKLM\...\Delicious 9 - Emilys Honeymoon Cruise1.1) (Version: 1.1 - Foxy Games)
Delicious Emilys True Love Premium Edition (HKLM\...\Delicious Emilys True Love Premium Editionv1.0.0.0) (Version: v1.0.0.0 - GameHouse)
Diner Dash - Flo Through Time 1.00 (HKLM\...\Diner Dash - Flo Through Time 1.00) (Version: - )
Diner Dash Seasonal Snack Pack (HKLM\...\Diner Dash Seasonal Snack Pack1.0) (Version: 1.0 - AllSmartGames)
doxygen 1.8.9.1 (HKLM\...\doxygen_is1) (Version: 1.8.9.1 - Dimitri van Heesch)
Dropbox (HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\...\Dropbox) (Version: 2.4.10 - Dropbox, Inc.)
EMS SQL Manager 2007 Lite for MySQL (HKLM\...\{8ABA2354-20F6-480F-A4C5-63B30DBC6B20}) (Version: 4.4.2.1 - EMS)
Entity Framework Designer for Visual Studio 2012 - enu (HKLM\...\{AFA4B0BF-3289-495A-B949-BA91F39B1A44}) (Version: 11.1.21009.00 - Microsoft Corporation)
Epson Easy Photo Print 2 (HKLM\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
EPSON TX111 Series Printer Uninstall (HKLM\...\EPSON TX111 Series) (Version: - SEIKO EPSON Corporation)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
First Class Flurry (HKLM\...\First Class Flurry1.0) (Version: 1.0 - Adnan_Boy 2008)
FontNav (Version: 5.0 - Corel Corporation) Hidden
Fraps (HKLM\...\Fraps) (Version: - )
Free Pascal 2.6.2 (HKLM\...\FreePascal_is1) (Version: - Free Pascal Team)
Garena - FIFA ONLINE 3(English) (HKLM\...\FO3) (Version: - Garena Online Pte Ltd.)
Garena - FIFA ONLINE 3(Indonesia) (HKLM\...\FO3ID) (Version: - Garena Online Pte Ltd.)
Genymotion version 2.3.1 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 2.3.1 - Genymobile)
GeoGebra 4.4 (HKLM\...\GeoGebra 4.4) (Version: 4.4.5.0 - International GeoGebra Institute)
Git version 1.9.5-preview20141217 (HKLM\...\Git_is1) (Version: 1.9.5-preview20141217 - The Git Development Community)
GitHub (HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\...\5f7eb300e2ea4ebf) (Version: 2.9.1.0 - GitHub, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Drive (HKLM\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Gourmet Chef Challenge Around the World version 3.107 (HKLM\...\Gourmet Chef Challenge Around the World_is1) (Version: 3.107 - )
Grand Theft Auto IV - Episodes From Liberty City (HKLM\...\{8ED35B48-AFBD-4F32-8271-2257AD8B907E}_is1) (Version: - )
Grand Theft Auto San Andreas + MultiPlayer [0.3e] (HKLM\...\{E1D22FE1-AB5F-42CA-9480-6F70B96DDD88}_is1) (Version: 0.3(e) - RePack by -=M@N=-)
Happy Chef (HKLM\...\Happy Chef1.0) (Version: 1.0 - Foxy Games)
Happy Chef 2 (HKLM\...\Happy Chef 2v1.29.07.2013) (Version: v1.29.07.2013 - Nordcurrent)
Haskell Platform 2013.2.0.0 (HKLM\...\HaskellPlatform-2013.2.0.0) (Version: - Haskell.org)
Hell's Kitchen (HKLM\...\Hell's Kitchen1.0) (Version: 1.0 - Adnan_Boy 2008)
Hostile Makeover - A Fashion Murder Mystery Game (HKLM\...\Hostile Makeover - A Fashion Murder Mystery Game1.0) (Version: 1.0 - AllSmartGames)
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version: - Tonec Inc.)
iTunes (HKLM\...\{3A9FE6B1-EE7F-40AC-B831-AC7C9ABB58A0}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java SE Development Kit 8 Update 31 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180310}) (Version: 8.0.310.13 - Oracle Corporation)
Kamus 2.04 (HKLM\...\Kamus2) (Version: 2.04 - Ebta Setiawan)
K-Lite Mega Codec Pack 10.9.0 (HKLM\...\KLiteCodecPack_is1) (Version: 10.9.0 - )
Kudos 2 (HKLM\...\Kudos 21.01) (Version: 1.01 - Adnan_Boy 2008)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Life Quest 2 - Metropoville (HKLM\...\Life Quest 2 - Metropovillev1.0.0) (Version: v1.0.0 - Big Fish Games)
LINE (HKLM\...\LINE) (Version: 3.9.1.188 - LINE Corporation)
LiveUSB Creator (remove only) (HKLM\...\LiveUSB Creator) (Version: - )
LogMeIn Hamachi (HKLM\...\LogMeIn Hamachi) (Version: 2.2.0.319 - LogMeIn, Inc.)
LogMeIn Hamachi (Version: 2.2.0.319 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MBC Live (HKLM\...\MBCLive) (Version: - )
MCShield ::Anti-Malware Tool:: (HKLM\...\MCShield) (Version: 3.0.5.28 - MyCity)
Media Go Video Playback Engine 1.64.101.02270 (HKLM\...\{7D62ABA3-35EC-623E-2C5F-1B3332CB705B}) (Version: 1.64.101.02270 - Sony)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{D9DA2981-3298-4F1A-9192-F2CF5BD91145}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English (HKLM\...\{0C19D563-5F25-4621-BF10-01F741BD283F}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (HKLM\...\Microsoft Visual Basic 2008 Express Edition with SP1 - ENU) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Web Deploy 3.0 (HKLM\...\{E43AC95E-66B0-4CEC-AADD-C9BFEF5A4C0A}) (Version: 3.1236.1631 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (HKLM\...\{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}) (Version: 3.5.30729 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (HKLM\...\{044F9133-B8D7-4d11-BF39-803FA20F5C8B}) (Version: 6.1.5295.17011 - Microsoft Corporation)
Minecraft 1.8 (HKLM\...\Minecraft 1.8) (Version: 1.8 - Mojang)
Minecraft1.7.2 (HKLM\...\Minecraft1.7.2) (Version: - )
ModooMarble (Remove only) (HKLM\...\{7B2562F1-02DC-415F-8960-446E64BE9BBE}_is1) (Version: 1.0 - PT.CJ Internet Indonesia)
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MySQL Installer (HKLM\...\{F0A890B5-DE46-4468-A1DF-8F4DE5C478D0}) (Version: 1.3.6.0 - Oracle Corporation)
MySQL Server 5.0 (HKLM\...\{DBACBFE4-F79E-4AFB-A7C3-463555B8446B}) (Version: 5.0.67 - MySQL AB)
Need For Speed™ World (HKLM\...\{3AF1B16A-7DC9-4C80-BAEC-70B088A7C5B8}) (Version: 1.0.0.0 - Electronic Arts)
New Success Intermediate ActiveBook (HKLM\...\9781408249123-Pearson) (Version: - Pearson Education)
Notepad++ (HKLM\...\Notepad++) (Version: 6.5.5 - Notepad++ Team)
OpenVPN 2.3.2-I003 (HKLM\...\OpenVPN) (Version: 2.3.2-I003 - )
Opera Stable 28.0.1750.48 (HKLM\...\Opera 28.0.1750.48) (Version: 28.0.1750.48 - Opera Software ASA)
Oracle VM VirtualBox 4.2.12 (HKLM\...\{5FA29565-1B72-488F-B975-E3C76F179F36}) (Version: 4.2.12 - Oracle Corporation)
Origin (HKLM\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Plants vs. Zombies™ (HKLM\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Point Blank Online (HKLM\...\Point Blank Online) (Version: 20100113 - Gemscool)
PointblnakPTS_New version 1.5 (HKLM\...\{7F22FDB9-0BA3-4098-BDEB-4C9C93482B32}_is1) (Version: 1.5 - Bypassnet)
PremiumSoft Navicat 11.0 for MySQL (HKLM\...\PremiumSoft Navicat for MySQL_is1) (Version: 11.0.18 - PremiumSoft CyberTech Ltd.)
PremiumSoft Navicat 11.1 for SQL Server (HKLM\...\PremiumSoft Navicat for SQL Server_is1) (Version: 11.1.9 - PremiumSoft CyberTech Ltd.)
Presto! MaxReader 4.5 LE (HKLM\...\{333210DA-4E7F-402A-ABBF-41D70CF00503}) (Version: 4.50.02 - NewSoft Technology Corporation)
Pro Evolution Soccer 2014 (HKLM\...\{5EFD3544-2371-4900-8ACA-F157BA80FB0C}) (Version: 1.00.0000 - KONAMI)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)
Puzzler World 2 (HKLM\...\Puzzler World 21.0) (Version: 1.0 - Foxy Games)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RipTiger 4.5.1 (HKLM\...\{AFD4597D-56CC-447F-AA68-C1BF1AEA448E}_is1) (Version: 4.5.1 - cyan soft ltd)
SimCity™ (HKLM\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Smartfren andro max E860 UI (HKLM\...\{90C99F3E-56DB-4965-B524-1D0E1851E03A}) (Version: - )
SoundTaxi Media Suite 4.2.0 (HKLM\...\STMediaSuite) (Version: 4.2.0 - Ramka Ltd.)
SoundTaxi Media Suite 4.5.1 (HKLM\...\{EF4C657F-632F-4CED-A220-F4C1C724241C}_is1) (Version: 4.5.1 - cyan soft ltd)
SQL Server System CLR Types (HKLM\...\{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}) (Version: 10.0.1600.22 - Microsoft Corporation)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version: - )
Sublime Text Build 3065 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TDM-GCC (HKLM\...\TDM-GCC) (Version: 1.1309.0 - TDM)
Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
The Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.62.153 - Electronic Arts)
The Sims™ 3 Fast Lane Stuff (HKLM\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Into the Future (HKLM\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
The Sims™ 3 Island Paradise (HKLM\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
The Sims™ 3 Pets (HKLM\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
The Sims™ 3 Seasons (HKLM\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 Town Life Stuff (HKLM\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
The Sims™ 3 University Life (HKLM\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
The Sims™ 4 Create A Sim Demo (HKLM\...\{6908ED99-F02B-4E99-A202-3FAC99C510ED}) (Version: 1.0.237.100 - Electronic Arts Inc.)
Trivia Machine Reloaded (HKLM\...\Trivia Machine Reloadedv1.1) (Version: v1.1 - HipSoft)
TweetDeck (HKLM\...\{85D70219-700E-4728-A80D-C394DEF6247E}) (Version: 3.0.2 - Twitter, Inc.)
Typing Trainer 8.0 (HKLM\...\{218081EE-C83D-46A6-9382-9AB77B99AAA1}_is1) (Version: - Typing Innovation Group Ltd)
Unity Web Player (HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update Manager (Version: 4.60 - Corel Corporation) Hidden
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Virtual Families 2 - Our Dream House (HKLM\...\Virtual Families 2 - Our Dream House1.0) (Version: 1.0 - Foxy Games)
Virtual Villagers 4 - The Tree of Life (HKLM\...\Virtual Villagers 4 - The Tree of Life1.0) (Version: 1.0 - AllSmartGames)
Virtual Villagers The Secret City (HKLM\...\Virtual Villagers The Secret City_is1) (Version: - )
Visual Prolog 7.5 Personal Edition (HKLM\...\{17AF2321-4AD8-4727-B3BE-C2BE1EB49478}) (Version: 1.0.0 - Prolog Development Center)
Visual Prolog Examples (HKLM\...\{FBAD7F9E-EEE5-4C00-962B-856E793AABBA}) (Version: 1.0.0 - Prolog Development Center)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wedding Salon (HKLM\...\Wedding Salon1.0) (Version: 1.0 - Foxy Games)
Windows 7 USB/DVD Download Tool (HKLM\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Xilisoft Video Converter Ultimate 6 (HKLM\...\Xilisoft Video Converter Ultimate 6) (Version: 6.0.7.0707 - Xilisoft)
Youda Sushi Chef (HKLM\...\Youda Sushi Chef1.3.0.0) (Version: 1.3.0.0 - Adnan_Boy 2008)
Youda Sushi Chef 2 (HKLM\...\Youda Sushi Chef 2Final) (Version: Final - AllSmartGames)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{037FB476-15E0-4ED1-B11A-E420B750B1A8}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{2837E0FE-686B-4CB0-BE53-0EA097EAF71B}\InprocServer32 -> C:\Windows\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\admin\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{47F64EC4-1AD6-4168-9D4C-00F3842F7CFB}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{53DBCD97-3FDF-4B60-975B-2596B57482EF}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\BBWebSLLauncher.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{5AFAFE48-7107-4FE5-B21A-86A4254541DD}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{5B7524C8-2446-40E9-9474-94A779DBA224}\InprocServer32 -> C:\Windows\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\admin\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{621D3650-F1D3-414C-97F9-03A02B211261}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{623E415A-22EF-4DAA-A2FF-E68E77A673C9}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\InprocServer32 -> C:\Windows\Downloaded Program Files\dwusplay.dll (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\admin\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{915C2CEB-216B-4B7C-89E4-9ED3512D58D9}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{92C5E738-7372-4CD6-BE57-15833624EBF3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{9CAAD2EA-177B-4D07-871F-47255B5D30F3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{B391A1DB-28C8-4506-A43C-5BD6051F16BA}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{C8992C14-DF59-4518-808F-CCFBB5850282}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\devicemanagerproperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\admin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{E42CE23D-69F9-480A-A15F-BFF5E4D170C3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{E50C953D-311A-481B-8F8D-C55E65AF7417}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{E9880553-B8A7-4960-A668-95C68BED571E}\InprocServer32 -> C:\Windows\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{E9A93328-79D4-4AED-A778-146E7191F8BC}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{EB59852D-B38E-4A4C-94BA-6731836E5538}\InprocServer32 -> C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\DeviceManagerProperties.dll (Research In Motion Limited)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{F1522EC1-F84F-4CE2-A38C-F9384B0DFD41}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\admin\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1380481859-1212219880-2585911621-1000_Classes\CLSID\{FFF2D28F-E4EE-44D9-8104-8E71556757F6}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)

==================== Restore Points =========================

24-03-2015 23:18:46 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 09:04 - 2015-03-24 00:49 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06284F36-5749-45C5-BA17-2185F91D2B59} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {1D76E4BF-0A8B-4C2B-B843-C27C73B65325} - System32\Tasks\Opera scheduled Autoupdate 1415471294 => C:\Program Files\Opera\launcher.exe [2015-03-16] (Opera Software)
Task: {1FCB3531-9048-4E7F-B781-9F3AA70A9C54} - System32\Tasks\{84827F1A-DB38-41C9-B0A3-CCE0D350A549} => pcalua.exe -a "D:\Data\Games\Marine Park Empire\VSetting.exe" -d "D:\Data\Games\Marine Park Empire"
Task: {2BB82A17-3209-4CC6-9717-54BDDF9D5A6E} - System32\Tasks\{3F95531A-AD2B-44F9-904F-BA56A0D64CC7} => pcalua.exe -a "D:\Data\SOFTWARE INSTALLER\office 2003\OFFICE2003PRO\office2003.exe" -d "D:\Data\SOFTWARE INSTALLER\office 2003\OFFICE2003PRO"
Task: {3C6E5D4E-CCA9-46A5-B8EC-91B6DB9BC58C} - System32\Tasks\{68441373-41AA-4019-AFB5-A2364F0B7D7C} => pcalua.exe -a "D:\Data\TD-8817\USB Driver\Win2k_XP\Setup.exe" -d "D:\Data\TD-8817\USB Driver\Win2k_XP"
Task: {3C9D5FE9-9339-4DC5-B8F0-4CBF206DD6EB} - System32\Tasks\gg_uac_daemon_admin => C:\Program Files\Garena Plus\ggdllhost.exe [2015-01-20] ()
Task: {41D30E25-42DE-4F98-8E9E-D223D3FA0C1F} - System32\Tasks\{9940E129-94BD-49DC-81A8-E9D32157B647} => pcalua.exe -a E:\setup.exe -d E:\
Task: {452D485E-EEF1-443B-84C6-3F4A5B549583} - System32\Tasks\{501B4426-EA36-402C-B09B-328F4E078F7E} => pcalua.exe -a "E:\AOE 3 EXPANSION\War chifs.exe" -d "E:\AOE 3 EXPANSION"
Task: {479D22A0-7418-4717-8E12-D3912F3011FF} - System32\Tasks\{DEDB7669-E194-4604-BFC0-AEAA77DAA8D4} => pcalua.exe -a D:\Data\C++\tubes1stima\new\zoek.com -d D:\Data\C++\tubes1stima\new
Task: {5881CCBB-3F0F-4E55-9390-5291BCFE435C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {5B922E50-4277-48EB-B78E-609E0706D753} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {73CCC22B-6257-4769-8DA7-27250977F741} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1380481859-1212219880-2585911621-1000UA => C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {7D36D661-B17E-4E06-9E75-467AC91C995F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1380481859-1212219880-2585911621-1000Core => C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {85DAADAA-A287-4F30-A833-6F8561144403} - System32\Tasks\{F4331E3B-EE15-47A0-A3AD-E55D5D56771F} => pcalua.exe -a "D:\Data\SOFTWARE INSTALLER\Microsoft Visio Professional\Microsoft Visio Professional.exe" -d "D:\Data\SOFTWARE INSTALLER\Microsoft Visio Professional"
Task: {86E92CF0-2D87-4B3D-848B-F291E3F5E7A4} - System32\Tasks\{7A08418A-343A-4467-88E6-14CEB64A2094} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {8AD4CAAF-A772-47C8-B02C-11EAA02AA1E6} - System32\Tasks\{E53DFB75-2130-4F8D-B869-42D6797CC2FB} => pcalua.exe -a D:\Data\jdk-8u31-windows-i586.exe -d C:\Users\admin\AppData\Roaming\IDM
Task: {9302F945-65B7-4BA5-8B25-0D8D5AED914E} - System32\Tasks\{34627E88-8746-4B63-B60C-41D0AEFBEF63} => pcalua.exe -a C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe -c /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
Task: {93DB1D6C-3965-4C64-85A0-A703F1EC7D8A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9F7D34E0-8B5F-4FC7-B013-387BCC5EDF84} - System32\Tasks\{9CE9EC86-7B73-4543-B038-9BA0D818A1DC} => pcalua.exe -a "D:\Data\Games\Discovery - A Seek and Find Adventure\Discovery - A Seek and Find Adventure\Uninstall.exe" -d "D:\Data\Games\Discovery - A Seek and Find Adventure\Discovery - A Seek and Find Adventure"
Task: {A32D897D-035E-4BBF-9B2B-933F5586CF16} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-31] (Google Inc.)
Task: {A35820A8-7853-4F14-A15D-F26593D4B829} - System32\Tasks\{0880C059-5BF8-4B0C-9D66-B132337275F1} => pcalua.exe -a G:\SC4_uninst.exe -d G:\
Task: {A435BBFC-8B7B-4BC0-962A-A026FCED7646} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {A8FB1550-47D3-423F-B512-0FADF521F33A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-24] (Adobe Systems Incorporated)
Task: {B18693A4-DA59-40B9-9BFB-B48B479B053B} - System32\Tasks\klcp_update => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2014-12-13] ()
Task: {B22BB078-994E-4737-909C-85D91F327836} - System32\Tasks\{45A5638E-CE9E-45F2-8DA3-1AE4722FE1F0} => pcalua.exe -a C:\Users\admin\AppData\Local\Temp\dlmF3E0.tmp\caesar4_demo_en.exe -d C:\Users\admin\Downloads
Task: {B28FAAF3-FFD1-492A-9865-6C285EE78955} - System32\Tasks\{6ADE60D7-9F2A-4DF0-8836-9E79AF84D940} => pcalua.exe -a D:\Data\C++\tubes1stima\new\zoek.scr -d D:\Data\C++\tubes1stima\new -c /S
Task: {BAE76ED0-4A70-41E4-88E2-E5B39E6BE29E} - System32\Tasks\{4517BB71-6CE1-4565-8F92-E9271B0ADA9C} => pcalua.exe -a E:\rld-sim3.part1.exe -d E:\
Task: {BAE7D7DD-048E-4492-B729-8061A6A9D6BF} - System32\Tasks\{2C66C202-71B1-44A8-8736-A8B0E1BFF01E} => pcalua.exe -a G:\eauninstall.exe -d G:\
Task: {BC2D6E7D-34FC-4759-8D68-FF4D860ECCD5} - System32\Tasks\{89F044CC-8181-47A4-BED2-6E8FB2BA6554} => pcalua.exe -a "D:\Data\Games\Need For Speed Carbon\Support\Need for Speed Carbon_uninst.exe" -d "D:\Data\Games\Need For Speed Carbon\Support"
Task: {BD6FC539-7761-4B36-83B6-4E74E3A22CE6} - System32\Tasks\GoogleUpdater => Rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";document.write((new%20ActiveXObject("WScript.Shell")).RegRead("HKCU\\software\\microsoft\\internet explorer\\zergling_rush"))
Task: {BF641E23-3353-47F6-86B2-D3A9C3206679} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-31] (Google Inc.)
Task: {D335D799-79A3-428D-9253-0266FB1DAF29} - System32\Tasks\GoogleUpdateTaskMachineCore1ce820314248fdf => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-31] (Google Inc.)
Task: {E2D49E8A-AFD5-43AE-971E-1BB4BF4554F3} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-04-02] ()
Task: {F07197BD-4D7C-4A2D-B309-301A4F79DE29} - System32\Tasks\{4B2DA71E-77D7-4C45-9A9D-BE67B958ADF7} => pcalua.exe -a "E:\AOE3Y ASIA DYNASTY\AOE3Y ASIA DYNASTY.exe" -d "E:\AOE3Y ASIA DYNASTY"
Task: {F750CC50-F30C-477B-BD10-D9F83557F358} - System32\Tasks\{924101DE-4CB5-4C65-8C78-3397D03F971C} => pcalua.exe -a "C:\Program Files\Plus-HD-9.4\Uninstall.exe" -c /fcp=1
Task: {FAF45159-4EEA-4F53-B7D4-FC91ADB7BB36} - System32\Tasks\{A148AC2E-6045-488F-9421-7056639D437C} => pcalua.exe -a "D:\Data\Games\SimCity 4\EAUninstall.exe"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1380481859-1212219880-2585911621-1000Core.job => C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1380481859-1212219880-2585911621-1000UA.job => C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce820314248fdf.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-06-24 18:07 - 2014-09-11 13:06 - 00019216 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\TeamViewer_PrintProcessor.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-11-21 18:27 - 2015-01-20 19:20 - 00055896 _____ () C:\Program Files\Garena Plus\ggdllhost.exe
2013-11-21 18:27 - 2015-01-20 19:20 - 00560216 _____ () C:\Program Files\Garena Plus\ggspawn.dll
2011-09-20 05:15 - 2010-12-23 06:27 - 00080496 _____ () C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll
2011-09-20 05:15 - 2010-12-23 06:27 - 00113264 _____ () C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
2011-09-20 05:15 - 2010-12-23 06:27 - 00623216 _____ () C:\Program Files\VIA\VIAudioi\VDeck\Skin.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2014-06-10 19:55 - 2014-10-18 15:33 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1380481859-1212219880-2585911621-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 3
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: BackupStack => 2
MSCONFIG\Services: BAVSvc => 2
MSCONFIG\Services: BrowserProtect => 2
MSCONFIG\Services: DefaultTabSearch => 2
MSCONFIG\Services: DefaultTabUpdate => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: PnkBstrA => 2
MSCONFIG\Services: Sony Ericsson PCCompanion => 3
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: Facebook Update => "C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: GarenaPlus => "C:\Program Files\Garena Plus\GarenaMessenger.exe" -autolaunch
MSCONFIG\startupreg: iCloudServices => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: IDMan => C:\Program Files\IDM\Internet Download Manager\IDMan.exe /onboot
MSCONFIG\startupreg: InFX => "C:\Users\admin\AppData\Roaming\StratFX\nircmd.exe" exec hide "C:\Users\admin\AppData\Roaming\StratFX\begin.bat"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

==================== Accounts: =============================

admin (S-1-5-21-1380481859-1212219880-2585911621-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-1380481859-1212219880-2585911621-500 - Administrator - Disabled)
Guest (S-1-5-21-1380481859-1212219880-2585911621-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/24/2015 00:48:28 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (03/24/2015 00:11:35 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (03/23/2015 08:24:07 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (03/23/2015 08:24:06 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (03/23/2015 08:23:11 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (03/23/2015 08:06:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: taskhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc0f9
Faulting module name: New.dll, version: 0.0.0.0, time stamp: 0x550a9b5e
Exception code: 0xc0000005
Fault offset: 0x00001758
Faulting process id: 0x6cc
Faulting application start time: 0xtaskhost.exe0
Faulting application path: taskhost.exe1
Faulting module path: taskhost.exe2
Report Id: taskhost.exe3

Error: (03/23/2015 08:06:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: taskhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc0f9
Faulting module name: New.dll, version: 0.0.0.0, time stamp: 0x550a9b5e
Exception code: 0xc0000005
Fault offset: 0x00001758
Faulting process id: 0x6cc
Faulting application start time: 0xtaskhost.exe0
Faulting application path: taskhost.exe1
Faulting module path: taskhost.exe2
Report Id: taskhost.exe3

Error: (03/22/2015 08:02:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: taskhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc0f9
Faulting module name: New.dll, version: 0.0.0.0, time stamp: 0x550a9b5e
Exception code: 0xc0000005
Fault offset: 0x00001758
Faulting process id: 0x690
Faulting application start time: 0xtaskhost.exe0
Faulting application path: taskhost.exe1
Faulting module path: taskhost.exe2
Report Id: taskhost.exe3

Error: (03/22/2015 08:02:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: taskhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc0f9
Faulting module name: New.dll, version: 0.0.0.0, time stamp: 0x550a9b5e
Exception code: 0xc0000005
Fault offset: 0x00001758
Faulting process id: 0x690
Faulting application start time: 0xtaskhost.exe0
Faulting application path: taskhost.exe1
Faulting module path: taskhost.exe2
Report Id: taskhost.exe3

Error: (03/22/2015 08:01:51 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

System errors:
=============
Error: (03/26/2015 04:13:44 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (03/26/2015 04:12:07 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:04:11 PM on ‎3/‎25/‎2015 was unexpected.

Error: (03/26/2015 04:11:32 PM) (Source: sptd) (EventID: 4) (User: )
Description: Driver detected an internal error in its data structures for .

Error: (03/25/2015 08:45:21 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (03/25/2015 08:45:20 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (03/25/2015 08:45:19 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (03/25/2015 08:45:19 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (03/25/2015 08:31:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Error: (03/25/2015 08:29:37 PM) (Source: sptd) (EventID: 4) (User: )
Description: Driver detected an internal error in its data structures for .

Error: (03/25/2015 08:19:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
sptd

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2310 CPU @ 2.90GHz
Percentage of memory in use: 49%
Total physical RAM: 3062.66 MB
Available physical RAM: 1558.76 MB
Total Pagefile: 6130.93 MB
Available Pagefile: 4414.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.24 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:97.66 GB) (Free:9.31 GB) NTFS
Drive d: (Data) (Fixed) (Total:368.01 GB) (Free:50.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E8707DFE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Broni · Mar 26, 2015

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Solved Cannot open several website, other program cannot connect to internet

Posts: 26 +0

Posts: 26 +0

Posts: 26 +0

Posts: 26 +0

Posts: 56,041 +516

Posts: 26 +0

Posts: 26 +0

Posts: 26 +0

Posts: 26 +0

Posts: 26 +0

Posts: 56,041 +516

Posts: 26 +0

Posts: 26 +0

Posts: 56,041 +516

Posts: 26 +0

Posts: 26 +0

Posts: 26 +0

Posts: 26 +0

Posts: 56,041 +516

Attachments

Posts: 26 +0

Posts: 26 +0

Posts: 56,041 +516

Posts: 26 +0

Posts: 26 +0

Posts: 56,041 +516

Attachments

Similar threads