API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 12th, 2016
174
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 52.24 KB | None | 0 0
raw download clone embed print report
  1. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
  2. Ran by user (administrator) on USER-PC (11-02-2016 18:08:57)
  3. Running from C:\Users\user\Downloads
  4. Loaded Profiles: user (Available Profiles: user & BvSsh_VirtualUsers & Gurtna011)
  5. Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
  6. Internet Explorer Version 8 (Default browser: Chrome)
  7. Boot Mode: Normal
  8. Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
  9.  
  10. ==================== Processes (Whitelisted) =================
  11.  
  12. (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
  13.  
  14. (AMD) C:\Windows\System32\atiesrxx.exe
  15. (AMD) C:\Windows\System32\atieclxx.exe
  16. (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
  17. (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
  18. (H.D.S. Hungary) C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
  19. (Bitvise Limited) C:\Program Files\Bitvise SSH Server\BssCtrl.exe
  20. (Bitvise Limited) C:\Program Files\Bitvise SSH Server\BvSshServer.exe
  21. () C:\Program Files\MySQL\MySQL Server 5.7\bin\mysqld.exe
  22. (Realtek) C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe
  23. (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
  24. (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
  25. (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
  26. (Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe
  27. (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
  28. (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
  29. (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
  30. (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
  31. (TU-Funs LIMITED) C:\ProgramData\ZWdMZ\WdMan.exe
  32. (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
  33. (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
  34. (Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
  35. (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
  36. (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
  37. (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
  38. (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
  39. (BitTorrent Inc.) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
  40. (Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
  41. (Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
  42. (Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
  43. (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
  44. (BitTorrent Inc.) C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.5_41712\utorrentie.exe
  45. (BitTorrent Inc.) C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.5_41712\utorrentie.exe
  46. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  47. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  48. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  49. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  50. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  51. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  52. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  53. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  54. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  55. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  56. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  57. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  58. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  59. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  60. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  61. (Bitvise Limited) C:\Program Files\Bitvise SSH Server\SftpServer.exe
  62. (Microsoft Corporation) C:\Windows\System32\dllhost.exe
  63. (Adobe Systems, Incorporated) C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
  64. (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
  65. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  66. (Bitvise Limited) C:\Program Files\Bitvise SSH Server\SftpServer.exe
  67. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  68. (Bitvise Limited) C:\Program Files\Bitvise SSH Server\SftpServer.exe
  69. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  70.  
  71.  
  72. ==================== Registry (Whitelisted) ===========================
  73.  
  74. (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
  75.  
  76. HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
  77. HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
  78. HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
  79. HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
  80. HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104128 2015-08-14] (VMware, Inc.)
  81. HKLM-x32\...\Run: [Bitvise SSH Server Activation State Checker] => C:\Program Files\Bitvise SSH Server\BssActStateCheck.exe [256360 2015-12-16] (Bitvise Limited)
  82. HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
  83. HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
  84. HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [888344 2016-01-07] (BlueStack Systems, Inc.)
  85. HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2014-10-08] (Power Software Ltd)
  86. HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
  87. HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
  88. HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\...\Run: [uTorrent] => C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe [2065944 2016-02-04] (BitTorrent Inc.)
  89. HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\...\Run: [MySQL Notifier] => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySqlNotifier.exe [773120 2014-09-03] (Oracle Corporation)
  90. HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4179288 2015-11-18] (Disc Soft Ltd)
  91. HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\...\Run: [PC Remote Server] => C:\Program Files (x86)\PC Remote\PC Remote\PCRemote.exe [1190648 2014-10-12] (PC Remote)
  92. HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\...\Run: [302a3f59a0bda767f51d068b3f4568a5] => C:\Users\user\AppData\Local\Temp\svchost.exe [135168 2016-01-26] (Evil Company) <===== ATTENTION
  93. HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\...\Run: [AdobeBridge] => [X]
  94. HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [748872 2016-02-03] (Google Inc.)
  95. HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\...\Policies\system: [LogonHoursAction] 2
  96. HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
  97. HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\...\MountPoints2: {256d7995-9e7c-11e5-815c-005056c00008} - F:\autorun.exe
  98. HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\...\MountPoints2: {256d7998-9e7c-11e5-815c-005056c00008} - G:\MAXON-Start.exe
  99. HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\...\MountPoints2: {400daf09-7f0e-11e5-809e-005056c00008} - E:\LG_PC_Programs.exe
  100. AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [249104 2016-01-14] (Client Connect LTD)
  101. AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [221456 2016-01-14] (Client Connect LTD)
  102. Lsa: [Authentication Packages] msv1_0 BvLsa
  103. ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\ShellTools.dll [2015-10-31] (SmartSoft Ltd.)
  104. Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\302a3f59a0bda767f51d068b3f4568a5.exe [2016-01-25] (Evil Company)
  105. Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2015-10-25]
  106. ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
  107. GroupPolicy: Restriction - Chrome <======= ATTENTION
  108. GroupPolicyUsers\S-1-5-21-1292048591-1437342970-2306004842-1005\User: Restriction <======= ATTENTION
  109. CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
  110.  
  111. ==================== Internet (Whitelisted) ====================
  112.  
  113. (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
  114.  
  115. Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-11-02] (Lavasoft Limited)
  116. Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-11-02] (Lavasoft Limited)
  117. Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-11-02] (Lavasoft Limited)
  118. Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-11-02] (Lavasoft Limited)
  119. Winsock: Catalog9 17 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-11-02] (Lavasoft Limited)
  120. Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-11-02] (Lavasoft Limited)
  121. Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-11-02] (Lavasoft Limited)
  122. Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-11-02] (Lavasoft Limited)
  123. Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-11-02] (Lavasoft Limited)
  124. Winsock: Catalog9-x64 17 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-11-02] (Lavasoft Limited)
  125. Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
  126. Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
  127. Tcpip\..\Interfaces\{11A8C55E-1143-4F8A-9495-30A2DC9A5A5A}: [DhcpNameServer] 192.168.1.1
  128. Tcpip\..\Interfaces\{871C191C-3908-4D13-860C-DB4923753A46}: [DhcpNameServer] 192.168.0.1
  129.  
  130. Internet Explorer:
  131. ==================
  132. HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://v9.com/?type=hp&ts=1450675887&from=mych123&uid=st3500418as_9vmdw0byxxxx9vmdw0by&z=ff2f3f500e4aabd74543086g5z0wfedqdm8w0batcg
  133. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://v9.com/?type=hp&ts=1450675887&from=mych123&uid=st3500418as_9vmdw0byxxxx9vmdw0by&z=ff2f3f500e4aabd74543086g5z0wfedqdm8w0batcg
  134. HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449716162&z=54345151c7aa277865c8e44g0zbz5t3mdg9q4g8w6t&from=ient07021&uid=ST3500418AS_9VMDW0BYXXXX9VMDW0BY&q={searchTerms}
  135. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449716162&z=54345151c7aa277865c8e44g0zbz5t3mdg9q4g8w6t&from=ient07021&uid=ST3500418AS_9VMDW0BYXXXX9VMDW0BY&q={searchTerms}
  136. HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://v9.com/?type=hp&ts=1450675887&from=mych123&uid=st3500418as_9vmdw0byxxxx9vmdw0by&z=ff2f3f500e4aabd74543086g5z0wfedqdm8w0batcg
  137. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://v9.com/?type=hp&ts=1450675887&from=mych123&uid=st3500418as_9vmdw0byxxxx9vmdw0by&z=ff2f3f500e4aabd74543086g5z0wfedqdm8w0batcg
  138. HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449716162&z=54345151c7aa277865c8e44g0zbz5t3mdg9q4g8w6t&from=ient07021&uid=ST3500418AS_9VMDW0BYXXXX9VMDW0BY&q={searchTerms}
  139. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449716162&z=54345151c7aa277865c8e44g0zbz5t3mdg9q4g8w6t&from=ient07021&uid=ST3500418AS_9VMDW0BYXXXX9VMDW0BY&q={searchTerms}
  140. HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://v9.com/?type=hp&ts=1450675887&from=mych123&uid=st3500418as_9vmdw0byxxxx9vmdw0by&z=ff2f3f500e4aabd74543086g5z0wfedqdm8w0batcg
  141. HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://v9.com/?type=hp&ts=1450675887&from=mych123&uid=st3500418as_9vmdw0byxxxx9vmdw0by&z=ff2f3f500e4aabd74543086g5z0wfedqdm8w0batcg
  142. HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://v9.com/?type=hp&ts=1450675887&from=mych123&uid=st3500418as_9vmdw0byxxxx9vmdw0by&z=ff2f3f500e4aabd74543086g5z0wfedqdm8w0batcg
  143. HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://v9.com/?type=hp&ts=1450675887&from=mych123&uid=st3500418as_9vmdw0byxxxx9vmdw0by&z=ff2f3f500e4aabd74543086g5z0wfedqdm8w0batcg
  144. HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3McXDvdSN6JAXeL5DbU_ODcLUTwSUWTaxZImUxxNdscwO55MTP5WPcno3sf4KNr4NX9YHKeoy8lA4LmWZ0I_QU78NbQivcj_YhZjm3BP7-2IxurlG0ZKCJeUKYpsoBrRNVVPN6jSCEyxTlFlFkNnpkakFumC&q={searchTerms}
  145. HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=M6E481ED3-311B-4EDD-8AB3-FB165B13D669&SearchSource=55&CUI=&UM=8&UP=SPB230D308-0707-42C8-8A60-8DA6B18C0CD7&D=020116&SSPV=
  146. HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3McXDvdSN6JAXeL5DbU_ODcLUTwSUWTaxZImUxxNdscwO55MTP5WPcno3sf4KNr4NX9YHKeoy8lA4LmWZ0I_QU78NbQivcj_YhZjm3BP7-2IxurlG0ZKCJeUKYpsoBrRNVVPN6jSCEyxTlFlFkNnpkakFumC&q={searchTerms}
  147. HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3McXDvdSN6JAXeL5DbU_ODcLUTwSUWTaxZImUxxNdscwO55MTP5WPcno3sf4KNr4NX9YHKeoy8lA4LmWZ0I_QU78NbQivcj_YhZjm3BP7-2IxurlG0ZKCJeUKYpsoBrRNVVPN6jSCEyxTlFlFkNnpkakFumC&q={searchTerms}
  148. HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://v9.com/?type=hp&ts=1450675887&from=mych123&uid=st3500418as_9vmdw0byxxxx9vmdw0by&z=ff2f3f500e4aabd74543086g5z0wfedqdm8w0batcg
  149. SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
  150. SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449716162&z=54345151c7aa277865c8e44g0zbz5t3mdg9q4g8w6t&from=ient07021&uid=ST3500418AS_9VMDW0BYXXXX9VMDW0BY&q={searchTerms}
  151. SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450675887&from=zzgbkk123&uid=st3500418as_9vmdw0byxxxx9vmdw0by&z=ff2f3f500e4aabd74543086g5z0wfedqdm8w0batcg&q={searchTerms}
  152. SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3McXDvdSN6JAXeL5DbU_ODcLUTwSUWTaxZImUxxNdscwO55MTP5WPcno3sf4KNr4NX9YHKeoy8lA4LmWZ0I_QU78NbQivcj_YhZjm3BP7-2IxurlG0ZKCJeUKYpsoBrRNVVPN6jSCEyxTlFlFkNnpkakFumC&q={searchTerms}
  153. SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449716162&z=54345151c7aa277865c8e44g0zbz5t3mdg9q4g8w6t&from=ient07021&uid=ST3500418AS_9VMDW0BYXXXX9VMDW0BY&q={searchTerms}
  154. SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450675887&from=zzgbkk123&uid=st3500418as_9vmdw0byxxxx9vmdw0by&z=ff2f3f500e4aabd74543086g5z0wfedqdm8w0batcg&q={searchTerms}
  155. SearchScopes: HKU\S-1-5-21-1292048591-1437342970-2306004842-1000 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450675887&from=zzgbkk123&uid=st3500418as_9vmdw0byxxxx9vmdw0by&z=ff2f3f500e4aabd74543086g5z0wfedqdm8w0batcg&q={searchTerms}
  156. SearchScopes: HKU\S-1-5-21-1292048591-1437342970-2306004842-1000 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=M6E481ED3-311B-4EDD-8AB3-FB165B13D669&SearchSource=58&CUI=&UM=8&UP=SPB230D308-0707-42C8-8A60-8DA6B18C0CD7&D=020116&q={searchTerms}&SSPV=
  157. SearchScopes: HKU\S-1-5-21-1292048591-1437342970-2306004842-1000 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450675887&from=zzgbkk123&uid=st3500418as_9vmdw0byxxxx9vmdw0by&z=ff2f3f500e4aabd74543086g5z0wfedqdm8w0batcg&q={searchTerms}
  158. SearchScopes: HKU\S-1-5-21-1292048591-1437342970-2306004842-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_151102__yaie&p={searchTerms}
  159. SearchScopes: HKU\S-1-5-21-1292048591-1437342970-2306004842-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3McXDvdSN6JAXeL5DbU_ODcLUTwSUWTaxZImUxxNdscwO55MTP5WPcno3sf4KNr4NX9YHKeoy8lA4LmWZ0I_QU78NbQivcj_YhZjm3BP7-2IxurlG0ZKCJeUKYpsoBrRNVVPN6jSCEyxTlFlFkNnpkakFumC&q={searchTerms}
  160. BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-11-10] (Oracle Corporation)
  161. BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-10] (Oracle Corporation)
  162. BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-25] (Oracle Corporation)
  163. BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-25] (Oracle Corporation)
  164. Toolbar: HKU\S-1-5-21-1292048591-1437342970-2306004842-1000 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File
  165. Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
  166. Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
  167. Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
  168. Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
  169. StartMenuInternet: IEXPLORE.EXE - c:\program files (x86)\internet explorer\iexplore.exe hxxp://www.yoursites123.com/?type=sc&ts=1452234073&z=3408d1426191634786098a7gdz5w9o1o0c9zde7m2o&from=wpm01073&uid=ST3500418AS_9VMDW0BYXXXX9VMDW0BY
  170.  
  171. FireFox:
  172. ========
  173. FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6op4yo6f.default
  174. FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=M6E481ED3-311B-4EDD-8AB3-FB165B13D669&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=SPB230D308-0707-42C8-8A60-8DA6B18C0CD7&D=020116
  175. FF DefaultSearchEngine: yoursites123
  176. FF SelectedSearchEngine: Trovi
  177. FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=M6E481ED3-311B-4EDD-8AB3-FB165B13D669&SearchSource=55&CUI=&UM=8&UP=SPB230D308-0707-42C8-8A60-8DA6B18C0CD7&D=020116&SSPV=
  178. FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-10] (Oracle Corporation)
  179. FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-10] (Oracle Corporation)
  180. FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
  181. FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-25] (Oracle Corporation)
  182. FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-25] (Oracle Corporation)
  183. FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
  184. FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
  185. FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
  186. FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
  187. FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPSWF32.dll [2005-09-01] ()
  188. FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6op4yo6f.default\searchplugins\findit.xml [2015-11-17]
  189. FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6op4yo6f.default\searchplugins\trovi.xml [2016-02-02]
  190. FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6op4yo6f.default\searchplugins\v9-.xml [2016-01-02]
  191. FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6op4yo6f.default\searchplugins\yahoo-lavasoft.xml [2015-11-02]
  192. FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6op4yo6f.default\searchplugins\yoursites123.xml [2016-01-08]
  193. FF Extension: xRocket Toolbar - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6op4yo6f.default\Extensions\arthurj8283@gmail.com [2015-12-21] [not signed]
  194. FF Extension: Default NewTab - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6op4yo6f.default\Extensions\default_newtabff@gmail.com [2015-12-10] [not signed]
  195. FF Extension: YahooToolsProtected - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6op4yo6f.default\Extensions\yahooprotected@gmail.com [2015-12-10] [not signed]
  196. FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6op4yo6f.default\extensions\default_newtabff@gmail.com
  197. FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6op4yo6f.default\extensions\yahooprotected@gmail.com
  198. FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6op4yo6f.default\extensions\arthurj8283@gmail.com
  199.  
  200. Chrome:
  201. =======
  202. CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=M6E481ED3-311B-4EDD-8AB3-FB165B13D669&SearchSource=55&CUI=&UM=8&UP=SPB230D308-0707-42C8-8A60-8DA6B18C0CD7&D=020116&SSPV=
  203. CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=M6E481ED3-311B-4EDD-8AB3-FB165B13D669&SearchSource=55&CUI=&UM=8&UP=SPB230D308-0707-42C8-8A60-8DA6B18C0CD7&D=020116&SSPV="
  204. CHR DefaultSearchURL: Default -> hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=M6E481ED3-311B-4EDD-8AB3-FB165B13D669&SearchSource=58&CUI=&UM=8&UP=SPB230D308-0707-42C8-8A60-8DA6B18C0CD7&D=020116&q={searchTerms}&SSPV=
  205. CHR DefaultSearchKeyword: Default -> trovi.search
  206. CHR DefaultNewTabURL: Default -> hxxps://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=M6E481ED3-311B-4EDD-8AB3-FB165B13D669&SearchSource=69&CUI=&SSPV=&lay=5&p=cnts&UM=8&UP=SPB230D308-0707-42C8-8A60-8DA6B18C0CD7&SAT=CNTS&D=020116
  207. CHR DefaultSuggestURL: Default -> hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}&SSPV=
  208. CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
  209. CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-22]
  210. CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-22]
  211. CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-22]
  212. CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-22]
  213. CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-22]
  214. CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-22]
  215. CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-22]
  216. CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-22]
  217. CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-22]
  218. CHR Extension: (Extutil) - C:\Users\user\AppData\Local\Temp\D8ADFCCA-EE7E-442C-9999-C4D14FEF360B [2016-02-02]
  219. CHR Extension: (Managera) - C:\Users\user\AppData\Local\Temp\39fdaae5-8e0e-493c-88ec-e05c3be06e42 [2016-02-02]
  220.  
  221. Opera:
  222. =======
  223. OPR Extension: (Outrageous Deal) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\djmlpekfpipkpbipnanenhngngapmhal [2015-11-03]
  224. OPR Extension: (Monarch Find) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\jnnippojjelolbkfkaclaopllmbfoomp [2015-11-01]
  225.  
  226. ==================== Services (Whitelisted) ========================
  227.  
  228. (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  229.  
  230. R3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433688 2016-01-07] (BlueStack Systems, Inc.)
  231. R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413208 2016-01-07] (BlueStack Systems, Inc.)
  232. R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [859672 2016-01-07] (BlueStack Systems, Inc.)
  233. R2 BvSshServer; C:\Program Files\Bitvise SSH Server\BvSshServer.exe [9775512 2015-12-16] (Bitvise Limited)
  234. R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3246864 2016-01-14] (Client Connect LTD)
  235. R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1369432 2015-11-18] (Disc Soft Ltd)
  236. R2 MySQL57; C:\Program Files\MySQL\MySQL Server 5.7\bin\mysqld.exe [38587904 2015-10-12] () [File not signed]
  237. R2 Realtek87B; C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek) [File not signed]
  238. S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
  239. R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
  240. S2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12465344 2015-08-14] ()
  241. S3 wampapache; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [22016 2014-05-01] (Apache Software Foundation) [File not signed]
  242. S3 wampmysqld; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [10959360 2014-05-01] () [File not signed]
  243. R2 WdMan; C:\ProgramData\ZWdMZ\WdMan.exe [326656 2016-01-08] (TU-Funs LIMITED) [File not signed]
  244. S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
  245.  
  246. ===================== Drivers (Whitelisted) ==========================
  247.  
  248. (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  249.  
  250. S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2015-05-12] (LG Electronics Inc.)
  251. S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2015-05-12] (LG Electronics Inc.)
  252. S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [94208 2015-05-12] (LG Electronics Inc.)
  253. R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154680 2016-01-07] (BlueStack Systems)
  254. R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-11-25] (Disc Soft Ltd)
  255. R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47160 2015-11-25] (Disc Soft Ltd)
  256. S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
  257. R2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel Corporation)
  258. R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2015-10-30] (Riverbed Technology, Inc.)
  259. R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
  260. S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
  261. R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31936 2015-08-14] (VMware, Inc.)
  262. R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-08-04] (VMware, Inc.)
  263. R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
  264. R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
  265. S3 VGPU; System32\drivers\rdvgkmd.sys [X]
  266. U3 wampapache64; no ImagePath
  267.  
  268. ==================== NetSvcs (Whitelisted) ===================
  269.  
  270. (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
  271.  
  272.  
  273. ==================== One Month Created files and folders ========
  274.  
  275. (If an entry is included in the fixlist, the file/folder will be moved.)
  276.  
  277. 2016-02-11 18:08 - 2016-02-11 18:09 - 00030869 _____ C:\Users\user\Downloads\FRST.txt
  278. 2016-02-11 18:08 - 2016-02-11 18:08 - 00000000 ____D C:\FRST
  279. 2016-02-11 18:06 - 2016-02-11 18:07 - 02370560 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
  280. 2016-02-11 18:05 - 2016-02-11 18:05 - 01721344 _____ (Farbar) C:\Users\user\Downloads\FRST.exe
  281. 2016-02-11 17:07 - 2016-02-11 17:07 - 00000000 ____D C:\Users\user\Desktop\New folder (2)
  282. 2016-02-11 04:40 - 2016-02-11 04:40 - 00000000 _____ C:\Users\user\Desktop\JES TU da
  283. 2016-02-11 04:39 - 2016-02-11 04:39 - 00000000 _____ C:\Users\user\Desktop\SCSI HDD OD 15 000 OBRTAJA JE 120 DO 170MB READ WRITE AL SAMO 180GB XAAXXAAA bezi bre xd
  284. 2016-02-11 04:39 - 2016-02-11 04:39 - 00000000 _____ C:\Users\user\Desktop\ A TESTIRACU I SA 4 odakle ti 4
  285. 2016-02-11 03:08 - 2016-02-11 03:08 - 00000000 _____ C:\Users\user\Desktop\BRZI JE HDD videcemo
  286. 2016-02-11 01:33 - 2016-02-11 03:38 - 00000000 ____D C:\Users\user\Desktop\New folder
  287. 2016-02-10 19:26 - 2016-02-10 19:26 - 04947068 _____ C:\Users\user\Cd.rar
  288. 2016-02-10 18:50 - 2016-02-10 18:50 - 06554232 _____ (Tim Kosse) C:\Users\user\Downloads\FileZilla_3.15.0.1_win64-setup.exe
  289. 2016-02-10 04:48 - 2016-02-10 04:56 - 888491036 _____ C:\Users\user\Desktop\ds.avi
  290. 2016-02-10 00:18 - 2016-02-10 00:18 - 00001261 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mocha for After Effects CS5.lnk
  291. 2016-02-09 21:26 - 2016-02-09 21:26 - 00001194 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS5.lnk
  292. 2016-02-09 21:25 - 2016-02-09 21:26 - 00001173 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
  293. 2016-02-09 21:25 - 2016-02-09 21:25 - 00001509 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Pixel Bender Toolkit 2.lnk
  294. 2016-02-09 21:25 - 2016-02-09 21:25 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
  295. 2016-02-09 21:25 - 2016-02-09 21:25 - 00001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS5.lnk
  296. 2016-02-09 21:24 - 2016-02-09 21:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
  297. 2016-02-09 21:24 - 2016-02-09 21:24 - 00000000 ____D C:\Program Files (x86)\Adobe Media Player
  298. 2016-02-09 21:23 - 2016-02-09 21:23 - 00001523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
  299. 2016-02-09 21:23 - 2016-02-09 21:23 - 00001357 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.exe.lnk
  300. 2016-02-09 21:10 - 2016-02-09 21:15 - 1510225920 _____ C:\Users\user\Desktop\Adobe2015.iso
  301. 2016-02-09 21:10 - 2016-02-09 21:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UIF to ISO
  302. 2016-02-09 21:10 - 2016-02-09 21:10 - 00000000 ____D C:\Program Files (x86)\UIF to ISO
  303. 2016-02-09 21:09 - 2016-02-09 21:10 - 00576903 _____ (uiftoiso.com ) C:\Users\user\Downloads\uiftoiso_setup.exe
  304. 2016-02-09 21:09 - 2016-02-09 21:10 - 00576903 _____ (uiftoiso.com ) C:\Users\user\Downloads\uiftoiso_setup (1).exe
  305. 2016-02-09 20:57 - 2016-02-09 20:57 - 00047945 _____ C:\Users\user\Downloads\[kat.cr]adobe.after.effects.cs5.serial.key.torrent
  306. 2016-02-09 20:48 - 2016-02-10 19:23 - 00000000 ____D C:\Users\user\Desktop\Adobe After Effects CC 12.0
  307. 2016-02-09 20:47 - 2016-02-09 20:48 - 00027869 _____ C:\Users\user\Downloads\Adobe+After+Effects+CC+12.0+-+ZeusDownloads.torrent
  308. 2016-02-09 20:05 - 2016-02-09 20:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
  309. 2016-02-09 20:05 - 2016-02-09 20:05 - 00000000 ____D C:\Program Files (x86)\QuickTime
  310. 2016-02-09 20:04 - 2016-02-09 20:04 - 00000000 ____D C:\Users\user\AppData\LocalLow\Apple Computer
  311. 2016-02-09 20:03 - 2016-02-09 20:04 - 41896256 _____ (Apple Inc.) C:\Users\user\Downloads\QuickTimeInstaller.exe
  312. 2016-02-09 18:49 - 2016-02-09 19:22 - 1516766852 _____ C:\Users\user\Desktop\ns 5.rar
  313. 2016-02-08 02:07 - 2016-02-08 18:07 - 00000000 ____D C:\Users\user\Desktop\NewTemplate
  314. 2016-02-07 23:50 - 2016-02-07 23:51 - 13111735 _____ C:\Users\user\Downloads\Paradoxium (1).rar
  315. 2016-02-07 03:29 - 2016-02-07 03:29 - 09041655 _____ C:\Users\user\Desktop\Screen Glitch - Free Stock Footage video 3D.mp4
  316. 2016-02-07 02:36 - 2016-02-07 02:36 - 00503553 _____ C:\Users\user\Desktop\TemplateRar.rar
  317. 2016-02-07 01:46 - 2016-02-07 01:46 - 02992392 _____ C:\Users\user\Downloads\Free Template - Trap Nation Style.aep
  318. 2016-02-06 03:21 - 2016-02-06 03:21 - 00000000 ____D C:\Users\user\Downloads\Paradoxium
  319. 2016-02-06 03:15 - 2016-02-06 03:16 - 13111735 _____ C:\Users\user\Downloads\Paradoxium.rar
  320. 2016-02-06 01:18 - 2016-02-06 01:18 - 00000000 ____D C:\Users\user\Downloads\Spectrum Tenplate v5 [Paradoxium] By NoName
  321. 2016-02-06 01:16 - 2016-02-06 01:17 - 61995667 _____ C:\Users\user\Downloads\Spectrum Tenplate v5 [Paradoxium] By NoName.rar
  322. 2016-02-05 23:22 - 2016-02-06 01:18 - 01503406 _____ C:\Users\user\Desktop\ProjekaTt.aep
  323. 2016-02-05 23:08 - 2016-02-11 17:29 - 00000000 ____D C:\Users\user\Desktop\New folder (3)
  324. 2016-02-05 21:55 - 2016-02-05 21:55 - 04919682 _____ C:\Users\user\Downloads\audioreact.aep
  325. 2016-02-04 14:16 - 2016-02-09 15:52 - 00000000 ____D C:\Users\user\AppData\LocalLow\uTorrent
  326. 2016-02-04 14:16 - 2016-02-04 14:16 - 00000000 ___SD C:\Users\user\AppData\LocalLow\Temp
  327. 2016-02-04 01:47 - 2016-02-04 01:47 - 00010466 _____ C:\Users\user\Downloads\ash.zip
  328. 2016-02-04 01:45 - 2016-02-04 01:45 - 33754166 _____ C:\Users\user\Downloads\e45a14609fee03ba3936758f7255ebfb-d5loko3.zip
  329. 2016-02-04 01:45 - 2016-02-04 01:45 - 00000000 ____D C:\Users\user\Downloads\e45a14609fee03ba3936758f7255ebfb-d5loko3
  330. 2016-02-04 01:34 - 2016-02-04 01:34 - 01379427 _____ C:\Users\user\Downloads\roboto.zip
  331. 2016-02-04 01:33 - 2016-02-04 01:33 - 00000000 ____D C:\Users\user\Downloads\Wall-Poster-Text-Effect-PIXEDEN
  332. 2016-02-04 01:17 - 2016-02-04 01:17 - 00067827 _____ C:\Users\user\Downloads\thirsty_script.zip
  333. 2016-02-04 01:04 - 2016-02-04 01:04 - 07624284 _____ C:\Users\user\Downloads\Wall-Poster-Text-Effect-PIXEDEN.zip
  334. 2016-02-04 00:47 - 2016-02-04 00:47 - 19480023 _____ C:\Users\user\Downloads\Retro-Text-Effect-2.zip
  335. 2016-02-04 00:47 - 2016-02-04 00:47 - 00000000 ____D C:\Users\user\Downloads\Retro-Text-Effect-2
  336. 2016-02-04 00:25 - 2016-02-04 00:25 - 00000000 ____D C:\Users\user\Downloads\Lightbox-Text-Effect
  337. 2016-02-04 00:24 - 2016-02-04 00:24 - 05791045 _____ C:\Users\user\Downloads\Lightbox-Text-Effect.zip
  338. 2016-02-03 23:33 - 2016-02-05 18:35 - 00000000 ____D C:\Users\user\Desktop\Pesme
  339. 2016-02-03 21:46 - 2016-02-03 21:46 - 00000500 _____ C:\Users\user\Downloads\trapecode particular 2 serial number.txt
  340. 2016-02-02 01:43 - 2016-02-02 01:43 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fox Interactive
  341. 2016-02-02 01:43 - 2016-02-02 01:43 - 00000000 ____D C:\Program Files\Fox
  342. 2016-02-02 01:40 - 2016-02-02 01:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyToISO
  343. 2016-02-02 01:40 - 2016-02-02 01:40 - 00000000 ____D C:\Program Files (x86)\AnyToISO
  344. 2016-02-02 01:38 - 2016-02-02 01:39 - 07136360 _____ (CrystalIdea Software ) C:\Users\user\Downloads\anytoiso_setup.exe
  345. 2016-02-02 01:27 - 2016-02-02 01:27 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
  346. 2016-02-02 01:26 - 2016-02-02 01:45 - 00001852 _____ C:\Users\Gurtna011\Desktop\No One Lives Forever - Game of the Year Edition.lnk
  347. 2016-02-02 01:26 - 2016-02-02 01:45 - 00001852 _____ C:\Users\BvSsh_VirtualUsers\Desktop\No One Lives Forever - Game of the Year Edition.lnk
  348. 2016-02-02 01:22 - 2016-02-02 01:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fox Interactive
  349. 2016-02-02 01:21 - 2016-02-02 01:21 - 00003456 _____ C:\Windows\System32\Tasks\bvxvbxxvaa
  350. 2016-02-02 01:20 - 2016-02-02 10:07 - 00000000 ____D C:\Users\user\AppData\Local\bvxvbxxvaa
  351. 2016-02-02 01:20 - 2016-02-02 01:21 - 00000000 ____D C:\Users\user\AppData\Local\SearchProtect
  352. 2016-02-02 01:20 - 2016-02-02 01:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
  353. 2016-02-02 01:20 - 2016-02-02 01:20 - 00000000 ____D C:\Program Files (x86)\SearchProtect
  354. 2016-02-02 01:20 - 2014-10-08 14:13 - 00127760 _____ (Power Software Ltd) C:\Windows\system32\Drivers\scdemu.sys
  355. 2016-02-02 01:19 - 2016-02-02 01:20 - 00000000 ____D C:\Program Files\PowerISO
  356. 2016-01-31 16:18 - 2016-01-31 16:19 - 51696862 _____ C:\Users\user\Downloads\TestPrimeri.zip
  357. 2016-01-30 20:38 - 2016-01-30 20:38 - 00413658 _____ C:\Users\user\Downloads\Rise.of.the.Tomb.Raider.Steam.Family.Sharing.Crack.And.Legit.DLC.Unlocker-REVOLT.rar
  358. 2016-01-30 20:23 - 2016-01-30 20:23 - 00040436 _____ C:\Users\user\Downloads\Rise.of.the.Tomb.Raider-FULL.UNLOCKED.torrent
  359. 2016-01-27 19:14 - 2016-02-03 05:50 - 00000000 ____D C:\Users\user\Downloads\Adobe After Effects Auto-Save
  360. 2016-01-27 18:46 - 2016-01-28 02:04 - 03113449 _____ C:\Users\user\Downloads\template.aep
  361. 2016-01-27 18:46 - 2016-01-27 18:46 - 09470318 _____ C:\Users\user\Downloads\Free audio spectrum template by BassTubeHD.rar
  362. 2016-01-26 18:16 - 2016-01-26 18:16 - 00000034 _____ C:\Users\user\Documents\Untitled.MP4.sfl
  363. 2016-01-26 17:46 - 2016-01-26 17:46 - 00000000 ____D C:\Users\user\AppData\Roaming\Publish Providers
  364. 2016-01-25 17:41 - 2016-01-29 23:12 - 00000000 ____D C:\Users\user\Documents\Virtual Machines
  365. 2016-01-23 04:07 - 2016-01-23 04:07 - 00655360 _____ C:\Users\user\How Many YouTube Subscribers to Get a Custom URL_.pdf
  366. 2016-01-23 03:02 - 2016-01-23 03:02 - 00000000 ____D C:\Users\user\AppData\Roaming\PDAppFlex
  367. 2016-01-23 02:50 - 2016-01-23 02:50 - 00001222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC 2014.lnk
  368. 2016-01-23 02:47 - 2016-01-23 02:47 - 00001534 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
  369. 2016-01-23 00:46 - 2016-01-23 00:46 - 00000000 ____D C:\Users\user\Documents\Rainmeter
  370. 2016-01-22 23:38 - 2016-01-23 02:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GenArts Sapphire AE
  371. 2016-01-22 23:38 - 2016-01-22 23:38 - 00000000 ____D C:\Program Files\GenArts
  372. 2016-01-22 23:37 - 2016-01-22 23:39 - 00000000 ____D C:\ProgramData\Reprise
  373. 2016-01-22 23:24 - 2016-01-22 23:46 - 00000000 ____D C:\ProgramData\GenArts
  374. 2016-01-22 23:24 - 2016-01-22 23:36 - 00000000 ____D C:\Program Files (x86)\GenArts
  375. 2016-01-22 23:24 - 2016-01-22 23:24 - 00000098 _____ C:\Windows\MSUTIL.INI
  376. 2016-01-22 23:19 - 2016-01-22 23:19 - 00000000 ____D C:\Users\user\AppData\Roaming\PACE Anti-Piracy
  377. 2016-01-22 23:19 - 2016-01-22 23:19 - 00000000 ____D C:\Users\user\AppData\Local\PACE Anti-Piracy
  378. 2016-01-22 23:19 - 2016-01-22 23:19 - 00000000 ____D C:\ProgramData\PACE Anti-Piracy
  379. 2016-01-22 23:15 - 2016-01-22 23:15 - 00001194 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS6.lnk
  380. 2016-01-22 23:13 - 2016-01-22 23:13 - 00001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS6.lnk
  381. 2016-01-21 02:29 - 2016-01-21 02:29 - 00000000 _____ C:\Users\user\IMAMO PROBLEM
  382. 2016-01-20 07:46 - 2016-02-10 01:46 - 19613888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
  383. 2016-01-20 04:28 - 2016-01-25 18:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
  384. 2016-01-20 04:14 - 2016-01-20 04:14 - 00000000 ____D C:\Users\user\AppData\Roaming\RealHideIP
  385. 2016-01-20 04:14 - 2016-01-20 04:14 - 00000000 ____D C:\ProgramData\RealHideIP
  386. 2016-01-20 04:13 - 2016-01-20 04:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Hide IP
  387. 2016-01-20 04:13 - 2016-01-20 04:13 - 00000000 ____D C:\Program Files (x86)\RealHideIP
  388. 2016-01-20 03:42 - 2016-01-20 03:42 - 00001701 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\BlueStacks.lnk
  389. 2016-01-20 03:42 - 2016-01-20 03:42 - 00000000 ____D C:\ProgramData\BlueStacksGameManager
  390. 2016-01-20 03:41 - 2016-02-11 14:20 - 00000000 ____D C:\ProgramData\BlueStacksSetup
  391. 2016-01-20 03:41 - 2016-01-20 03:42 - 00000000 ____D C:\Program Files (x86)\BlueStacks
  392. 2016-01-20 03:41 - 2016-01-20 03:41 - 00000000 ____D C:\Users\user\AppData\Local\Bluestacks
  393. 2016-01-20 03:41 - 2016-01-20 03:41 - 00000000 ____D C:\ProgramData\BlueStacks
  394. 2016-01-19 23:44 - 2016-01-23 21:12 - 00000000 ____D C:\Users\user\Documents\Adobe
  395. 2016-01-19 20:39 - 2016-01-19 21:14 - 00000000 ____D C:\Users\user\AppData\Roaming\Winamp
  396. 2016-01-19 20:39 - 2016-01-19 20:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
  397. 2016-01-19 20:39 - 2016-01-19 20:39 - 00000000 ____D C:\Program Files (x86)\Winamp
  398. 2016-01-19 00:48 - 2016-01-19 00:48 - 00000000 ____D C:\Users\user\AppData\Roaming\MAXON
  399. 2016-01-19 00:48 - 2016-01-19 00:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAXON
  400. 2016-01-19 00:30 - 2016-01-19 00:30 - 00000000 ____D C:\Program Files\MAXON
  401. 2016-01-14 00:38 - 2016-01-14 00:38 - 00001211 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
  402. 2016-01-14 00:38 - 2016-01-14 00:38 - 00001075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
  403.  
  404. ==================== One Month Modified files and folders ========
  405.  
  406. (If an entry is included in the fixlist, the file/folder will be moved.)
  407.  
  408. 2016-02-11 18:08 - 2015-11-03 17:12 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
  409. 2016-02-11 18:02 - 2015-11-20 19:36 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
  410. 2016-02-11 17:46 - 2015-11-09 00:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
  411. 2016-02-11 17:12 - 2015-12-22 13:59 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
  412. 2016-02-11 13:48 - 2015-10-31 13:48 - 00002426 _____ C:\Windows\Tasks\06947da4-c300-4fc0-9ccc-4d861fbfb68d-5_user.job
  413. 2016-02-11 13:48 - 2015-10-31 13:47 - 00002426 _____ C:\Windows\Tasks\06947da4-c300-4fc0-9ccc-4d861fbfb68d-5.job
  414. 2016-02-11 13:47 - 2015-10-31 13:47 - 00002444 _____ C:\Windows\Tasks\08d47c20-5df0-42b6-a3b0-f77cb968d1a2-5_user.job
  415. 2016-02-11 13:47 - 2015-10-31 13:47 - 00002444 _____ C:\Windows\Tasks\08d47c20-5df0-42b6-a3b0-f77cb968d1a2-5.job
  416. 2016-02-11 12:12 - 2015-12-22 13:59 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
  417. 2016-02-10 20:16 - 2015-12-22 13:59 - 00002506 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
  418. 2016-02-10 20:16 - 2015-12-22 13:59 - 00002477 _____ C:\Users\Public\Desktop\Google Chrome.lnk
  419. 2016-02-10 19:59 - 2015-11-03 18:49 - 00000000 ____D C:\Users\user\AppData\Roaming\FileZilla
  420. 2016-02-10 18:53 - 2015-11-17 19:43 - 00000600 _____ C:\Users\user\AppData\Local\PUTTY.RND
  421. 2016-02-10 15:31 - 2016-01-06 00:41 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
  422. 2016-02-10 01:46 - 2015-11-09 00:18 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
  423. 2016-02-10 01:46 - 2015-11-09 00:18 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
  424. 2016-02-10 01:46 - 2015-11-09 00:18 - 00003882 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
  425. 2016-02-10 01:46 - 2015-11-09 00:18 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
  426. 2016-02-10 01:46 - 2015-11-09 00:18 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
  427. 2016-02-10 00:20 - 2015-11-04 13:35 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
  428. 2016-02-10 00:17 - 2015-11-20 19:48 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
  429. 2016-02-09 21:25 - 2016-01-09 19:33 - 00000000 ____D C:\Program Files (x86)\Adobe
  430. 2016-02-09 21:25 - 2015-11-20 19:41 - 00000000 ____D C:\Program Files\Common Files\Adobe
  431. 2016-02-09 21:24 - 2015-11-20 19:41 - 00000000 ____D C:\Program Files\Adobe
  432. 2016-02-09 21:23 - 2015-11-20 19:37 - 00000000 ____D C:\ProgramData\Adobe
  433. 2016-02-09 21:23 - 2015-11-10 14:08 - 00000000 ____D C:\Users\user\AppData\Roaming\Adobe
  434. 2016-02-08 19:14 - 2016-01-09 02:52 - 00001456 _____ C:\Users\user\AppData\Local\Adobe Save for Web 13.0 Prefs
  435. 2016-02-04 19:35 - 2015-10-25 19:31 - 00003844 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1445797890
  436. 2016-02-04 19:35 - 2015-10-25 19:30 - 00000000 ____D C:\Program Files (x86)\Opera
  437. 2016-02-04 02:03 - 2015-10-25 19:13 - 00059848 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
  438. 2016-02-02 12:07 - 2015-12-22 13:59 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
  439. 2016-02-02 12:07 - 2015-12-22 13:59 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
  440. 2016-02-02 01:46 - 2015-10-25 18:59 - 00000000 ____D C:\Users\user\AppData\Local\VirtualStore
  441. 2016-02-02 01:43 - 2015-10-25 19:11 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
  442. 2016-02-01 03:12 - 2015-10-29 01:47 - 00000000 ____D C:\Users\user\AppData\Roaming\VMware
  443. 2016-02-01 03:12 - 2015-10-29 01:47 - 00000000 ____D C:\Users\user\AppData\Local\VMware
  444. 2016-02-01 02:18 - 2015-10-29 01:44 - 00000000 ____D C:\ProgramData\VMware
  445. 2016-01-29 21:33 - 2009-07-14 06:13 - 00786378 _____ C:\Windows\system32\PerfStringBackup.INI
  446. 2016-01-29 21:33 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
  447. 2016-01-27 14:21 - 2009-07-14 05:45 - 00028976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
  448. 2016-01-27 14:21 - 2009-07-14 05:45 - 00028976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
  449. 2016-01-27 14:12 - 2015-11-19 02:19 - 00000091 _____ C:\HaxLogs.txt
  450. 2016-01-27 14:12 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
  451. 2016-01-26 17:56 - 2016-01-05 23:07 - 00000000 ____D C:\Users\user\AppData\Roaming\Sony
  452. 2016-01-26 17:46 - 2016-01-05 23:09 - 00000000 ____D C:\Users\user\AppData\Local\Sony
  453. 2016-01-25 18:23 - 2009-07-14 05:45 - 04963392 _____ C:\Windows\system32\FNTCACHE.DAT
  454. 2016-01-25 18:20 - 2015-11-01 13:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
  455. 2016-01-23 02:48 - 2015-11-11 13:45 - 00000000 ____D C:\ProgramData\Package Cache
  456. 2016-01-22 23:14 - 2016-01-09 19:35 - 00001037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
  457. 2016-01-22 23:13 - 2016-01-09 19:34 - 00001523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
  458. 2016-01-20 03:42 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries
  459. 2016-01-18 01:34 - 2015-10-25 19:30 - 00000000 ____D C:\Users\user\AppData\Roaming\Raptr
  460. 2016-01-18 01:34 - 2015-10-25 19:30 - 00000000 ____D C:\Program Files (x86)\Raptr
  461. 2016-01-16 17:23 - 2015-11-03 21:40 - 00000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
  462. 2016-01-15 04:09 - 2015-11-18 01:31 - 09827328 ___SH C:\Users\user\Thumbs.db
  463.  
  464. ==================== Files in the root of some directories =======
  465.  
  466. 2015-11-11 16:59 - 2009-10-23 23:00 - 5811712 _____ (reFX) C:\Program Files (x86)\Nexus.dll
  467. 2016-01-30 00:15 - 2016-01-30 00:14 - 3695535 _____ () C:\Program Files\Common Files\20160129_180921.jpg
  468. 2016-01-09 02:52 - 2016-01-09 02:52 - 0000132 _____ () C:\Users\user\AppData\Roaming\Adobe PNG Format CC Prefs
  469. 2015-12-22 01:16 - 2015-12-22 01:16 - 0002048 _____ () C:\Users\user\AppData\Roaming\chrome.exe
  470. 2015-11-14 12:39 - 2015-11-14 12:39 - 0000600 _____ () C:\Users\user\AppData\Roaming\winscp.rnd
  471. 2016-01-09 02:52 - 2016-02-08 19:14 - 0001456 _____ () C:\Users\user\AppData\Local\Adobe Save for Web 13.0 Prefs
  472. 2016-01-05 22:47 - 2016-01-05 22:48 - 0004608 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
  473. 2015-11-05 22:42 - 2015-11-05 23:06 - 1065984 _____ () C:\Users\user\AppData\Local\file__0.localstorage
  474. 2015-10-31 13:48 - 2015-10-31 13:48 - 0000187 _____ () C:\Users\user\AppData\Local\opeline.exe.config
  475. 2015-11-17 19:43 - 2016-02-10 18:53 - 0000600 _____ () C:\Users\user\AppData\Local\PUTTY.RND
  476. 2016-01-05 20:37 - 2016-01-05 20:37 - 0000016 _____ () C:\ProgramData\mntemp
  477. 2016-01-05 20:37 - 2016-01-05 20:37 - 0004133 _____ () C:\ProgramData\rxsmznjf.zcp
  478. 2015-10-31 13:48 - 2016-01-08 07:20 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
  479.  
  480. Files to move or delete:
  481. ====================
  482. C:\Users\user\AppData\Local\Temp\svchost.exe
  483. C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
  484. C:\Users\user\dblue_TapeStop (Mixer).dll
  485.  
  486.  
  487. Some files in TEMP:
  488. ====================
  489. C:\Users\user\AppData\Local\Temp\bitool.dll
  490. C:\Users\user\AppData\Local\Temp\Crack Setup__11652_i1841842341_il6.exe
  491. C:\Users\user\AppData\Local\Temp\cres.dll
  492. C:\Users\user\AppData\Local\Temp\cshell.dll
  493. C:\Users\user\AppData\Local\Temp\ICReinstall_KeygenBitvise55HS3rv.exe
  494. C:\Users\user\AppData\Local\Temp\nGyN5z8T4Esc4ZoDj2nsN4DyL8i4biervHd.exe
  495. C:\Users\user\AppData\Local\Temp\OZlfHXt8eXLw3EDGtluUjjB3FzUldKyBQx1.exe
  496. C:\Users\user\AppData\Local\Temp\R2RTOOL.dll
  497. C:\Users\user\AppData\Local\Temp\sfamcc00001.dll
  498. C:\Users\user\AppData\Local\Temp\sfextra.dll
  499. C:\Users\user\AppData\Local\Temp\sp-downloader.exe
  500. C:\Users\user\AppData\Local\Temp\sres.dll
  501. C:\Users\user\AppData\Local\Temp\svchost.exe
  502.  
  503.  
  504. ==================== Bamital & volsnap =================
  505.  
  506. (There is no automatic fix for files that do not pass verification.)
  507.  
  508. C:\Windows\system32\winlogon.exe => File is digitally signed
  509. C:\Windows\system32\wininit.exe => File is digitally signed
  510. C:\Windows\SysWOW64\wininit.exe => File is digitally signed
  511. C:\Windows\explorer.exe => File is digitally signed
  512. C:\Windows\SysWOW64\explorer.exe => File is digitally signed
  513. C:\Windows\system32\svchost.exe => File is digitally signed
  514. C:\Windows\SysWOW64\svchost.exe => File is digitally signed
  515. C:\Windows\system32\services.exe => File is digitally signed
  516. C:\Windows\system32\User32.dll => File is digitally signed
  517. C:\Windows\SysWOW64\User32.dll => File is digitally signed
  518. C:\Windows\system32\userinit.exe => File is digitally signed
  519. C:\Windows\SysWOW64\userinit.exe => File is digitally signed
  520. C:\Windows\system32\rpcss.dll => File is digitally signed
  521. C:\Windows\system32\dnsapi.dll => File is digitally signed
  522. C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
  523. C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
  524.  
  525.  
  526. LastRegBack: 2016-02-08 05:23
  527.  
  528. ==================== End of FRST.txt ============================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!