Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
- Ran by user (administrator) on USER-PC (11-02-2016 18:08:57)
- Running from C:\Users\user\Downloads
- Loaded Profiles: user (Available Profiles: user & BvSsh_VirtualUsers & Gurtna011)
- Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
- Internet Explorer Version 8 (Default browser: Chrome)
- Boot Mode: Normal
- Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
- ==================== Processes (Whitelisted) =================
- (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
- (AMD) C:\Windows\System32\atiesrxx.exe
- (AMD) C:\Windows\System32\atieclxx.exe
- (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
- (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
- (H.D.S. Hungary) C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
- (Bitvise Limited) C:\Program Files\Bitvise SSH Server\BssCtrl.exe
- (Bitvise Limited) C:\Program Files\Bitvise SSH Server\BvSshServer.exe
- () C:\Program Files\MySQL\MySQL Server 5.7\bin\mysqld.exe
- (Realtek) C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe
- (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
- (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
- (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
- (Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe
- (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
- (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
- (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
- (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
- (TU-Funs LIMITED) C:\ProgramData\ZWdMZ\WdMan.exe
- (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
- (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
- (Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
- (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
- (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
- (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
- (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
- (BitTorrent Inc.) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
- (Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
- (Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
- (Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
- (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
- (BitTorrent Inc.) C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.5_41712\utorrentie.exe
- (BitTorrent Inc.) C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.5_41712\utorrentie.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Bitvise Limited) C:\Program Files\Bitvise SSH Server\SftpServer.exe
- (Microsoft Corporation) C:\Windows\System32\dllhost.exe
- (Adobe Systems, Incorporated) C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
- (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Bitvise Limited) C:\Program Files\Bitvise SSH Server\SftpServer.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Bitvise Limited) C:\Program Files\Bitvise SSH Server\SftpServer.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- ==================== Registry (Whitelisted) ===========================
- (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
- HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
- HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
- HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
- HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
- HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104128 2015-08-14] (VMware, Inc.)
- HKLM-x32\...\Run: [Bitvise SSH Server Activation State Checker] => C:\Program Files\Bitvise SSH Server\BssActStateCheck.exe [256360 2015-12-16] (Bitvise Limited)
- HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
- HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
- HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [888344 2016-01-07] (BlueStack Systems, Inc.)
- HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2014-10-08] (Power Software Ltd)
- HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
- HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
- HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\...\Run: [uTorrent] => C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe [2065944 2016-02-04] (BitTorrent Inc.)
- HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\...\Run: [MySQL Notifier] => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySqlNotifier.exe [773120 2014-09-03] (Oracle Corporation)
- HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4179288 2015-11-18] (Disc Soft Ltd)
- HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\...\Run: [PC Remote Server] => C:\Program Files (x86)\PC Remote\PC Remote\PCRemote.exe [1190648 2014-10-12] (PC Remote)
- HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\...\Run: [302a3f59a0bda767f51d068b3f4568a5] => C:\Users\user\AppData\Local\Temp\svchost.exe [135168 2016-01-26] (Evil Company) <===== ATTENTION
- HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\...\Run: [AdobeBridge] => [X]
- HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [748872 2016-02-03] (Google Inc.)
- HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\...\Policies\system: [LogonHoursAction] 2
- HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
- HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\...\MountPoints2: {256d7995-9e7c-11e5-815c-005056c00008} - F:\autorun.exe
- HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\...\MountPoints2: {256d7998-9e7c-11e5-815c-005056c00008} - G:\MAXON-Start.exe
- HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\...\MountPoints2: {400daf09-7f0e-11e5-809e-005056c00008} - E:\LG_PC_Programs.exe
- AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [249104 2016-01-14] (Client Connect LTD)
- AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [221456 2016-01-14] (Client Connect LTD)
- Lsa: [Authentication Packages] msv1_0 BvLsa
- ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\ShellTools.dll [2015-10-31] (SmartSoft Ltd.)
- Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\302a3f59a0bda767f51d068b3f4568a5.exe [2016-01-25] (Evil Company)
- Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2015-10-25]
- ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
- GroupPolicy: Restriction - Chrome <======= ATTENTION
- GroupPolicyUsers\S-1-5-21-1292048591-1437342970-2306004842-1005\User: Restriction <======= ATTENTION
- CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
- ==================== Internet (Whitelisted) ====================
- (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
- Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-11-02] (Lavasoft Limited)
- Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-11-02] (Lavasoft Limited)
- Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-11-02] (Lavasoft Limited)
- Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-11-02] (Lavasoft Limited)
- Winsock: Catalog9 17 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-11-02] (Lavasoft Limited)
- Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-11-02] (Lavasoft Limited)
- Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-11-02] (Lavasoft Limited)
- Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-11-02] (Lavasoft Limited)
- Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-11-02] (Lavasoft Limited)
- Winsock: Catalog9-x64 17 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-11-02] (Lavasoft Limited)
- Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
- Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
- Tcpip\..\Interfaces\{11A8C55E-1143-4F8A-9495-30A2DC9A5A5A}: [DhcpNameServer] 192.168.1.1
- Tcpip\..\Interfaces\{871C191C-3908-4D13-860C-DB4923753A46}: [DhcpNameServer] 192.168.0.1
- Internet Explorer:
- ==================
- HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://v9.com/?type=hp&ts=1450675887&from=mych123&uid=st3500418as_9vmdw0byxxxx9vmdw0by&z=ff2f3f500e4aabd74543086g5z0wfedqdm8w0batcg
- HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://v9.com/?type=hp&ts=1450675887&from=mych123&uid=st3500418as_9vmdw0byxxxx9vmdw0by&z=ff2f3f500e4aabd74543086g5z0wfedqdm8w0batcg
- HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449716162&z=54345151c7aa277865c8e44g0zbz5t3mdg9q4g8w6t&from=ient07021&uid=ST3500418AS_9VMDW0BYXXXX9VMDW0BY&q={searchTerms}
- HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449716162&z=54345151c7aa277865c8e44g0zbz5t3mdg9q4g8w6t&from=ient07021&uid=ST3500418AS_9VMDW0BYXXXX9VMDW0BY&q={searchTerms}
- HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://v9.com/?type=hp&ts=1450675887&from=mych123&uid=st3500418as_9vmdw0byxxxx9vmdw0by&z=ff2f3f500e4aabd74543086g5z0wfedqdm8w0batcg
- HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://v9.com/?type=hp&ts=1450675887&from=mych123&uid=st3500418as_9vmdw0byxxxx9vmdw0by&z=ff2f3f500e4aabd74543086g5z0wfedqdm8w0batcg
- HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449716162&z=54345151c7aa277865c8e44g0zbz5t3mdg9q4g8w6t&from=ient07021&uid=ST3500418AS_9VMDW0BYXXXX9VMDW0BY&q={searchTerms}
- HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449716162&z=54345151c7aa277865c8e44g0zbz5t3mdg9q4g8w6t&from=ient07021&uid=ST3500418AS_9VMDW0BYXXXX9VMDW0BY&q={searchTerms}
- HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://v9.com/?type=hp&ts=1450675887&from=mych123&uid=st3500418as_9vmdw0byxxxx9vmdw0by&z=ff2f3f500e4aabd74543086g5z0wfedqdm8w0batcg
- HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://v9.com/?type=hp&ts=1450675887&from=mych123&uid=st3500418as_9vmdw0byxxxx9vmdw0by&z=ff2f3f500e4aabd74543086g5z0wfedqdm8w0batcg
- HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://v9.com/?type=hp&ts=1450675887&from=mych123&uid=st3500418as_9vmdw0byxxxx9vmdw0by&z=ff2f3f500e4aabd74543086g5z0wfedqdm8w0batcg
- HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://v9.com/?type=hp&ts=1450675887&from=mych123&uid=st3500418as_9vmdw0byxxxx9vmdw0by&z=ff2f3f500e4aabd74543086g5z0wfedqdm8w0batcg
- HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3McXDvdSN6JAXeL5DbU_ODcLUTwSUWTaxZImUxxNdscwO55MTP5WPcno3sf4KNr4NX9YHKeoy8lA4LmWZ0I_QU78NbQivcj_YhZjm3BP7-2IxurlG0ZKCJeUKYpsoBrRNVVPN6jSCEyxTlFlFkNnpkakFumC&q={searchTerms}
- HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=M6E481ED3-311B-4EDD-8AB3-FB165B13D669&SearchSource=55&CUI=&UM=8&UP=SPB230D308-0707-42C8-8A60-8DA6B18C0CD7&D=020116&SSPV=
- HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3McXDvdSN6JAXeL5DbU_ODcLUTwSUWTaxZImUxxNdscwO55MTP5WPcno3sf4KNr4NX9YHKeoy8lA4LmWZ0I_QU78NbQivcj_YhZjm3BP7-2IxurlG0ZKCJeUKYpsoBrRNVVPN6jSCEyxTlFlFkNnpkakFumC&q={searchTerms}
- HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3McXDvdSN6JAXeL5DbU_ODcLUTwSUWTaxZImUxxNdscwO55MTP5WPcno3sf4KNr4NX9YHKeoy8lA4LmWZ0I_QU78NbQivcj_YhZjm3BP7-2IxurlG0ZKCJeUKYpsoBrRNVVPN6jSCEyxTlFlFkNnpkakFumC&q={searchTerms}
- HKU\S-1-5-21-1292048591-1437342970-2306004842-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://v9.com/?type=hp&ts=1450675887&from=mych123&uid=st3500418as_9vmdw0byxxxx9vmdw0by&z=ff2f3f500e4aabd74543086g5z0wfedqdm8w0batcg
- SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
- SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449716162&z=54345151c7aa277865c8e44g0zbz5t3mdg9q4g8w6t&from=ient07021&uid=ST3500418AS_9VMDW0BYXXXX9VMDW0BY&q={searchTerms}
- SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450675887&from=zzgbkk123&uid=st3500418as_9vmdw0byxxxx9vmdw0by&z=ff2f3f500e4aabd74543086g5z0wfedqdm8w0batcg&q={searchTerms}
- SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3McXDvdSN6JAXeL5DbU_ODcLUTwSUWTaxZImUxxNdscwO55MTP5WPcno3sf4KNr4NX9YHKeoy8lA4LmWZ0I_QU78NbQivcj_YhZjm3BP7-2IxurlG0ZKCJeUKYpsoBrRNVVPN6jSCEyxTlFlFkNnpkakFumC&q={searchTerms}
- SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449716162&z=54345151c7aa277865c8e44g0zbz5t3mdg9q4g8w6t&from=ient07021&uid=ST3500418AS_9VMDW0BYXXXX9VMDW0BY&q={searchTerms}
- SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450675887&from=zzgbkk123&uid=st3500418as_9vmdw0byxxxx9vmdw0by&z=ff2f3f500e4aabd74543086g5z0wfedqdm8w0batcg&q={searchTerms}
- SearchScopes: HKU\S-1-5-21-1292048591-1437342970-2306004842-1000 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450675887&from=zzgbkk123&uid=st3500418as_9vmdw0byxxxx9vmdw0by&z=ff2f3f500e4aabd74543086g5z0wfedqdm8w0batcg&q={searchTerms}
- SearchScopes: HKU\S-1-5-21-1292048591-1437342970-2306004842-1000 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=M6E481ED3-311B-4EDD-8AB3-FB165B13D669&SearchSource=58&CUI=&UM=8&UP=SPB230D308-0707-42C8-8A60-8DA6B18C0CD7&D=020116&q={searchTerms}&SSPV=
- SearchScopes: HKU\S-1-5-21-1292048591-1437342970-2306004842-1000 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450675887&from=zzgbkk123&uid=st3500418as_9vmdw0byxxxx9vmdw0by&z=ff2f3f500e4aabd74543086g5z0wfedqdm8w0batcg&q={searchTerms}
- SearchScopes: HKU\S-1-5-21-1292048591-1437342970-2306004842-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_151102__yaie&p={searchTerms}
- SearchScopes: HKU\S-1-5-21-1292048591-1437342970-2306004842-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3McXDvdSN6JAXeL5DbU_ODcLUTwSUWTaxZImUxxNdscwO55MTP5WPcno3sf4KNr4NX9YHKeoy8lA4LmWZ0I_QU78NbQivcj_YhZjm3BP7-2IxurlG0ZKCJeUKYpsoBrRNVVPN6jSCEyxTlFlFkNnpkakFumC&q={searchTerms}
- BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-11-10] (Oracle Corporation)
- BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-10] (Oracle Corporation)
- BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-25] (Oracle Corporation)
- BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-25] (Oracle Corporation)
- Toolbar: HKU\S-1-5-21-1292048591-1437342970-2306004842-1000 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File
- Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
- Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
- Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
- Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
- StartMenuInternet: IEXPLORE.EXE - c:\program files (x86)\internet explorer\iexplore.exe hxxp://www.yoursites123.com/?type=sc&ts=1452234073&z=3408d1426191634786098a7gdz5w9o1o0c9zde7m2o&from=wpm01073&uid=ST3500418AS_9VMDW0BYXXXX9VMDW0BY
- FireFox:
- ========
- FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6op4yo6f.default
- FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=M6E481ED3-311B-4EDD-8AB3-FB165B13D669&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=SPB230D308-0707-42C8-8A60-8DA6B18C0CD7&D=020116
- FF DefaultSearchEngine: yoursites123
- FF SelectedSearchEngine: Trovi
- FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=M6E481ED3-311B-4EDD-8AB3-FB165B13D669&SearchSource=55&CUI=&UM=8&UP=SPB230D308-0707-42C8-8A60-8DA6B18C0CD7&D=020116&SSPV=
- FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-10] (Oracle Corporation)
- FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-10] (Oracle Corporation)
- FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
- FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-25] (Oracle Corporation)
- FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-25] (Oracle Corporation)
- FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
- FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
- FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
- FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
- FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPSWF32.dll [2005-09-01] ()
- FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6op4yo6f.default\searchplugins\findit.xml [2015-11-17]
- FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6op4yo6f.default\searchplugins\trovi.xml [2016-02-02]
- FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6op4yo6f.default\searchplugins\v9-.xml [2016-01-02]
- FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6op4yo6f.default\searchplugins\yahoo-lavasoft.xml [2015-11-02]
- FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6op4yo6f.default\searchplugins\yoursites123.xml [2016-01-08]
- FF Extension: xRocket Toolbar - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6op4yo6f.default\Extensions\arthurj8283@gmail.com [2015-12-21] [not signed]
- FF Extension: Default NewTab - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6op4yo6f.default\Extensions\default_newtabff@gmail.com [2015-12-10] [not signed]
- FF Extension: YahooToolsProtected - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6op4yo6f.default\Extensions\yahooprotected@gmail.com [2015-12-10] [not signed]
- FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6op4yo6f.default\extensions\default_newtabff@gmail.com
- FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6op4yo6f.default\extensions\yahooprotected@gmail.com
- FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6op4yo6f.default\extensions\arthurj8283@gmail.com
- Chrome:
- =======
- CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=M6E481ED3-311B-4EDD-8AB3-FB165B13D669&SearchSource=55&CUI=&UM=8&UP=SPB230D308-0707-42C8-8A60-8DA6B18C0CD7&D=020116&SSPV=
- CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=M6E481ED3-311B-4EDD-8AB3-FB165B13D669&SearchSource=55&CUI=&UM=8&UP=SPB230D308-0707-42C8-8A60-8DA6B18C0CD7&D=020116&SSPV="
- CHR DefaultSearchURL: Default -> hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=M6E481ED3-311B-4EDD-8AB3-FB165B13D669&SearchSource=58&CUI=&UM=8&UP=SPB230D308-0707-42C8-8A60-8DA6B18C0CD7&D=020116&q={searchTerms}&SSPV=
- CHR DefaultSearchKeyword: Default -> trovi.search
- CHR DefaultNewTabURL: Default -> hxxps://www.trovi.com/?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=M6E481ED3-311B-4EDD-8AB3-FB165B13D669&SearchSource=69&CUI=&SSPV=&lay=5&p=cnts&UM=8&UP=SPB230D308-0707-42C8-8A60-8DA6B18C0CD7&SAT=CNTS&D=020116
- CHR DefaultSuggestURL: Default -> hxxp://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}&SSPV=
- CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
- CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-22]
- CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-22]
- CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-22]
- CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-22]
- CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-22]
- CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-22]
- CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-22]
- CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-22]
- CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-22]
- CHR Extension: (Extutil) - C:\Users\user\AppData\Local\Temp\D8ADFCCA-EE7E-442C-9999-C4D14FEF360B [2016-02-02]
- CHR Extension: (Managera) - C:\Users\user\AppData\Local\Temp\39fdaae5-8e0e-493c-88ec-e05c3be06e42 [2016-02-02]
- Opera:
- =======
- OPR Extension: (Outrageous Deal) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\djmlpekfpipkpbipnanenhngngapmhal [2015-11-03]
- OPR Extension: (Monarch Find) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\jnnippojjelolbkfkaclaopllmbfoomp [2015-11-01]
- ==================== Services (Whitelisted) ========================
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- R3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433688 2016-01-07] (BlueStack Systems, Inc.)
- R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413208 2016-01-07] (BlueStack Systems, Inc.)
- R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [859672 2016-01-07] (BlueStack Systems, Inc.)
- R2 BvSshServer; C:\Program Files\Bitvise SSH Server\BvSshServer.exe [9775512 2015-12-16] (Bitvise Limited)
- R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3246864 2016-01-14] (Client Connect LTD)
- R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1369432 2015-11-18] (Disc Soft Ltd)
- R2 MySQL57; C:\Program Files\MySQL\MySQL Server 5.7\bin\mysqld.exe [38587904 2015-10-12] () [File not signed]
- R2 Realtek87B; C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek) [File not signed]
- S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
- R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
- S2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12465344 2015-08-14] ()
- S3 wampapache; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [22016 2014-05-01] (Apache Software Foundation) [File not signed]
- S3 wampmysqld; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [10959360 2014-05-01] () [File not signed]
- R2 WdMan; C:\ProgramData\ZWdMZ\WdMan.exe [326656 2016-01-08] (TU-Funs LIMITED) [File not signed]
- S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
- ===================== Drivers (Whitelisted) ==========================
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2015-05-12] (LG Electronics Inc.)
- S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2015-05-12] (LG Electronics Inc.)
- S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [94208 2015-05-12] (LG Electronics Inc.)
- R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154680 2016-01-07] (BlueStack Systems)
- R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-11-25] (Disc Soft Ltd)
- R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47160 2015-11-25] (Disc Soft Ltd)
- S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
- R2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel Corporation)
- R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2015-10-30] (Riverbed Technology, Inc.)
- R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
- S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
- R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31936 2015-08-14] (VMware, Inc.)
- R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-08-04] (VMware, Inc.)
- R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
- R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
- S3 VGPU; System32\drivers\rdvgkmd.sys [X]
- U3 wampapache64; no ImagePath
- ==================== NetSvcs (Whitelisted) ===================
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- ==================== One Month Created files and folders ========
- (If an entry is included in the fixlist, the file/folder will be moved.)
- 2016-02-11 18:08 - 2016-02-11 18:09 - 00030869 _____ C:\Users\user\Downloads\FRST.txt
- 2016-02-11 18:08 - 2016-02-11 18:08 - 00000000 ____D C:\FRST
- 2016-02-11 18:06 - 2016-02-11 18:07 - 02370560 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
- 2016-02-11 18:05 - 2016-02-11 18:05 - 01721344 _____ (Farbar) C:\Users\user\Downloads\FRST.exe
- 2016-02-11 17:07 - 2016-02-11 17:07 - 00000000 ____D C:\Users\user\Desktop\New folder (2)
- 2016-02-11 04:40 - 2016-02-11 04:40 - 00000000 _____ C:\Users\user\Desktop\JES TU da
- 2016-02-11 04:39 - 2016-02-11 04:39 - 00000000 _____ C:\Users\user\Desktop\SCSI HDD OD 15 000 OBRTAJA JE 120 DO 170MB READ WRITE AL SAMO 180GB XAAXXAAA bezi bre xd
- 2016-02-11 04:39 - 2016-02-11 04:39 - 00000000 _____ C:\Users\user\Desktop\ A TESTIRACU I SA 4 odakle ti 4
- 2016-02-11 03:08 - 2016-02-11 03:08 - 00000000 _____ C:\Users\user\Desktop\BRZI JE HDD videcemo
- 2016-02-11 01:33 - 2016-02-11 03:38 - 00000000 ____D C:\Users\user\Desktop\New folder
- 2016-02-10 19:26 - 2016-02-10 19:26 - 04947068 _____ C:\Users\user\Cd.rar
- 2016-02-10 18:50 - 2016-02-10 18:50 - 06554232 _____ (Tim Kosse) C:\Users\user\Downloads\FileZilla_3.15.0.1_win64-setup.exe
- 2016-02-10 04:48 - 2016-02-10 04:56 - 888491036 _____ C:\Users\user\Desktop\ds.avi
- 2016-02-10 00:18 - 2016-02-10 00:18 - 00001261 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mocha for After Effects CS5.lnk
- 2016-02-09 21:26 - 2016-02-09 21:26 - 00001194 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS5.lnk
- 2016-02-09 21:25 - 2016-02-09 21:26 - 00001173 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
- 2016-02-09 21:25 - 2016-02-09 21:25 - 00001509 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Pixel Bender Toolkit 2.lnk
- 2016-02-09 21:25 - 2016-02-09 21:25 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
- 2016-02-09 21:25 - 2016-02-09 21:25 - 00001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS5.lnk
- 2016-02-09 21:24 - 2016-02-09 21:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
- 2016-02-09 21:24 - 2016-02-09 21:24 - 00000000 ____D C:\Program Files (x86)\Adobe Media Player
- 2016-02-09 21:23 - 2016-02-09 21:23 - 00001523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
- 2016-02-09 21:23 - 2016-02-09 21:23 - 00001357 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.exe.lnk
- 2016-02-09 21:10 - 2016-02-09 21:15 - 1510225920 _____ C:\Users\user\Desktop\Adobe2015.iso
- 2016-02-09 21:10 - 2016-02-09 21:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UIF to ISO
- 2016-02-09 21:10 - 2016-02-09 21:10 - 00000000 ____D C:\Program Files (x86)\UIF to ISO
- 2016-02-09 21:09 - 2016-02-09 21:10 - 00576903 _____ (uiftoiso.com ) C:\Users\user\Downloads\uiftoiso_setup.exe
- 2016-02-09 21:09 - 2016-02-09 21:10 - 00576903 _____ (uiftoiso.com ) C:\Users\user\Downloads\uiftoiso_setup (1).exe
- 2016-02-09 20:57 - 2016-02-09 20:57 - 00047945 _____ C:\Users\user\Downloads\[kat.cr]adobe.after.effects.cs5.serial.key.torrent
- 2016-02-09 20:48 - 2016-02-10 19:23 - 00000000 ____D C:\Users\user\Desktop\Adobe After Effects CC 12.0
- 2016-02-09 20:47 - 2016-02-09 20:48 - 00027869 _____ C:\Users\user\Downloads\Adobe+After+Effects+CC+12.0+-+ZeusDownloads.torrent
- 2016-02-09 20:05 - 2016-02-09 20:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
- 2016-02-09 20:05 - 2016-02-09 20:05 - 00000000 ____D C:\Program Files (x86)\QuickTime
- 2016-02-09 20:04 - 2016-02-09 20:04 - 00000000 ____D C:\Users\user\AppData\LocalLow\Apple Computer
- 2016-02-09 20:03 - 2016-02-09 20:04 - 41896256 _____ (Apple Inc.) C:\Users\user\Downloads\QuickTimeInstaller.exe
- 2016-02-09 18:49 - 2016-02-09 19:22 - 1516766852 _____ C:\Users\user\Desktop\ns 5.rar
- 2016-02-08 02:07 - 2016-02-08 18:07 - 00000000 ____D C:\Users\user\Desktop\NewTemplate
- 2016-02-07 23:50 - 2016-02-07 23:51 - 13111735 _____ C:\Users\user\Downloads\Paradoxium (1).rar
- 2016-02-07 03:29 - 2016-02-07 03:29 - 09041655 _____ C:\Users\user\Desktop\Screen Glitch - Free Stock Footage video 3D.mp4
- 2016-02-07 02:36 - 2016-02-07 02:36 - 00503553 _____ C:\Users\user\Desktop\TemplateRar.rar
- 2016-02-07 01:46 - 2016-02-07 01:46 - 02992392 _____ C:\Users\user\Downloads\Free Template - Trap Nation Style.aep
- 2016-02-06 03:21 - 2016-02-06 03:21 - 00000000 ____D C:\Users\user\Downloads\Paradoxium
- 2016-02-06 03:15 - 2016-02-06 03:16 - 13111735 _____ C:\Users\user\Downloads\Paradoxium.rar
- 2016-02-06 01:18 - 2016-02-06 01:18 - 00000000 ____D C:\Users\user\Downloads\Spectrum Tenplate v5 [Paradoxium] By NoName
- 2016-02-06 01:16 - 2016-02-06 01:17 - 61995667 _____ C:\Users\user\Downloads\Spectrum Tenplate v5 [Paradoxium] By NoName.rar
- 2016-02-05 23:22 - 2016-02-06 01:18 - 01503406 _____ C:\Users\user\Desktop\ProjekaTt.aep
- 2016-02-05 23:08 - 2016-02-11 17:29 - 00000000 ____D C:\Users\user\Desktop\New folder (3)
- 2016-02-05 21:55 - 2016-02-05 21:55 - 04919682 _____ C:\Users\user\Downloads\audioreact.aep
- 2016-02-04 14:16 - 2016-02-09 15:52 - 00000000 ____D C:\Users\user\AppData\LocalLow\uTorrent
- 2016-02-04 14:16 - 2016-02-04 14:16 - 00000000 ___SD C:\Users\user\AppData\LocalLow\Temp
- 2016-02-04 01:47 - 2016-02-04 01:47 - 00010466 _____ C:\Users\user\Downloads\ash.zip
- 2016-02-04 01:45 - 2016-02-04 01:45 - 33754166 _____ C:\Users\user\Downloads\e45a14609fee03ba3936758f7255ebfb-d5loko3.zip
- 2016-02-04 01:45 - 2016-02-04 01:45 - 00000000 ____D C:\Users\user\Downloads\e45a14609fee03ba3936758f7255ebfb-d5loko3
- 2016-02-04 01:34 - 2016-02-04 01:34 - 01379427 _____ C:\Users\user\Downloads\roboto.zip
- 2016-02-04 01:33 - 2016-02-04 01:33 - 00000000 ____D C:\Users\user\Downloads\Wall-Poster-Text-Effect-PIXEDEN
- 2016-02-04 01:17 - 2016-02-04 01:17 - 00067827 _____ C:\Users\user\Downloads\thirsty_script.zip
- 2016-02-04 01:04 - 2016-02-04 01:04 - 07624284 _____ C:\Users\user\Downloads\Wall-Poster-Text-Effect-PIXEDEN.zip
- 2016-02-04 00:47 - 2016-02-04 00:47 - 19480023 _____ C:\Users\user\Downloads\Retro-Text-Effect-2.zip
- 2016-02-04 00:47 - 2016-02-04 00:47 - 00000000 ____D C:\Users\user\Downloads\Retro-Text-Effect-2
- 2016-02-04 00:25 - 2016-02-04 00:25 - 00000000 ____D C:\Users\user\Downloads\Lightbox-Text-Effect
- 2016-02-04 00:24 - 2016-02-04 00:24 - 05791045 _____ C:\Users\user\Downloads\Lightbox-Text-Effect.zip
- 2016-02-03 23:33 - 2016-02-05 18:35 - 00000000 ____D C:\Users\user\Desktop\Pesme
- 2016-02-03 21:46 - 2016-02-03 21:46 - 00000500 _____ C:\Users\user\Downloads\trapecode particular 2 serial number.txt
- 2016-02-02 01:43 - 2016-02-02 01:43 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fox Interactive
- 2016-02-02 01:43 - 2016-02-02 01:43 - 00000000 ____D C:\Program Files\Fox
- 2016-02-02 01:40 - 2016-02-02 01:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyToISO
- 2016-02-02 01:40 - 2016-02-02 01:40 - 00000000 ____D C:\Program Files (x86)\AnyToISO
- 2016-02-02 01:38 - 2016-02-02 01:39 - 07136360 _____ (CrystalIdea Software ) C:\Users\user\Downloads\anytoiso_setup.exe
- 2016-02-02 01:27 - 2016-02-02 01:27 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
- 2016-02-02 01:26 - 2016-02-02 01:45 - 00001852 _____ C:\Users\Gurtna011\Desktop\No One Lives Forever - Game of the Year Edition.lnk
- 2016-02-02 01:26 - 2016-02-02 01:45 - 00001852 _____ C:\Users\BvSsh_VirtualUsers\Desktop\No One Lives Forever - Game of the Year Edition.lnk
- 2016-02-02 01:22 - 2016-02-02 01:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fox Interactive
- 2016-02-02 01:21 - 2016-02-02 01:21 - 00003456 _____ C:\Windows\System32\Tasks\bvxvbxxvaa
- 2016-02-02 01:20 - 2016-02-02 10:07 - 00000000 ____D C:\Users\user\AppData\Local\bvxvbxxvaa
- 2016-02-02 01:20 - 2016-02-02 01:21 - 00000000 ____D C:\Users\user\AppData\Local\SearchProtect
- 2016-02-02 01:20 - 2016-02-02 01:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
- 2016-02-02 01:20 - 2016-02-02 01:20 - 00000000 ____D C:\Program Files (x86)\SearchProtect
- 2016-02-02 01:20 - 2014-10-08 14:13 - 00127760 _____ (Power Software Ltd) C:\Windows\system32\Drivers\scdemu.sys
- 2016-02-02 01:19 - 2016-02-02 01:20 - 00000000 ____D C:\Program Files\PowerISO
- 2016-01-31 16:18 - 2016-01-31 16:19 - 51696862 _____ C:\Users\user\Downloads\TestPrimeri.zip
- 2016-01-30 20:38 - 2016-01-30 20:38 - 00413658 _____ C:\Users\user\Downloads\Rise.of.the.Tomb.Raider.Steam.Family.Sharing.Crack.And.Legit.DLC.Unlocker-REVOLT.rar
- 2016-01-30 20:23 - 2016-01-30 20:23 - 00040436 _____ C:\Users\user\Downloads\Rise.of.the.Tomb.Raider-FULL.UNLOCKED.torrent
- 2016-01-27 19:14 - 2016-02-03 05:50 - 00000000 ____D C:\Users\user\Downloads\Adobe After Effects Auto-Save
- 2016-01-27 18:46 - 2016-01-28 02:04 - 03113449 _____ C:\Users\user\Downloads\template.aep
- 2016-01-27 18:46 - 2016-01-27 18:46 - 09470318 _____ C:\Users\user\Downloads\Free audio spectrum template by BassTubeHD.rar
- 2016-01-26 18:16 - 2016-01-26 18:16 - 00000034 _____ C:\Users\user\Documents\Untitled.MP4.sfl
- 2016-01-26 17:46 - 2016-01-26 17:46 - 00000000 ____D C:\Users\user\AppData\Roaming\Publish Providers
- 2016-01-25 17:41 - 2016-01-29 23:12 - 00000000 ____D C:\Users\user\Documents\Virtual Machines
- 2016-01-23 04:07 - 2016-01-23 04:07 - 00655360 _____ C:\Users\user\How Many YouTube Subscribers to Get a Custom URL_.pdf
- 2016-01-23 03:02 - 2016-01-23 03:02 - 00000000 ____D C:\Users\user\AppData\Roaming\PDAppFlex
- 2016-01-23 02:50 - 2016-01-23 02:50 - 00001222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC 2014.lnk
- 2016-01-23 02:47 - 2016-01-23 02:47 - 00001534 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
- 2016-01-23 00:46 - 2016-01-23 00:46 - 00000000 ____D C:\Users\user\Documents\Rainmeter
- 2016-01-22 23:38 - 2016-01-23 02:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GenArts Sapphire AE
- 2016-01-22 23:38 - 2016-01-22 23:38 - 00000000 ____D C:\Program Files\GenArts
- 2016-01-22 23:37 - 2016-01-22 23:39 - 00000000 ____D C:\ProgramData\Reprise
- 2016-01-22 23:24 - 2016-01-22 23:46 - 00000000 ____D C:\ProgramData\GenArts
- 2016-01-22 23:24 - 2016-01-22 23:36 - 00000000 ____D C:\Program Files (x86)\GenArts
- 2016-01-22 23:24 - 2016-01-22 23:24 - 00000098 _____ C:\Windows\MSUTIL.INI
- 2016-01-22 23:19 - 2016-01-22 23:19 - 00000000 ____D C:\Users\user\AppData\Roaming\PACE Anti-Piracy
- 2016-01-22 23:19 - 2016-01-22 23:19 - 00000000 ____D C:\Users\user\AppData\Local\PACE Anti-Piracy
- 2016-01-22 23:19 - 2016-01-22 23:19 - 00000000 ____D C:\ProgramData\PACE Anti-Piracy
- 2016-01-22 23:15 - 2016-01-22 23:15 - 00001194 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS6.lnk
- 2016-01-22 23:13 - 2016-01-22 23:13 - 00001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS6.lnk
- 2016-01-21 02:29 - 2016-01-21 02:29 - 00000000 _____ C:\Users\user\IMAMO PROBLEM
- 2016-01-20 07:46 - 2016-02-10 01:46 - 19613888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
- 2016-01-20 04:28 - 2016-01-25 18:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
- 2016-01-20 04:14 - 2016-01-20 04:14 - 00000000 ____D C:\Users\user\AppData\Roaming\RealHideIP
- 2016-01-20 04:14 - 2016-01-20 04:14 - 00000000 ____D C:\ProgramData\RealHideIP
- 2016-01-20 04:13 - 2016-01-20 04:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Hide IP
- 2016-01-20 04:13 - 2016-01-20 04:13 - 00000000 ____D C:\Program Files (x86)\RealHideIP
- 2016-01-20 03:42 - 2016-01-20 03:42 - 00001701 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\BlueStacks.lnk
- 2016-01-20 03:42 - 2016-01-20 03:42 - 00000000 ____D C:\ProgramData\BlueStacksGameManager
- 2016-01-20 03:41 - 2016-02-11 14:20 - 00000000 ____D C:\ProgramData\BlueStacksSetup
- 2016-01-20 03:41 - 2016-01-20 03:42 - 00000000 ____D C:\Program Files (x86)\BlueStacks
- 2016-01-20 03:41 - 2016-01-20 03:41 - 00000000 ____D C:\Users\user\AppData\Local\Bluestacks
- 2016-01-20 03:41 - 2016-01-20 03:41 - 00000000 ____D C:\ProgramData\BlueStacks
- 2016-01-19 23:44 - 2016-01-23 21:12 - 00000000 ____D C:\Users\user\Documents\Adobe
- 2016-01-19 20:39 - 2016-01-19 21:14 - 00000000 ____D C:\Users\user\AppData\Roaming\Winamp
- 2016-01-19 20:39 - 2016-01-19 20:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
- 2016-01-19 20:39 - 2016-01-19 20:39 - 00000000 ____D C:\Program Files (x86)\Winamp
- 2016-01-19 00:48 - 2016-01-19 00:48 - 00000000 ____D C:\Users\user\AppData\Roaming\MAXON
- 2016-01-19 00:48 - 2016-01-19 00:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAXON
- 2016-01-19 00:30 - 2016-01-19 00:30 - 00000000 ____D C:\Program Files\MAXON
- 2016-01-14 00:38 - 2016-01-14 00:38 - 00001211 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
- 2016-01-14 00:38 - 2016-01-14 00:38 - 00001075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
- ==================== One Month Modified files and folders ========
- (If an entry is included in the fixlist, the file/folder will be moved.)
- 2016-02-11 18:08 - 2015-11-03 17:12 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
- 2016-02-11 18:02 - 2015-11-20 19:36 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
- 2016-02-11 17:46 - 2015-11-09 00:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
- 2016-02-11 17:12 - 2015-12-22 13:59 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- 2016-02-11 13:48 - 2015-10-31 13:48 - 00002426 _____ C:\Windows\Tasks\06947da4-c300-4fc0-9ccc-4d861fbfb68d-5_user.job
- 2016-02-11 13:48 - 2015-10-31 13:47 - 00002426 _____ C:\Windows\Tasks\06947da4-c300-4fc0-9ccc-4d861fbfb68d-5.job
- 2016-02-11 13:47 - 2015-10-31 13:47 - 00002444 _____ C:\Windows\Tasks\08d47c20-5df0-42b6-a3b0-f77cb968d1a2-5_user.job
- 2016-02-11 13:47 - 2015-10-31 13:47 - 00002444 _____ C:\Windows\Tasks\08d47c20-5df0-42b6-a3b0-f77cb968d1a2-5.job
- 2016-02-11 12:12 - 2015-12-22 13:59 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- 2016-02-10 20:16 - 2015-12-22 13:59 - 00002506 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
- 2016-02-10 20:16 - 2015-12-22 13:59 - 00002477 _____ C:\Users\Public\Desktop\Google Chrome.lnk
- 2016-02-10 19:59 - 2015-11-03 18:49 - 00000000 ____D C:\Users\user\AppData\Roaming\FileZilla
- 2016-02-10 18:53 - 2015-11-17 19:43 - 00000600 _____ C:\Users\user\AppData\Local\PUTTY.RND
- 2016-02-10 15:31 - 2016-01-06 00:41 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
- 2016-02-10 01:46 - 2015-11-09 00:18 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
- 2016-02-10 01:46 - 2015-11-09 00:18 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
- 2016-02-10 01:46 - 2015-11-09 00:18 - 00003882 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
- 2016-02-10 01:46 - 2015-11-09 00:18 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
- 2016-02-10 01:46 - 2015-11-09 00:18 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- 2016-02-10 00:20 - 2015-11-04 13:35 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
- 2016-02-10 00:17 - 2015-11-20 19:48 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
- 2016-02-09 21:25 - 2016-01-09 19:33 - 00000000 ____D C:\Program Files (x86)\Adobe
- 2016-02-09 21:25 - 2015-11-20 19:41 - 00000000 ____D C:\Program Files\Common Files\Adobe
- 2016-02-09 21:24 - 2015-11-20 19:41 - 00000000 ____D C:\Program Files\Adobe
- 2016-02-09 21:23 - 2015-11-20 19:37 - 00000000 ____D C:\ProgramData\Adobe
- 2016-02-09 21:23 - 2015-11-10 14:08 - 00000000 ____D C:\Users\user\AppData\Roaming\Adobe
- 2016-02-08 19:14 - 2016-01-09 02:52 - 00001456 _____ C:\Users\user\AppData\Local\Adobe Save for Web 13.0 Prefs
- 2016-02-04 19:35 - 2015-10-25 19:31 - 00003844 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1445797890
- 2016-02-04 19:35 - 2015-10-25 19:30 - 00000000 ____D C:\Program Files (x86)\Opera
- 2016-02-04 02:03 - 2015-10-25 19:13 - 00059848 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
- 2016-02-02 12:07 - 2015-12-22 13:59 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
- 2016-02-02 12:07 - 2015-12-22 13:59 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
- 2016-02-02 01:46 - 2015-10-25 18:59 - 00000000 ____D C:\Users\user\AppData\Local\VirtualStore
- 2016-02-02 01:43 - 2015-10-25 19:11 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
- 2016-02-01 03:12 - 2015-10-29 01:47 - 00000000 ____D C:\Users\user\AppData\Roaming\VMware
- 2016-02-01 03:12 - 2015-10-29 01:47 - 00000000 ____D C:\Users\user\AppData\Local\VMware
- 2016-02-01 02:18 - 2015-10-29 01:44 - 00000000 ____D C:\ProgramData\VMware
- 2016-01-29 21:33 - 2009-07-14 06:13 - 00786378 _____ C:\Windows\system32\PerfStringBackup.INI
- 2016-01-29 21:33 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
- 2016-01-27 14:21 - 2009-07-14 05:45 - 00028976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
- 2016-01-27 14:21 - 2009-07-14 05:45 - 00028976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
- 2016-01-27 14:12 - 2015-11-19 02:19 - 00000091 _____ C:\HaxLogs.txt
- 2016-01-27 14:12 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
- 2016-01-26 17:56 - 2016-01-05 23:07 - 00000000 ____D C:\Users\user\AppData\Roaming\Sony
- 2016-01-26 17:46 - 2016-01-05 23:09 - 00000000 ____D C:\Users\user\AppData\Local\Sony
- 2016-01-25 18:23 - 2009-07-14 05:45 - 04963392 _____ C:\Windows\system32\FNTCACHE.DAT
- 2016-01-25 18:20 - 2015-11-01 13:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
- 2016-01-23 02:48 - 2015-11-11 13:45 - 00000000 ____D C:\ProgramData\Package Cache
- 2016-01-22 23:14 - 2016-01-09 19:35 - 00001037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
- 2016-01-22 23:13 - 2016-01-09 19:34 - 00001523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
- 2016-01-20 03:42 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries
- 2016-01-18 01:34 - 2015-10-25 19:30 - 00000000 ____D C:\Users\user\AppData\Roaming\Raptr
- 2016-01-18 01:34 - 2015-10-25 19:30 - 00000000 ____D C:\Program Files (x86)\Raptr
- 2016-01-16 17:23 - 2015-11-03 21:40 - 00000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
- 2016-01-15 04:09 - 2015-11-18 01:31 - 09827328 ___SH C:\Users\user\Thumbs.db
- ==================== Files in the root of some directories =======
- 2015-11-11 16:59 - 2009-10-23 23:00 - 5811712 _____ (reFX) C:\Program Files (x86)\Nexus.dll
- 2016-01-30 00:15 - 2016-01-30 00:14 - 3695535 _____ () C:\Program Files\Common Files\20160129_180921.jpg
- 2016-01-09 02:52 - 2016-01-09 02:52 - 0000132 _____ () C:\Users\user\AppData\Roaming\Adobe PNG Format CC Prefs
- 2015-12-22 01:16 - 2015-12-22 01:16 - 0002048 _____ () C:\Users\user\AppData\Roaming\chrome.exe
- 2015-11-14 12:39 - 2015-11-14 12:39 - 0000600 _____ () C:\Users\user\AppData\Roaming\winscp.rnd
- 2016-01-09 02:52 - 2016-02-08 19:14 - 0001456 _____ () C:\Users\user\AppData\Local\Adobe Save for Web 13.0 Prefs
- 2016-01-05 22:47 - 2016-01-05 22:48 - 0004608 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
- 2015-11-05 22:42 - 2015-11-05 23:06 - 1065984 _____ () C:\Users\user\AppData\Local\file__0.localstorage
- 2015-10-31 13:48 - 2015-10-31 13:48 - 0000187 _____ () C:\Users\user\AppData\Local\opeline.exe.config
- 2015-11-17 19:43 - 2016-02-10 18:53 - 0000600 _____ () C:\Users\user\AppData\Local\PUTTY.RND
- 2016-01-05 20:37 - 2016-01-05 20:37 - 0000016 _____ () C:\ProgramData\mntemp
- 2016-01-05 20:37 - 2016-01-05 20:37 - 0004133 _____ () C:\ProgramData\rxsmznjf.zcp
- 2015-10-31 13:48 - 2016-01-08 07:20 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
- Files to move or delete:
- ====================
- C:\Users\user\AppData\Local\Temp\svchost.exe
- C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
- C:\Users\user\dblue_TapeStop (Mixer).dll
- Some files in TEMP:
- ====================
- C:\Users\user\AppData\Local\Temp\bitool.dll
- C:\Users\user\AppData\Local\Temp\Crack Setup__11652_i1841842341_il6.exe
- C:\Users\user\AppData\Local\Temp\cres.dll
- C:\Users\user\AppData\Local\Temp\cshell.dll
- C:\Users\user\AppData\Local\Temp\ICReinstall_KeygenBitvise55HS3rv.exe
- C:\Users\user\AppData\Local\Temp\nGyN5z8T4Esc4ZoDj2nsN4DyL8i4biervHd.exe
- C:\Users\user\AppData\Local\Temp\OZlfHXt8eXLw3EDGtluUjjB3FzUldKyBQx1.exe
- C:\Users\user\AppData\Local\Temp\R2RTOOL.dll
- C:\Users\user\AppData\Local\Temp\sfamcc00001.dll
- C:\Users\user\AppData\Local\Temp\sfextra.dll
- C:\Users\user\AppData\Local\Temp\sp-downloader.exe
- C:\Users\user\AppData\Local\Temp\sres.dll
- C:\Users\user\AppData\Local\Temp\svchost.exe
- ==================== Bamital & volsnap =================
- (There is no automatic fix for files that do not pass verification.)
- C:\Windows\system32\winlogon.exe => File is digitally signed
- C:\Windows\system32\wininit.exe => File is digitally signed
- C:\Windows\SysWOW64\wininit.exe => File is digitally signed
- C:\Windows\explorer.exe => File is digitally signed
- C:\Windows\SysWOW64\explorer.exe => File is digitally signed
- C:\Windows\system32\svchost.exe => File is digitally signed
- C:\Windows\SysWOW64\svchost.exe => File is digitally signed
- C:\Windows\system32\services.exe => File is digitally signed
- C:\Windows\system32\User32.dll => File is digitally signed
- C:\Windows\SysWOW64\User32.dll => File is digitally signed
- C:\Windows\system32\userinit.exe => File is digitally signed
- C:\Windows\SysWOW64\userinit.exe => File is digitally signed
- C:\Windows\system32\rpcss.dll => File is digitally signed
- C:\Windows\system32\dnsapi.dll => File is digitally signed
- C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
- C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
- LastRegBack: 2016-02-08 05:23
- ==================== End of FRST.txt ============================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement