Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-05-2017
- Ran by BIGJT64 (administrator) on BIGJ-TSERVER (14-05-2017 08:43:17)
- Running from C:\Users\BIGJT64\Desktop
- Loaded Profiles: BIGJT64 (Available Profiles: BIGJT64)
- Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: English (United States)
- Internet Explorer Version 11 (Default browser: FF)
- Boot Mode: Normal
- Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
- ==================== Processes (Whitelisted) =================
- (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
- (AMD) C:\Windows\System32\atiesrxx.exe
- (AMD) C:\Windows\System32\atieclxx.exe
- (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
- (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
- (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
- (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
- (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
- (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
- (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\idman.exe
- (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIN2E.EXE
- (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
- (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
- (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
- (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
- () C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
- (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
- (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
- (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
- (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
- () C:\Users\BIGJT64\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe
- (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2100.2093.105\Bin\ccSvcHst.exe
- (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
- (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2100.2093.105\Bin\ccSvcHst.exe
- (McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
- (GlavSoft LLC.) C:\Program Files (x86)\TightVNC\tvnserver.exe
- (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
- (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
- (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2100.2093.105\Bin64\Smc.exe
- (QFX Software Corporation) D:\KeyScrambler\KeyScrambler.exe
- (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
- (QFX Software Corporation) D:\KeyScrambler\x64\KeyScrambler.exe
- (CafeSuite) D:\CafeSuite\cafestation.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\EXCEL.EXE
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
- (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
- (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
- (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
- ==================== Registry (Whitelisted) ====================
- (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
- HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [503856 2015-09-23] (Acronis)
- HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
- HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
- HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5199984 2011-06-20] (VIA)
- HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7568104 2015-09-23] ()
- HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [651560 2016-11-10] (Acronis International GmbH)
- HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [917112 2015-10-08] (BlueStack Systems, Inc.)
- HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\TightVNC\tvnserver.exe [828944 2011-08-03] (GlavSoft LLC.)
- HKLM-x32\...\Run: [Yahoo Messenger] => [X]
- HKLM-x32\...\Run: [KeyScrambler] => D:\KeyScrambler\keyscrambler.exe [515600 2017-04-23] (QFX Software Corporation)
- HKU\S-1-5-19\...\Run: [] => [X]
- HKU\S-1-5-19\...\RunOnce: [] => [X]
- HKU\S-1-5-20\...\Run: [] => [X]
- HKU\S-1-5-20\...\RunOnce: [] => [X]
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3966064 2016-11-10] (Tonec Inc.)
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\Run: [] => [X]
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIN2E.EXE [298560 2014-03-20] (SEIKO EPSON CORPORATION)
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\Run: [COM+] => regsvr32 /s /n /u /i:hxxp://server2.39slxu3bw.ru/sitemap.xml scrobj.dll
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\Policies\system: [ConsentPromptBehaviorAdmin] 0
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\Policies\system: [EnableLUA] 0
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\Policies\system: [PromptOnSecureDesktop] 0
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\Policies\Explorer: [HideClock] 0
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\Policies\Explorer: [NoFind] 0
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\Policies\Explorer: [NoViewContextMenu] 0
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\Policies\Explorer: [NoFile] 0
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\MountPoints2: {01e6d824-e1cf-11e6-8453-bc5ff43ce846} - E:\AutoRun.exe
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\MountPoints2: {03a0a139-bc14-11e6-b352-bc5ff43ce846} - E:\Setup.exe /s
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\MountPoints2: {0fbb74a4-8f48-11e6-acf4-bc5ff43ce846} - E:\AutoRun.exe
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\MountPoints2: {1181b1e1-0526-11e7-ac38-bc5ff43ce846} - E:\Setup.exe /s
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\MountPoints2: {14245e4c-7d35-11e6-88b4-bc5ff43ce846} - E:\Loader.exe
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\MountPoints2: {1b69d94c-344e-11e7-bcee-bc5ff43ce846} - E:\Setup.exe /s
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\MountPoints2: {1f364352-18cb-11e7-8687-bc5ff43ce846} - E:\Lenovo_Suite.exe
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\MountPoints2: {2bfd5668-a227-11e6-b207-bc5ff43ce846} - E:\HTC_Sync_Manager_PC.exe
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\MountPoints2: {33b8f65a-15a5-11e7-91f6-bc5ff43ce846} - E:\Setup.exe /s
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\MountPoints2: {3410545f-9054-11e6-8d27-bc5ff43ce846} - E:\LaunchU3.exe -a
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\MountPoints2: {3f04c6a8-0dce-11e7-8236-bc5ff43ce846} - E:\Setup.exe /s
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\MountPoints2: {40361bf4-e68a-11e6-b4c5-bc5ff43ce846} - E:\.\ShowModem.exe
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\MountPoints2: {4406223b-e8e1-11e6-9d97-bc5ff43ce846} - E:\AutoRun.exe
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\MountPoints2: {446710be-294c-11e7-9e41-bc5ff43ce846} - E:\Setup.exe
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\MountPoints2: {49f4db1e-e03d-11e6-b86d-bc5ff43ce846} - E:\LaunchU3.exe -a
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\MountPoints2: {4c6bb791-df77-11e6-8a5e-bc5ff43ce846} - E:\LGAutoRun.exe
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\MountPoints2: {4e57d613-9400-11e6-88b1-bc5ff43ce846} - E:\iLinker.exe
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\MountPoints2: {5649af6a-89c6-11e6-a32d-bc5ff43ce846} - E:\Autorun.exe
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\MountPoints2: {618ef039-be93-11e6-b21a-bc5ff43ce846} - E:\LaunchU3.exe -a
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\MountPoints2: {72eb3815-ee5f-11e6-9ac8-bc5ff43ce846} - E:\Setup.exe /s
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\MountPoints2: {7830a201-cb06-11e6-9e12-bc5ff43ce846} - E:\Setup.exe /s
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\MountPoints2: {d543a5bc-8c20-11e6-a250-bc5ff43ce846} - E:\HiSuiteDownLoader.exe
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\MountPoints2: {d7daec99-9bfe-11e6-81a7-bc5ff43ce846} - E:\Setup.exe /s
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\MountPoints2: {d7daece3-9bfe-11e6-81a7-bc5ff43ce846} - E:\Setup.exe /s
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\MountPoints2: {dad4bae3-1283-11e7-8567-bc5ff43ce846} - E:\Setup.exe
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\MountPoints2: {db3ada56-fd4a-11e6-9092-bc5ff43ce846} - E:\Setup.exe /s
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\MountPoints2: {e585596e-1bef-11e7-8c7b-bc5ff43ce846} - E:\HiSuiteDownLoader.exe
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\MountPoints2: {ea99763a-dc51-11e6-839c-bc5ff43ce846} - E:\Setup.exe
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\MountPoints2: {ef283243-ffa7-11e6-bf33-bc5ff43ce846} - E:\Lenovo_Suite.exe
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\MountPoints2: {ff8d439e-2ba6-11e7-b8ef-bc5ff43ce846} - E:\Setup.exe
- HKU\S-1-5-18\...\Run: [] => [X]
- Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
- ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
- ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
- ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2015-09-10] (Acronis)
- ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2015-09-10] (Acronis)
- ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2015-09-10] (Acronis)
- Startup: C:\Users\BIGJT64\Start Menu\Programs\Startup\Start.lnk [2016-10-11]
- ShortcutTarget: Start.lnk -> C:\Users\BIGJT64\AppData\Roaming\liyxxldbl\fkxoylfyj64.exe (Microsoft Corporation)
- Startup: C:\Users\BIGJT64\Start Menu\Programs\Startup\U.lnk [2017-05-12]
- ShortcutTarget: U.lnk -> C:\Users\BIGJT64\AppData\Roaming\eeyywwuuse.exe ()
- GroupPolicy: Restriction <======= ATTENTION
- ==================== Internet (Whitelisted) ====================
- (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
- HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
- Hosts: 127.0.0.1 activation.acronis.com
- Tcpip\..\Interfaces\{13A70751-64DA-4D11-BC9B-936673F829E2}: [DhcpNameServer] 192.168.137.129
- Tcpip\..\Interfaces\{4196485E-2368-4678-8D6D-E6B0196C785D}: [NameServer] 208.67.222.222,8.8.8.8
- Tcpip\..\Interfaces\{EA5C5AF3-DB0F-4248-AA88-9FCE81D4FCF2}: [DhcpNameServer] 192.168.42.129
- Internet Explorer:
- ==================
- HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://login.hhtxnet.com/
- HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_2
- HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://login.hhtxnet.com/
- HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
- HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
- HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
- HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
- HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_2
- HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_2
- HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
- HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_2
- HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/enterprise/security_response/index.jsp?inid=biz_SR_sep_V12_1_MR_2
- HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ph/?ocid=iehp
- BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-10-11] (Internet Download Manager, Tonec Inc.)
- BHO: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-04-26] (Intel Security)
- BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2013-07-10] (Microsoft Corporation)
- BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
- BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2013-07-13] (Microsoft Corporation)
- BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-10-11] (Internet Download Manager, Tonec Inc.)
- BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-04-26] (Intel Security)
- BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
- BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
- BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2100.2093.105\bin\IPS\IPSBHO.DLL [2014-06-17] (Symantec Corporation)
- BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
- BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2013-07-13] (Microsoft Corporation)
- Toolbar: HKLM - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll [2017-04-26] (Intel Security)
- Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-04-26] (Intel Security)
- Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
- Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
- FireFox:
- ========
- FF DefaultProfile: q8r17451.default
- FF ProfilePath: C:\Users\BIGJT64\AppData\Roaming\Mozilla\Firefox\Profiles\q8r17451.default [2017-05-14]
- FF user.js: detected! => C:\Users\BIGJT64\AppData\Roaming\Mozilla\Firefox\Profiles\q8r17451.default\user.js [2016-10-10]
- FF Homepage: Mozilla\Firefox\Profiles\q8r17451.default -> hxxp://login.hhtxnet.com/search.php?q=
- FF Keyword.URL: Mozilla\Firefox\Profiles\q8r17451.default -> hxxp://login.hhtxnet.com/search.php?q=
- FF Extension: (YouTube Video and Audio Downloader) - C:\Users\BIGJT64\AppData\Roaming\Mozilla\Firefox\Profiles\q8r17451.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2017-05-02]
- FF Extension: (AdBlocker for YouTube™) - C:\Users\BIGJT64\AppData\Roaming\Mozilla\Firefox\Profiles\q8r17451.default\Extensions\jid1-q4sG8pYhq8KGHs@jetpack.xpi [2017-02-25]
- FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
- FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2017-04-22] [not signed]
- FF HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
- FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-10-11]
- FF HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
- FF HKU\S-1-5-21-3086366465-1504510743-3309700462-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\BIGJT64\AppData\Roaming\IDM\idmmzcc5
- FF Extension: (IDM CC) - C:\Users\BIGJT64\AppData\Roaming\IDM\idmmzcc5 [2017-05-14] [not signed]
- FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
- FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-07-10] (Microsoft Corporation)
- FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
- FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
- FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
- FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
- FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
- FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-07-10] (Microsoft Corporation)
- FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
- Chrome:
- =======
- CHR HomePage: Default -> hxxps://www.google.com/
- CHR StartupUrls: Default -> "hxxps://www.google.com/"
- CHR Profile: C:\Users\BIGJT64\AppData\Local\Google\Chrome\User Data\Default [2017-05-14]
- CHR Extension: (Google Slides) - C:\Users\BIGJT64\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-01]
- CHR Extension: (Google Docs) - C:\Users\BIGJT64\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-01]
- CHR Extension: (YouTube) - C:\Users\BIGJT64\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-03]
- CHR Extension: (Adobe Acrobat) - C:\Users\BIGJT64\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
- CHR Extension: (Google Sheets) - C:\Users\BIGJT64\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-03]
- CHR Extension: (Google Docs Offline) - C:\Users\BIGJT64\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-04]
- CHR Extension: (Adblock Plus for YouTube™) - C:\Users\BIGJT64\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmphebflmgdapnodojiagpcigfklffcp [2016-12-27]
- CHR Extension: (IDM Integration Module) - C:\Users\BIGJT64\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-04-27]
- CHR Extension: (Chrome Web Store Payments) - C:\Users\BIGJT64\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
- CHR Extension: (Gmail) - C:\Users\BIGJT64\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-03]
- CHR Extension: (Chrome Media Router) - C:\Users\BIGJT64\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-13]
- CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-10-23]
- CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
- CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-10-23]
- ==================== Services (Whitelisted) ====================
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-10-08] (BlueStack Systems, Inc.)
- R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417400 2015-10-08] (BlueStack Systems, Inc.)
- R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [855672 2015-10-08] (BlueStack Systems, Inc.)
- R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
- R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
- R2 KingoSoftService; C:\Users\BIGJT64\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\checkupdate.exe [367584 2016-10-19] ()
- S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3114464 2012-05-18] (Symantec Corporation)
- S4 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4884064 2015-08-11] (Acronis)
- S3 QFXUpdateService; D:\KeyScrambler\x64\QFXUpdateService.exe [86544 2017-04-23] ()
- R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2100.2093.105\Bin\ccSvcHst.exe [143928 2014-06-17] (Symantec Corporation)
- R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2100.2093.105\Bin64\Smc.exe [2299192 2014-06-17] (Symantec Corporation)
- S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2100.2093.105\Bin64\snac64.exe [334736 2014-06-16] (Symantec Corporation)
- R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [996736 2017-04-18] (McAfee, Inc.)
- R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16160 2017-04-18] (McAfee, Inc.)
- S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86776 2017-04-18] (McAfee, Inc.)
- R2 tvnserver; C:\Program Files (x86)\TightVNC\tvnserver.exe [828944 2011-08-03] (GlavSoft LLC.)
- R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-06-14] (VIA Technologies, Inc.)
- S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-05-16] (Microsoft Corporation)
- S2 EraserSvc11620; "C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\ccSvcHst.exe" /h ccCommon [X]
- S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]
- ===================== Drivers (Whitelisted) ======================
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
- R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2100.2093.105\Data\Definitions\BASHDefs\20170508.001\BHDrvx64.sys [1831064 2017-04-07] (Symantec Corporation)
- R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-10-08] (BlueStack Systems)
- R1 ccSettings_{FA0ED830-25A2-4721-AB37-26A5FF82EB30}; C:\Windows\System32\Drivers\SEP\0C010834\082D.105\x64\ccSetx64.sys [168096 2014-06-16] (Symantec Corporation)
- R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [507032 2017-05-11] (Symantec Corporation)
- R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156824 2017-05-11] (Symantec Corporation)
- R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [323040 2016-09-05] (Acronis International GmbH)
- U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2011-10-24] (Huawei Technologies Co., Ltd.)
- R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2100.2093.105\Data\Definitions\IPSDefs\20170513.011\IDSvia64.sys [1012952 2017-02-03] (Symantec Corporation)
- R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [233248 2017-02-20] (QFX Software Corporation)
- S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
- R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2100.2093.105\Data\Definitions\VirusDefs\20170512.009\ENG64.SYS [138912 2017-02-01] (Symantec Corporation)
- R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2100.2093.105\Data\Definitions\VirusDefs\20170512.009\EX64.SYS [2151072 2017-02-01] (Symantec Corporation)
- R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C010834\082D.105\x64\SRTSP64.SYS [796248 2014-06-16] (Symantec Corporation)
- R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C010834\082D.105\x64\SRTSPX64.SYS [36952 2014-06-16] (Symantec Corporation)
- S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2100.2093.105\Bin64\SyDvCtrl64.sys [34800 2014-06-16] (Symantec Corporation)
- R0 SymDS; C:\Windows\System32\Drivers\SEP\0C010834\082D.105\x64\SYMDS64.SYS [493216 2014-06-16] (Symantec Corporation)
- R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C010834\082D.105\x64\SYMEFA64.SYS [1133216 2014-06-16] (Symantec Corporation)
- R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2016-09-05] (Symantec Corporation)
- R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C010834\082D.105\x64\Ironx64.SYS [224416 2014-06-16] (Symantec Corporation)
- R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C010834\082D.105\x64\SYMNETS.SYS [432800 2014-06-16] (Symantec Corporation)
- R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [155352 2016-09-05] (Symantec Corporation)
- R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [91944 2014-06-17] (Symantec Corporation)
- R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1057728 2016-09-05] (Acronis International GmbH)
- R2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198088 2016-09-05] (Acronis International GmbH)
- S3 tnd; C:\Windows\System32\DRIVERS\tnd.sys [553912 2016-09-05] (Acronis International GmbH)
- U0 aswVmm; no ImagePath
- U0 sr; no ImagePath
- S3 VGPU; System32\drivers\rdvgkmd.sys [X]
- S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
- ==================== NetSvcs (Whitelisted) ===================
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- ==================== One Month Created files and folders ========
- (If an entry is included in the fixlist, the file/folder will be moved.)
- 2017-05-14 08:43 - 2017-05-14 08:43 - 00030653 _____ C:\Users\BIGJT64\Desktop\FRST.txt
- 2017-05-14 08:43 - 2017-05-14 08:43 - 00000000 ____D C:\FRST
- 2017-05-14 08:42 - 2017-05-14 08:41 - 02429440 _____ (Farbar) C:\Users\BIGJT64\Desktop\FRST64.exe
- 2017-05-14 08:23 - 2017-05-14 08:23 - 00000745 _____ C:\Users\BIGJT64\Downloads\coins password.txt
- 2017-05-13 20:13 - 2017-05-14 08:29 - 00932864 _____ C:\Users\BIGJT64\Desktop\Padala Record May 14.xls
- 2017-05-13 17:06 - 2017-05-13 17:06 - 00003192 _____ C:\Windows\System32\Tasks\{4C0DB3A3-2093-4ADA-9E33-99A55DD60E3C}
- 2017-05-13 17:06 - 2017-05-13 17:06 - 00000000 ____D C:\Program Files\Enigma Software Group
- 2017-05-13 17:05 - 2017-05-13 17:05 - 13016728 _____ (Litecoin Core project) C:\Users\BIGJT64\Downloads\litecoin-0.13.2-win64-setup.exe
- 2017-05-13 16:33 - 2017-05-13 16:33 - 00000000 ____D C:\Users\BIGJT64\AppData\Roaming\QFX Software
- 2017-05-13 16:33 - 2017-05-13 16:33 - 00000000 ____D C:\ProgramData\QFX Software
- 2017-05-13 16:29 - 2017-05-13 16:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
- 2017-05-13 16:29 - 2017-02-20 03:15 - 00233248 _____ (QFX Software Corporation) C:\Windows\system32\Drivers\keyscrambler.sys
- 2017-05-13 16:06 - 2017-05-13 16:07 - 00000000 ____D C:\Windows\pss
- 2017-05-13 14:09 - 2017-05-13 14:09 - 00346251 _____ C:\Users\BIGJT64\Downloads\romelyn.pdf
- 2017-05-12 15:16 - 2017-05-12 15:17 - 00000000 ____D C:\Users\Public\123
- 2017-05-12 12:54 - 2017-05-12 12:54 - 00125441 _____ C:\Users\Public\11111.pdf
- 2017-05-12 08:29 - 2017-05-12 08:29 - 71679202 __RSH C:\Users\BIGJT64\AppData\Roaming\eeyywwuuse.exe
- 2017-05-11 20:39 - 2017-05-11 21:29 - 00078380 _____ C:\Users\Public\biz1.pptx
- 2017-05-11 19:18 - 2017-05-11 19:38 - 00029696 _____ C:\Users\Public\~WRA0601.wbk
- 2017-05-11 19:18 - 2017-05-11 19:28 - 00029696 ____H C:\Users\Public\~WRL0125.tmp
- 2017-05-11 19:18 - 2017-05-11 19:18 - 00029696 ____H C:\Users\Public\~WRL0004.tmp
- 2017-05-11 12:04 - 2017-05-11 12:04 - 00366138 _____ C:\Users\Public\Cebu Pacific.pdf
- 2017-05-11 12:00 - 2017-05-11 12:00 - 00617492 _____ C:\Users\Public\a
- 2017-05-11 10:26 - 2017-05-11 10:26 - 00158998 _____ C:\Users\Public\Individual Evaluation Report.pdf
- 2017-05-11 08:53 - 2017-05-11 08:53 - 00143732 _____ C:\Users\Public\347002936012 (1).pdf
- 2017-05-10 22:30 - 2017-05-10 22:30 - 00726130 _____ C:\Users\Public\MDF (1).pdf
- 2017-05-10 14:49 - 2017-05-10 14:49 - 00032256 _____ C:\Users\Public\Cost Distribution Lorenzo Ruiz School.xls
- 2017-05-10 14:46 - 2017-05-10 14:46 - 00032256 _____ C:\Users\BIGJT64\Downloads\Cost Distribution Lorenzo Ruiz School (2).xls
- 2017-05-10 14:45 - 2017-05-10 14:45 - 00032256 _____ C:\Users\BIGJT64\Downloads\Cost Distribution Lorenzo Ruiz School (1).xls
- 2017-05-10 14:36 - 2017-05-10 14:36 - 00032256 _____ C:\Users\BIGJT64\Downloads\Cost Distribution Lorenzo Ruiz School.xls
- 2017-05-09 22:58 - 2017-05-09 22:58 - 00050688 _____ C:\Users\Public\~WRA1593.asd
- 2017-05-09 18:59 - 2017-05-09 18:59 - 00205316 _____ C:\Users\Public\1Itinerary_PDF.pdf
- 2017-05-09 18:59 - 2017-05-09 18:59 - 00031548 _____ C:\Users\Public\2Official Receipt PDF.pdf
- 2017-05-09 15:53 - 2017-05-09 15:53 - 00344944 _____ C:\Users\Public\PDFFile.pdf
- 2017-05-08 18:26 - 2017-05-08 18:26 - 00040468 _____ C:\Users\Public\20170430-0200000844-SMMG-Mall-CARICA DISTRIBUTORS INC.pdf
- 2017-05-08 14:59 - 2017-05-08 14:59 - 00368301 _____ C:\Users\Public\2 VALID ID'S.PDF
- 2017-05-08 14:58 - 2017-05-08 14:58 - 00103792 _____ C:\Users\Public\Your voucher - Metrodeal Philippines3.pdf
- 2017-05-08 14:56 - 2017-05-08 14:56 - 00102677 _____ C:\Users\Public\Your voucher - Metrodeal Philippines2.pdf
- 2017-05-08 14:03 - 2017-05-08 13:56 - 00064514 _____ C:\Users\Public\discharge-of-domingo (1).PDF
- 2017-05-08 11:50 - 2017-05-08 11:49 - 00443485 _____ C:\Users\Public\CS-Form-100-Revised-September-2016.pdf
- 2017-05-08 11:46 - 2017-05-08 11:45 - 00651081 _____ C:\Users\Public\CS Form 100_Revised 2015_For Oct 23 2016 CSE PPT_a.pdf
- 2017-05-07 17:05 - 2017-05-07 17:05 - 00533800 _____ C:\Users\Public\2 VALID ID'S2.pdf
- 2017-05-07 09:04 - 2017-05-07 09:04 - 00129684 _____ C:\Users\Public\Manila Cockers Club, Inc_.pdf
- 2017-05-06 22:15 - 2017-05-06 22:15 - 00293459 _____ C:\Users\Public\XRQCFD_FMNPH30F9DAD3E.pdf
- 2017-05-06 22:14 - 2017-05-06 22:14 - 00291992 _____ C:\Users\Public\Booking Details.pdf
- 2017-05-06 22:12 - 2017-05-06 22:12 - 00634437 _____ C:\Users\Public\Cruise-Confirmation-YEUNG.pdf
- 2017-05-06 18:19 - 2017-05-06 18:19 - 00000000 ___RD C:\Users\Public\Documents\Documents (2)
- 2017-05-06 18:19 - 2017-05-06 18:19 - 00000000 ____D C:\Users\Public\Documents\My Apps
- 2017-05-06 16:34 - 2017-05-06 16:33 - 00345325 _____ C:\Users\Public\00092017080900056.pdf
- 2017-05-06 16:17 - 2017-05-06 16:17 - 00002752 _____ C:\Users\Public\doc.pdf
- 2017-05-05 21:01 - 2017-05-05 21:01 - 00260845 _____ C:\Users\BIGJT64\Downloads\CALLE GOMEZ - BUDGETARY COST.pdf
- 2017-05-05 21:01 - 2017-05-05 21:01 - 00010156 _____ C:\Users\BIGJT64\Downloads\CALLE GOMEZ BOARDING HOUSE final-Model.pdf
- 2017-05-04 21:53 - 2017-05-04 21:54 - 00000000 ____D C:\Users\Public\scan101
- 2017-05-04 19:45 - 2017-05-04 19:45 - 00000000 ____D C:\Users\Public\Display Own Grades (Add_Edit_Delete)_files
- 2017-05-04 19:45 - 2017-05-04 19:43 - 00012968 _____ C:\Users\Public\Display Own Grades (Add_Edit_Delete).html
- 2017-05-04 12:58 - 2017-05-04 12:58 - 00062955 _____ C:\Users\BIGJT64\Downloads\A Dog's Purpose (2017) [1080p] [YTS.AG].torrent
- 2017-05-04 12:55 - 2017-05-04 12:55 - 00082383 _____ C:\Users\BIGJT64\Downloads\Fifty Shades Darker (2017) [1080p] [YTS.AG].torrent
- 2017-05-04 11:48 - 2017-05-04 11:48 - 00346266 _____ C:\Users\Public\00072017080100683 (1).pdf
- 2017-05-04 09:15 - 2017-05-04 09:15 - 00001151 _____ C:\Users\Public\Desktop\True Key.lnk
- 2017-05-03 21:59 - 2017-05-03 21:59 - 00857277 _____ C:\Users\Public\cal.xlsx
- 2017-05-02 17:53 - 2017-05-02 17:53 - 00112329 _____ C:\Users\Public\TKT ROWENA CEBU.pdf
- 2017-05-02 17:53 - 2017-05-02 17:53 - 00110464 _____ C:\Users\Public\TKT ROWENA QR.pdf
- 2017-05-02 11:31 - 2017-05-02 11:31 - 00141571 _____ C:\Users\Public\SICKNESS NOTIFICATION FORM (1).pdf
- 2017-05-02 10:12 - 2017-05-02 10:12 - 00361124 _____ C:\Users\Public\1HERMES GROUND RATES CARD_MINOR SPONSORS2017.pdf
- 2017-05-02 10:12 - 2017-05-02 10:12 - 00344745 _____ C:\Users\Public\1HERMES SPORTS_SPONSOR MAP_NAASCU2017.pdf
- 2017-05-02 10:09 - 2017-05-02 10:09 - 00332726 _____ C:\Users\Public\1HERMES PRODUCTIONS_SOLAR_RATE CARD_2017 (2) (1).pdf
- 2017-05-01 13:31 - 2017-05-01 12:42 - 00211184 _____ C:\Users\Public\GILBERT LAYLO (1)_2.pdf
- 2017-05-01 13:28 - 2017-05-01 12:42 - 00211184 _____ C:\Users\Public\GILBERT LAYLO (1).pdf
- 2017-04-30 20:32 - 2017-04-30 20:23 - 00609502 _____ C:\Users\Public\UPDATED CV.pdf
- 2017-04-30 19:05 - 2017-04-30 19:05 - 00023040 _____ C:\Users\Public\~WRA0980.asd
- 2017-04-29 19:52 - 2017-04-29 19:51 - 00515581 _____ C:\Users\Public\mabunga, arlene.jpeg
- 2017-04-29 17:07 - 2017-04-29 17:07 - 00121373 _____ C:\Users\Public\MED2SY_D3D69E168AD44FC08105BC64F3BF2F78.pdf
- 2017-04-28 22:53 - 2017-04-28 22:53 - 00551220 _____ C:\Users\Public\JZGTHAI Flor's Garden Certificate - 29 april 2017.pptx
- 2017-04-28 17:06 - 2017-04-28 17:09 - 00000000 ____D C:\Users\Public\qwert
- 2017-04-28 13:39 - 2017-04-28 12:55 - 00345460 _____ C:\Users\Public\yolanda passport.pdf
- 2017-04-28 11:51 - 2017-04-28 11:51 - 00031463 _____ C:\Users\Public\wds makati(1).pdf
- 2017-04-27 16:17 - 2017-04-27 16:37 - 00023040 _____ C:\Users\Public\~WRA2240.asd
- 2017-04-27 13:46 - 2017-04-27 13:46 - 00265420 _____ C:\Users\Public\Joann Heruela (1).pdf
- 2017-04-27 11:25 - 2017-04-27 11:14 - 00301066 _____ C:\Users\Public\Resume (1).pdf
- 2017-04-26 16:24 - 2017-04-26 16:24 - 00501119 _____ C:\Users\Public\SHS_Certificate_426201712254 (1).pdf
- 2017-04-26 14:28 - 2017-04-26 14:28 - 00132010 _____ C:\Users\Public\NSO Certificate Delivery Pay Online _ NSOHelpline.pdf
- 2017-04-26 08:47 - 2017-04-26 08:46 - 00346067 _____ C:\Users\Public\00062017072500644.pdf
- 2017-04-25 23:19 - 2017-04-26 00:01 - 00000000 ____D C:\Users\Public\sc
- 2017-04-25 21:40 - 2017-04-25 21:34 - 00075133 _____ C:\Users\Public\CEACAA006URLIK.PDF
- 2017-04-25 19:41 - 2017-04-25 19:38 - 00345106 _____ C:\Users\Public\00042017071402160.pdf
- 2017-04-25 08:58 - 2017-04-25 08:57 - 00666088 _____ C:\Users\Public\Offer Letter-No. 636 Pinaglaanan St., Brgy. Pedro Cruz, San Juan City.pdf
- 2017-04-24 21:51 - 2017-04-24 21:49 - 00036294 _____ C:\Users\Public\GALINDEZ, SYLL WEIN C.res.pdf
- 2017-04-24 15:14 - 2017-04-24 15:14 - 00010407 _____ C:\Users\Public\DBS.xlsx
- 2017-04-24 14:14 - 2017-04-24 14:14 - 00157940 _____ C:\Users\Public\PRC Official Website - Online Application System.pdf
- 2017-04-24 14:13 - 2017-04-24 14:13 - 00199920 _____ C:\Users\Public\PRC Official Website - Online Application for Licensure Examination.pdf
- 2017-04-23 22:26 - 2017-04-23 22:27 - 00028160 _____ C:\Users\Public\AutoRecovery save of sampleMechanical Engineering Resume.asd
- 2017-04-23 17:46 - 2017-04-23 17:46 - 00339291 _____ C:\Users\Public\00042017042401032.pdf
- 2017-04-21 20:15 - 2017-04-21 20:15 - 00048128 _____ C:\Users\Public\~WRA0414.asd
- 2017-04-21 19:04 - 2017-04-21 19:04 - 00023040 _____ C:\Users\Public\~WRA0378.asd
- 2017-04-21 14:56 - 2017-04-21 14:56 - 00187361 _____ C:\Users\Public\https___www.eserve.com.sa_VVSWeb_actions_vvs.pdf
- 2017-04-20 15:45 - 2017-04-20 15:45 - 00118182 _____ C:\Users\Public\3.pdf
- 2017-04-20 15:44 - 2017-04-20 15:44 - 00162870 _____ C:\Users\Public\4.pdf
- 2017-04-20 15:40 - 2017-04-20 15:40 - 00104413 _____ C:\Users\Public\Untitled Document2.pdf
- 2017-04-20 15:39 - 2017-04-20 15:39 - 00117810 _____ C:\Users\Public\Untitled Document.pdf
- 2017-04-20 12:35 - 2017-04-20 12:35 - 00345815 _____ C:\Users\Public\00092017071200963 (1).pdf
- 2017-04-20 09:11 - 2017-04-20 09:10 - 00131909 _____ C:\Users\Public\Itinerary_PDF-1.pdf
- 2017-04-20 08:41 - 2017-05-14 08:41 - 00000911 _____ C:\Windows\Tasks\EPSON L220 Series Update {853603A9-B34E-4613-A1D2-C4E8390AAF10}.job
- 2017-04-20 08:41 - 2017-04-20 08:41 - 00003978 _____ C:\Windows\System32\Tasks\EPSON L220 Series Update {853603A9-B34E-4613-A1D2-C4E8390AAF10}
- 2017-04-18 22:46 - 2017-04-18 22:46 - 00235502 _____ C:\Users\Public\Final-template-of-Medical-Certification-michelle.pptx
- 2017-04-18 08:56 - 2017-04-18 16:24 - 00000000 ____D C:\Users\Public\Reset EpsonL110-L210-L300-L350-L355 - printersdrivercenter.blogspot.com
- 2017-04-18 08:55 - 2017-04-18 08:55 - 01242048 _____ C:\Users\Public\Reset EpsonL110-L210-L300-L350-L355 - printersdrivercenter.blogspot.com.zip
- 2017-04-17 21:20 - 2017-04-17 21:20 - 00073598 _____ C:\Users\Public\Republic of the Philippines Social Security System.pdf
- 2017-04-17 12:27 - 2017-04-17 12:26 - 00126902 _____ C:\Users\Public\Application Guide For A License As A Certified Pesticide Applicator.pdf
- 2017-04-17 12:27 - 2017-04-17 12:26 - 00121917 _____ C:\Users\Public\Application Guide For A License As A Franchise Urban Pest Control Operator.pdf
- 2017-04-17 12:27 - 2017-04-17 12:25 - 00235818 _____ C:\Users\Public\Brochure Urban Pest Management Program Designed For CPAs April 19-21, 2017.pdf
- 2017-04-17 11:37 - 2017-04-17 11:36 - 00344669 _____ C:\Users\Public\00242017052400204.pdf
- 2017-04-16 16:44 - 2017-04-16 16:44 - 00120832 _____ C:\Users\Public\~WRA0882.wbk
- 2017-04-16 13:26 - 2017-04-16 14:16 - 00036864 _____ C:\Users\Public\~WRA2796.asd
- 2017-04-15 19:34 - 2017-04-15 19:34 - 00002052 _____ C:\Windows\epplauncher.mif
- 2017-04-14 17:17 - 2017-04-14 17:17 - 00015391 _____ C:\Users\BIGJT64\Downloads\Evan Almighty (2007) [1080p] [YTS.AG].torrent
- ==================== One Month Modified files and folders ========
- (If an entry is included in the fixlist, the file/folder will be moved.)
- 2017-05-14 08:42 - 2016-09-04 23:49 - 00000000 ____D C:\Users\BIGJT64\AppData\Roaming\DMCache
- 2017-05-14 08:39 - 2016-12-01 13:14 - 00000000 ____D C:\Users\BIGJT64\AppData\LocalLow\Mozilla
- 2017-05-14 08:25 - 2009-07-14 12:45 - 00018912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
- 2017-05-14 08:25 - 2009-07-14 12:45 - 00018912 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
- 2017-05-14 08:12 - 2016-12-30 22:33 - 00000000 ____D C:\Users\BIGJT64\Desktop\Print
- 2017-05-14 08:12 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
- 2017-05-13 23:49 - 2017-01-11 23:52 - 00034304 _____ C:\Users\BIGJT64\Desktop\BIGJ-DAILY-SALES-SLIP-2017.xls
- 2017-05-13 22:40 - 2009-07-14 13:13 - 00785562 _____ C:\Windows\system32\PerfStringBackup.INI
- 2017-05-13 22:40 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf
- 2017-05-13 21:57 - 2016-12-16 18:52 - 00000000 ____D C:\Users\Public\New folder
- 2017-05-13 18:21 - 2016-09-27 13:43 - 00000000 ____D C:\Users\BIGJT64\AppData\Roaming\vlc
- 2017-05-13 16:10 - 2016-09-04 22:32 - 00112864 _____ C:\Users\BIGJT64\AppData\Local\GDIPFONTCACHEV1.DAT
- 2017-05-13 16:09 - 2009-07-14 12:45 - 00427272 _____ C:\Windows\system32\FNTCACHE.DAT
- 2017-05-13 14:43 - 2016-10-12 16:19 - 00000000 ____D C:\Users\BIGJT64\AppData\Local\CrashDumps
- 2017-05-13 14:41 - 2016-11-30 14:40 - 00000000 ____D C:\Program Files (x86)\TeamViewer
- 2017-05-13 12:43 - 2017-04-06 14:58 - 00000000 ____D C:\Users\Public\1
- 2017-05-13 11:19 - 2016-09-04 23:30 - 00000000 ____D C:\ProgramData\Symantec
- 2017-05-12 15:17 - 2017-02-23 20:55 - 00937472 ___SH C:\Users\Public\Thumbs.db
- 2017-05-12 08:42 - 2016-12-01 20:17 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
- 2017-05-12 08:42 - 2016-12-01 20:17 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
- 2017-05-12 08:39 - 2017-02-13 12:29 - 00000000 ____D C:\Users\Public\mariel
- 2017-05-11 08:15 - 2016-09-05 17:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
- 2017-05-10 22:04 - 2017-03-13 11:59 - 00114001 _____ C:\Users\Public\NBI CLEARANCE.pdf
- 2017-05-10 17:43 - 2016-10-26 17:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
- 2017-05-10 08:25 - 2017-01-24 17:25 - 00000000 ____D C:\Program Files (x86)\McAfee
- 2017-05-09 10:00 - 2017-01-24 17:25 - 00003312 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
- 2017-05-09 10:00 - 2017-01-24 17:00 - 00000000 ____D C:\ProgramData\McAfee
- 2017-05-08 20:59 - 2016-09-04 23:49 - 00000000 ____D C:\Users\BIGJT64\Downloads\Video
- 2017-05-08 14:56 - 2017-03-04 09:50 - 00102677 _____ C:\Users\Public\Your voucher - Metrodeal Philippines.pdf
- 2017-05-07 23:24 - 2017-04-05 17:14 - 00000000 ____D C:\Users\BIGJT64\Desktop\Scan
- 2017-05-06 20:53 - 2016-09-27 23:28 - 00000000 ____D C:\Users\BIGJT64\AppData\Roaming\uTorrent
- 2017-05-06 16:14 - 2017-03-01 18:38 - 00002752 _____ C:\Users\Public\payslip.pdf
- 2017-05-06 15:58 - 2017-04-05 20:50 - 00002759 _____ C:\Users\Public\payslip2.pdf
- 2017-05-06 15:56 - 2017-04-05 20:50 - 00002752 _____ C:\Users\Public\payslip1.pdf
- 2017-05-05 21:42 - 2017-04-05 20:52 - 00021411 _____ C:\Users\Public\Book1.xlsx
- 2017-05-05 16:00 - 2016-09-04 23:40 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
- 2017-05-04 19:01 - 2017-01-24 17:00 - 00000000 ____D C:\Program Files\TrueKey
- 2017-05-04 16:26 - 2017-01-11 20:31 - 00000000 ____D C:\Users\Public\jorge
- 2017-05-04 09:15 - 2017-01-24 17:28 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
- 2017-05-02 13:32 - 2017-03-07 15:50 - 00049711 _____ C:\Users\Public\SEC Appointment System.pdf
- 2017-04-29 08:45 - 2016-12-01 20:10 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
- 2017-04-29 08:45 - 2016-12-01 20:10 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
- 2017-04-27 11:44 - 2017-03-01 17:50 - 00088125 _____ C:\Users\Public\POEA OEC PRINTING.pdf
- 2017-04-26 19:12 - 2017-04-02 12:25 - 00110258 _____ C:\Users\Public\Printing.pdf
- 2017-04-26 13:38 - 2017-02-25 12:31 - 00150845 _____ C:\Users\Public\Dragonpay Payment Instruction.pdf
- 2017-04-24 21:44 - 2017-02-24 21:53 - 00053242 _____ C:\Users\Public\certificate.pdf
- 2017-04-24 14:47 - 2017-03-16 21:24 - 00000000 ____D C:\Users\Public\asdf
- 2017-04-24 13:36 - 2017-03-17 14:53 - 00445890 _____ C:\Users\Public\MDF.pdf
- 2017-04-22 12:00 - 2016-09-04 22:44 - 00000000 ____D C:\Program Files (x86)\EPSON Software
- 2017-04-22 11:58 - 2016-09-04 22:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
- 2017-04-18 08:57 - 2016-10-31 09:20 - 00000000 ____D C:\Adjustment Program
- 2017-04-15 23:41 - 2016-10-16 19:29 - 00000440 __RSH C:\ProgramData\ntuser.pol
- 2017-04-15 17:28 - 2017-03-24 14:33 - 00719055 _____ C:\Users\Public\1.xps
- 2017-04-15 08:57 - 2016-11-06 13:31 - 00000000 ____D C:\Program Files\Common Files\AV
- ==================== Files in the root of some directories =======
- 2017-05-12 08:29 - 2017-05-12 08:29 - 71679202 __RSH () C:\Users\BIGJT64\AppData\Roaming\eeyywwuuse.exe
- 2016-10-04 08:24 - 2016-10-04 08:24 - 0000036 _____ () C:\Users\BIGJT64\AppData\Local\housecall.guid.cache
- 2016-11-18 00:00 - 2016-11-28 13:19 - 0007604 _____ () C:\Users\BIGJT64\AppData\Local\Resmon.ResmonCfg
- 2016-11-06 13:20 - 2016-11-06 13:30 - 0000184 _____ () C:\Users\BIGJT64\AppData\Local\uts.ini
- Files to move or delete:
- ====================
- C:\Users\Public\BlueStacks2-Installer_native.exe
- C:\Users\Public\Firefox Setup Stub 51.0.1.exe
- C:\Users\Public\flashplayer24pp_ka_install.exe
- C:\Users\Public\flashplayer24_ka_install.exe
- C:\Users\Public\TeamViewer_Setup.exe
- Some files in TEMP:
- ====================
- 2017-05-12 08:29 - 2016-05-16 21:51 - 0805376 _____ (Microsoft Corporation) C:\Users\BIGJT64\AppData\Local\Temp\cdo2042736815.dll
- 2017-05-12 08:30 - 2016-05-16 21:51 - 0805376 _____ (Microsoft Corporation) C:\Users\BIGJT64\AppData\Local\Temp\cdo3897107792.dll
- 2017-05-12 08:30 - 2016-05-16 21:51 - 0805376 _____ (Microsoft Corporation) C:\Users\BIGJT64\AppData\Local\Temp\cdo977051993.dll
- 2017-01-26 12:49 - 2015-12-01 14:12 - 0128608 _____ (BlueStack Systems) C:\Users\BIGJT64\AppData\Local\Temp\HD-ShortcutHandler.dll
- 2017-05-13 15:21 - 2015-07-02 13:49 - 1209888 ____N (CANON INC.) C:\Users\BIGJT64\AppData\Local\Temp\MSETUP4.EXE
- 2017-01-08 13:15 - 2017-01-06 02:16 - 1342792 _____ (Andy OS, inc.) C:\Users\BIGJT64\AppData\Local\Temp\RemoveTemp.exe
- 2017-01-08 12:12 - 2017-01-08 12:12 - 1214528 _____ (Andy OS, inc.) C:\Users\BIGJT64\AppData\Local\Temp\SetAPK.exe
- 2017-01-26 12:49 - 2015-12-01 16:51 - 0487008 _____ (BlueStack Systems, Inc.) C:\Users\BIGJT64\AppData\Local\Temp\uninstall.exe
- ==================== Bamital & volsnap ======================
- (There is no automatic fix for files that do not pass verification.)
- C:\Windows\system32\winlogon.exe => File is digitally signed
- C:\Windows\system32\wininit.exe => File is digitally signed
- C:\Windows\SysWOW64\wininit.exe => File is digitally signed
- C:\Windows\explorer.exe => File is digitally signed
- C:\Windows\SysWOW64\explorer.exe => File is digitally signed
- C:\Windows\system32\svchost.exe => File is digitally signed
- C:\Windows\SysWOW64\svchost.exe => File is digitally signed
- C:\Windows\system32\services.exe => File is digitally signed
- C:\Windows\system32\User32.dll => File is digitally signed
- C:\Windows\SysWOW64\User32.dll => File is digitally signed
- C:\Windows\system32\userinit.exe => File is digitally signed
- C:\Windows\SysWOW64\userinit.exe => File is digitally signed
- C:\Windows\system32\rpcss.dll => File is digitally signed
- C:\Windows\system32\dnsapi.dll => File is digitally signed
- C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
- C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
- LastRegBack: 2017-01-24 09:11
- ==================== End of FRST.txt ============================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement