Jump to content

Chrome,IE or Firefox are opening automatically tabs. Cant remove them !


Recommended Posts

Hi,

 

i have had chrome and i get those weird automatically open tabs that directs me to shorte.st, zippyshare or some other weird website without doing anything.

I uninstalled chrome and used the malwarebytes it found something and deleted them then rebooted the pc nothing has changed then i used a cccleaner and some antivirus scans they didnt find anything.

I used then hijackthis and created the logs now and will share it with you but i didnt found anything there. I again unisnaled and istalled back Firefox same thing....


Is there any way in this world to remove this goddamn problem?

 

thanks alot

 

Pleas see below the hijackthis logs:

 

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 3:57:57 PM, on 12/17/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17420)

FIREFOX: 34.0.5 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Users\yn\AppData\Local\Viber\Viber.exe
C:\ProgramData\Microsoft\Windows\Deep Layers\winver.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\yn\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Viber] "C:\Users\yn\AppData\Local\Viber\Viber.exe" StartMinimized
O4 - HKCU\..\Run: [winver.exe] C:\ProgramData\Microsoft\Windows\Deep Layers\winver.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915"/build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915"/build:7601 (User 'Default user')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Security Service (BTHSSecurityMgr) - Intel® Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\Windows\SysWOW64\flcdlock.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12496 bytes
 

 

Link to post
Share on other sites

Hello and welome,

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Thanks,

 

Kevin...

Link to post
Share on other sites

this is the FRST txt and attached the adddition txt file

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014
Ran by yn (administrator) on YN- on 18-12-2014 07:36:36
Running from C:\Users\yn\Desktop
Loaded Profile: yn (Available profiles: yn)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows\Deep Layers\winver.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2010-01-04] (Synaptics Incorporated)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [111488 2012-10-25] (Intel Corporation)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [136512 2009-08-25] (McAfee, Inc.)
HKLM-x32\...\Run: [shStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [124240 2009-10-22] (McAfee, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-819715191-4067070856-1964836272-1000\...\Run: [Viber] => C:\Users\yn\AppData\Local\Viber\Viber.exe [936656 2014-10-20] ()
HKU\S-1-5-21-819715191-4067070856-1964836272-1000\...\Run: [winver.exe] => C:\ProgramData\Microsoft\Windows\Deep Layers\winver.exe [6786560 2014-09-16] (Microsoft Corporation)
HKU\S-1-5-21-819715191-4067070856-1964836272-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-819715191-4067070856-1964836272-1000\...\Run: [bomgar_Cleanup_ZD86001012705] => cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-0x54919e8a" & reg.exe delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD86001012705 /f
HKU\S-1-5-21-819715191-4067070856-1964836272-1000\...\Run: [bomgar_Cleanup_ZD957384315715] => cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-0x54919b92" & reg.exe delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD957384315715 /f
HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-10-16] (Microsoft Corporation)
Lsa: [Notification Packages] DPPassFilter scecli

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1418110371&from=obw&uid=WDCXWD3200BEKT-60PVMT0_WD-WX11A43W4165W4165&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1418110371&from=obw&uid=WDCXWD3200BEKT-60PVMT0_WD-WX11A43W4165W4165
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1418110371&from=obw&uid=WDCXWD3200BEKT-60PVMT0_WD-WX11A43W4165W4165&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
StartMenuInternet: IEXPLORE.EXE -
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1418110371&from=obw&uid=WDCXWD3200BEKT-60PVMT0_WD-WX11A43W4165W4165&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1418110371&from=obw&uid=WDCXWD3200BEKT-60PVMT0_WD-WX11A43W4165W4165&q={searchTerms}
BHO: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-819715191-4067070856-1964836272-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-819715191-4067070856-1964836272-1000 -> No Name - {9B854F13-647A-4F39-9549-4BF14B664730} -  No File
Toolbar: HKU\S-1-5-21-819715191-4067070856-1964836272-1000 -> No Name - {EB1386BE-EC3B-4C93-B520-4EC9334F7D27} -  No File
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.100

FireFox:
========
FF ProfilePath: C:\Users\yn\AppData\Roaming\Mozilla\Firefox\Profiles\iqzcajrl.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-819715191-4067070856-1964836272-1000: @citrixonline.com/appdetectorplugin -> C:\Users\yn\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-819715191-4067070856-1964836272-1000: LWAPlugin15.8 -> C:\Users\yn\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\yn\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2014-10-16]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-10-20]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-08] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-08] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-08] (BlueStack Systems, Inc.)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462160 2010-07-16] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [362040 2011-10-07] (Hewlett-Packard Ltd)
R2 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [32768 2010-10-19] (Hewlett-Packard Development Company, L.P) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 McAfeeEngineService; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [19720 2009-10-22] (McAfee, Inc.)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [103744 2009-08-25] (McAfee, Inc.)
R2 McShield; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [178920 2009-10-22] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [66896 2009-10-22] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [79504 2009-10-22] (McAfee, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer GmbH)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-08] (BlueStack Systems)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2011-10-07] (Hewlett-Packard Development Company L.P.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [97576 2009-10-22] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [119968 2009-10-22] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [469144 2009-10-22] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [77104 2009-10-22] (McAfee, Inc.)
R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [83784 2009-10-22] (McAfee, Inc.)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2014-08-08] (The OpenVPN Project)
R3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2014-11-07] (Duplex Secure Ltd.)
S3 tap0801; C:\Windows\System32\DRIVERS\tap0801.sys [30720 2005-04-13] (The OpenVPN Project) [File not signed]
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-12-03] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2014-12-17] ()
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-18 07:36 - 2014-12-18 07:37 - 00018820 _____ () C:\Users\yn\Desktop\FRST.txt
2014-12-18 07:35 - 2014-12-18 07:35 - 02121216 _____ (Farbar) C:\Users\yn\Desktop\FRST64.exe
2014-12-18 07:33 - 2014-12-18 07:34 - 00001078 _____ () C:\Windows\system32dbgraw.bmp
2014-12-17 16:31 - 2014-12-17 16:31 - 00000000 ____D () C:\Users\yn\Downloads\GetData Recover My Files Pro 5.2.1.1964
2014-12-17 16:31 - 2014-12-17 16:31 - 00000000 ____D () C:\Users\yn\AppData\Local\Macromedia
2014-12-17 16:29 - 2014-12-17 16:29 - 01728336 _____ (BitTorrent Inc.) C:\Users\yn\Desktop\uTorrent.exe
2014-12-17 16:18 - 2014-10-18 20:17 - 00010240 _____ () C:\ProgramData\Z@!-d7f7ce8b-ad28-44e2-b358-e621f62212f3.tmp
2014-12-17 16:06 - 2014-12-17 16:06 - 00000000 ____D () C:\Program Files\PowerSchool
2014-12-17 16:04 - 2014-12-17 16:04 - 00000000 ____D () C:\Windows\Sun
2014-12-17 15:57 - 2014-12-17 15:57 - 00012498 _____ () C:\Users\yn\Desktop\hijackthis.log
2014-12-17 15:42 - 2014-12-17 15:42 - 05162080 _____ (Piriform Ltd) C:\Users\yn\Desktop\ccsetup500.exe
2014-12-17 15:42 - 2014-12-17 15:42 - 00002766 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-12-17 15:42 - 2014-12-17 15:42 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-17 15:42 - 2014-12-17 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-17 15:42 - 2014-12-17 15:42 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-17 14:22 - 2014-12-17 14:23 - 00000000 ____D () C:\Users\yn\AppData\Local\Mozilla
2014-12-17 14:22 - 2014-12-17 14:22 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-17 14:22 - 2014-12-17 14:22 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-17 14:22 - 2014-12-17 14:22 - 00000000 ____D () C:\ProgramData\Mozilla
2014-12-17 14:22 - 2014-12-17 14:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-17 14:22 - 2014-12-17 14:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-17 14:12 - 2014-12-17 14:12 - 00388608 _____ (Trend Micro Inc.) C:\Users\yn\Desktop\HijackThis.exe
2014-12-17 14:02 - 2014-12-17 14:02 - 00003754 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-12-17 13:58 - 2014-12-17 13:58 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-12-17 13:58 - 2014-12-17 13:58 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-17 13:57 - 2014-12-17 13:57 - 15201368 _____ () C:\Users\yn\Desktop\RogueKiller.exe
2014-12-17 08:55 - 2014-12-17 09:18 - 00000000 ____D () C:\Users\yn\Downloads\Polar Express (2004)
2014-12-16 11:31 - 2014-12-16 11:31 - 03989160 _____ (El Desaparecido - SosVirus.net - UsbFix.net) C:\Users\yn\Desktop\UsbFix-7.806.exe
2014-12-16 11:13 - 2014-12-18 07:36 - 00000000 ____D () C:\FRST
2014-12-16 09:57 - 2014-12-16 11:20 - 00012637 _____ () C:\Users\yn\Desktop\IT MNG Job Description.xlsx
2014-12-16 08:35 - 2014-12-16 08:35 - 00129633 _____ () C:\Users\yn\Downloads\DesktopSnowOK278_x64.zip
2014-12-16 08:25 - 2014-12-16 08:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-14 01:31 - 2014-12-14 01:31 - 00000600 _____ () C:\Users\yn\AppData\Local\PUTTY.RND
2014-12-14 01:28 - 2014-12-14 01:29 - 00000000 ____D () C:\Users\yn\Desktop\New folder
2014-12-13 23:55 - 2014-12-15 11:50 - 00000000 ____D () C:\Program Files (x86)\Fiddler2
2014-12-13 23:55 - 2014-12-15 11:49 - 00000000 ____D () C:\Users\yn\Documents\Fiddler2
2014-12-13 23:55 - 2014-12-13 23:55 - 01157760 _____ (Telerik) C:\Users\yn\Downloads\fiddler4setup.exe
2014-12-13 23:36 - 2014-12-13 23:36 - 00000000 ____D () C:\ProgramData\chocolatey
2014-12-13 23:33 - 2014-12-13 23:33 - 00003849 _____ () C:\Users\yn\Downloads\fiddler.2.4.9.7.nupkg
2014-12-13 23:32 - 2014-12-13 23:32 - 00000547 _____ () C:\Users\yn\Downloads\barney_activation_help_en_us.buddyml
2014-12-13 23:31 - 2014-12-13 23:31 - 00003828 _____ () C:\Users\yn\Downloads\fiddler.2.4.9.4.nupkg
2014-12-13 22:54 - 2014-12-13 22:54 - 00008623 _____ () C:\Users\yn\Downloads\vpngate_vpn265069759.opengw.net_tcp_1284 (1).ovpn
2014-12-13 22:49 - 2014-12-13 22:49 - 00008709 _____ () C:\Users\yn\Downloads\vpngate_vpn251214631.opengw.net_tcp_1560.ovpn
2014-12-13 22:49 - 2014-12-13 22:49 - 00008699 _____ () C:\Users\yn\Downloads\vpngate_223.217.54.184_tcp_443.ovpn
2014-12-13 22:47 - 2014-12-13 22:47 - 00008709 _____ () C:\Users\yn\Downloads\vpngate_vpn251214631.opengw.net_udp_1981.ovpn
2014-12-13 22:47 - 2014-12-13 22:47 - 00008700 _____ () C:\Users\yn\Downloads\vpngate_203.206.10.217_udp_1981.ovpn
2014-12-13 22:26 - 2014-12-13 22:26 - 00001358 _____ () C:\Users\yn\Downloads\AddToCalendar.ics
2014-12-12 10:55 - 2014-12-12 10:55 - 00000544 _____ () C:\Users\yn\Downloads\doulCI+Bypass+Install%2BActivation+Code.txt
2014-12-12 10:14 - 2014-12-12 10:14 - 01686063 _____ () C:\Users\yn\Downloads\Icloud Bypass Server by HackUniverse.zip
2014-12-11 16:49 - 2014-12-12 00:29 - 1862953133 _____ () C:\Users\yn\Desktop\iPhone6,1_8.1.1_12B435_Restore.ipsw
2014-12-11 16:10 - 2014-12-11 16:41 - 2086071905 _____ () C:\Users\yn\Desktop\iPhone6,1_8.1_12B411_Restore.ipsw
2014-12-11 15:09 - 2014-12-11 15:19 - 00000000 ____D () C:\CCProxy
2014-12-11 14:13 - 2014-12-15 09:22 - 00000000 ____D () C:\Users\yn\AppData\Roaming\DMCache
2014-12-11 14:13 - 2014-12-11 14:13 - 00000000 ____D () C:\Users\yn\Downloads\Video
2014-12-11 14:13 - 2014-12-11 14:13 - 00000000 ____D () C:\Users\yn\Downloads\Compressed
2014-12-11 14:13 - 2014-12-11 14:13 - 00000000 ____D () C:\ProgramData\IDM
2014-12-11 14:12 - 2014-12-11 14:12 - 06353464 _____ (Tonec Inc.) C:\Users\yn\Downloads\idman621build16.exe
2014-12-11 13:25 - 2014-12-11 13:25 - 00004193 _____ () C:\Users\yn\Downloads\launchGradeBook (10).jnlp
2014-12-11 10:17 - 2014-12-11 10:19 - 00619200 _____ () C:\Users\yn\Downloads\icloudActivation__10782_il2568.exe
2014-12-11 10:17 - 2014-12-10 04:43 - 51938816 _____ (taig tools) C:\Users\yn\Desktop\TaiGJBreak_EN_1201.exe
2014-12-11 09:58 - 2014-12-11 10:15 - 50037296 _____ () C:\Users\yn\Downloads\TaiGJBreak_EN_1201.zip
2014-12-11 09:41 - 2014-12-11 09:56 - 42580372 _____ () C:\Users\yn\Downloads\TaiGJBreak_1201.zip
2014-12-10 15:06 - 2014-12-10 15:09 - 13913692 _____ (Doulci Team) C:\Users\yn\Downloads\doulCi Activator.exe
2014-12-10 14:57 - 2014-12-10 14:57 - 00022429 _____ () C:\Users\yn\Downloads\DoulCi-server-master.zip
2014-12-10 14:50 - 2014-12-10 14:50 - 00607989 _____ () C:\Users\yn\Downloads\leak (1).zip
2014-12-10 14:27 - 2014-12-12 12:06 - 00000000 ____D () C:\Users\yn\AppData\Roaming\iFunbox_UserCache
2014-12-10 14:18 - 2014-12-10 14:18 - 04665272 _____ (Martin Prikryl ) C:\Users\yn\Downloads\winscp556setup.exe
2014-12-10 14:16 - 2014-12-10 14:16 - 03354745 _____ () C:\Users\yn\Downloads\ssh_rd_rev04a.jar
2014-12-10 14:15 - 2014-12-10 14:15 - 09884906 _____ () C:\Users\yn\Downloads\iOS Soft Dev Pack.rar
2014-12-10 14:14 - 2014-12-10 14:15 - 18164415 _____ ( ) C:\Users\yn\Downloads\ifunbox_setup.exe
2014-12-10 13:53 - 2014-12-10 13:53 - 01536221 _____ () C:\Users\yn\Downloads\htdocs.rar
2014-12-10 10:04 - 2014-12-15 11:55 - 00000000 ____D () C:\xampp
2014-12-10 10:02 - 2014-12-10 10:02 - 00144901 _____ () C:\Users\yn\Downloads\Icloud unlock.rar
2014-12-10 10:02 - 2014-12-10 10:02 - 00144901 _____ () C:\Users\yn\Desktop\Icloud unlock.rar
2014-12-10 09:48 - 2014-12-10 09:48 - 00086010 _____ () C:\Users\yn\Downloads\Doulci Activat0r (1).rar
2014-12-10 09:46 - 2014-12-10 09:46 - 00981454 _____ () C:\Users\yn\Downloads\fileshare.ro_iCloud Activation Lock Removal.rar
2014-12-10 09:44 - 2014-12-10 09:45 - 00579952 _____ () C:\Users\yn\Downloads\Installation (3).exe
2014-12-10 08:13 - 2014-12-10 08:13 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2014-12-10 08:13 - 2014-12-10 08:13 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-12-10 08:12 - 2014-12-10 08:12 - 00753184 _____ () C:\Users\yn\Downloads\Adware-Removal-Tool-v3.9.1.exe
2014-12-10 07:54 - 2014-12-16 08:24 - 00000000 ____D () C:\Users\yn\AppData\Local\CrashDumps
2014-12-09 16:07 - 2014-12-09 16:07 - 04202360 _____ (http://goforfiles.com) C:\Users\yn\Downloads\Iphone_Activation_Remove.rar_downloader.exe
2014-12-09 16:02 - 2014-12-09 16:02 - 00571416 _____ () C:\Users\yn\Downloads\Installation (2).exe
2014-12-09 15:59 - 2014-12-09 15:59 - 00000000 ____D () C:\Users\yn\AppData\Roaming\TaiG
2014-12-09 13:30 - 2014-12-10 07:54 - 00000000 ____D () C:\Users\yn\AppData\Local\NPE
2014-12-09 13:30 - 2014-12-09 13:30 - 00000000 ____D () C:\ProgramData\Norton
2014-12-09 13:29 - 2014-12-09 13:34 - 00017224 _____ () C:\Users\yn\Downloads\software_removal_tool.log
2014-12-09 13:29 - 2014-12-09 13:29 - 03060320 ____N (Symantec Corporation) C:\Users\yn\Downloads\NPE.exe
2014-12-09 13:29 - 2014-12-09 13:29 - 03060320 _____ (Symantec Corporation) C:\Users\yn\Downloads\NPE (1).exe
2014-12-09 13:16 - 2014-12-09 13:26 - 00000000 ____D () C:\searchplugins
2014-12-09 13:16 - 2014-12-09 13:18 - 00000233 _____ () C:\prefs.js
2014-12-09 13:15 - 2014-12-09 13:15 - 00004688 _____ () C:\Windows\SysWOW64\LavasoftTcpService.ini
2014-12-09 13:15 - 2014-12-09 13:15 - 00002520 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2014-12-09 13:15 - 2014-12-09 13:15 - 00002520 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2014-12-09 13:15 - 2014-11-27 10:44 - 00358736 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2014-12-09 13:15 - 2014-11-27 10:44 - 00312424 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2014-12-09 13:12 - 2014-12-09 13:13 - 08107656 _____ (Lavasoft) C:\Users\yn\Downloads\WebCompanionInstaller.exe
2014-12-09 13:12 - 2014-12-09 13:12 - 05162080 _____ (Piriform Ltd) C:\Users\yn\Downloads\ccsetup500.exe
2014-12-09 08:33 - 2014-12-09 13:30 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-12-09 08:31 - 2014-12-09 08:31 - 00571488 _____ () C:\Users\yn\Downloads\Installation (1).exe
2014-12-08 20:31 - 2014-12-08 20:31 - 02292522 _____ () C:\Users\yn\Downloads\doulCi Team iCloud Activator Official For Windows  v1.0.14 (1).rar
2014-12-08 20:30 - 2014-12-08 20:30 - 02292522 _____ () C:\Users\yn\Downloads\doulCi Team iCloud Activator Official For Windows  v1.0.14.rar
2014-12-08 20:29 - 2014-12-08 20:29 - 00603368 _____ () C:\Users\yn\Downloads\doulci icloud activator__8779_il825.exe
2014-12-08 20:29 - 2014-12-08 20:29 - 00571432 _____ () C:\Users\yn\Downloads\Installation.exe
2014-12-08 11:26 - 2014-12-08 11:26 - 00008608 _____ () C:\Users\yn\Downloads\vpngate_123.198.45.70_tcp_443.ovpn
2014-12-08 11:26 - 2014-12-08 11:26 - 00008608 _____ () C:\Users\yn\Downloads\vpngate_123.198.45.70_tcp_443 (1).ovpn
2014-12-08 11:25 - 2014-12-08 11:25 - 00008643 _____ () C:\Users\yn\Downloads\vpngate_vpn721836916.opengw.net_tcp_1637.ovpn
2014-12-08 11:24 - 2014-12-08 11:25 - 00008651 _____ () C:\Users\yn\Downloads\vpngate_vpn637860132.opengw.net_udp_1660.ovpn
2014-12-08 11:24 - 2014-12-08 11:24 - 00008699 _____ () C:\Users\yn\Downloads\vpngate_91.157.236.47_udp_1195.ovpn
2014-12-08 11:23 - 2014-12-08 11:23 - 00008708 _____ () C:\Users\yn\Downloads\vpngate_vpn591959178.opengw.net_tcp_995.ovpn
2014-12-08 10:38 - 2014-12-08 10:38 - 00000371 _____ () C:\Users\yn\Downloads\ZiPhoneWin-3.0.exe
2014-12-08 09:25 - 2014-12-08 09:25 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-12-08 09:25 - 2014-12-08 09:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-12-08 09:25 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-12-08 09:24 - 2014-12-08 09:25 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-12-08 09:24 - 2014-12-08 09:25 - 00000000 ____D () C:\Program Files\iTunes
2014-12-08 09:24 - 2014-12-08 09:25 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-12-08 09:24 - 2014-12-08 09:24 - 00000000 ____D () C:\Program Files\iPod
2014-12-07 21:03 - 2014-12-11 15:36 - 00000000 ____D () C:\Users\yn\AppData\Local\pangu
2014-12-07 20:59 - 2014-12-07 21:48 - 00000000 ____D () C:\Users\yn\AppData\Roaming\Apple Computer
2014-12-07 20:59 - 2014-12-07 21:00 - 44435904 _____ () C:\Users\yn\Desktop\Pangu8_v1.2.1.exe
2014-12-07 20:59 - 2014-12-07 20:59 - 00000000 ____D () C:\Users\yn\AppData\Local\Apple Computer
2014-12-07 20:58 - 2014-12-07 20:58 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-12-07 20:57 - 2014-12-08 09:24 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-12-07 20:57 - 2014-12-07 20:57 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-12-07 20:57 - 2014-12-07 20:57 - 00000000 ____D () C:\Users\yn\AppData\Local\Apple
2014-12-07 20:57 - 2014-12-07 20:57 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-12-07 20:56 - 2014-12-07 20:56 - 01010720 ___RS (Microsoft Corporation) C:\Windows\SysWOW64\MSCHRT20.OCX
2014-12-07 20:56 - 2014-12-07 20:56 - 00001202 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\TMAC v6.lnk
2014-12-07 20:56 - 2014-12-07 20:56 - 00001196 _____ () C:\Users\Public\Desktop\TMAC v6.lnk
2014-12-07 20:56 - 2014-12-07 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Technitium MAC Address Changer v6
2014-12-07 20:56 - 2014-12-07 20:56 - 00000000 ____D () C:\Program Files (x86)\Technitium
2014-12-07 20:55 - 2014-12-07 20:55 - 02102399 _____ () C:\Users\yn\Downloads\TMACv6.0.5_Setup.zip
2014-12-07 20:50 - 2014-12-07 20:55 - 00000000 ____D () C:\Program Files (x86)\Win7 MAC Address Changer
2014-12-07 20:49 - 2014-12-07 20:49 - 00604872 _____ () C:\Users\yn\Downloads\setup__3366_il2127 (2).exe
2014-12-07 20:46 - 2014-12-07 20:49 - 122418480 _____ (Apple Inc.) C:\Users\yn\Downloads\iTunes64Setup.exe
2014-12-05 16:22 - 2014-12-05 16:22 - 00004193 _____ () C:\Users\yn\Downloads\launchGradeBook (9).jnlp
2014-12-05 16:16 - 2014-12-05 16:16 - 00004193 _____ () C:\Users\yn\Downloads\launchGradeBook (8).jnlp
2014-12-05 07:46 - 2014-12-05 07:46 - 00001601 _____ () C:\Windows\system32\TeamViewer10_Hooks.log
2014-12-04 08:57 - 2014-12-04 08:57 - 00008633 _____ () C:\Users\yn\Downloads\vpngate_61.224.71.242_tcp_1802 (1).ovpn
2014-12-04 08:52 - 2014-12-04 08:52 - 00008633 _____ () C:\Users\yn\Downloads\vpngate_61.224.71.242_tcp_1802.ovpn
2014-12-04 08:51 - 2014-12-13 22:55 - 00000000 ____D () C:\Program Files (x86)\OkayFreedom
2014-12-04 08:50 - 2014-12-04 08:50 - 01811608 _____ () C:\Users\yn\Downloads\openvpn-install-2.3.6-I001-x86_64.exe
2014-12-04 08:44 - 2014-12-04 08:44 - 00008627 _____ () C:\Users\yn\Downloads\vpngate_vpn329237943.opengw.net_udp_1392.ovpn
2014-12-04 08:43 - 2014-12-04 08:43 - 00008627 _____ () C:\Users\yn\Downloads\vpngate_vpn823972492.opengw.net_udp_1195.ovpn
2014-12-04 08:37 - 2014-12-04 08:37 - 00008641 _____ () C:\Users\yn\Downloads\vpngate_99.243.38.229_tcp_1209.ovpn
2014-12-04 08:33 - 2014-12-04 08:33 - 00008651 _____ () C:\Users\yn\Downloads\vpngate_vpn637860132.opengw.net_tcp_1209.ovpn
2014-12-04 00:23 - 2014-12-04 00:24 - 00004193 _____ () C:\Users\yn\Downloads\launchGradeBook (7).jnlp
2014-12-03 23:38 - 2014-12-03 23:38 - 00042184 _____ (Anchorfree Inc.) C:\Windows\system32\Drivers\taphss6.sys
2014-12-02 16:21 - 2014-12-02 16:21 - 00000528 _____ () C:\Users\yn\Downloads\EventCalendarServlet.ics
2014-12-02 01:15 - 2014-12-02 01:15 - 00000000 ____D () C:\Users\yn\Downloads\MCPDigitalCertPDF
2014-12-02 01:14 - 2014-12-02 01:14 - 00682838 _____ () C:\Users\yn\Downloads\MCPDigitalCertPDF.zip
2014-12-02 00:04 - 2014-12-03 15:06 - 00000000 ____D () C:\Users\yn\Andy
2014-12-02 00:04 - 2014-12-02 00:05 - 00001122 _____ () C:\Users\yn\Andy.log
2014-12-02 00:03 - 2014-12-02 00:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2014-12-02 00:03 - 2014-12-02 00:03 - 00000000 ____D () C:\Program Files\Oracle
2014-12-02 00:03 - 2014-10-11 13:29 - 00917112 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2014-12-02 00:03 - 2014-10-11 13:27 - 00129168 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2014-12-01 14:58 - 2014-12-01 14:58 - 00018053 _____ () C:\Users\yn\Downloads\ES student contacts 2014-2015_24.11.14 (1).csv
2014-12-01 14:49 - 2014-12-01 15:03 - 00000000 ____D () C:\Users\yn\AppData\Roaming\E-Z Contact Book
2014-12-01 14:49 - 2014-12-01 14:49 - 00000000 ____D () C:\ProgramData\Isolated Storage
2014-12-01 14:48 - 2014-12-01 14:48 - 05874312 _____ (Dmitri Karshakevich ) C:\Users\yn\Downloads\EZContactBook_3_1_4_34_Setup.exe
2014-12-01 14:34 - 2014-12-01 16:25 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-12-01 14:30 - 2014-12-01 14:30 - 00000000 ____D () C:\Users\yn\AppData\Roaming\Lone Wolf Software
2014-12-01 14:29 - 2014-12-01 14:29 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-12-01 14:28 - 2014-12-01 14:29 - 13646880 _____ (Lone Wolf Software ) C:\Users\yn\Downloads\CWsetup.exe
2014-12-01 14:20 - 2014-12-01 14:20 - 00030518 _____ () C:\Users\yn\Downloads\ES student contacts 2014-2015_24.11.14 (1).xlsx
2014-12-01 14:18 - 2014-12-01 14:18 - 00000000 ____D () C:\Users\yn\AppData\Local\CrashRpt
2014-12-01 14:14 - 2014-12-01 14:14 - 00371024 _____ () C:\Users\yn\Downloads\SoftonicDownloader_for_open-contacts.exe
2014-12-01 11:05 - 2014-12-01 11:05 - 33616510 _____ () C:\Users\yn\Desktop\BARCODES_READY_TO_PRINT.rar
2014-12-01 11:05 - 2014-12-01 11:05 - 00000000 ____D () C:\Users\yn\Desktop\BARCODES_READY_TO_PRINT
2014-12-01 11:04 - 2014-12-01 11:05 - 33616510 _____ () C:\Users\yn\Downloads\BARCODES_READY_TO_PRINT.rar
2014-11-30 16:14 - 2014-11-30 16:14 - 00008619 _____ () C:\Users\yn\Downloads\vpngate_vpn265069759.opengw.net_tcp_1284.ovpn
2014-11-30 16:13 - 2014-11-30 16:13 - 01758056 _____ () C:\Users\yn\Downloads\openvpn-install-2.3.2-I006-x86_64.exe
2014-11-30 16:12 - 2014-11-30 16:12 - 00240536 _____ () C:\Users\yn\Downloads\tap-windows-9.9.2_3.exe
2014-11-30 16:10 - 2014-11-30 16:10 - 01811856 _____ () C:\Users\yn\Downloads\openvpn-install-2.3.5-I001-x86_64.exe
2014-11-30 16:03 - 2014-11-30 16:03 - 00000000 ____D () C:\Users\yn\AppData\Local\TNT2
2014-11-30 16:03 - 2014-11-30 16:03 - 00000000 ____D () C:\Program Files (x86)\TNT2
2014-11-28 12:29 - 2014-12-05 08:04 - 00000000 ____D () C:\Users\yn\AppData\Roaming\VoipConnect
2014-11-27 23:23 - 2014-11-27 23:28 - 00000000 ____D () C:\ProgramData\TEMP
2014-11-27 23:23 - 2014-11-27 23:28 - 00000000 ____D () C:\ProgramData\SpeedBit
2014-11-27 23:23 - 2014-11-27 23:23 - 00000000 ____D () C:\Users\yn\AppData\Roaming\SpeedBit
2014-11-27 00:48 - 2014-11-27 00:50 - 131416434 _____ () C:\Users\yn\Downloads\conxt-import-template (2).csv
2014-11-27 00:45 - 2014-11-27 00:45 - 00060480 _____ () C:\Users\yn\Downloads\google.csv
2014-11-27 00:38 - 2014-11-27 00:40 - 00008391 _____ () C:\Users\yn\Downloads\conxt-import-template (1).csv
2014-11-27 00:34 - 2014-11-27 00:37 - 00005783 _____ () C:\Users\yn\Downloads\conxt-import-template.csv
2014-11-26 23:48 - 2014-11-26 23:48 - 00953648 _____ (SysTools Software ) C:\Users\yn\Downloads\setup-excel-to-vcard.exe
2014-11-26 16:29 - 2014-11-26 16:29 - 00018053 _____ () C:\Users\yn\Downloads\ES student contacts 2014-2015_24.11.14.csv
2014-11-26 16:27 - 2014-11-26 16:27 - 00030518 _____ () C:\Users\yn\Downloads\ES student contacts 2014-2015_24.11.14.xlsx
2014-11-26 15:01 - 2014-11-26 15:01 - 00001796 _____ () C:\Users\yn\Downloads\092eb148-27a7-4b57-81a4-56fd4628757b.csv
2014-11-25 10:54 - 2014-11-25 10:54 - 00000000 _____ () C:\Users\yn\Desktop\New Bitmap Image.bmp
2014-11-24 15:23 - 2014-11-24 15:23 - 00004193 _____ () C:\Users\yn\Downloads\launchGradeBook (6).jnlp
2014-11-24 14:19 - 2014-11-24 14:19 - 00004193 _____ () C:\Users\yn\Downloads\launchGradeBook (5).jnlp
2014-11-24 12:12 - 2014-11-24 12:12 - 00000000 _____ () C:\Users\yn\Desktop\New Text Document (2).txt
2014-11-24 11:57 - 2014-11-24 11:57 - 00015299 _____ () C:\Users\yn\Downloads\ASK Purchase wishlist IT Equipments.xlsx
2014-11-24 07:49 - 2014-11-24 07:49 - 00000000 ____D () C:\Users\yn\AppData\Local\VS Revo Group
2014-11-24 07:49 - 2014-11-24 07:49 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-11-24 07:49 - 2014-11-24 07:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-11-24 07:49 - 2014-11-24 07:49 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-11-24 07:49 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-11-24 07:48 - 2014-11-24 07:48 - 10691640 _____ (VS Revo Group ) C:\Users\yn\Downloads\RevoUninProSetup.exe
2014-11-23 23:45 - 2014-12-07 20:57 - 00000000 ____D () C:\ProgramData\Apple
2014-11-23 23:45 - 2014-12-03 16:08 - 00000000 ____D () C:\Users\yn\.VirtualBox
2014-11-23 23:45 - 2014-12-02 00:04 - 00000000 ____D () C:\Users\yn\VirtualBox VMs
2014-11-23 23:45 - 2014-11-23 23:45 - 00000000 ____D () C:\Users\yn\AppData\Roaming\Andy
2014-11-23 23:45 - 2014-11-23 23:45 - 00000000 ____D () C:\Program Files\Bonjour
2014-11-23 23:45 - 2014-11-23 23:45 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-11-23 23:33 - 2014-12-02 00:09 - 00000000 ____D () C:\Program Files\Andy
2014-11-23 23:32 - 2014-11-23 23:32 - 00541760 _____ (andyroid.net) C:\Users\yn\Downloads\Andy_v41_12.exe
2014-11-21 23:48 - 2014-11-21 23:48 - 00004193 _____ () C:\Users\yn\Downloads\launchGradeBook (4).jnlp
2014-11-21 15:31 - 2014-11-21 15:31 - 00004193 _____ () C:\Users\yn\Downloads\launchGradeBook (3).jnlp
2014-11-21 13:59 - 2014-11-06 15:35 - 00016376 _____ (TeamViewer GmbH) C:\Windows\system32\Drivers\TVMonitor.sys
2014-11-21 13:58 - 2014-11-06 15:35 - 00035112 _____ (TeamViewer GmbH) C:\Windows\system32\Drivers\teamviewervpn.sys
2014-11-20 13:56 - 2014-11-20 13:56 - 00249180 _____ () C:\Users\yn\Downloads\95065d_c589bf4081daa698690e831a37f13c8f.jpg_srz_1400_425_85_22_0.50_1.20_0.00_jpg_srz
2014-11-20 07:52 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-20 07:52 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-20 07:52 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-20 07:52 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 11:16 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-11-19 11:16 - 2014-05-08 10:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-11-19 11:15 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-11-19 11:15 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-11-19 09:44 - 2014-11-19 09:44 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2014-11-19 01:10 - 2014-11-19 01:15 - 370763706 _____ () C:\Users\yn\Downloads\adt-bundle-windows-x86_64-20140702.zip
2014-11-19 01:09 - 2014-11-19 01:09 - 08682859 _____ () C:\Users\yn\Downloads\latest_usb_driver_windows.zip
2014-11-19 00:48 - 2014-11-19 00:48 - 00001332 _____ () C:\Users\yn\Desktop\Nexus Root Toolkit.lnk
2014-11-19 00:48 - 2014-11-19 00:48 - 00000000 ____D () C:\Users\yn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WugFresh Development
2014-11-19 00:48 - 2014-11-19 00:48 - 00000000 ____D () C:\Program Files (x86)\WugFresh Development
2014-11-19 00:47 - 2014-11-19 00:48 - 34502202 _____ () C:\Users\yn\Downloads\NRT_v1.9.8.sfx.exe
2014-11-19 00:02 - 2014-11-19 00:02 - 01242430 _____ () C:\Users\yn\Downloads\2014-03-21 15.53.54.3gp
2014-11-18 23:07 - 2014-11-18 23:07 - 00004193 _____ () C:\Users\yn\Downloads\launchGradeBook (2).jnlp
2014-11-18 15:51 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-11-18 15:51 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-11-18 15:51 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-11-18 15:51 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-11-18 15:51 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-11-18 15:51 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-11-18 15:51 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-11-18 15:51 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-11-18 15:51 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-11-18 15:51 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-11-18 15:51 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-11-18 15:51 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-11-18 15:51 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-11-18 15:51 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-11-18 15:51 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-11-18 15:51 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-11-18 15:51 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-11-18 15:51 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-11-18 15:50 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-11-18 15:50 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-11-18 15:45 - 2014-11-18 15:45 - 00001303 _____ () C:\Users\Public\Desktop\Ashampoo Burning Studio FREE.lnk
2014-11-18 15:45 - 2014-11-18 15:45 - 00000000 ____D () C:\Users\yn\AppData\Roaming\Ashampoo
2014-11-18 15:45 - 2014-11-18 15:45 - 00000000 ____D () C:\Users\yn\AppData\Local\ashampoo
2014-11-18 15:45 - 2014-11-18 15:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2014-11-18 15:45 - 2014-11-18 15:45 - 00000000 ____D () C:\ProgramData\Ashampoo
2014-11-18 15:45 - 2014-11-18 15:45 - 00000000 ____D () C:\Program Files (x86)\Ashampoo
2014-11-18 15:43 - 2014-11-18 15:44 - 33551464 _____ (Ashampoo GmbH & Co. KG ) C:\Users\yn\Downloads\ashampoo_burning_studio_free_1.14.5_sm.exe
2014-11-18 14:52 - 2014-11-18 14:52 - 00000033 _____ () C:\Users\yn\Desktop\New Text Document.txt
2014-11-18 14:37 - 2014-11-18 14:45 - 445644800 _____ () C:\Users\yn\Downloads\ophcrack-xp-livecd-3.6.0.iso

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-18 07:33 - 2014-11-13 12:11 - 00000544 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-819715191-4067070856-1964836272-1000.job
2014-12-18 07:33 - 2014-11-08 20:44 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-18 07:33 - 2014-10-19 23:05 - 00000000 ____D () C:\Users\yn\AppData\Roaming\Skype
2014-12-18 07:33 - 2009-07-14 05:45 - 00021696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-18 07:33 - 2009-07-14 05:45 - 00021696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-17 16:28 - 2014-10-20 12:56 - 00000000 ____D () C:\Users\yn\AppData\Local\Adobe
2014-12-17 16:27 - 2014-11-08 20:44 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-17 16:27 - 2014-11-08 20:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-17 16:27 - 2014-11-08 20:44 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-17 16:24 - 2014-11-13 15:15 - 00000794 _____ () C:\Users\yn\.powerschool_gradebook.properties
2014-12-17 16:24 - 2014-10-16 09:19 - 00000000 ____D () C:\Users\yn
2014-12-17 15:43 - 2014-10-19 23:05 - 00000000 ____D () C:\Users\yn\AppData\Roaming\TeamViewer
2014-12-17 14:52 - 2014-10-22 15:04 - 00000000 ____D () C:\Users\yn\Desktop\ASK Projects 2014
2014-12-17 14:30 - 2014-10-19 22:39 - 00000000 ____D () C:\Users\yn\Documents\Outlook Files
2014-12-17 14:23 - 2014-11-10 23:44 - 00000000 ____D () C:\Users\yn\AppData\Roaming\Mozilla
2014-12-17 14:23 - 2014-10-20 07:12 - 00000000 ____D () C:\Users\yn\AppData\Local\Google
2014-12-17 14:23 - 2014-10-20 07:12 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-17 14:02 - 2014-11-17 22:27 - 00000000 ____D () C:\Users\yn\AppData\Roaming\ViberPC
2014-12-17 14:02 - 2014-11-17 22:20 - 00000000 ____D () C:\Users\yn\AppData\Local\Viber
2014-12-17 14:01 - 2014-10-16 11:07 - 00000000 ____D () C:\ProgramData\HPQLOG
2014-12-17 14:01 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-17 09:17 - 2014-11-05 13:36 - 00000473 _____ () C:\Users\yn\Desktop\Music.txt
2014-12-16 15:21 - 2009-07-14 06:13 - 00786098 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-16 13:36 - 2014-10-20 07:34 - 00000000 ____D () C:\QUARANTINE
2014-12-13 23:44 - 2009-07-14 03:34 - 00000841 _____ () C:\Windows\system32\Drivers\etc\hosts.old
2014-12-12 16:11 - 2014-10-19 23:05 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-12-10 10:59 - 2014-10-20 07:44 - 00000000 ____D () C:\ProgramData\VMware
2014-12-10 10:55 - 2014-10-20 07:46 - 00000000 ____D () C:\Users\yn\AppData\Roaming\VMware
2014-12-10 08:18 - 2014-11-13 11:18 - 00000000 ____D () C:\Users\yn\Desktop\Barcode
2014-12-10 08:13 - 2014-10-16 09:20 - 00001413 _____ () C:\Users\yn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-09 13:19 - 2014-11-03 22:08 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-12-09 13:19 - 2014-10-16 19:13 - 00000000 ____D () C:\Windows\Panther
2014-12-09 09:18 - 2014-10-16 09:19 - 00000000 ____D () C:\Users\yn\AppData\Local\VirtualStore
2014-12-07 12:34 - 2014-11-12 23:46 - 00000000 ____D () C:\Users\yn\Desktop\muzika
2014-12-06 14:51 - 2014-11-12 10:59 - 00000000 ____D () C:\Users\yn\Desktop\ASK Punet dhe projektet
2014-12-05 08:42 - 2014-11-13 13:43 - 00000000 ____D () C:\Users\yn\Desktop\Shablloni per Barkode
2014-12-05 07:46 - 2014-11-17 21:02 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2014-12-05 07:46 - 2014-11-17 21:02 - 00000959 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2014-12-03 23:31 - 2014-10-19 23:05 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-03 23:31 - 2014-10-19 23:05 - 00000000 ____D () C:\ProgramData\Skype
2014-12-02 01:15 - 2014-11-07 08:42 - 00000000 ____D () C:\Users\yn\Desktop\Personal Docs
2014-12-01 14:34 - 2014-11-13 12:11 - 00000000 ____D () C:\Users\yn\AppData\Local\Citrix
2014-12-01 14:23 - 2014-10-18 15:47 - 00000000 ____D () C:\Users\yn\AppData\Local\Microsoft Help
2014-11-30 16:10 - 2014-11-03 22:30 - 00000000 ____D () C:\Program Files (x86)\OpenVPN Technologies
2014-11-25 08:51 - 2014-11-13 12:11 - 00003554 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-819715191-4067070856-1964836272-1000
2014-11-22 13:40 - 2014-10-20 13:02 - 00000000 ____D () C:\Users\yn\Desktop\Antivir Price List
2014-11-21 15:28 - 2014-10-24 12:53 - 00002236 ____H () C:\Users\yn\Documents\Default.rdp
2014-11-21 10:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-19 21:45 - 2014-11-03 14:40 - 00000000 ____D () C:\Users\yn\Desktop\Claster projects
2014-11-19 09:05 - 2014-11-04 14:21 - 00000000 ____D () C:\Users\yn\.android
2014-11-18 22:44 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-18 16:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-11-18 07:34 - 2009-07-14 05:45 - 00411040 _____ () C:\Windows\system32\FNTCACHE.DAT

Some content of TEMP:
====================
C:\Users\yn\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-15 08:15

==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites

There is illegal software running on your system, that action is a direct breach of forum protocol..

 

Task: {DCCDD864-4469-468A-949D-12CFAE71D258} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-10-18] ()

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

I cannot offer any further help, maybe you should contact a system moderator for further help/advice..

 

Thank you,

 

Kevin...

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.