mpet Posted March 2, 2016 ID:1022843 Share Posted March 2, 2016 I too am struggling with DNS Unlocker. I've bought both HitManPro and MalwareBytes but neither of them can remove it! Please help.. Link to post Share on other sites More sharing options...
kevinf80 Posted March 2, 2016 ID:1022845 Share Posted March 2, 2016 Hello and welcome to Malwarebytes,Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...Please open Malwarebytes Anti-Malware. On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits". <---- Very Important Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button. A Threat Scan will begin. With some infections, you may or may not see this message box. 'Could not load DDA driver' Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions. When the scan is complete, click Apply Actions. Wait for the prompt to restart the computer to appear, then click on Yes. After the restart once you are back at your desktop, open MBAM once more.To get the log from Malwarebytes do the following: Click on the History tab > Application Logs. Double click on the scan log which shows the Date and time of the scan just performed. Click Export > From export you have three options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…If Malwarebytes is not installed follow these instructions first:Download Malwarebytes Anti-Malware to your desktop.Double-click mbam-setup and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following: Launch Malwarebytes Anti-Malware A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program. Click Finish. Follow the instructions above....Next,Download AdwCleaner by Xplode onto your Desktop. Double click on Adwcleaner.exe to run the tool. Click on the Scan in the Actions box Please wait fot the scan to finish.. When "Waiting for action.Please uncheck elements you want to keep" shows in top line.. Click on the Cleaning box. Next click OK on the "Closing Programs" pop up box. Click OK on the Information box & again OK to allow the necessary reboot After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...Next,Download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach those logs to your reply.Let me see those logs in your next reply...Thank you,Kevin... Link to post Share on other sites More sharing options...
mpet Posted March 2, 2016 Author ID:1022854 Share Posted March 2, 2016 Hi Kevin, MalwareBytes log : Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 3/2/2016Scan Time: 21:33Logfile: mbam.txtAdministrator: Yes Version: 2.2.0.1024Malware Database: v2016.03.02.05Rootkit Database: v2016.02.27.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows Server 2008 R2 Service Pack 1CPU: x64File System: NTFSUser: Administrator Scan Type: Threat ScanResult: CompletedObjects Scanned: 507363Time Elapsed: 9 min, 58 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 4PUP.Optional.PastaLeads, F:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage, Quarantined, [e91497eb6e2b8ea81cf3c46bca3a7a86], PUP.Optional.PastaLeads, F:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage-journal, Quarantined, [0bf2e69c6237dc5a48c75cd347bdc63a], PUP.Optional.CrossRider, F:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage, Quarantined, [609df68c9cfdeb4b5e41beb08a7a36ca], PUP.Optional.CrossRider, F:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal, Quarantined, [b74660225346c5711788541a27ddb54b], Physical Sectors: 0(No malicious items detected) (end) AdwCleaner found no errors. Farbar Recovery Scan Tool : Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-03-2016Ran by Administrator (administrator) on DB-SERVER (02-03-2016 22:07:39)Running from F:\Users\Administrator\DownloadsLoaded Profiles: Administrator (Available Profiles: Administrator)Platform: Windows Server 2008 R2 Standard Service Pack 1 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Apple Inc.) F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) F:\Program Files\Bonjour\mDNSResponder.exe(HP) F:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe(HP) F:\Windows\System32\HPSIsvc.exe(Malwarebytes) F:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes) F:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Microsoft Corporation) F:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe(Károly Pados) F:\Program Files (x86)\TinyWall\TinyWall.exe(VMware, Inc.) F:\Windows\SysWOW64\vmnetdhcp.exe() F:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe(Malwarebytes) F:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Károly Pados) F:\Program Files (x86)\TinyWall\TinyWall.exe(VMware, Inc.) F:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe(Oracle Corporation) F:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Google Inc.) F:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe(Google Inc.) F:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [TinyWall Controller] => F:\Program Files (x86)\TinyWall\TinyWall.exe [649176 2013-07-14] (Károly Pados)HKLM-x32\...\Run: [vmware-tray.exe] => F:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104128 2015-08-14] (VMware, Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] => F:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)HKLM\...\Policies\Explorer: [showSuperHidden] 1HKU\S-1-5-21-657193895-424549869-3288613235-500\...\Run: [icq] => F:\Users\Administrator\AppData\Roaming\ICQM\icq.exe [27578728 2013-04-02] (ICQ)HKU\S-1-5-21-657193895-424549869-3288613235-500\...\Run: [NoIPDUCv4] => F:\Program Files (x86)\No-IP\DUC40.exe [346624 2014-05-02] ()HKU\S-1-5-21-657193895-424549869-3288613235-500\...\MountPoints2: {19c5c33c-7cc6-11e4-93b4-0022750dbdd1} - E:\autorun.exeHKU\S-1-5-21-657193895-424549869-3288613235-500\...\MountPoints2: {74d95769-0fb2-11e2-94f0-00a0c6000000} - H:\Windows/Autorun.exeHKU\S-1-5-21-657193895-424549869-3288613235-500\...\MountPoints2: {8ab74db7-2244-11e0-ab19-005056c00008} - "D:\WD SmartWare.exe" autoplay=trueLsa: [Notification Packages] scecli rassfmBootExecute: autocheck autochk * bootdeleteCHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 8.8.8.8Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4Tcpip\..\Interfaces\{3FC4CDEA-2AF0-4E2F-A32F-6D3E6D0F6ED7}: [NameServer] 8.8.8.8,8.8.4.4Tcpip\..\Interfaces\{3FC4CDEA-2AF0-4E2F-A32F-6D3E6D0F6ED7}: [DhcpNameServer] 8.8.8.8Tcpip\..\Interfaces\{B0EAE638-116C-4D52-AACF-A162F386B522}: [NameServer] 8.8.8.8,8.8.4.4Tcpip\..\Interfaces\{B0EAE638-116C-4D52-AACF-A162F386B522}: [DhcpNameServer] 8.8.8.8Tcpip\..\Interfaces\{E12E01AC-AABC-4F61-826C-7D6F704E46C1}: [NameServer] 8.8.8.8 Internet Explorer:==================HKU\S-1-5-21-657193895-424549869-3288613235-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankBHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> F:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2013-11-07] (LastPass)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> F:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> F:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-24] (Oracle Corporation)BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> F:\Program Files (x86)\LastPass\LPToolbar.dll [2013-11-07] (LastPass)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> F:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> F:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-24] (Oracle Corporation)Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - F:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2013-11-07] (LastPass)Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - F:\Program Files (x86)\LastPass\LPToolbar.dll [2013-11-07] (LastPass)DPF: HKLM-x32 {33704B0F-9EB7-434B-B752-EA6CFFB87423} hxxp://192.168.1.105/JpegInst.cab FireFox:========FF ProfilePath: F:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nnm3vghc.defaultFF Plugin: @adobe.com/FlashPlayer -> F:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll [2014-05-19] ()FF Plugin: @java.com/DTPlugin,version=10.21.2 -> F:\Windows\system32\npDeployJava1.dll [2013-05-12] (Oracle Corporation)FF Plugin: @lastpass.com/NPLastPass -> F:\Program Files (x86)\LastPass\nplastpass64.dll [2013-11-07] (LastPass)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> F:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin: adobe.com/AdobeAAMDetect -> F:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]FF Plugin-x32: @adobe.com/FlashPlayer -> F:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll [2014-05-19] ()FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> F:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-24] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> F:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-24] (Oracle Corporation)FF Plugin-x32: @lastpass.com/NPLastPass -> F:\Program Files (x86)\LastPass\nplastpass.dll [2013-11-07] (LastPass)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> F:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> F:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> F:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> F:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-02] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> F:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-02] (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> F:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-11-11] (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> F:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-11-11] (VideoLAN)FF Plugin-x32: @vmware.com/vmrc,version=2.5.0.00000 -> F:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll [No File]FF Plugin-x32: Adobe Reader -> F:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-657193895-424549869-3288613235-500: bitcointrezor.com/BitcoinTrezorPlugin -> F:\Users\Administrator\AppData\Roaming\bitcointrezorcom\Bitcoin Trezor Plugin\1.0.5\npBitcoinTrezorPlugin.dll [2014-03-07] (bitcointrezor.com)FF SearchPlugin: F:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nnm3vghc.default\searchplugins\icq.xml [2013-04-02]FF Extension: LastPass - F:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nnm3vghc.default\extensions\support@lastpass.com [2016-01-06]FF Extension: YouTube Video and Audio Downloader - F:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nnm3vghc.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2016-01-06]FF Extension: Download YouTube Videos as MP4 - F:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nnm3vghc.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2016-01-11]FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - F:\Program Files\AVAST Software\Avast Business\WebRep\FF => not found Chrome: =======CHR DefaultSearchKeyword: Default -> lpCHR Profile: F:\Users\Administrator\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (LastPass: Free Password Manager) - F:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-02-27]CHR Extension: (TREZOR Chrome Extension) - F:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcjjhjgimijdkoamemaghajlhegmoclj [2016-03-02]CHR Extension: (Chrome Web Store Payments) - F:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-16]StartMenuInternet: Google Chrome.bojan - F:\Users\bojan\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)S3 FCRegSvc; F:\Windows\system32\FCRegSvc.dll [25600 2009-07-14] (Microsoft Corporation)R2 HPM1210RcvFaxSrvc; F:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [362296 2010-05-11] (HP)R2 MBAMScheduler; F:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)R2 MBAMService; F:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)S3 rpcapd; F:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)S3 rqs; F:\Windows\system32\rqs.exe [41472 2010-11-20] (Microsoft Corporation)S3 RSoPProv; F:\Windows\system32\RSoPProv.exe [91648 2009-07-14] (Microsoft Corporation)S3 sacsvr; F:\Windows\system32\sacsvr.dll [14848 2009-07-14] (Microsoft Corporation)R2 TinyWall; F:\Program Files (x86)\TinyWall\TinyWall.exe [649176 2013-07-14] (Károly Pados) [File not signed]R2 VMwareHostd; F:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12465344 2015-08-14] ()R2 WinDefend; F:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)S2 WLMS; F:\Windows\system32\wlms\wlms.exe [19456 2009-07-14] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 appliand; F:\Windows\System32\DRIVERS\appliand.sys [33888 2010-06-24] (Applian Technologies Inc.)S3 appliandMP; F:\Windows\System32\DRIVERS\appliand.sys [33888 2010-06-24] (Applian Technologies Inc.)S3 ebdrv; F:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)S3 FETNDIS; F:\Windows\System32\DRIVERS\fet6x64.sys [47872 2009-06-10] (VIA Technologies, Inc. )S3 GemCCID; F:\Windows\System32\Drivers\GemCCID.sys [119680 2009-08-10] (Gemalto) [File not signed]S3 ioatdma; F:\Windows\System32\Drivers\qd260x64.sys [35328 2009-06-10] (Intel Corporation)S3 ManyCam; F:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)R3 MBAMProtector; F:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)R3 MBAMSwissArmy; F:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-02] (Malwarebytes)R3 MBAMWebAccessControl; F:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)S3 mcaudrv_simple; F:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)R2 NPF; F:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)R0 pwdrvio; F:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()S3 pwdspio; F:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()S3 RemoteControl-USBLAN; F:\Windows\System32\DRIVERS\rcblan.sys [46616 2007-01-24] (Belcarra Technologies)S0 sacdrv; F:\Windows\System32\DRIVERS\sacdrv.sys [96320 2009-07-14] (Microsoft Corporation)R3 USBIPEnum; F:\Windows\System32\DRIVERS\USBIPEnum.sys [52296 2011-02-22] (Windows ® Win 7 DDK provider)R0 vsock; F:\Windows\System32\drivers\vsock.sys [75512 2015-08-04] (VMware, Inc.)R2 vstor2-mntapi20-shared; F:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)S3 WDC_SAM; F:\Windows\System32\DRIVERS\wdcsam64.sys [14464 2009-02-13] (Western Digital Technologies) [File not signed]R3 WsAudioDevice_383S(1); F:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2013-01-08] (Wondershare)S3 AWEAlloc; system32\DRIVERS\awealloc.sys [X]S3 clwvd; system32\DRIVERS\clwvd.sys [X]S3 DIRECTIO; \??\F:\Program Files\PerformanceTest\DirectIo64.sys [X]S3 massfilter; system32\drivers\massfilter.sys [X]S3 SANDRA; \??\F:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011b\WNt500x64\Sandra.sys [X]S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]S3 ZTEusbnet; system32\DRIVERS\ZTEusbnet.sys [X]S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) NETSVC: sacsvr -> F:\Windows\system32\sacsvr.dll (Microsoft Corporation) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-03-02 22:07 - 2016-03-02 22:07 - 00014786 _____ F:\Users\Administrator\Downloads\FRST.txt2016-03-02 21:51 - 2016-03-02 21:51 - 01518592 _____ F:\Users\Administrator\Downloads\AdwCleaner.exe2016-03-02 21:50 - 2016-03-02 21:50 - 00001875 _____ F:\Users\Administrator\Desktop\mbam.txt2016-03-02 21:27 - 2016-03-02 21:27 - 00000000 _____ F:\Users\Administrator\AppData\Local\Temp\isFB8D.tmp2016-03-02 21:09 - 2016-03-02 22:07 - 00000000 ____D F:\FRST2016-03-02 21:09 - 2016-03-02 21:09 - 02371584 _____ (Farbar) F:\Users\Administrator\Downloads\FRST64.exe2016-03-02 21:06 - 2016-03-02 21:06 - 00012872 _____ (SurfRight B.V.) F:\Windows\system32\bootdelete.exe2016-03-02 21:06 - 2016-03-02 21:06 - 00000182 _____ F:\Windows\system32\bootdelete.lst2016-03-02 21:04 - 2016-03-02 22:07 - 00000000 ____D F:\Users\Administrator\AppData\Local\Temp\12016-03-02 21:02 - 2016-03-02 21:02 - 00002660 _____ F:\Windows\system32\.crusader2016-03-02 20:54 - 2016-03-02 20:54 - 00001899 _____ F:\Users\Public\Desktop\HitmanPro.lnk2016-03-02 20:54 - 2016-03-02 20:54 - 00000000 ____D F:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro2016-03-02 20:54 - 2016-03-02 20:54 - 00000000 ____D F:\Program Files\HitmanPro2016-03-02 20:33 - 2016-03-02 21:51 - 00000000 ____D F:\AdwCleaner2016-03-02 20:31 - 2016-03-02 20:31 - 00003844 _____ F:\Users\Administrator\Desktop\JRT.txt2016-03-02 18:09 - 2016-03-02 18:09 - 00000000 _____ F:\Users\Administrator\AppData\Local\Temp\DMI8309.tmp2016-02-28 10:11 - 2016-02-28 10:11 - 00000825 _____ F:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk2016-02-28 10:11 - 2016-02-28 10:11 - 00000777 _____ F:\Users\Administrator\Desktop\Start Tor Browser.lnk2016-02-24 21:26 - 2016-02-24 21:26 - 00000000 _____ F:\Users\Administrator\AppData\Local\Temp\DMIF5A0.tmp2016-02-24 17:22 - 2016-02-24 17:22 - 00000024 _____ F:\Users\Administrator\AppData\Local\Temp\RD7008.tmp2016-02-24 17:22 - 2016-02-24 17:22 - 00000024 _____ F:\Users\Administrator\AppData\Local\Temp\RD46C7.tmp2016-02-24 17:22 - 2016-02-24 17:22 - 00000000 ____D F:\Users\Administrator\AppData\Roaming\Sun2016-02-24 17:22 - 2016-02-24 17:22 - 00000000 ____D F:\Users\Administrator\.oracle_jre_usage2016-02-24 17:22 - 2013-05-12 21:50 - 00108448 _____ (Oracle Corporation) F:\Windows\SysWOW64\WindowsAccessBridge-64.dll2016-02-24 17:15 - 2016-02-24 17:15 - 00000000 ____D F:\Users\Administrator\AppData\LocalLow\Oracle2016-02-22 15:53 - 2016-02-22 15:53 - 00004224 _____ F:\Windows\System32\Tasks\AMD Updater2016-02-22 15:45 - 2016-02-22 15:45 - 00000421 _____ F:\Users\Administrator\Desktop\proxy2.txt2016-02-20 23:12 - 2016-02-20 23:12 - 00000000 ____D F:\Users\Administrator\AppData\Roaming\Actual Tools2016-02-20 23:12 - 2016-02-20 23:12 - 00000000 ____D F:\ProgramData\Actual Tools2016-02-16 21:49 - 2016-03-02 18:04 - 00000000 ____D F:\Users\Administrator\Desktop\MoneroNEW2016-02-16 21:49 - 2016-02-29 09:14 - 00000000 ____D F:\ProgramData\bitmonero2016-02-16 21:21 - 2016-02-29 21:14 - 00000000 ____D F:\Users\Administrator\Desktop\UPLOAD2016-02-16 19:51 - 2016-02-28 14:06 - 00000000 ____D F:\VIRT2016-02-16 19:21 - 2016-02-16 19:21 - 00001328 _____ F:\Windows\PWCMDLST.BAK2016-02-16 19:12 - 2016-02-16 19:12 - 00016384 _____ F:\Users\Administrator\AppData\Local\Temp\~DF3BD17CE9447ACA5B.TMP2016-02-16 19:12 - 2016-02-16 19:12 - 00000000 ____D F:\Users\Administrator\AppData\Local\Temp\WPDNSE2016-02-16 19:10 - 2015-08-05 15:52 - 03067392 _____ F:\Windows\system32\pwNative.exe2016-02-16 19:09 - 2016-03-02 20:45 - 00000000 ____D F:\Program Files (x86)\MiniTool Partition Wizard Server Edition 9.12016-02-16 19:09 - 2013-09-30 15:26 - 00019152 ____N F:\Windows\system32\pwdrvio.sys2016-02-16 19:09 - 2013-09-30 15:26 - 00012504 ____N F:\Windows\system32\pwdspio.sys2016-02-16 13:15 - 2016-02-16 13:15 - 00000000 ____D F:\Users\Administrator\Downloads\rufus_files2016-02-16 13:15 - 2016-02-16 13:15 - 00000000 _____ F:\Users\Administrator\AppData\Local\Temp\Ruf3D4F.tmp2016-02-16 13:02 - 2016-02-16 13:02 - 00028908 _____ F:\Users\Administrator\Documents\confirmation.aspx2016-02-16 12:58 - 2016-02-16 12:58 - 00016384 _____ F:\Users\Administrator\AppData\Local\Temp\tmp7455.tmp2016-02-16 12:58 - 2016-02-16 12:58 - 00016384 _____ F:\Users\Administrator\AppData\Local\Temp\tmp5791.tmp2016-02-16 12:54 - 2016-02-16 12:54 - 00016384 _____ F:\Users\Administrator\AppData\Local\Temp\tmpF768.tmp2016-02-16 12:54 - 2016-02-16 12:54 - 00016384 _____ F:\Users\Administrator\AppData\Local\Temp\tmp259A.tmp2016-02-16 12:33 - 2016-02-16 12:33 - 00000000 ____D F:\Program Files (x86)\EaseUS2016-02-16 12:17 - 2016-02-16 12:17 - 00016384 _____ F:\Users\Administrator\AppData\Local\Temp\~DF9AEBFF2C7BF427B6.TMP2016-02-16 00:52 - 2016-02-16 13:05 - 00000000 ____D F:\Users\Administrator\Desktop\wxDownload Fast Portable2016-02-15 22:34 - 2016-02-15 22:34 - 00289149 __RSH F:\DXSQL2016-02-09 08:37 - 2016-02-12 18:48 - 00005165 _____ F:\Users\Administrator\Desktop\cxcxcx.txt2016-02-08 20:26 - 2016-02-08 20:26 - 00000000 _____ F:\Users\Administrator\AppData\Local\Temp\DMID235.tmp2016-02-06 00:44 - 2016-02-12 18:48 - 00000604 _____ F:\Users\Administrator\Desktop\serv.txt2016-02-03 11:22 - 2016-02-03 11:22 - 00001092 _____ F:\Users\Public\Desktop\CPU Thermometer.lnk2016-02-03 11:22 - 2016-02-03 11:22 - 00000000 ____D F:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPU Thermometer2016-02-03 11:22 - 2016-02-03 11:22 - 00000000 ____D F:\Program Files (x86)\CPU Thermometer2016-02-03 10:37 - 2016-02-03 10:37 - 00000000 _____ F:\Users\Administrator\AppData\Local\Temp\DMIE3A0.tmp2016-02-03 10:22 - 2016-02-03 10:22 - 00000000 _____ F:\Users\Administrator\AppData\Local\Temp\DMIDCB.tmp2016-02-03 10:18 - 2016-02-03 10:18 - 00000000 _____ F:\Users\Administrator\AppData\Local\Temp\DMI6186.tmp2016-02-03 10:02 - 2016-02-03 10:02 - 00000000 _____ F:\Users\Administrator\AppData\Local\Temp\DMI980F.tmp2016-02-03 09:53 - 2016-02-03 09:53 - 00000000 _____ F:\Users\Administrator\AppData\Local\Temp\DMI8940.tmp2016-02-01 10:56 - 2016-02-01 10:56 - 00000000 _____ F:\Users\Administrator\AppData\Local\Temp\DMI4F57.tmp ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-03-02 22:06 - 2011-01-16 00:27 - 00000000 ____D F:\Users\Administrator\AppData\Roaming\VMware2016-03-02 22:04 - 2011-10-10 13:29 - 00000908 _____ F:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-657193895-424549869-3288613235-1033UA.job2016-03-02 22:00 - 2011-01-16 02:23 - 00000000 ____D F:\Users\Administrator2016-03-02 21:41 - 2012-10-18 10:47 - 00000898 _____ F:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2016-03-02 21:30 - 2013-04-05 17:15 - 00000000 ____D F:\Program Files (x86)\Belkin2016-03-02 21:30 - 2011-01-16 08:30 - 00000000 ___HD F:\Program Files (x86)\InstallShield Installation Information2016-03-02 21:29 - 2014-01-11 23:05 - 00000000 ____D F:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v32016-03-02 21:29 - 2013-07-12 14:58 - 00000000 ____D F:\Windows\SHELLNEW2016-03-02 21:28 - 2013-04-25 18:27 - 00000000 ____D F:\Program Files (x86)\Mozilla Maintenance Service2016-03-02 21:12 - 2009-07-14 06:10 - 00855020 _____ F:\Windows\system32\PerfStringBackup.INI2016-03-02 21:12 - 2009-07-14 04:20 - 00000000 ____D F:\Windows\inf2016-03-02 21:11 - 2013-05-01 13:24 - 00000830 _____ F:\Windows\Tasks\Adobe Flash Player Updater.job2016-03-02 21:09 - 2009-07-14 05:49 - 00023008 ____H F:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02016-03-02 21:09 - 2009-07-14 05:49 - 00023008 ____H F:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02016-03-02 21:06 - 2015-09-11 13:50 - 00000000 ____D F:\Users\Administrator\Desktop\PPI2016-03-02 21:04 - 2015-04-20 08:53 - 00192216 _____ (Malwarebytes) F:\Windows\system32\Drivers\MBAMSwissArmy.sys2016-03-02 21:04 - 2013-07-12 15:04 - 00000280 _____ F:\Windows\Tasks\AutoKMS.job2016-03-02 21:04 - 2012-10-18 10:47 - 00000894 _____ F:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2016-03-02 21:04 - 2011-01-15 22:33 - 00000000 ____D F:\ProgramData\VMware2016-03-02 21:04 - 2009-07-14 06:06 - 00000006 ____H F:\Windows\Tasks\SA.DAT2016-03-02 21:02 - 2014-03-05 01:01 - 00000000 ____D F:\Users\Administrator\Desktop\clintar2016-03-02 20:58 - 2014-10-06 15:55 - 00000000 ____D F:\Users\Administrator\Desktop\New folder (3)2016-03-02 20:58 - 2013-12-25 12:52 - 00000000 ____D F:\Users\Administrator\Desktop\New folder (2)2016-03-02 20:50 - 2014-08-21 20:32 - 00000258 __RSH F:\ProgramData\ntuser.pol2016-03-02 20:47 - 2011-01-16 08:59 - 00000000 ____D F:\Program Files (x86)\NeoSmart Technologies2016-03-02 20:46 - 2011-01-22 10:54 - 00000000 ____D F:\temp2016-03-02 20:45 - 2011-01-16 18:32 - 00000000 ____D F:\Program Files\Adobe2016-03-02 19:43 - 2013-04-07 15:08 - 00002193 _____ F:\Users\Public\Desktop\Google Chrome.lnk2016-03-02 19:43 - 2012-10-18 10:47 - 00002222 _____ F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk2016-03-02 18:36 - 2012-10-18 10:47 - 00003894 _____ F:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2016-03-02 18:36 - 2012-10-18 10:47 - 00003642 _____ F:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2016-03-02 11:07 - 2013-03-02 17:20 - 00003962 _____ F:\Windows\System32\Tasks\User_Feed_Synchronization-{EF45D370-8D23-4ED4-AC69-5DF208FC56BF}2016-03-02 11:04 - 2011-10-10 13:29 - 00000856 _____ F:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-657193895-424549869-3288613235-1033Core.job2016-02-28 20:13 - 2015-05-10 23:13 - 00000000 ____D F:\Warcraft III2016-02-28 14:05 - 2014-12-11 15:13 - 00003789 _____ F:\Users\Administrator\Desktop\monero addresses.txt2016-02-28 14:05 - 2013-04-02 15:57 - 00008624 _____ F:\Users\Administrator\Desktop\test.txt2016-02-28 11:03 - 2016-01-10 00:28 - 00002621 _____ F:\Users\Administrator\Desktop\SVASTA2.txt2016-02-28 10:10 - 2014-08-17 20:19 - 00000000 ____D F:\Users\Administrator\Desktop\Tor Browser2016-02-27 19:42 - 2011-01-15 20:43 - 00000000 ____D F:\Users\Administrator\AppData\Roaming\FileZilla2016-02-27 16:46 - 2015-02-03 15:36 - 00000000 ____D F:\Users\Administrator\AppData\Local\Temp\audacity_temp2016-02-27 16:46 - 2013-03-11 11:39 - 00000000 ____D F:\Users\Administrator\AppData\Roaming\Audacity2016-02-26 23:02 - 2015-12-26 16:41 - 00009505 _____ F:\Users\Administrator\Desktop\monero-new.txt2016-02-24 23:34 - 2009-07-14 06:07 - 00000000 ____D F:\Windows\system32\ServerManager2016-02-24 17:22 - 2014-08-27 12:36 - 00000000 ____D F:\Users\Administrator\AppData\Local\Temp\hsperfdata_Administrator2016-02-24 17:22 - 2013-10-17 11:09 - 00000000 ____D F:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2016-02-24 17:21 - 2013-10-17 11:12 - 00000000 ____D F:\ProgramData\Oracle2016-02-24 17:21 - 2013-10-17 11:09 - 00278624 _____ (Oracle Corporation) F:\Windows\SysWOW64\javaws.exe2016-02-24 17:21 - 2013-10-17 11:09 - 00097888 _____ (Oracle Corporation) F:\Windows\SysWOW64\WindowsAccessBridge-32.dll2016-02-24 17:21 - 2013-08-21 14:19 - 00000000 ____D F:\Program Files (x86)\Java2016-02-23 14:01 - 2014-07-08 16:54 - 00000000 ____D F:\Users\Administrator\Desktop\Monero2016-02-22 15:53 - 2014-07-11 19:08 - 00000000 ____D F:\Program Files\AMD2016-02-22 15:52 - 2013-10-23 00:57 - 00000000 ____D F:\AMD2016-02-21 23:31 - 2015-03-07 15:34 - 00000000 ____D F:\Users\Administrator\AppData\Roaming\qBittorrent2016-02-16 12:58 - 2009-07-14 06:37 - 00262144 _____ F:\Windows\system32\config\BCD-Template2016-02-15 22:34 - 2013-03-02 17:34 - 00000020 __RSH F:\wins.ld2016-02-15 06:42 - 2013-05-17 02:27 - 00008192 __RSH F:\BOOTSECT.BAK2016-02-12 18:55 - 2009-07-14 05:49 - 05053456 _____ F:\Windows\system32\FNTCACHE.DAT2016-02-12 18:54 - 2015-12-25 00:25 - 00000000 ____D F:\ProgramData\AVAST Software2016-02-12 18:48 - 2016-01-14 14:25 - 00001342 _____ F:\Users\Administrator\Desktop\proxy.txt2016-02-12 18:48 - 2015-12-26 12:19 - 00000627 _____ F:\Users\Administrator\Desktop\todotodotodo.txt ==================== Files in the root of some directories ======= 2013-07-15 15:45 - 2013-11-07 19:08 - 12744192 _____ (LastPass) F:\Program Files (x86)\Common Files\lpuninstall.exe2015-01-20 20:01 - 2015-01-21 09:47 - 0000600 _____ () F:\Users\Administrator\AppData\Roaming\PUTTY.RND2013-11-16 03:47 - 2014-05-07 22:32 - 0011776 _____ () F:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-05-26 10:19 - 2013-05-26 10:19 - 0366624 _____ () F:\Users\Administrator\AppData\Local\dd_vcredistMSI0271.txt2013-05-26 10:19 - 2013-05-26 10:19 - 0355262 _____ () F:\Users\Administrator\AppData\Local\dd_vcredistMSI0298.txt2014-04-27 18:29 - 2014-04-27 18:29 - 0367968 _____ () F:\Users\Administrator\AppData\Local\dd_vcredistMSI05D3.txt2014-04-27 18:29 - 2014-04-27 18:29 - 0359002 _____ () F:\Users\Administrator\AppData\Local\dd_vcredistMSI05DA.txt2013-09-26 13:09 - 2013-09-26 13:09 - 0370268 _____ () F:\Users\Administrator\AppData\Local\dd_vcredistMSI0EE3.txt2013-09-26 13:09 - 2013-09-26 13:09 - 0360090 _____ () F:\Users\Administrator\AppData\Local\dd_vcredistMSI0EE6.txt2013-04-30 10:49 - 2013-04-30 10:50 - 0440604 _____ () F:\Users\Administrator\AppData\Local\dd_vcredistMSI2A10.txt2014-06-18 11:44 - 2014-06-18 11:44 - 0369638 _____ () F:\Users\Administrator\AppData\Local\dd_vcredistMSI2ECE.txt2014-06-18 11:44 - 2014-06-18 11:44 - 0360228 _____ () F:\Users\Administrator\AppData\Local\dd_vcredistMSI2ED5.txt2015-02-01 19:45 - 2015-02-01 19:45 - 0369118 _____ () F:\Users\Administrator\AppData\Local\dd_vcredistMSI3531.txt2015-02-01 19:45 - 2015-02-01 19:45 - 0358636 _____ () F:\Users\Administrator\AppData\Local\dd_vcredistMSI3538.txt2013-05-11 11:52 - 2013-05-11 11:52 - 0359374 _____ () F:\Users\Administrator\AppData\Local\dd_vcredistMSI35AE.txt2013-05-11 11:52 - 2013-05-11 11:52 - 0350936 _____ () F:\Users\Administrator\AppData\Local\dd_vcredistMSI35BB.txt2013-04-17 14:32 - 2013-04-17 14:32 - 0352586 _____ () F:\Users\Administrator\AppData\Local\dd_vcredistMSI5D1D.txt2013-05-26 10:19 - 2013-05-26 10:19 - 0011482 _____ () F:\Users\Administrator\AppData\Local\dd_vcredistUI0271.txt2013-05-26 10:19 - 2013-05-26 10:19 - 0011418 _____ () F:\Users\Administrator\AppData\Local\dd_vcredistUI0298.txt2014-04-27 18:29 - 2014-04-27 18:29 - 0023114 _____ () F:\Users\Administrator\AppData\Local\dd_vcredistUI05D3.txt2014-04-27 18:29 - 2014-04-27 18:29 - 0023098 _____ () F:\Users\Administrator\AppData\Local\dd_vcredistUI05DA.txt2013-09-26 13:09 - 2013-09-26 13:09 - 0027350 _____ () F:\Users\Administrator\AppData\Local\dd_vcredistUI0EE3.txt2013-09-26 13:09 - 2013-09-26 13:09 - 0027350 _____ () F:\Users\Administrator\AppData\Local\dd_vcredistUI0EE6.txt2013-04-30 10:49 - 2013-04-30 10:50 - 0019732 _____ () F:\Users\Administrator\AppData\Local\dd_vcredistUI2A10.txt2015-11-09 12:30 - 2015-11-09 12:30 - 0016750 _____ () F:\Users\Administrator\AppData\Local\dd_vcredistUI2C13.txt2014-06-18 11:44 - 2014-06-18 11:44 - 0023802 _____ () F:\Users\Administrator\AppData\Local\dd_vcredistUI2ECE.txt2014-06-18 11:44 - 2014-06-18 11:44 - 0023770 _____ () F:\Users\Administrator\AppData\Local\dd_vcredistUI2ED5.txt2015-02-01 19:45 - 2015-02-01 19:45 - 0039998 _____ () F:\Users\Administrator\AppData\Local\dd_vcredistUI3531.txt2015-02-01 19:45 - 2015-02-01 19:45 - 0039918 _____ () F:\Users\Administrator\AppData\Local\dd_vcredistUI3538.txt2013-05-11 11:52 - 2013-05-11 11:52 - 0012162 _____ () F:\Users\Administrator\AppData\Local\dd_vcredistUI35AE.txt2013-05-11 11:52 - 2013-05-11 11:52 - 0012178 _____ () F:\Users\Administrator\AppData\Local\dd_vcredistUI35BB.txt2013-04-17 14:32 - 2013-04-17 14:32 - 0016250 _____ () F:\Users\Administrator\AppData\Local\dd_vcredistUI5D1D.txt2011-04-13 19:07 - 2015-06-01 09:21 - 0000600 _____ () F:\Users\Administrator\AppData\Local\PUTTY.RND2011-04-25 14:52 - 2016-02-16 12:47 - 0007605 _____ () F:\Users\Administrator\AppData\Local\Resmon.ResmonCfg2013-06-25 15:26 - 2013-11-28 14:42 - 0001251 _____ () F:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc2011-01-18 11:13 - 2011-01-18 11:13 - 0007291 _____ () F:\ProgramData\xml9A00.tmp2011-01-18 11:13 - 2011-01-18 11:13 - 0013543 _____ () F:\ProgramData\xml9C71.tmp2011-01-18 11:13 - 2011-01-18 11:13 - 0002263 _____ () F:\ProgramData\xml9D2D.tmp2011-01-17 09:40 - 2011-01-17 09:40 - 0007291 _____ () F:\ProgramData\xmlD097.tmp2011-01-17 09:40 - 2011-01-17 09:40 - 0013579 _____ () F:\ProgramData\xmlD1E0.tmp2011-01-17 09:40 - 2011-01-17 09:40 - 0002263 _____ () F:\ProgramData\xmlD26D.tmp Some files in TEMP:====================F:\Users\Administrator\AppData\Local\Temp\1\uninstall.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) F:\Windows\system32\winlogon.exe => File is digitally signedF:\Windows\system32\wininit.exe => File is digitally signedF:\Windows\explorer.exe => File is digitally signedF:\Windows\SysWOW64\explorer.exe => File is digitally signedF:\Windows\system32\svchost.exe => File is digitally signedF:\Windows\SysWOW64\svchost.exe => File is digitally signedF:\Windows\system32\services.exe => File is digitally signedF:\Windows\system32\User32.dll => File is digitally signedF:\Windows\SysWOW64\User32.dll => File is digitally signedF:\Windows\system32\userinit.exe => File is digitally signedF:\Windows\SysWOW64\userinit.exe => File is digitally signedF:\Windows\system32\rpcss.dll => File is digitally signedF:\Windows\system32\dnsapi.dll => File is digitally signedF:\Windows\SysWOW64\dnsapi.dll => File is digitally signedF:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-02-28 01:01 ==================== End of FRST.txt ============================+ Addition.txt : Additional scan result of Farbar Recovery Scan Tool (x64) Version:02-03-2016Ran by Administrator (2016-03-02 22:07:54)Running from F:\Users\Administrator\DownloadsWindows Server 2008 R2 Standard Service Pack 1 (X64) (2011-01-16 01:21:23)Boot Mode: Normal========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-657193895-424549869-3288613235-500 - Administrator - Enabled) => F:\Users\AdministratorGuest (S-1-5-21-657193895-424549869-3288613235-501 - Limited - Disabled)miki (S-1-5-21-657193895-424549869-3288613235-1038 - Limited - Disabled)vpn (S-1-5-21-657193895-424549869-3288613235-1050 - Limited - Disabled)WinSSHD_VirtualUsers (S-1-5-21-657193895-424549869-3288613235-1051 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)Air Playit 2.0.0 (HKLM\...\Air Playit_is1) (Version: - Digiarty)AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)Belkin Wireless G Plus MIMO USB Network Adapter (x32 Version: 1.00.0002 - Belkin) HiddenBitcoin Core (64-bit) (HKU\S-1-5-21-657193895-424549869-3288613235-500\...\Bitcoin Core (64-bit)) (Version: 0.9.3 - Bitcoin Core project)Bitcoin Trezor Plugin (HKLM-x32\...\{33D8B014-B1CC-4921-AA49-30381B10F4CA}) (Version: 1.0.5 - bitcointrezor.com)Bitcoin XT (64-bit) (HKU\S-1-5-21-657193895-424549869-3288613235-500\...\Bitcoin XT (64-bit)) (Version: 0.11.0 - Bitcoin Core project)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)CPU Thermometer (HKLM-x32\...\{06EA836D-C7AD-42A0-9C17-47BCDE7E015B}_is1) (Version: - cputhermometer.com)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.29.5 - Google Inc.) HiddenHitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.13.258 - SurfRight B.V.)HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version: - )HP LaserJet Professional M1210 MFP Series Fax Installer (HKLM\...\{E65099C4-9110-4C31-BD03-5C17EFB5FE92}) (Version: 1.1.0 - HP)ICQ 8.0 (build 6008, for the current user) (HKU\S-1-5-21-657193895-424549869-3288613235-500\...\ICQ) (Version: 8.0.6008.0 - Mail.Ru)Inno Download Plugin version 1.5.0 (HKLM-x32\...\MitrichSoftware.InnoDownloadPlugin_is1) (Version: 1.5.0 - Mitrich Software)Inno Setup version 5.5.6 (HKLM-x32\...\Inno Setup 5_is1) (Version: 5.5.6 - jrsoftware.org)Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)Litecoin (HKU\S-1-5-21-657193895-424549869-3288613235-500\...\Litecoin) (Version: 0.8.6.1 - Litecoin project)Logitech Gaming Software 8.58 (HKLM\...\Logitech Gaming Software) (Version: 8.58.183 - Logitech Inc.)Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation)Microsoft Windows SDK for Windows Server 2008 (6001.18000.367) (HKLM\...\SDKSetup_6.0.6001.18000) (Version: 6.0.6001.18000 - Microsoft Corporation)Nike+ Connect (HKLM-x32\...\Nike+ Connect) (Version: 6.3.18 - Nike)No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.1.0 - Vitalwerks Internet Solutions LLC)Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9 - )OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars)Primecoin (HKU\S-1-5-21-657193895-424549869-3288613235-500\...\Primecoin) (Version: 0.1.2 - Primecoin project)PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.90.1 - PS3 Media Server)Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 2.0.1 - HP)ShareMouse v2.0.46 (HKLM-x32\...\ShareMouse_is1) (Version: 2.0.46 - Bartels Media GmbH)TinyWall (HKLM-x32\...\{E87F67CD-B72A-4B47-A01D-28CD16AC0711}) (Version: 2.1.4.0 - Károly Pados)TP-LINK TL-WN721N_TL-WN722N Driver (HKLM-x32\...\{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}) (Version: 1.3.1 - TP-LINK)TuneUp Utilities Language Pack (en-US) (x32 Version: 13.0.3020.7 - TuneUp Software) HiddenVanDyke Software SecureCRT 7.2 (HKLM\...\{8ECFBFB1-2FEF-4D66-B107-2B84C4478A26}) (Version: 7.2.5 - VanDyke Software, Inc.)visionapp Remote Desktop 2012 (HKLM-x32\...\visionapp Remote Desktop 2012) (Version: 7.1.3830.0 - visionapp AG)Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)VMware Workstation (HKLM\...\{132E3257-14F1-411A-BC6C-0CA32D3A9BC6}) (Version: 12.0.0 - VMware, Inc.)Warcraft III (HKLM-x32\...\Warcraft III) (Version: - Blizzard Entertainment)Windows Resource Kit Tools (HKLM-x32\...\{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}) (Version: 5.2.3790 - Microsoft Corporation)WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)Wondershare Streaming Audio Recorder(Build 2.1.0.0) (HKLM-x32\...\Wondershare Streaming Audio Recorder_is1) (Version: 2.1.0.0 - Wondershare Software Co.,Ltd.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {2DCA10D8-FC88-4DD7-B608-1F5F2D8C9AB7} - System32\Tasks\{5AC51A8C-71FE-408A-8C3F-838FD58F4103} => F:\Users\Administrator\Downloads\f5d8053v3-setup.exeTask: {3030BB0E-DF84-420F-A52B-DA5B69E67F0B} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exeTask: {56D863E9-7F95-4A5D-97A6-13F46C736C96} - System32\Tasks\Apple\AppleSoftwareUpdate => F:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {5F24A4C6-7415-41FE-8685-104A773F348D} - System32\Tasks\AMD Updater => F:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2015-12-04] (Advanced Micro Devices, Inc.)Task: {63EE8552-A444-4BA2-8E1E-C8350D6D412A} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => F:\Windows\system32\ServerManagerLauncher.exe [2009-07-14] (Microsoft Corporation)Task: {69110D7B-41DC-4E9D-BDD3-C826C7DB613B} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleUsageCollector => F:\Windows\system32\ceipdata.exe [2010-11-20] (Microsoft Corporation)Task: {95AB638F-9A31-46CD-B283-2084C8FBD002} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-657193895-424549869-3288613235-1033UA => F:\Users\bojan\AppData\Local\Google\Update\GoogleUpdate.exeTask: {ABA87F91-0C36-4BD7-ADA2-7A38661F285F} - System32\Tasks\GoogleUpdateTaskMachineUA => F:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)Task: {AEB393DD-1BA8-4259-ADDA-FD09F76FDD44} - System32\Tasks\{604F3830-D0BF-47D2-8DCD-9228B5C69E22} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.8.0.158.259&LastError=12002Task: {AFECE848-8DA2-461B-B5E6-CBEF57A4DF7D} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleCollector => F:\Windows\system32\ceiprole.exe [2010-11-20] (Microsoft Corporation)Task: {B19A2176-35CD-42FB-815C-0B48A396AC75} - System32\Tasks\GoogleUpdateTaskMachineCore => F:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)Task: {BB25BDC7-CD26-497E-B63F-F2BBD1BC80CD} - System32\Tasks\User_Feed_Synchronization-{EEA75414-B70F-4664-A6AA-011D5E7D3258} => C:\Windows\system32\msfeedssync.exeTask: {C23360D4-8700-472F-BF03-61C995547BE6} - System32\Tasks\{7247D1DC-3A13-4147-A540-2E02149A43E8} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.8.0.158&LastError=12002Task: {C8111A8C-7291-46A4-818C-2A86F96C0178} - System32\Tasks\Adobe Flash Player Updater => F:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-30] (Adobe Systems Incorporated)Task: {C9DED8E3-55A3-4792-BF5B-5BD019E7DA82} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-657193895-424549869-3288613235-1033Core => F:\Users\bojan\AppData\Local\Google\Update\GoogleUpdate.exeTask: {D49A10DA-0F70-4779-BD96-B2D976A4F2E3} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant => F:\Windows\system32\ceipdata.exe [2010-11-20] (Microsoft Corporation)Task: {F66FF5DD-D336-41EB-BBE1-A1E7323EA9AF} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-657193895-424549869-3288613235-500 => F:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exeTask: {F6786D3D-444E-4953-B146-C8B491E3CD56} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-657193895-424549869-3288613235-500 => F:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: F:\Windows\Tasks\Adobe Flash Player Updater.job => F:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: F:\Windows\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS\AutoKMS.exeTask: F:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => F:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: F:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => F:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: F:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-657193895-424549869-3288613235-1033Core.job => F:\Users\bojan\AppData\Local\Google\Update\GoogleUpdate.exeTask: F:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-657193895-424549869-3288613235-1033UA.job => F:\Users\bojan\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2011-10-14 14:59 - 2010-03-31 10:51 - 00407040 _____ () F:\Windows\System32\HPM1210LM.DLL2011-10-14 14:59 - 2010-03-31 10:51 - 00074240 ____N () F:\Windows\system32\spool\PRTPROCS\x64\HPM1210PP.DLL2011-10-14 14:59 - 2010-03-31 11:51 - 03087872 _____ () F:\Windows\system32\spool\DRIVERS\x64\3\hpm1210su.dll2011-10-14 14:59 - 2010-03-31 12:17 - 01038336 _____ () F:\Windows\system32\spool\DRIVERS\x64\3\HPM1210GC.dll2015-03-20 17:12 - 2015-03-20 17:12 - 00085832 _____ () F:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2015-03-20 17:12 - 2015-03-20 17:12 - 01346344 _____ () F:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2011-10-14 14:58 - 2011-04-15 17:14 - 00222720 _____ () F:\Windows\system32\m1210nwia.dll2013-12-18 12:33 - 2013-12-18 12:33 - 00084952 _____ () F:\Windows\assembly\GAC_MSIL\TinyWall.XmlSerializers\2.1.4.0__d9a8adbcd0c171b3\TinyWall.XmlSerializers.dll2015-08-14 13:02 - 2015-08-14 13:02 - 12465344 _____ () F:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe2011-04-08 16:22 - 2011-03-02 11:40 - 00164864 _____ () F:\Program Files\WinRAR\rarext.dll2015-08-14 13:02 - 2015-08-14 13:02 - 01301696 _____ () F:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll2015-08-14 13:02 - 2015-08-14 13:02 - 00191680 _____ () F:\Program Files (x86)\VMware\VMware Workstation\LIBEXPAT.dll2015-08-14 13:02 - 2015-08-14 13:02 - 00388800 _____ () F:\Program Files (x86)\VMware\VMware Workstation\ssoClient.dll2015-08-14 13:02 - 2015-08-14 13:02 - 00165056 _____ () F:\Program Files (x86)\VMware\VMware Workstation\nfc-types.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: F:\Users\Administrator\AppData\Local\Temp\acrord32_sbx:0AMXxpujRywDcTS8gCfSlWC75VZ [2178]AlternateDataStreams: F:\ProgramData\Microsoft:eRDAuMnd3tUDbHmvSkB [2366]AlternateDataStreams: F:\ProgramData\Microsoft:LRohTavedPKgvSCFXPMmE4E5 [2370]AlternateDataStreams: F:\ProgramData\TEMP:373E1720 [128]AlternateDataStreams: F:\ProgramData\TEMP:9A870F8B [343] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2013-05-26 10:22 - 00000889 ____A F:\Windows\system32\Drivers\etc\hosts 127.0.0.1 activate.adobe.com127.0.0.1 practivate.adobe.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-657193895-424549869-3288613235-500\Control Panel\Desktop\\Wallpaper -> DNS Servers: 8.8.8.8 - 8.8.4.4HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3MSCONFIG\Services: FileZilla Server => 3MSCONFIG\Services: VMUSBArbService => 2MSCONFIG\Services: W3SVC => 3MSCONFIG\Services: wuauserv => 2MSCONFIG\startupfolder: F:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BancaIntesaUser64.exe.lnk => F:\Windows\pss\BancaIntesaUser64.exe.lnk.CommonStartupMSCONFIG\startupfolder: F:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install LastPass FF RunOnce.lnk => F:\Windows\pss\Install LastPass FF RunOnce.lnk.CommonStartupMSCONFIG\startupfolder: F:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install LastPass IE RunOnce.lnk => F:\Windows\pss\Install LastPass IE RunOnce.lnk.CommonStartupMSCONFIG\startupfolder: F:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^IntesaCertificateRemoval.lnk => F:\Windows\pss\IntesaCertificateRemoval.lnk.CommonStartupMSCONFIG\startupfolder: F:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk => F:\Windows\pss\WDDMStatus.lnk.CommonStartupMSCONFIG\startupfolder: F:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk => F:\Windows\pss\WDSmartWare.lnk.CommonStartupMSCONFIG\startupfolder: F:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^No-IP DUC.lnk => F:\Windows\pss\No-IP DUC.lnk.StartupMSCONFIG\startupfolder: F:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => F:\Windows\pss\OpenOffice.org 3.4.1.lnk.StartupMSCONFIG\startupfolder: F:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^startup.vbs => F:\Windows\pss\startup.vbs.StartupMSCONFIG\startupreg: Adobe ARM => "F:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "F:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"MSCONFIG\startupreg: AdobeCS6ServiceManager => "F:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbyloginMSCONFIG\startupreg: APSDaemon => "F:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"MSCONFIG\startupreg: Auto Dialer Pro => "f:\program files (x86)\auto dialer pro\autodial.exe" /minMSCONFIG\startupreg: Camfrog => "F:\Program Files (x86)\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 0 F:\Program Files (x86)\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exeMSCONFIG\startupreg: Digiarty_Software_AirPlayit => "F:\Program Files\Digiarty\Air_Playit\airplayit.exe" -minMSCONFIG\startupreg: FileZilla Server Interface => "F:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe"MSCONFIG\startupreg: icq => F:\Users\Administrator\AppData\Roaming\ICQM\icq.exe -CUMSCONFIG\startupreg: iTunesHelper => "F:\Program Files\iTunes\iTunesHelper.exe"MSCONFIG\startupreg: Launch LCore => F:\Program Files\Logitech Gaming Software\LCore.exe /minimizedMSCONFIG\startupreg: Nike+ Connect => "F:\Program Files (x86)\Nike\Nike+ Connect\Nike+ Connect daemon.exe"MSCONFIG\startupreg: PC_CLEAN => F:\Program Files (x86)\PC Cleaner Trial\trayicon.exeMSCONFIG\startupreg: Plex Media Server => "F:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"MSCONFIG\startupreg: QuickTime Task => "F:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimeMSCONFIG\startupreg: Service => %appdata%\primecoin\sbs.vbsMSCONFIG\startupreg: Skype => "F:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunMSCONFIG\startupreg: SplitCam => F:\Program Files (x86)\SplitCam\SplitCam.exeMSCONFIG\startupreg: StartCCC => "F:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRunMSCONFIG\startupreg: SunJavaUpdateSched => "F:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"MSCONFIG\startupreg: SwitchBoard => F:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exeMSCONFIG\startupreg: TinyWall Controller => F:\Program Files (x86)\TinyWall\TinyWall.exeMSCONFIG\startupreg: UIExec => "F:\Program Files (x86)\Telenor Internet\UIExec.exe"MSCONFIG\startupreg: vmware-tray.exe => "F:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"MSCONFIG\startupreg: WinSSHD Activation State Checker => "F:\Program Files (x86)\Bitvise WinSSHD\WinsshdActStateCheck.exe"MSCONFIG\startupreg: Wondershare Helper Compact.exe => F:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exeMSCONFIG\startupreg: YouCam Service => "F:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [WindowsServerBackup-wbengine-In-TCP-NoScope] => (Allow) F:\Windows\system32\wbengine.exeFirewallRules: [WMP-Out-TCP] => (Allow) F:\Program Files\Windows Media Player\wmplayer.exeFirewallRules: [WMP-Out-UDP] => (Allow) F:\Program Files\Windows Media Player\wmplayer.exeFirewallRules: [WMP-In-UDP] => (Allow) F:\Program Files\Windows Media Player\wmplayer.exeFirewallRules: [WMP-Out-TCP-x86] => (Allow) F:\Program Files (x86)\Windows Media Player\wmplayer.exeFirewallRules: [WMP-Out-UDP-x86] => (Allow) F:\Program Files (x86)\Windows Media Player\wmplayer.exeFirewallRules: [WMP-In-UDP-x86] => (Allow) F:\Program Files (x86)\Windows Media Player\wmplayer.exeFirewallRules: [RQS-In-TCP] => (Allow) F:\Windows\system32\rqs.exeFirewallRules: [Remrras-In-RPC] => (Allow) F:\Windows\system32\remrras.exeFirewallRules: [DfsMgmt-In-TCP] => (Allow) F:\Windows\system32\dfsfrsHost.exeFirewallRules: [sPPSVC-In-TCP] => (Allow) F:\Windows\system32\sppsvc.exeFirewallRules: [ComPlusRemoteAdministration-DCOM-In] => (Allow) F:\Windows\system32\dllhost.exeFirewallRules: [sCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC-EndPointMapper] => (Allow) F:\Windows\system32\scshost.exeFirewallRules: [sCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC] => (Allow) F:\Windows\system32\scshost.exeFirewallRules: [{1E5788BE-6DE0-42A2-BA17-EC4EF86BC76A}] => (Allow) F:\Users\Administrator\Downloads\HitmanPro_x64.exeFirewallRules: [{A2DEC697-4FD1-4A39-BD57-9064A50918C2}] => (Allow) F:\Users\Administrator\Downloads\HitmanPro_x64.exeFirewallRules: [{580E69E0-6984-4246-B8F7-4C83075C566D}] => (Allow) F:\Users\Administrator\Downloads\HitmanPro_x64.exeFirewallRules: [{2538C191-9406-4F33-AF45-D4C4E97898EB}] => (Allow) F:\Users\Administrator\Downloads\HitmanPro_x64.exeFirewallRules: [{16514074-C71B-4AC3-8BBF-C809861A486A}] => (Allow) F:\Users\Administrator\Downloads\JRT.exeFirewallRules: [{56CA1A5E-2B73-4C26-9CA4-DFD8DD8DF4EC}] => (Allow) F:\Users\Administrator\Downloads\JRT.exeFirewallRules: [{F45C30C9-A6F8-4857-AFEB-D5231A520B40}] => (Allow) F:\Users\Administrator\Downloads\JRT.exeFirewallRules: [{F91F12EC-C201-4FDE-91CF-1EA1257D00D2}] => (Allow) F:\Users\Administrator\Downloads\JRT.exeFirewallRules: [{A7E3A214-58FD-48F0-A134-6572193E330A}] => (Allow) F:\Users\Administrator\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exeFirewallRules: [{554CFB69-70B7-4C67-9BCD-E1EB1AC85D30}] => (Allow) F:\Users\Administrator\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exeFirewallRules: [{7F6479BE-1691-4DCC-8DCC-ADC61CE7127E}] => (Allow) F:\Users\Administrator\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exeFirewallRules: [{8C705EC0-83A9-44E7-B430-9C0CE06CE13D}] => (Allow) F:\Users\Administrator\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exeFirewallRules: [{E42FC317-0503-4AA2-B0FA-1F2BAABC2B21}] => (Allow) F:\Users\Administrator\Desktop\MoneroNEW\bitmonerod.exeFirewallRules: [{6020277D-6A3C-4EBC-A1F0-BA49B95CC4BB}] => (Allow) F:\Users\Administrator\Desktop\MoneroNEW\bitmonerod.exeFirewallRules: [{15234661-B1FF-4954-8C84-BDA85703D520}] => (Allow) F:\Users\Administrator\Desktop\MoneroNEW\bitmonerod.exeFirewallRules: [{C2F4C64A-8E78-408C-A6AE-930A108A8999}] => (Allow) F:\Users\Administrator\Desktop\MoneroNEW\bitmonerod.exeFirewallRules: [{EB239653-7CEF-49F0-BFDB-9ABC81232A51}] => (Allow) F:\Users\Administrator\Downloads\rufus-2.7p.exeFirewallRules: [{0188FC4B-3F06-4B7D-930A-0609B4D8C6A5}] => (Allow) F:\Users\Administrator\Downloads\rufus-2.7p.exeFirewallRules: [{69816FBE-A01E-4565-AE34-9A0A2AA85CF0}] => (Allow) F:\Users\Administrator\Downloads\rufus-2.7p.exeFirewallRules: [{BF246D32-2D06-4D99-B4B9-18500D75A08F}] => (Allow) F:\Users\Administrator\Downloads\rufus-2.7p.exeFirewallRules: [{6281704E-8028-4652-B084-D521A646CA95}] => (Allow) F:\Users\Administrator\Desktop\wxDownload Fast Portable\wxdfast.exeFirewallRules: [{A268CF7D-56C2-4D82-9CB2-78365B620AE7}] => (Allow) F:\Users\Administrator\Desktop\wxDownload Fast Portable\wxdfast.exeFirewallRules: [{66B8ABD4-A3DE-486C-9669-3B2F0935E1B4}] => (Allow) F:\Users\Administrator\Desktop\wxDownload Fast Portable\wxdfast.exeFirewallRules: [{2919492F-0C37-4975-BD14-F677A48A8FC6}] => (Allow) F:\Users\Administrator\Desktop\wxDownload Fast Portable\wxdfast.exeFirewallRules: [{468D0C1E-882C-4C11-8C55-D8CFC5CE09A6}] => (Allow) F:\Users\Administrator\Desktop\Monero\AEON\bitmonerod.exeFirewallRules: [{FA8929DB-2944-4388-8DB5-50D86AE3B4D5}] => (Allow) F:\Users\Administrator\Desktop\Monero\AEON\bitmonerod.exeFirewallRules: [{832D8B81-C7A8-44DC-B761-E734F2A7FA33}] => (Allow) F:\Users\Administrator\Desktop\Monero\AEON\bitmonerod.exeFirewallRules: [{88AF515B-0F90-4DDF-B5CC-1DC241C0D856}] => (Allow) F:\Users\Administrator\Desktop\Monero\AEON\bitmonerod.exeFirewallRules: [{84522193-07BE-47DF-98C1-AC0F89DA15FC}] => (Allow) F:\Users\Administrator\Downloads\avira_en_av_567c815dbc6c3__ws.exeFirewallRules: [{9A748772-46A8-4233-AE44-FCE8F5AA1C2A}] => (Allow) F:\Users\Administrator\Downloads\avira_en_av_567c815dbc6c3__ws.exeFirewallRules: [{35ED2D7A-44D9-49C6-9388-6E83DD224105}] => (Allow) F:\Users\Administrator\Downloads\avira_en_av_567c815dbc6c3__ws.exeFirewallRules: [{59129374-B54A-4D2B-9599-519E87F8B6C5}] => (Allow) F:\Users\Administrator\Downloads\avira_en_av_567c815dbc6c3__ws.exeFirewallRules: [{7D2DC02F-9866-46AB-98A6-0D141F93773C}] => (Allow) F:\Users\Administrator\Downloads\AVG_Antivirus_739.exeFirewallRules: [{1F8C754F-44EF-424F-835F-C8FBB957BABA}] => (Allow) F:\Users\Administrator\Downloads\AVG_Antivirus_739.exeFirewallRules: [{E4241209-A5A3-42B0-B157-6023AA17F175}] => (Allow) F:\Users\Administrator\Downloads\AVG_Antivirus_739.exeFirewallRules: [{B12FF6F2-E1CE-4D1E-B3FC-9950D497762E}] => (Allow) F:\Users\Administrator\Downloads\AVG_Antivirus_739.exeFirewallRules: [{EF47634B-D326-43BE-8937-0D3AD944BFC3}] => (Allow) F:\Games\World_of_Tanks\WoTLauncher.exeFirewallRules: [{F02B0E09-8E90-4CC5-BD9A-BB86236CC6B7}] => (Allow) F:\Games\World_of_Tanks\WoTLauncher.exeFirewallRules: [{DA740E85-5282-40FC-BDC8-AD2A84DB56E8}] => (Allow) F:\Games\World_of_Tanks\WoTLauncher.exeFirewallRules: [{7E3CBC7B-3383-4564-8D4B-A3EEDE22F081}] => (Allow) F:\Games\World_of_Tanks\WoTLauncher.exeFirewallRules: [{D59B333C-63B4-4412-9FEE-7EA6A3935837}] => (Allow) F:\Program Files (x86)\qBittorrent\qbittorrent.exeFirewallRules: [{BCB09181-B6B8-48DD-A5F7-7B871A288D02}] => (Allow) F:\Program Files (x86)\qBittorrent\qbittorrent.exeFirewallRules: [{87358092-5016-49DD-9DFD-07A822606A1C}] => (Allow) F:\Program Files (x86)\qBittorrent\qbittorrent.exeFirewallRules: [{ECC9C797-97B4-4B4A-9BD9-8FF996788F64}] => (Allow) F:\Program Files (x86)\qBittorrent\qbittorrent.exeFirewallRules: [{728CDA40-7D37-4F89-BBF5-61D65646390B}] => (Allow) F:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeFirewallRules: [{EAE813B9-A11F-4340-B94D-D2CEB3064629}] => (Allow) F:\Program Files (x86)\No-IP\DUC40.exeFirewallRules: [{F1993B00-29CE-41FC-BC71-5ABD8A9DE059}] => (Allow) F:\Program Files (x86)\No-IP\DUC40.exeFirewallRules: [{55D2C077-C7D3-465E-BE89-2331DAA139BA}] => (Allow) F:\Program Files (x86)\No-IP\DUC40.exeFirewallRules: [{F394B0A2-A19B-473D-9031-C491D414EDC9}] => (Allow) F:\Program Files (x86)\No-IP\DUC40.exeFirewallRules: [{A12F06DD-DA74-41DB-9AEC-8367244D7952}] => (Allow) F:\Users\Administrator\Desktop\VNC-Viewer-5.0.5-Windows-64bit.exeFirewallRules: [{D350E170-D0C8-4EC1-9847-48E2C4811D3D}] => (Allow) F:\Users\Administrator\Desktop\VNC-Viewer-5.0.5-Windows-64bit.exeFirewallRules: [{56C3C50F-7C24-449A-8EB7-463AA5D1F009}] => (Allow) F:\Users\Administrator\Desktop\VNC-Viewer-5.0.5-Windows-64bit.exeFirewallRules: [{7209C3F9-9064-4A5A-8C48-6548E4A744DB}] => (Allow) F:\Users\Administrator\Desktop\VNC-Viewer-5.0.5-Windows-64bit.exeFirewallRules: [{B144F578-E536-431D-B4D0-E834E52DBB2B}] => (Allow) f:\warcraft iii\war3.exeFirewallRules: [{94DFEB87-0815-47CD-88A2-16C833E56CCE}] => (Allow) f:\warcraft iii\war3.exeFirewallRules: [{67856D90-C2DC-4BC6-B7DA-19E85DB57B7E}] => (Allow) f:\warcraft iii\war3.exeFirewallRules: [{14ED18B7-6CF8-45B0-B43E-7F64F8534936}] => (Allow) f:\warcraft iii\war3.exeFirewallRules: [{E69F0C7E-8826-4E92-89F0-1AE0043D2E0D}] => (Allow) F:\Program Files (x86)\PokerStars\PokerStars.exeFirewallRules: [{3FEA1F75-B44E-474A-9E95-C1B48C4634A8}] => (Allow) F:\Program Files (x86)\PokerStars\PokerStars.exeFirewallRules: [{067437AA-D61C-4A55-BFE5-BF3DEEE1072B}] => (Allow) F:\Program Files (x86)\PokerStars\PokerStars.exeFirewallRules: [{F23A8A13-807C-4F0D-A851-FB3CF1CF11D0}] => (Allow) F:\Program Files (x86)\PokerStars\PokerStars.exeFirewallRules: [{611931C9-BC75-4681-B088-C0D77859F2BD}] => (Allow) F:\Program Files (x86)\PokerStars\PokerStarsUpdate.exeFirewallRules: [{4E1A000C-0340-435F-AA0E-469F60BBEE6E}] => (Allow) F:\Program Files (x86)\PokerStars\PokerStarsUpdate.exeFirewallRules: [{F16CE9CA-6B13-490F-B69E-ADD1E1FC4367}] => (Allow) F:\Program Files (x86)\PokerStars\PokerStarsUpdate.exeFirewallRules: [{3996DA29-B94F-4753-A55E-A4BE2811267F}] => (Allow) F:\Program Files (x86)\PokerStars\PokerStarsUpdate.exeFirewallRules: [{4CF7B0E1-E53A-4AD4-A85D-FF7E71C5A161}] => (Allow) F:\Program Files (x86)\PS3 Media Server\pms.exeFirewallRules: [{9EEC1CF4-5823-4E4E-B29A-CFDC756D98EF}] => (Allow) F:\Program Files (x86)\PS3 Media Server\pms.exeFirewallRules: [{36F528B8-987D-4733-B0F9-777B63C1D3B6}] => (Allow) F:\Program Files (x86)\PS3 Media Server\pms.exeFirewallRules: [{25A10D3B-A318-43B8-9B07-0EAC54DAD569}] => (Allow) F:\Program Files (x86)\PS3 Media Server\pms.exeFirewallRules: [{D43FF45C-4CBF-4300-97AC-7EEB83608560}] => (Allow) F:\Program Files (x86)\Mozilla Firefox\firefox.exeFirewallRules: [{BCAA6847-80A1-4BBD-9145-8FFB1ACEAD65}] => (Allow) F:\Program Files (x86)\Mozilla Firefox\firefox.exeFirewallRules: [{A3CD2080-B23F-4FC9-A5D2-347ED9FB0F6A}] => (Allow) F:\Program Files (x86)\Mozilla Firefox\firefox.exeFirewallRules: [{5023FFC1-646D-46FD-9DF1-83ADD272FB3D}] => (Allow) F:\Program Files (x86)\Mozilla Firefox\firefox.exeFirewallRules: [{A60D64B7-C2D5-4015-9245-B6A894570C07}] => (Allow) F:\Program Files\VanDyke Software\SecureCRT\SecureCRT.exeFirewallRules: [{B3F7B51F-AE25-4827-BA0F-1FF1AECC4AC8}] => (Allow) F:\Program Files\VanDyke Software\SecureCRT\SecureCRT.exeFirewallRules: [{F38C2A06-28B2-4638-B8C3-8E8C9FB7BFCA}] => (Allow) F:\Program Files\VanDyke Software\SecureCRT\SecureCRT.exeFirewallRules: [{2E6FBBAE-2419-475C-BB17-774D83E9DA43}] => (Allow) F:\Program Files\VanDyke Software\SecureCRT\SecureCRT.exeFirewallRules: [{BB460315-17FC-4EDB-87E8-A22BF8EF9B9D}] => (Allow) F:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{066A0D88-847A-43D1-82FC-BE8FC38576CB}] => (Allow) F:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{11B79331-3DDF-4975-BE60-83FDE1E07159}] => (Allow) F:\Program Files (x86)\visionapp Remote Desktop 2012\vRD71.exeFirewallRules: [{7133603D-D8D9-4C23-BFEF-6FE855E78D27}] => (Allow) F:\Program Files (x86)\visionapp Remote Desktop 2012\vRD71.exeFirewallRules: [{C15CBB45-FA64-4D98-AB82-8B02512A6C19}] => (Allow) F:\Program Files (x86)\visionapp Remote Desktop 2012\vRD71.exeFirewallRules: [{9567DD4D-8829-4F81-8C60-D40D890FC3B4}] => (Allow) F:\Program Files (x86)\visionapp Remote Desktop 2012\vRD71.exeFirewallRules: [{9F24ED8D-6A97-487D-B5BB-0B2E8E21A36E}] => (Allow) F:\Program Files\Digiarty\Air_Playit\AirPS.exeFirewallRules: [{2815DAA4-7A04-4A4C-844A-3F70C7295919}] => (Allow) F:\Program Files\Digiarty\Air_Playit\AirPS.exeFirewallRules: [{365F00B4-03FD-419E-BB90-A46430942B02}] => (Allow) F:\Program Files\Digiarty\Air_Playit\AirPS.exeFirewallRules: [{606A3827-3D37-48F8-9DA8-44F9E274CF43}] => (Allow) F:\Program Files\Digiarty\Air_Playit\AirPS.exeFirewallRules: [{002880E6-7050-45D7-BEEA-C81B3F5EFE5C}] => (Allow) F:\Program Files\Digiarty\Air_Playit\airplayit.exeFirewallRules: [{3CD72591-F7E1-4F70-A1AB-D4E0449ECB21}] => (Allow) F:\Program Files\Digiarty\Air_Playit\airplayit.exeFirewallRules: [{C76ECE3A-F7E9-4371-B549-FBD9D2F7935B}] => (Allow) F:\Program Files\Digiarty\Air_Playit\airplayit.exeFirewallRules: [{8799C7A7-D5BF-4D33-968D-39F3547BB22D}] => (Allow) F:\Program Files\Digiarty\Air_Playit\airplayit.exeFirewallRules: [{A76D506E-CCFB-4B7D-AF76-3A16058E92E3}] => (Allow) F:\Program Files (x86)\SecureCRT\SecureCRT.exeFirewallRules: [{1A20E12F-73CC-48F5-BCF8-A4A4CCD5781C}] => (Allow) F:\Program Files (x86)\SecureCRT\SecureCRT.exeFirewallRules: [{EEE21301-DCD0-4437-A8D0-EDBAD5102CB4}] => (Allow) F:\Program Files (x86)\SecureCRT\SecureCRT.exeFirewallRules: [{921F6DAA-3AFB-40B9-8408-D940197BE27C}] => (Allow) F:\Program Files (x86)\SecureCRT\SecureCRT.exeFirewallRules: [{38A4B58A-D38A-4D51-A956-223CCA974DC2}] => (Allow) F:\Program Files (x86)\Google\Chrome\Application\chrome.exeFirewallRules: [{B0004C90-A980-4950-ADD2-732B35726ABE}] => (Allow) F:\Program Files (x86)\Google\Chrome\Application\chrome.exeFirewallRules: [{A1868EA6-4EDA-4240-98F3-97D1EDF695FF}] => (Allow) F:\Program Files (x86)\Google\Chrome\Application\chrome.exeFirewallRules: [{A7934D85-891F-4C79-9FCA-4EEE2B71F46C}] => (Allow) F:\Program Files (x86)\Google\Chrome\Application\chrome.exeFirewallRules: [{98B333FF-31CD-4B6F-9A81-7B9B573799FE}] => (Allow) F:\Users\Administrator\AppData\Roaming\ICQM\icq.exeFirewallRules: [{CD7674F4-6269-4172-B581-D8E5881872A2}] => (Allow) F:\Users\Administrator\AppData\Roaming\ICQM\icq.exeFirewallRules: [{67E1BA48-633A-44EB-8D18-05CB5C3F9786}] => (Allow) F:\Users\Administrator\AppData\Roaming\ICQM\icq.exeFirewallRules: [{4FC8DA2F-32EE-46C6-9BFA-65F6D770A3DD}] => (Allow) F:\Users\Administrator\AppData\Roaming\ICQM\icq.exeFirewallRules: [{D087857A-8E67-4E48-BDC8-9E00FD0871C6}] => (Allow) F:\Program Files (x86)\TinyWall\TinyWall.exeFirewallRules: [{FEE99DCA-5A1C-4A03-87DF-A52D08220A50}] => (Allow) F:\Program Files\HitmanPro\HitmanPro.exeFirewallRules: [{26F77A4E-68F6-4746-ABA4-4DC6044D76DB}] => (Allow) F:\Program Files\HitmanPro\HitmanPro.exeFirewallRules: [{CCA45F6F-0953-4FF0-BD00-5384AA598FE1}] => (Allow) F:\Program Files\HitmanPro\HitmanPro.exeFirewallRules: [{3003C252-D452-4E5C-A475-655E9BB09B28}] => (Allow) F:\Program Files\HitmanPro\HitmanPro.exeDomainProfile\AuthorizedApplications: [F:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7StandardProfile\AuthorizedApplications: [F:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7 ==================== Restore Points ========================= ATTENTION: System Restore is disabledCheck "winmgmt" service or repair WMI. ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors:==================Error: (03/02/2016 09:04:19 PM) (Source: VSS) (EventID: 8193) (User: )Description: Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr = 0x80070005, Access is denied.. Operation: Initializing Writer Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {41a8e138-c8cc-47da-bcda-e6efd1d1333f} Error: (03/02/2016 08:50:01 PM) (Source: VSS) (EventID: 8193) (User: )Description: Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr = 0x80070005, Access is denied.. Operation: Initializing Writer Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {2a6eea13-a26c-4d7d-9a81-d14f3e2f0137} Error: (03/02/2016 08:36:34 PM) (Source: VSS) (EventID: 8193) (User: )Description: Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr = 0x80070005, Access is denied.. Operation: Initializing Writer Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {5ba81ec6-df9c-47f6-8091-541ed5f7c090} Error: (03/02/2016 08:25:09 PM) (Source: VSS) (EventID: 8193) (User: )Description: Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr = 0x80070005, Access is denied.. Operation: Initializing Writer Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {e32757d1-d88a-4f98-b6c2-0b6b64a6cfda} Error: (03/02/2016 06:28:46 PM) (Source: VSS) (EventID: 8193) (User: )Description: Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr = 0x80070005, Access is denied.. Operation: Initializing Writer Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {2c2c4b2c-ce96-43a9-86bc-e1234814c6d0} Error: (02/28/2016 02:08:04 PM) (Source: VSS) (EventID: 8193) (User: )Description: Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr = 0x80070005, Access is denied.. Operation: Initializing Writer Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {09dbfd4e-a4cc-41b1-bcd4-a2ca7d156288} Error: (02/22/2016 03:55:47 PM) (Source: VSS) (EventID: 8193) (User: )Description: Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr = 0x80070005, Access is denied.. Operation: Initializing Writer Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {69fe7d66-06e2-4d1e-973c-c5b871851fe1} Error: (02/22/2016 03:50:21 PM) (Source: VSS) (EventID: 8193) (User: )Description: Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr = 0x80070005, Access is denied.. Operation: Initializing Writer Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {346c18ad-e5c1-422f-a26f-c0626accc01e} Error: (02/22/2016 03:47:30 PM) (Source: VSS) (EventID: 8193) (User: )Description: Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr = 0x80070005, Access is denied.. Operation: Initializing Writer Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {c3cf824a-5197-46b8-a4e6-71fef7694288} Error: (02/16/2016 08:11:10 PM) (Source: VSS) (EventID: 8193) (User: )Description: Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr = 0x80070005, Access is denied.. Operation: Initializing Writer Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {55a74de0-c2fc-4a3c-a0a3-c64cf221f113} System errors:=============Error: (03/02/2016 09:04:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: %%1058 Error: (03/02/2016 09:04:21 PM) (Source: Service Control Manager) (EventID: 7024) (User: )Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error %%0. Error: (03/02/2016 09:04:21 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (03/02/2016 09:03:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The VMware Workstation Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (03/02/2016 08:50:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: %%1058 Error: (03/02/2016 08:50:02 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (03/02/2016 08:49:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The VMware Workstation Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (03/02/2016 08:36:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: %%1058 Error: (03/02/2016 08:36:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (03/02/2016 08:35:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The TinyWall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. CodeIntegrity:=================================== Date: 2016-03-02 13:23:59.263 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2016-03-02 05:54:31.622 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2016-03-02 00:09:08.599 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2016-02-29 11:48:51.325 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2016-02-28 00:27:44.286 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2016-02-27 06:27:28.387 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2016-02-27 02:26:07.995 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2016-02-27 02:03:54.872 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2016-02-27 01:43:00.451 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2016-02-27 00:39:46.734 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core i7 CPU 920 @ 2.67GHzPercentage of memory in use: 12%Total physical RAM: 16374.11 MBAvailable physical RAM: 14308.95 MBTotal Virtual: 32746.42 MBAvailable Virtual: 30618.44 MB ==================== Drives ================================ Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:212.11 GB) NTFSDrive f: (New Volume) (Fixed) (Total:223.57 GB) (Free:67.4 GB) NTFS ==>[system with boot components (obtained from drive)]Drive m: (New Volume) (Fixed) (Total:111.79 GB) (Free:55.76 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows XP) (Size: 223.6 GB) (Disk ID: 73990378)Partition 1: (Active) - (Size=223.6 GB) - (Type=07 NTFS) ========================================================Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: FAA85357)Partition 1: (Not Active) - (Size=931.5 GB) - (Type=42) ========================================================Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: FAA85354)Partition 1: (Not Active) - (Size=931.5 GB) - (Type=42) ========================================================Disk: 3 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: F5E6E5C1)Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
kevinf80 Posted March 2, 2016 ID:1022865 Share Posted March 2, 2016 Thanks for those logs, unfortunately there is illegal software installed and active on your system. There is also an illegal hack running from the hosts file, both of those actions are in breach of forum protocol. I cannot offer any further help. Your thread will be locked and closed.... Thank you, Kevin.... Link to post Share on other sites More sharing options...
mpet Posted March 2, 2016 Author ID:1022867 Share Posted March 2, 2016 Cracked Adobe bundle was uninstalled long time ago, the hosts file junk is just a leftover... Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 3, 2016 Root Admin ID:1022947 Share Posted March 3, 2016 Task: F:\Windows\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS\AutoKMS.exeTask: {3030BB0E-DF84-420F-A52B-DA5B69E67F0B} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe127.0.0.1 activate.adobe.com127.0.0.1 practivate.adobe.comThis topic will now be closed due to evidence of cracked or pirated software on this system.Piracy Policy Link to post Share on other sites More sharing options...
Recommended Posts