CreateRestorePoint:
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1232603322-3645337139-1979953262-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1232603322-3645337139-1979953262-1001\...\CurrentVersion\Windows: [Load] C:\ProgramData\msctqoijn.exe <===== ATTENTION
HKU\S-1-5-21-1232603322-3645337139-1979953262-1001\...\MountPoints2: {0fb37f05-8757-11e4-83cc-20898440e341} - "H:\Install.exe" 
HKU\S-1-5-21-1232603322-3645337139-1979953262-1001\...\MountPoints2: {1f44dd11-4479-11e4-83aa-20898440e341} - "F:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-1232603322-3645337139-1979953262-1001\...\MountPoints2: {7d215ca6-2d82-11e4-8386-20898440e341} - "F:\Install.exe" 
HKU\S-1-5-21-1232603322-3645337139-1979953262-1001\...\MountPoints2: {e6f05941-877b-11e3-82b4-20898440e341} - "G:\.\Start.exe" 
C:\ProgramData\msctqoijn.exe
FF user.js: detected! => C:\Users\Rifandi\AppData\Roaming\Mozilla\Firefox\Profiles\ly7cncgi.default\user.js [2014-03-22]
FF Extension: SavePass 1.2 - C:\Users\Rifandi\AppData\Roaming\Mozilla\Firefox\Profiles\ly7cncgi.default\Extensions\VJKPXI46039420@JMZUIOB85844870.com [2015-08-19]
2015-09-21 13:58 - 2015-09-21 13:58 - 01415680 _____ (wj32) C:\Program Files\MNOHIJGH.exe
2015-09-19 18:59 - 2015-09-19 18:59 - 01415680 _____ (wj32) C:\Program Files\HTIAGJZW.exe
2015-09-24 17:20 - 2014-03-25 14:48 - 00000000 ____D C:\Program Files\KMSnano
2015-06-27 04:47 - 2015-06-27 04:47 - 1415680 _____ (wj32) C:\Program Files\F7N7RDTD.exe
2015-06-28 14:44 - 2015-06-28 14:44 - 1415680 _____ (wj32) C:\Program Files\IRJS8N3R.exe
2015-07-22 13:25 - 2015-07-22 13:25 - 1415680 _____ (wj32) C:\Program Files\YIWGU8PH.exe
FirewallRules: [{8EC7C0D2-469D-425A-B1B6-B81075B83C37}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{0EB4AB0D-4A4A-4D49-B669-6857DFBAAA39}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{971E3028-9FB4-4F27-9B29-7DBC1424F8A5}] => (Allow) C:\Windows\System32\KMSServer.exe
FirewallRules: [{213EADAA-1CFE-4D58-9E21-C09621DE09D5}] => (Allow) C:\Windows\System32\KMSServer.exe
FirewallRules: [{EBCA317D-CC83-43ED-AAE3-74866A4DFFD5}] => (Allow) D:\GAMES\Dragon Nest SEA\DragonNest.exe
FirewallRules: [{27FB2FF6-1E02-4AF4-B515-BE58E7F66AED}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{D31A831A-E4FA-41E1-98ED-24EF2D307FDA}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{07799367-4E73-4629-B22A-23952A4E3A98}] => (Allow) C:\Program Files\KMSpico\KMSServer.exe
FirewallRules: [{D7FFEC2F-1027-45F8-BF55-9E803B26383D}] => (Allow) C:\Program Files\KMSpico\KMSServer.exe
FirewallRules: [{3E856337-07D0-4D60-B6DE-E6B7F3221DA2}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{B0BA9B87-C926-41A7-B95D-6428E7C88BA7}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
EmptyTemp: