CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Trend Micro <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Trend Micro <====== ATTENTION
HKU\S-1-5-21-2207828519-3919902441-2265496074-1000\...\RunOnce: [Browsersafeguard-rockettab FF:0] => C:\Users\Leng\AppData\Local\BrowserSafeguard\Resources\certutil.exe -A -n "DO_NOT_TRUST_FiddlerRoot" -t "TCu,TCu,TCu" -i "C:\Users\Leng\AppData\Local\BrowserSafeguard\TrustedRoot.cer" -d "C:\Users\Len (the data entry has 60 more characters).
HKLM\...\AppCertDlls: [aeinHMCA] -> C:\Users\Leng\AppData\L
HKLM\...\AppCertDlls: [appigr32] -> C:\Users\Leng\AppData\Lo
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ProxyServer: [S-1-5-21-2207828519-3919902441-2265496074-1000] => http=127.0.0.1:49167;https=127.0.0.1:49167
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2207828519-3919902441-2265496074-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF NewTab: hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHFYaJQtbWAAXDFAWcV0VVQFEFhgaJVoMTAAUFwwQdV9ZWQkXRRNBNARaB0tXUUEeGGlxR1dMa0BNJ1VdL1wF
FF DefaultSearchEngine.US: Default
FF Homepage: hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghAeVwKAgBIRxhGdQhcTA1JFAIOeVxbVRRIRAMacwxeAAFBR1EFIk0FA18DB0VXfWFoKB8fHH9WLl5UBHcUVQ==
FF user.js: detected! => C:\Users\Leng\AppData\Roaming\Mozilla\Firefox\Profiles\feey3djw.default-1409445628946\user.js [2015-07-03]
FF SearchPlugin: C:\Users\Leng\AppData\Roaming\Mozilla\Firefox\Profiles\feey3djw.default-1409445628946\searchplugins\default.xml [2015-09-24]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2015-04-04] <==== ATTENTION
1 abcojeuo; \??\C:\Windows\system32\drivers\abcojeuo.sys [X]
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S1 cpyzutoy; \??\C:\Windows\system32\drivers\cpyzutoy.sys [X]
S1 dcvssiho; \??\C:\Windows\system32\drivers\dcvssiho.sys [X]
S1 druhdshf; \??\C:\Windows\system32\drivers\druhdshf.sys [X]
S1 dvrzsyes; \??\C:\Windows\system32\drivers\dvrzsyes.sys [X]
S1 effkmzua; \??\C:\Windows\system32\drivers\effkmzua.sys [X]
S1 egptrfps; \??\C:\Windows\system32\drivers\egptrfps.sys [X]
S1 ensuopzc; \??\C:\Windows\system32\drivers\ensuopzc.sys [X]
S1 ffvvzrlc; \??\C:\Windows\system32\drivers\ffvvzrlc.sys [X]
S1 fhbbjggz; \??\C:\Windows\system32\drivers\fhbbjggz.sys [X]
S1 fjthueeb; \??\C:\Windows\system32\drivers\fjthueeb.sys [X]
S1 hqeslbfk; \??\C:\Windows\system32\drivers\hqeslbfk.sys [X]
S1 hxgbdanv; \??\C:\Windows\system32\drivers\hxgbdanv.sys [X]
S1 iggmcigt; \??\C:\Windows\system32\drivers\iggmcigt.sys [X]
S1 iyffaqtd; \??\C:\Windows\system32\drivers\iyffaqtd.sys [X]
S1 janddtky; \??\C:\Windows\system32\drivers\janddtky.sys [X]
S1 jrgjsocs; \??\C:\Windows\system32\drivers\jrgjsocs.sys [X]
S1 kmbwhaxn; \??\C:\Windows\system32\drivers\kmbwhaxn.sys [X]
S1 koxwroig; \??\C:\Windows\system32\drivers\koxwroig.sys [X]
S1 kwrnwjii; \??\C:\Windows\system32\drivers\kwrnwjii.sys [X]
S1 mzvqqlwh; \??\C:\Windows\system32\drivers\mzvqqlwh.sys [X]
S1 neogppqk; \??\C:\Windows\system32\drivers\neogppqk.sys [X]
S1 nicxcbbr; \??\C:\Windows\system32\drivers\nicxcbbr.sys [X]
S1 npecygjc; \??\C:\Windows\system32\drivers\npecygjc.sys [X]
S1 npfejnxt; \??\C:\Windows\system32\drivers\npfejnxt.sys [X]
S1 nubnfgsm; \??\C:\Windows\system32\drivers\nubnfgsm.sys [X]
S1 obpoqbaq; \??\C:\Windows\system32\drivers\obpoqbaq.sys [X]
S1 ohrbuect; \??\C:\Windows\system32\drivers\ohrbuect.sys [X]
S1 puvirvtk; \??\C:\Windows\system32\drivers\puvirvtk.sys [X]
S1 pzwlreic; \??\C:\Windows\system32\drivers\pzwlreic.sys [X]
S1 qwlsmkzz; \??\C:\Windows\system32\drivers\qwlsmkzz.sys [X]
S1 qxmddyji; \??\C:\Windows\system32\drivers\qxmddyji.sys [X]
S1 rwrhebxb; \??\C:\Windows\system32\drivers\rwrhebxb.sys [X]
S1 rxpwmado; \??\C:\Windows\system32\drivers\rxpwmado.sys [X]
S1 smgdufff; \??\C:\Windows\system32\drivers\smgdufff.sys [X]
S1 svmbwkcg; \??\C:\Windows\system32\drivers\svmbwkcg.sys [X]
S1 swrqoleu; \??\C:\Windows\system32\drivers\swrqoleu.sys [X]
S1 tacydwtl; \??\C:\Windows\system32\drivers\tacydwtl.sys [X]
S1 udjmjekc; \??\C:\Windows\system32\drivers\udjmjekc.sys [X]
S1 ulfdtusz; \??\C:\Windows\system32\drivers\ulfdtusz.sys [X]
S1 umtfgwuo; \??\C:\Windows\system32\drivers\umtfgwuo.sys [X]
S1 vjsmxhxi; \??\C:\Windows\system32\drivers\vjsmxhxi.sys [X]
S1 vtidzqdb; \??\C:\Windows\system32\drivers\vtidzqdb.sys [X]
S1 vznoqxgj; \??\C:\Windows\system32\drivers\vznoqxgj.sys [X]
S1 wfasrzts; \??\C:\Windows\system32\drivers\wfasrzts.sys [X]
S1 wmvucwrc; \??\C:\Windows\system32\drivers\wmvucwrc.sys [X]
S1 wurfyvca; \??\C:\Windows\system32\drivers\wurfyvca.sys [X]
S1 xgmpkplj; \??\C:\Windows\system32\drivers\xgmpkplj.sys [X]
S1 ycnvwkgi; \??\C:\Windows\system32\drivers\ycnvwkgi.sys [X]
S1 ymsfoezj; \??\C:\Windows\system32\drivers\ymsfoezj.sys [X]
S1 yoawqmlg; \??\C:\Windows\system32\drivers\yoawqmlg.sys [X]
S1 yrsyarno; \??\C:\Windows\system32\drivers\yrsyarno.sys [X]
S1 yxakxbpx; \??\C:\Windows\system32\drivers\yxakxbpx.sys [X]
S1 zllirvpa; \??\C:\Windows\system32\drivers\zllirvpa.sys [X]
S1 zxgmiquh; \??\C:\Windows\system32\drivers\zxgmiquh.sys [X]
2015-09-23 20:40 - 2015-09-23 20:40 - 00000000 ____H C:\Users\Leng\AppData\Local\BIT8989.tmp
2015-09-23 20:40 - 2015-09-23 20:40 - 00000000 _____ C:\Users\Leng\AppData\Local\{855BD958-67A7-483A-9729-CCEE2811A0BB}
2015-09-24 22:28 - 2013-01-30 18:28 - 00045056 _____ C:\Windows\SysWOW64\acovcnt.exe
2013-04-20 15:20 - 2013-04-20 15:20 - 4126720 _____ () C:\Program Files (x86)\GUT2684.tmp
Task: {3247FB56-0B58-4649-9122-FFCE84174C76} - \Cassiopesa lice -> No File <==== ATTENTION
Task: {94F5CEC3-DB56-48A0-A2CC-4E0F25C05054} - System32\Tasks\{8E098EBF-191A-48B5-BA4F-966484E10698} => pcalua.exe -a C:\Users\Leng\Desktop\scz.exe -d C:\Users\Leng\Desktop
Task: {A61F402C-945A-4F9F-BB90-C596FD4F239A} - System32\Tasks\{B76BB496-4FB8-46AF-856D-A3483D8B6EB8} => pcalua.exe -a "C:\Games\Madden 08\Madden NFL 08 (Download)\Setup.exe" -d "C:\Games\Madden 08\Madden NFL 08 (Download)"
Task: {B3D6248A-97FF-4DF2-AB82-3DEFDD4575DB} - \HDNINSTSCHD -> No File <==== ATTENTION
Task: {B965A0FF-0714-4881-BC09-779D2BDCCC73} - \Updater26278.exe -> No File <==== ATTENTION
Task: {C36768FD-667E-4CF5-AD76-9EA4D0FAE2F9} - System32\Tasks\{3DD1DE97-65AB-48CC-8B56-FA147E51CFD0} => pcalua.exe -a F:\Setup.now.exe -d F:\
Task: {C716FC81-195D-4251-BDA0-C4DDBF93BD4D} - \UPDTEXE4_WDR -> No File <==== ATTENTION
Task: {C9198085-70E1-4BA5-9D4B-6EA153F55DE6} - System32\Tasks\{83B26B54-87DA-4680-8BE3-71C0702A460A} => pcalua.exe -a C:\Users\Leng\Desktop\setup.exe -d C:\Users\Leng\Desktop
Task: {E27ACC1B-DD3E-40E7-99F9-94F09E693853} - \IE_ERR4WDR -> No File <==== ATTENTION
2014-11-12 01:03 - 2014-11-12 01:03 - 0000448 ____H () C:\Users\Leng\AppData\Roaming\麽鎒駓覜
2015-09-23 20:40 - 2015-09-23 20:40 - 0000000 ____H () C:\Users\Leng\AppData\Local\BIT8989.tmp
2015-09-23 20:40 - 2015-09-23 20:40 - 0000000 _____ () C:\Users\Leng\AppData\Local\{855BD958-67A7-483A-9729-CCEE2811A0BB}
2014-11-12 01:03 - 2014-11-12 01:03 - 0000520 _____ () C:\ProgramData\@system.temp
2014-11-12 01:04 - 2014-11-12 01:04 - 0000256 ____H () C:\ProgramData\@system3.att
C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys
C:\Windows\system32\drivers\cpyzutoy.sys
C:\Windows\system32\drivers\dcvssiho.sys
C:\Windows\system32\drivers\druhdshf.sys
C:\Windows\system32\drivers\dvrzsyes.sys
C:\Windows\system32\drivers\effkmzua.sys
C:\Windows\system32\drivers\egptrfps.sys
C:\Windows\system32\drivers\ensuopzc.sys
C:\Windows\system32\drivers\ffvvzrlc.sys
C:\Windows\system32\drivers\fhbbjggz.sys
:\Windows\system32\drivers\fjthueeb.sys
C:\Windows\system32\drivers\hqeslbfk.sys
:\Windows\system32\drivers\hxgbdanv.sys
C:\Windows\system32\drivers\iggmcigt.sys
C:\Windows\system32\drivers\iyffaqtd.sys
C:\Windows\system32\drivers\janddtky.sys
C:\Windows\system32\drivers\jrgjsocs.sys
C:\Windows\system32\drivers\kmbwhaxn.sys
C:\Windows\system32\drivers\koxwroig.sys
C:\Windows\system32\drivers\kwrnwjii.sys
C:\Windows\system32\drivers\mzvqqlwh.sys
C:\Windows\system32\drivers\neogppqk.sys
C:\Windows\system32\drivers\nicxcbbr.sys
C:\Windows\system32\drivers\npecygjc.sys
C:\Windows\system32\drivers\npfejnxt.sys
C:\Windows\system32\drivers\nubnfgsm.sys
C:\Windows\system32\drivers\obpoqbaq.sys
C:\Windows\system32\drivers\ohrbuect.sys
C:\Windows\system32\drivers\puvirvtk.sys
C:\Windows\system32\drivers\pzwlreic.sys
C:\Windows\system32\drivers\qwlsmkzz.sys
C:\Windows\system32\drivers\qxmddyji.sys
C:\Windows\system32\drivers\rwrhebxb.sys
C:\Windows\system32\drivers\rxpwmado.sys
C:\Windows\system32\drivers\smgdufff.sys
C:\Windows\system32\drivers\svmbwkcg.sys
C:\Windows\system32\drivers\swrqoleu.sys
C:\Windows\system32\drivers\tacydwtl.sys
C:\Windows\system32\drivers\udjmjekc.sys
C:\Windows\system32\drivers\ulfdtusz.sys
C:\Windows\system32\drivers\umtfgwuo.sys
C:\Windows\system32\drivers\vjsmxhxi.sys
C:\Windows\system32\drivers\vtidzqdb.sys
C:\Windows\system32\drivers\vznoqxgj.sys
C:\Windows\system32\drivers\wfasrzts.sys
C:\Windows\system32\drivers\wmvucwrc.sys
C:\Windows\system32\drivers\wurfyvca.sys
C:\Windows\system32\drivers\xgmpkplj.sys
C:\Windows\system32\drivers\ycnvwkgi.sys
C:\Windows\system32\drivers\ymsfoezj.sys
C:\Windows\system32\drivers\yoawqmlg.sys
C:\Windows\system32\drivers\yrsyarno.sys
C:\Windows\system32\drivers\yxakxbpx.sys
C:\Windows\system32\drivers\zllirvpa.sys
C:\Windows\system32\drivers\zxgmiquh.sys [X]
C:\ProgramData\BitRaider
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers