Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

istartsurf kept installing random programs but i might have some lefto


  • Please log in to reply

#1
Wolffie

Wolffie

    Member

  • Member
  • PipPip
  • 56 posts

main thing that made me come here was the ocasional 1 fps clogging during games which happened like 2-3 times today and i believe it might have something to do with this last virus i tried to clean by myself. (istartsurf who continuously installed random adware programs)

 

funny enough this is the second time i ran into this same virus(yes i was dumb enough to download the same infected crap twice)

i kind of got it under control the first and the second time but maybe i didn`t eradicate it completely 

i`ve ran a bunch of malware removal programs, malwarebytes and adwcleaner usually find different things. i posted the latest malwarebytes scan log in the bottom of the post too (it happened before i caved in and ran the frst to make this post)

 

also hitmanpro finds jOsrv.exe , vOsrv.exe and cAsrv.exe as trojans and after every clean they show up again on the next scan

 

any help would be greatly appreciated :)

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-05-2015
Ran by Dumi (administrator) on HORTENSIA on 21-05-2015 23:27:20
Running from C:\Users\Dumi\Desktop
Loaded Profiles: Dumi (Available profiles: Dumi)
Platform: Windows 8.1 Connected (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices.exe
(Flux Software LLC) C:\Users\Dumi\AppData\Local\FluxSoftware\Flux\flux.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
() C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() D:\Downloads\Hitman Pro 3.7.9 Cracked 32+64-Bit [danhuk]\Hitman Pro 3.7.9 Cracked 32+64-Bit [danhuk].exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Dumi\Desktop\FRST64 (2).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3276104 2014-05-22] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [216064 2014-01-07] (Realtek Semiconductor Corporation)
HKLM-x32\...\Run: [PhoneCompanion] => C:\Program Files\Lenovo PhoneCompanion\Phone Companion.exe [836592 2014-09-21] (Lenovo)
HKLM-x32\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2014-09-21] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10841584 2014-09-21] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-04] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM-x32\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2015-05-10] (Realtek semiconductor)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [DFX] => C:\Program Files (x86)\DFX\DFX.exe [1131880 2015-04-21] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-2033786156-1746779195-2201224321-1001\...\Run: [f.lux] => C:\Users\Dumi\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-2033786156-1746779195-2201224321-1001\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2425632 2014-11-07] (IObit)
HKU\S-1-5-21-2033786156-1746779195-2201224321-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-2033786156-1746779195-2201224321-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5585136 2015-03-31] (Disc Soft Ltd)
HKU\S-1-5-21-2033786156-1746779195-2201224321-1001\...\MountPoints2: {70eea477-ef37-11e4-8302-28d244f27523} - "F:\setup.exe" 
ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2033786156-1746779195-2201224321-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2033786156-1746779195-2201224321-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKU\S-1-5-21-2033786156-1746779195-2201224321-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2033786156-1746779195-2201224321-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2033786156-1746779195-2201224321-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2014-12-07] (IObit)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-10] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-10] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 95.77.94.88 78.96.7.88
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-05-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-10] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-19] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2033786156-1746779195-2201224321-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dumi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS)
 
Chrome: 
=======
CHR Profile: C:\Users\Dumi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Dumi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-18]
CHR Extension: (Google Docs) - C:\Users\Dumi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-18]
CHR Extension: (Google Drive) - C:\Users\Dumi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-18]
CHR Extension: (YouTube) - C:\Users\Dumi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-18]
CHR Extension: (Google Search) - C:\Users\Dumi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-18]
CHR Extension: (Google Sheets) - C:\Users\Dumi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-18]
CHR Extension: (AdBlock) - C:\Users\Dumi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-18]
CHR Extension: (Bookmark Manager) - C:\Users\Dumi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dumi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Google Wallet) - C:\Users\Dumi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-07]
CHR Extension: (Hover Zoom+) - C:\Users\Dumi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pccckmaobkjjboncdfnnofkonhgpceea [2015-05-18]
CHR Extension: (Gmail) - C:\Users\Dumi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-18]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
S4 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [84992 2014-01-23] () [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-12-07] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1277680 2015-03-31] (Disc Soft Ltd)
S4 ETDService; C:\Program Files\Elantech\ETDService.exe [101680 2013-10-15] (ELAN Microelectronics Corp.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319080 2015-05-10] (Intel Corporation)
S4 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel® Corporation) [File not signed]
S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel® Corporation)
S4 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-22] (LENOVO INCORPORATED.)
S4 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-09-21] (Lenovo(beijing) Limited)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-05-07] (IObit)
S4 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-07] ()
S4 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [38896 2014-02-18] (Lenovo(beijing) Limited)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S4 PhoneCompanionPusher; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionPusher.exe [288240 2014-09-21] (Lenovo)
S4 PhoneCompanionVap; C:\Program Files\Lenovo PhoneCompanion\PhoneCompanionVap.exe [305136 2014-09-21] (Lenovo)
S4 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [1055008 2015-05-07] (IObit)
S4 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [67856 2014-09-21] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-03-11] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-03-11] (Microsoft Corporation)
S2 lusecixo; No ImagePath
S2 tykucihu; No ImagePath
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 DFX11_1; C:\Windows\system32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows ® Win 7 DDK provider)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-05-01] (Disc Soft Ltd)
R1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-24] (REALiX™)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [586456 2015-05-10] (Realtek Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [9113304 2015-05-10] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3759320 2015-03-12] (Realtek Semiconductor Corporation                           )
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-12-07] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-16] (Intel Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-03-11] (Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
S3 XFDriver64; C:\Program Files (x86)\Xfire2\XFDriver64.sys [17160 2013-03-14] (XFire)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-21 23:26 - 2015-05-21 23:26 - 02108416 _____ (Farbar) C:\Users\Dumi\Desktop\FRST64 (2).exe
2015-05-21 23:25 - 2015-05-21 23:26 - 02108416 _____ (Farbar) C:\Users\Dumi\Downloads\FRST64 (2).exe
2015-05-21 21:25 - 2015-05-21 21:25 - 02223104 _____ () C:\Users\Dumi\Downloads\adwcleaner_4.205.exe
2015-05-21 11:58 - 2015-05-21 11:58 - 00000000 _____ () C:\Users\Dumi\Downloads\adwcleaner_4.200.exe
2015-05-18 17:35 - 2015-05-18 17:35 - 00012872 _____ (SurfRight B.V.) C:\windows\system32\bootdelete.exe
2015-05-18 17:23 - 2015-05-21 13:05 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2033786156-1746779195-2201224321-1001
2015-05-18 17:14 - 2015-05-18 17:14 - 00003878 _____ () C:\Users\Dumi\Desktop\JRT.txt
2015-05-18 17:10 - 2015-05-18 17:10 - 00000207 _____ () C:\windows\tweaking.com-regbackup-HORTENSIA-Windows-8.1-Connected-(64-bit).dat
2015-05-18 17:10 - 2015-05-18 17:10 - 00000000 ____D () C:\RegBackup
2015-05-18 17:09 - 2015-05-18 17:10 - 02719698 _____ (Thisisu) C:\Users\Dumi\Downloads\JRT (1).exe
2015-05-18 15:06 - 2015-05-21 12:35 - 00002214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-18 15:06 - 2015-05-18 17:14 - 00000777 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quake Live.lnk
2015-05-18 15:06 - 2015-05-18 17:13 - 00000765 _____ () C:\Users\Public\Desktop\Quake Live.lnk
2015-05-18 14:27 - 2015-05-18 14:27 - 00020316 _____ () C:\Users\Dumi\Downloads\[kat.cr]hitman.pro.3.7.9.cracked.64.bit.danhuk.torrent
2015-05-18 13:54 - 2015-05-18 14:19 - 00009258 _____ () C:\Users\Dumi\Desktop\New Text Document (3).txt
2015-05-18 13:48 - 2015-05-18 13:49 - 00059517 _____ () C:\Users\Dumi\Downloads\Addition.txt
2015-05-18 13:45 - 2015-05-18 13:49 - 00056414 _____ () C:\Users\Dumi\Downloads\FRST.txt
2015-05-18 13:44 - 2015-05-18 13:45 - 02107392 _____ (Farbar) C:\Users\Dumi\Downloads\FRST64 (1).exe
2015-05-18 13:28 - 2015-05-18 13:28 - 00013760 _____ () C:\Users\Dumi\Downloads\0BC2340CB79135EBED076F7513D15D3027A60882.torrent
2015-05-18 13:02 - 2015-05-18 13:02 - 00001145 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-18 13:01 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-05-18 13:01 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-05-18 13:01 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-05-18 12:48 - 2015-05-18 14:17 - 00000000 ____D () C:\Program Files (x86)\a726e5d1-2dbd-4825-b0a4-286dfc2def7e
2015-05-18 12:48 - 2015-05-18 14:17 - 00000000 ____D () C:\Program Files (x86)\4a30f9ac-2d46-4250-aed7-1ba48b951487
2015-05-18 12:47 - 2013-08-22 16:25 - 00000824 _____ () C:\windows\system32\Drivers\etc\hp.bak
2015-05-18 12:11 - 2015-05-18 12:11 - 00028102 _____ () C:\Users\Dumi\Downloads\DBE720F223AAE9B6E5886122FD2EEE18B90195C1.torrent
2015-05-18 11:54 - 2015-05-21 22:53 - 00001624 _____ () C:\windows\setupact.log
2015-05-18 11:54 - 2015-05-18 11:54 - 00000000 _____ () C:\windows\setuperr.log
2015-05-18 11:53 - 2015-05-21 22:53 - 00066220 _____ () C:\windows\PFRO.log
2015-05-18 11:53 - 2015-05-18 11:53 - 00000000 ____H () C:\asc_rdflag
2015-05-17 23:29 - 2015-05-17 23:29 - 00006196 _____ () C:\Users\Dumi\Downloads\LOL_OPGG_Observer_1883927871_replay (1).bat
2015-05-17 22:02 - 2015-05-17 22:02 - 00002487 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-17 22:01 - 2015-05-17 22:01 - 00003886 _____ () C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-05-16 17:28 - 2015-05-21 22:56 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-16 17:28 - 2015-05-21 22:33 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-16 00:38 - 2015-05-16 00:38 - 00005919 _____ () C:\Users\Dumi\Downloads\LOL_OPGG_Observer_1883927871_replay.bat
2015-05-15 11:43 - 2015-05-15 11:43 - 00001316 _____ () C:\Users\Public\Desktop\Start Menu 8.lnk
2015-05-15 11:21 - 2015-05-15 11:22 - 09275248 _____ (IObit ) C:\Users\Dumi\Downloads\sm8-setup.exe
2015-05-13 13:09 - 2015-05-13 13:09 - 00003096 _____ () C:\windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2033786156-1746779195-2201224321-1001
2015-05-12 18:11 - 2015-05-12 18:11 - 00483935 _____ () C:\Users\Dumi\Downloads\INTREBARI CURS 7 FINAL.rar
2015-05-12 18:09 - 2015-05-12 18:09 - 00304834 _____ () C:\Users\Dumi\Downloads\INTREBARI CURS 8 FINAL.rar
2015-05-11 12:18 - 2015-05-11 12:19 - 00051815 _____ () C:\Users\Dumi\Downloads\dark-iron-dwarf.htm
2015-05-10 20:35 - 2015-05-10 20:35 - 00000451 _____ () C:\windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-05-10 12:37 - 2015-05-10 12:36 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-05-10 12:34 - 2015-05-10 12:34 - 09113304 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\rtsuvc.sys
2015-05-10 12:34 - 2015-05-10 12:34 - 06340312 _____ (Realtek semiconductor) C:\windows\RTFTrack.exe
2015-05-10 12:34 - 2015-05-10 12:34 - 02628312 _____ (Realtek Semiconductor Corp.) C:\windows\RtCamU64.exe
2015-05-10 12:34 - 2015-05-10 12:34 - 00586456 _____ (Realtek Semiconductor Corporation) C:\windows\system32\Drivers\RtkBtfilter.sys
2015-05-10 12:34 - 2015-05-10 12:34 - 00472792 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtCamX64.dll
2015-05-10 12:34 - 2015-05-10 12:34 - 00419032 _____ (Realtek Semiconductor Corp.) C:\windows\SysWOW64\RtCamX.dll
2015-05-10 12:33 - 2015-05-10 12:34 - 00000000 ____D () C:\windows\LastGood.Tmp
2015-05-10 12:32 - 2015-05-10 12:32 - 00187844 _____ () C:\windows\system32\resTHA.cui
2015-05-10 12:32 - 2015-05-10 12:32 - 00180644 _____ () C:\windows\system32\resELL.cui
2015-05-10 12:32 - 2015-05-10 12:32 - 00176500 _____ () C:\windows\system32\resRUS.cui
2015-05-10 12:32 - 2015-05-10 12:32 - 00162356 _____ () C:\windows\system32\resARA.cui
2015-05-10 12:32 - 2015-05-10 12:32 - 00161812 _____ () C:\windows\system32\resHEB.cui
2015-05-10 12:32 - 2015-05-10 12:32 - 00161764 _____ () C:\windows\system32\resJPN.cui
2015-05-10 12:32 - 2015-05-10 12:32 - 00157172 _____ () C:\windows\system32\resFRA.cui
2015-05-10 12:32 - 2015-05-10 12:32 - 00157156 _____ () C:\windows\system32\resHUN.cui
2015-05-10 12:32 - 2015-05-10 12:32 - 00155460 _____ () C:\windows\system32\resKOR.cui
2015-05-10 12:32 - 2015-05-10 12:32 - 00155364 _____ () C:\windows\system32\resITA.cui
2015-05-10 12:32 - 2015-05-10 12:32 - 00155364 _____ () C:\windows\system32\resDEU.cui
2015-05-10 12:32 - 2015-05-10 12:32 - 00155204 _____ () C:\windows\system32\resROM.cui
2015-05-10 12:32 - 2015-05-10 12:32 - 00155092 _____ () C:\windows\system32\resESN.cui
2015-05-10 12:32 - 2015-05-10 12:32 - 00154660 _____ () C:\windows\system32\resPLK.cui
2015-05-10 12:32 - 2015-05-10 12:32 - 00154516 _____ () C:\windows\system32\resSKY.cui
2015-05-10 12:32 - 2015-05-10 12:32 - 00154324 _____ () C:\windows\system32\resNLD.cui
2015-05-10 12:32 - 2015-05-10 12:32 - 00153764 _____ () C:\windows\system32\resPTB.cui
2015-05-10 12:32 - 2015-05-10 12:32 - 00153620 _____ () C:\windows\system32\resTRK.cui
2015-05-10 12:32 - 2015-05-10 12:32 - 00153604 _____ () C:\windows\system32\resCSY.cui
2015-05-10 12:32 - 2015-05-10 12:32 - 00153460 _____ () C:\windows\system32\resPTG.cui
2015-05-10 12:32 - 2015-05-10 12:32 - 00153060 _____ () C:\windows\system32\resFIN.cui
2015-05-10 12:32 - 2015-05-10 12:32 - 00152612 _____ () C:\windows\system32\resHRV.cui
2015-05-10 12:32 - 2015-05-10 12:32 - 00152164 _____ () C:\windows\system32\resSVE.cui
2015-05-10 12:32 - 2015-05-10 12:32 - 00152004 _____ () C:\windows\system32\resSLV.cui
2015-05-10 12:32 - 2015-05-10 12:32 - 00151060 _____ () C:\windows\system32\resNOR.cui
2015-05-10 12:32 - 2015-05-10 12:32 - 00150548 _____ () C:\windows\system32\resDAN.cui
2015-05-10 12:32 - 2015-05-10 12:32 - 00149236 _____ () C:\windows\system32\resENU.cui
2015-05-10 12:32 - 2015-05-10 12:32 - 00147460 _____ () C:\windows\system32\resCHT.cui
2015-05-10 12:32 - 2015-05-10 12:32 - 00146628 _____ () C:\windows\system32\resCHS.cui
2015-05-10 12:31 - 2015-05-10 12:32 - 02480152 _____ (Intel Corporation) C:\windows\system32\IntelWiDiVAD64.exe
2015-05-10 12:31 - 2015-05-10 12:31 - 22905344 _____ (Intel Corporation) C:\windows\system32\igdfcl64.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 17837568 _____ (Intel Corporation) C:\windows\SysWOW64\igdfcl32.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 12182856 _____ (Intel Corporation) C:\windows\system32\igd10iumd64.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 11758984 _____ (Intel Corporation) C:\windows\SysWOW64\igd10iumd32.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 10912320 _____ (Intel Corporation) C:\windows\system32\igdumdim64.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 10438520 _____ (Intel Corporation) C:\windows\SysWOW64\igdumdim32.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 08520192 _____ (Intel Corporation) C:\windows\system32\ig7icd64.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 06503424 _____ (Intel Corporation) C:\windows\SysWOW64\ig7icd32.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 04585560 _____ (Intel Corporation) C:\windows\system32\igdusc64.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 04361832 _____ (Intel Corporation) C:\windows\system32\Gfxv4_0.exe
2015-05-10 12:31 - 2015-05-10 12:31 - 04358248 _____ (Intel Corporation) C:\windows\system32\Gfxv2_0.exe
2015-05-10 12:31 - 2015-05-10 12:31 - 03787704 _____ (Intel Corporation) C:\windows\system32\Drivers\igdkmd64.sys
2015-05-10 12:31 - 2015-05-10 12:31 - 03626600 _____ (Intel Corporation) C:\windows\SysWOW64\igdusc32.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 01984000 _____ (Intel Corporation) C:\windows\system32\igdrcl64.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 01783808 _____ (Intel Corporation) C:\windows\SysWOW64\igdrcl32.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 01137120 _____ (Intel Corporation) C:\windows\system32\iglhsip64.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 01133000 _____ (Intel Corporation) C:\windows\SysWOW64\iglhsip32.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 00959592 _____ (Intel Corporation) C:\windows\system32\GfxUIEx.exe
2015-05-10 12:31 - 2015-05-10 12:31 - 00670208 _____ (Intel Corporation) C:\windows\system32\igfxDH.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 00545896 _____ (Intel Corporation) C:\windows\system32\DPTopologyApp.exe
2015-05-10 12:31 - 2015-05-10 12:31 - 00545384 _____ (Intel Corporation) C:\windows\system32\DPTopologyAppv2_0.exe
2015-05-10 12:31 - 2015-05-10 12:31 - 00530536 _____ (Intel Corporation) C:\windows\system32\igfxEM.exe
2015-05-10 12:31 - 2015-05-10 12:31 - 00454760 _____ (Intel Corporation) C:\windows\system32\igdmd64.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 00433768 _____ (Intel Corporation) C:\windows\system32\IntelWiDiUMS64.exe
2015-05-10 12:31 - 2015-05-10 12:31 - 00399976 _____ (Intel Corporation) C:\windows\system32\CustomModeApp.exe
2015-05-10 12:31 - 2015-05-10 12:31 - 00399464 _____ (Intel Corporation) C:\windows\system32\CustomModeAppv2_0.exe
2015-05-10 12:31 - 2015-05-10 12:31 - 00384104 _____ (Intel Corporation) C:\windows\system32\igfxTray.exe
2015-05-10 12:31 - 2015-05-10 12:31 - 00384000 _____ (Intel Corporation) C:\windows\system32\igfxOSP.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 00376832 _____ (Intel Corporation) C:\windows\system32\IntelOpenCL64.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 00366680 _____ (Intel Corporation) C:\windows\SysWOW64\igdmd32.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 00365568 _____ (Intel Corporation) C:\windows\system32\igdbcl64.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 00320512 _____ (Intel Corporation) C:\windows\SysWOW64\igdbcl32.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 00319080 _____ (Intel Corporation) C:\windows\system32\igfxCUIService.exe
2015-05-10 12:31 - 2015-05-10 12:31 - 00286720 _____ (Intel Corporation) C:\windows\SysWOW64\IntelOpenCL32.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 00280680 _____ (Intel Corporation) C:\windows\SysWOW64\IntelCpHeciSvc.exe
2015-05-10 12:31 - 2015-05-10 12:31 - 00276480 _____ (Intel Corporation) C:\windows\system32\igfxDI.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 00255488 _____ () C:\windows\system32\igfxCPL.cpl
2015-05-10 12:31 - 2015-05-10 12:31 - 00252416 _____ (Intel Corporation) C:\windows\system32\igfxLHM.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 00247400 _____ (Intel Corporation) C:\windows\system32\igfxHK.exe
2015-05-10 12:31 - 2015-05-10 12:31 - 00223232 _____ () C:\windows\system32\igdde64.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 00220160 _____ (Intel Corporation) C:\windows\system32\igfxDTCM.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 00218848 _____ (Intel Corporation) C:\windows\system32\iglhcp64.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 00194664 _____ (Intel Corporation) C:\windows\system32\igfxext.exe
2015-05-10 12:31 - 2015-05-10 12:31 - 00188496 _____ (Intel Corporation) C:\windows\system32\igfxcmrt64.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 00184832 _____ () C:\windows\SysWOW64\igdde32.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 00183840 _____ (Intel Corporation) C:\windows\SysWOW64\iglhcp32.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 00183296 _____ (Intel Corporation) C:\windows\system32\igfxCoIn_v4176.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 00162304 _____ () C:\windows\system32\igdail64.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 00159096 _____ (Intel Corporation) C:\windows\SysWOW64\igfxcmrt32.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 00154728 _____ (Intel Corporation) C:\windows\system32\difx64.exe
2015-05-10 12:31 - 2015-05-10 12:31 - 00143872 _____ () C:\windows\SysWOW64\igdail32.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 00086528 _____ () C:\windows\system32\igfxCUIServicePS.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 00069632 _____ ( ) C:\windows\system32\igfxDHLibv2_0.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 00059392 _____ ( ) C:\windows\system32\igfxDHLib.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 00031448 _____ (Intel Corporation) C:\windows\system32\igfxexps.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 00030720 _____ (Intel Corporation) C:\windows\SysWOW64\igfxexps32.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 00010752 _____ ( ) C:\windows\system32\igfxDILib.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 00010240 _____ ( ) C:\windows\system32\igfxEMLibv2_0.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 00010240 _____ ( ) C:\windows\system32\igfxEMLib.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 00010240 _____ ( ) C:\windows\system32\igfxDILibv2_0.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 00005120 _____ ( ) C:\windows\system32\igfxLHMLibv2_0.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 00005120 _____ ( ) C:\windows\system32\igfxLHMLib.dll
2015-05-10 12:31 - 2015-05-10 12:31 - 00002564 _____ () C:\windows\system32\iglhxs64.vp
2015-05-03 15:20 - 2015-05-03 15:23 - 00000000 ____D () C:\Users\Dumi\AppData\Roaming\Xfire
2015-05-03 15:19 - 2015-05-03 16:09 - 00000000 ____D () C:\ProgramData\Xfire
2015-05-03 15:19 - 2015-05-03 16:07 - 00000000 ____D () C:\Program Files (x86)\Xfire2
2015-05-03 15:19 - 2015-05-03 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xfire
2015-05-03 15:15 - 2015-05-03 15:16 - 16336696 _____ (Xfire, Inc. ) C:\Users\Dumi\Downloads\xfire_installer.exe
2015-05-03 15:15 - 2015-05-03 15:15 - 00000000 ____D () C:\Users\Dumi\AppData\Local\Launcher
2015-05-03 15:15 - 2015-05-03 15:15 - 00000000 ____D () C:\Users\Dumi\AppData\Local\id Software
2015-05-03 15:12 - 2015-05-03 15:12 - 06024320 _____ () C:\Users\Dumi\Downloads\QuakeLiveSetup_841.exe
2015-05-03 15:07 - 2015-05-03 15:07 - 00000885 _____ () C:\Users\Public\Desktop\CPMA.lnk
2015-05-03 15:07 - 2015-05-03 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPMA
2015-05-03 15:04 - 2015-05-03 15:04 - 00000000 ____D () C:\Users\Dumi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Quake III Arena
2015-05-03 15:04 - 2015-05-03 15:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quake III Arena
2015-05-03 15:04 - 1999-12-17 10:13 - 00086016 _____ (MindVision Software) C:\windows\unvise32.exe
2015-05-03 14:49 - 2015-05-03 14:50 - 11613796 _____ (Stripf Software ) C:\Users\Dumi\Downloads\hlsw_1_4_0_2_setup.exe
2015-05-03 14:47 - 2015-05-03 14:47 - 29449725 _____ () C:\Users\Dumi\Downloads\q3pointrelease_132.exe
2015-05-03 14:45 - 2015-05-03 15:13 - 00000000 ____D () C:\games
2015-05-03 14:43 - 2015-05-03 15:03 - 130365331 _____ (CPMDev ) C:\Users\Dumi\Downloads\CPMA148Setup.exe
2015-05-03 14:40 - 2015-05-03 14:41 - 00038023 _____ () C:\Users\Dumi\Downloads\[kickass.to]quake.3.arena.full.torrent
2015-05-01 00:29 - 2015-05-01 02:46 - 00000000 ____D () C:\Users\Dumi\AppData\Roaming\Bioshock
2015-05-01 00:27 - 2015-05-01 00:27 - 00466456 _____ (Creative Labs) C:\windows\system32\wrap_oal.dll
2015-05-01 00:27 - 2015-05-01 00:27 - 00444952 _____ (Creative Labs) C:\windows\SysWOW64\wrap_oal.dll
2015-05-01 00:27 - 2015-05-01 00:27 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\windows\system32\OpenAL32.dll
2015-05-01 00:27 - 2015-05-01 00:27 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\windows\SysWOW64\OpenAL32.dll
2015-05-01 00:27 - 2015-05-01 00:27 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2015-05-01 00:27 - 2013-05-14 16:18 - 00809496 ____R (Creative Labs Inc.) C:\windows\SysWOW64\tmp6093.tmp
2015-05-01 00:27 - 2013-05-14 16:18 - 00809496 ____R (Creative Labs Inc.) C:\windows\SysWOW64\tmp6082.tmp
2015-05-01 00:26 - 2015-05-01 00:26 - 00000000 ____D () C:\Users\Dumi\Documents\Bioshock
2015-05-01 00:26 - 2015-05-01 00:26 - 00000000 ____D () C:\Users\Dumi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BioShock
2015-05-01 00:12 - 2015-05-01 00:26 - 00000000 ____D () C:\Program Files (x86)\BioShock
2015-05-01 00:09 - 2015-05-01 00:09 - 01709792 _____ (Disc Soft Ltd.) C:\Users\Dumi\Downloads\DTLiteInstaller.exe
2015-05-01 00:09 - 2015-05-01 00:09 - 00030352 _____ (Disc Soft Ltd) C:\windows\system32\Drivers\dtlitescsibus.sys
2015-05-01 00:09 - 2015-05-01 00:09 - 00001774 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2015-05-01 00:09 - 2015-05-01 00:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-05-01 00:09 - 2015-05-01 00:09 - 00000000 ____D () C:\Program Files\DAEMON Tools Lite
2015-04-30 18:47 - 2015-04-30 18:47 - 02256896 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2015-04-30 18:47 - 2015-04-30 18:47 - 01943040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2015-04-30 18:47 - 2015-04-30 18:47 - 00080384 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ahcache.sys
2015-04-30 18:47 - 2015-04-30 18:47 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-04-30 18:47 - 2015-04-30 18:47 - 00021504 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2015-04-30 18:46 - 2015-04-30 18:46 - 04417536 _____ (Microsoft Corporation) C:\windows\system32\dbgeng.dll
2015-04-30 18:46 - 2015-04-30 18:46 - 02985984 _____ (Microsoft Corporation) C:\windows\SysWOW64\dbgeng.dll
2015-04-30 18:46 - 2015-04-30 18:46 - 01491456 _____ (Microsoft Corporation) C:\windows\system32\dbghelp.dll
2015-04-30 18:46 - 2015-04-30 18:46 - 01207296 _____ (Microsoft Corporation) C:\windows\SysWOW64\dbghelp.dll
2015-04-30 18:46 - 2015-04-30 18:46 - 00410017 _____ () C:\windows\system32\ApnDatabase.xml
2015-04-30 17:16 - 2015-04-30 17:16 - 00638976 _____ () C:\Users\Dumi\Downloads\Detection.msi
2015-04-29 20:22 - 2015-04-29 20:22 - 00000000 ____D () C:\Users\Dumi\Tracing
2015-04-27 16:26 - 2015-04-27 16:26 - 00000000 ____D () C:\Users\Dumi\Downloads\Fifty.Shades.of.Grey.2015-RARBG._www.ENGSUB.NET
2015-04-27 16:26 - 2015-03-05 09:22 - 00075235 ____N () C:\Users\Dumi\Desktop\Fifty.Shades.of.Grey.1080p.HC.WEBRip.x264.AAC2.0-RARBG.srt
2015-04-27 16:25 - 2015-04-27 16:25 - 00029803 _____ () C:\Users\Dumi\Downloads\Fifty.Shades.of.Grey.2015-RARBG._www.ENGSUB.NET.zip
2015-04-27 16:23 - 2015-04-27 16:23 - 00030276 _____ () C:\Users\Dumi\Downloads\Fifty.Shades.of.Grey.2015.1080p.R6.G2G.fm._www.ENGSUB.NET.zip
2015-04-27 16:23 - 2015-04-27 16:23 - 00029336 _____ () C:\Users\Dumi\Downloads\Fifty.Shades.of.Grey.2015.HDRiP.UNCENSORED.600MB-MMKV._www.ENGSUB.NET.zip
2015-04-27 16:23 - 2015-03-06 13:48 - 00077145 ____N () C:\Users\Dumi\Desktop\Fifty Shades of Grey (2015) 1080p R6 [G2G.fm].srt
2015-04-27 16:22 - 2015-04-27 16:22 - 00029340 _____ () C:\Users\Dumi\Downloads\Fifty.Shades.of.Grey.2015.UNCUT.HC.HDRIP.x264.AC3.TiTAN._www.ENGSUB.NET.zip
2015-04-27 16:18 - 2015-04-27 16:18 - 00029767 _____ () C:\Users\Dumi\Downloads\Fifty.Shades.of.Grey.2015.UNCUT.HC.HDRip.x264.AAC2.0-HP._www.ENGSUB.NET.zip
2015-04-27 16:08 - 2015-04-27 16:08 - 00001178 _____ () C:\Users\Dumi\Desktop\uTorrent.exe - Shortcut.lnk
2015-04-25 21:29 - 2015-04-25 21:29 - 01696256 _____ (Microsoft Corporation) C:\windows\system32\wevtsvc.dll
2015-04-25 21:29 - 2015-04-25 21:29 - 00467776 ____C (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS
2015-04-25 21:29 - 2015-04-25 21:29 - 00430080 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-04-25 21:29 - 2015-04-25 21:29 - 00358912 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-04-25 21:29 - 2015-04-25 21:29 - 00172544 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Input.Inking.dll
2015-04-25 21:29 - 2015-04-25 21:29 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-04-25 21:29 - 2015-04-25 21:29 - 00057856 ____C (Microsoft Corporation) C:\windows\system32\Drivers\bthhfenum.sys
2015-04-25 21:28 - 2015-04-25 21:28 - 04179968 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-04-25 21:28 - 2015-04-25 21:28 - 02162176 _____ (Microsoft Corporation) C:\windows\system32\SRH.dll
2015-04-25 21:28 - 2015-04-25 21:28 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\SRH.dll
2015-04-25 21:28 - 2015-04-25 21:28 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\PhotoMetadataHandler.dll
2015-04-25 21:28 - 2015-04-25 21:28 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\PhotoMetadataHandler.dll
2015-04-25 21:27 - 2015-04-25 21:27 - 00445440 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-04-25 21:27 - 2015-04-25 21:27 - 00324096 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-04-25 21:27 - 2015-04-25 21:27 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\udfs.sys
2015-04-25 21:27 - 2015-04-25 21:27 - 00239424 ____C (Microsoft Corporation) C:\windows\system32\Drivers\sdbus.sys
2015-04-25 21:27 - 2015-04-25 21:27 - 00186368 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll
2015-04-25 21:27 - 2015-04-25 21:27 - 00154432 ____C (Microsoft Corporation) C:\windows\system32\Drivers\dumpsd.sys
2015-04-25 21:26 - 2015-04-25 21:26 - 02819584 _____ (Microsoft Corporation) C:\windows\system32\SettingsHandlers.dll
2015-04-25 21:25 - 2015-04-25 21:25 - 02067968 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-04-25 21:25 - 2015-04-25 21:25 - 01969664 _____ (Microsoft Corporation) C:\windows\SysWOW64\wpdshext.dll
2015-04-21 12:33 - 2015-04-21 12:33 - 00000000 ____D () C:\Users\Dumi\AppData\Local\DFX
2015-04-21 12:32 - 2015-04-21 12:32 - 00001722 _____ () C:\Users\Public\Desktop\DFX.lnk
2015-04-21 12:32 - 2015-04-21 12:32 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Roaming\vlc
2015-04-21 12:32 - 2015-04-21 12:32 - 00000000 ____D () C:\Users\HomeGroupUser$
2015-04-21 12:32 - 2015-04-21 12:32 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\vlc
2015-04-21 12:32 - 2015-04-21 12:32 - 00000000 ____D () C:\Users\Guest
2015-04-21 12:32 - 2015-04-21 12:32 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\vlc
2015-04-21 12:32 - 2015-04-21 12:32 - 00000000 ____D () C:\Users\Administrator
2015-04-21 12:32 - 2015-04-21 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DFX Audio Enhancer
2015-04-21 12:32 - 2015-04-21 12:32 - 00000000 ____D () C:\Program Files (x86)\DFX
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-21 23:28 - 2015-03-28 19:17 - 00020172 _____ () C:\Users\Dumi\Desktop\FRST.txt
2015-05-21 23:27 - 2015-03-28 18:48 - 00000000 ____D () C:\FRST
2015-05-21 23:14 - 2014-12-16 02:57 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-05-21 23:00 - 2014-12-14 15:26 - 00136408 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-21 23:00 - 2013-08-22 18:36 - 00000000 ____D () C:\windows\system32\sru
2015-05-21 22:59 - 2015-03-28 15:43 - 00000000 ____D () C:\AdwCleaner
2015-05-21 22:58 - 2015-04-11 17:01 - 00004972 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for HORTENSIA-Dumi Hortensia
2015-05-21 22:57 - 2014-12-08 17:05 - 00000000 __RDO () C:\Users\Dumi\OneDrive
2015-05-21 22:53 - 2014-09-21 02:09 - 00000000 ____D () C:\windows\Downloaded Installations
2015-05-21 22:53 - 2013-08-22 17:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-05-21 22:51 - 2015-04-12 14:01 - 00000000 ____D () C:\Users\Dumi\AppData\Local\Battle.net
2015-05-21 20:46 - 2014-09-21 01:35 - 01314614 _____ () C:\windows\WindowsUpdate.log
2015-05-21 18:18 - 2014-12-07 10:50 - 00003926 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{8A8E393E-C613-4C71-B9C6-C8A9D7A5DC12}
2015-05-20 11:40 - 2014-12-07 00:13 - 00002212 _____ () C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-05-19 11:45 - 2015-01-19 18:27 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-18 17:05 - 2014-12-07 00:15 - 00000296 _____ () C:\windows\Tasks\Uninstaller_SkipUac_Dumi.job
2015-05-18 16:08 - 2013-08-22 18:36 - 00000000 ____D () C:\windows\Resources
2015-05-18 16:08 - 2013-08-22 16:25 - 00000194 _____ () C:\windows\win.ini
2015-05-18 15:12 - 2015-03-28 15:12 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2015-05-18 15:06 - 2014-12-07 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-18 14:31 - 2015-03-28 16:48 - 00001920 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-05-18 14:21 - 2013-08-22 18:36 - 00000000 ____D () C:\windows\Help
2015-05-18 14:18 - 2014-12-07 10:33 - 00000000 ____D () C:\Users\Dumi\AppData\Local\Packages
2015-05-18 14:17 - 2015-03-28 15:11 - 00000000 ____D () C:\Program Files (x86)\69dc8177-a574-4dff-8461-b3267b078dcf
2015-05-18 13:43 - 2015-02-16 17:03 - 00000921 _____ () C:\Users\Dumi\Desktop\New Text Document (2).txt
2015-05-18 13:02 - 2014-12-12 22:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-18 13:02 - 2014-12-12 22:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-18 12:55 - 2013-08-22 16:25 - 00262144 ___SH () C:\windows\system32\config\BBI
2015-05-18 12:54 - 2013-08-22 18:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-05-18 12:44 - 2015-03-28 14:37 - 00000000 ____D () C:\Users\Dumi\AppData\Roaming\DAEMON Tools Lite
2015-05-18 11:55 - 2014-12-07 00:14 - 00000000 ____D () C:\ProgramData\ProductData
2015-05-18 11:53 - 2014-12-07 13:52 - 88735744 _____ () C:\windows\system32\config\SOFTWARE.iodefrag.bak
2015-05-18 11:53 - 2014-12-07 13:52 - 00294912 _____ () C:\windows\system32\config\DEFAULT.iodefrag.bak
2015-05-18 11:53 - 2014-12-07 13:52 - 00065536 _____ () C:\windows\system32\config\SAM.iodefrag.bak
2015-05-18 11:53 - 2014-12-07 13:52 - 00028672 _____ () C:\windows\system32\config\SECURITY.iodefrag.bak
2015-05-18 11:53 - 2014-12-07 10:32 - 00000000 ____D () C:\Users\Dumi
2015-05-18 03:26 - 2014-12-07 00:14 - 00000260 _____ () C:\windows\Tasks\ASC8_SkipUac_Dumi.job
2015-05-16 17:28 - 2014-12-07 11:14 - 00003892 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 17:28 - 2014-12-07 11:14 - 00003656 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-15 12:42 - 2015-04-12 14:08 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-05-15 11:43 - 2015-03-28 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8
2015-05-14 20:25 - 2015-01-21 19:07 - 00056832 ___SH () C:\Users\Dumi\Desktop\Thumbs.db
2015-05-12 20:50 - 2015-02-16 13:13 - 00000000 ____D () C:\Users\Dumi\AppData\Roaming\vlc
2015-05-12 01:28 - 2013-08-22 18:36 - 00000000 ____D () C:\windows\rescache
2015-05-11 20:58 - 2015-04-12 14:01 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-05-10 12:37 - 2015-03-12 11:55 - 00002187 _____ () C:\Users\Public\Desktop\Driver Booster 2.lnk
2015-05-10 12:36 - 2014-12-07 00:54 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-10 12:35 - 2014-12-16 02:57 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-05-06 20:24 - 2013-08-22 18:20 - 00000000 ____D () C:\windows\CbsTemp
2015-05-04 11:50 - 2013-08-22 17:44 - 00498296 _____ () C:\windows\system32\FNTCACHE.DAT
2015-04-30 17:17 - 2014-12-07 00:58 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2015-04-30 16:34 - 2013-08-22 18:36 - 00000000 ____D () C:\windows\system32\NDF
2015-04-30 16:33 - 2013-08-22 18:36 - 00000000 ____D () C:\windows\tracing
2015-04-30 11:51 - 2014-12-07 17:27 - 00000000 ____D () C:\Users\Dumi\AppData\Roaming\Skype
2015-04-29 20:21 - 2014-12-07 17:10 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-29 20:21 - 2014-12-07 17:10 - 00000000 ____D () C:\ProgramData\Skype
2015-04-25 21:28 - 2014-03-18 12:48 - 02473472 _____ (Microsoft Corporation) C:\windows\SysWOW64\PrintConfig.dll
2015-04-25 21:27 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\AdvancedInstallers
2015-04-25 21:26 - 2013-08-22 18:36 - 00000000 ___RD () C:\windows\ImmersiveControlPanel
 
==================== Files in the root of some directories =======
 
2014-12-07 10:33 - 2014-12-20 00:50 - 0067854 _____ () C:\Users\Dumi\AppData\Local\BTServer.log
2014-09-21 01:29 - 2014-09-21 01:29 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Dumi\AppData\Local\Temp\obexpf.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-18 21:07
 
==================== End of log ============================
 
 
 
 
 
 
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-05-2015
Ran by Dumi at 2015-05-21 23:29:08
Running from C:\Users\Dumi\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2033786156-1746779195-2201224321-500 - Administrator - Disabled)
Dumi (S-1-5-21-2033786156-1746779195-2201224321-1001 - Administrator - Enabled) => C:\Users\Dumi
Guest (S-1-5-21-2033786156-1746779195-2201224321-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2033786156-1746779195-2201224321-1005 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.0.3 - IObit)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BioShock (HKLM-x32\...\BioShock) (Version: 1.1 - 2K Games)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.28.50 - Conexant)
CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0407 - Disc Soft Ltd)
Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.36.00 - Lenovo Inc.) Hidden
DFX (HKLM-x32\...\DFX) (Version: 11.109.0.0 - Power Technology)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Driver Booster 2.2 (HKLM-x32\...\Driver Booster_is1) (Version: 2.2 - IObit)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.21 - Lenovo)
Energy Manager (x32 Version: 1.5.0.21 - Lenovo) Hidden
f.lux (HKU\S-1-5-21-2033786156-1746779195-2201224321-1001\...\Flux) (Version:  - )
Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hightail for Lenovo (HKLM\...\{2F10E937-F6D7-4174-8AB9-B299E8FC5CEC}) (Version: 2.4.97.2857 - Hightail, Inc.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.212 - SurfRight B.V.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4176 - Intel Corporation)
Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.1.5.24 - IObit)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.25.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10270 - Realtek Semiconductor Corp.)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.17.0 - Lenovo)
Lenovo FusionEngine  (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.)
Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo)
Lenovo Mobile Phone Wireless Import (x32 Version: 1.1.1.9 - Lenovo) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2326 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.1.0.2326 - CyberLink Corp.) Hidden
Lenovo PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.2.0.0 - Lenovo)
Lenovo PhoneCompanion (x32 Version: 1.2.0.0 - Lenovo) Hidden
Lenovo Photo Master (HKLM-x32\...\InstallShield_{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.0.1823.01 - CyberLink Corp.)
Lenovo Photo Master (x32 Version: 1.0.1823.01 - CyberLink Corp.) Hidden
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.43.4 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo SHAREit (HKLM-x32\...\Lenovo SHAREit_is1) (Version: 2.0.5.0 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{2F45A217-E9C7-4984-B0AC-5BE31FF4712B}) (Version: 2.4.003.00 - Lenovo Group Limited)
Lenovo Updates (HKLM-x32\...\InstallShield_{A2E1E9F0-0B68-4166-8C7F-85B563B84DF4}) (Version: 1.0.0.65 - Lenovo)
Lenovo Updates (x32 Version: 1.0.0.65 - Lenovo) Hidden
Lenovo VeriFace Pro (HKLM\...\Lenovo VeriFace) (Version: 5.0.14.1061 - Lenovo)
Livestreamer 1.11.1 (HKLM-x32\...\Livestreamer) (Version:  - )
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Metric Collection SDK 35 (x32 Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2033786156-1746779195-2201224321-1001\...\OneDriveSetup.exe) (Version: 17.3.5849.0427 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Quake III Arena Point Release 1.32 (HKLM-x32\...\Quake III Arena Point Release 1.32) (Version:  - )
Quake Live (HKLM-x32\...\Quake Live) (Version:  - id Software)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.805.806.012214 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39053 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0238 - REALTEK Semiconductor Corp.)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.0 - IObit)
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 2.2.0 - IObit)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
System Requirements Lab CYRI (HKLM-x32\...\{1110A014-1471-4B66-BFDC-E8EED120CC59}) (Version: 6.0.20.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{E20B0D88-7D41-4FE8-877B-DB2F893C1504}) (Version: 6.1.4.0 - Husdawg, LLC)
Transformice (HKLM-x32\...\Transformice) (Version: 1.0.0 - UNKNOWN)
Transformice (x32 Version: 1.0.0 - UNKNOWN) Hidden
Unity Web Player (HKU\S-1-5-21-2033786156-1746779195-2201224321-1001\...\UnityWebPlayer) (Version: 5.0.1f1 - Unity Technologies ApS)
UPC Fiber Power Optimizer (HKLM-x32\...\UPC Fiber Power Optimizer) (Version:  - UPC Broadband)
UPC Fiber Power Optimizer (x32 Version: 2.0.0.3 - UPC Broadband) Hidden
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
User Manuals (x32 Version: 3.0.0.3 - Lenovo) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - Lenovo (ACPIVPC) System  (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Xfire 2.0 (HKLM-x32\...\{43ADAE00-A4ED-4379-A76D-A1FF5D9D334A}_is1) (Version: 2.0 - Xfire, Inc.)
Xfire Codec (remove only) (HKLM-x32\...\XfireCodec) (Version:  - )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2033786156-1746779195-2201224321-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2033786156-1746779195-2201224321-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Dumi\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points =========================
 
06-05-2015 20:21:01 Windows Update
10-05-2015 12:30:51 Driver Booster : Adobe Flash Player NPAPI
17-05-2015 14:08:51 Scheduled Checkpoint
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 16:25 - 2013-08-22 16:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0BDEE097-8A36-43E3-8F82-505F96DA1AA6} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-31] (Microsoft Corporation)
Task: {0FDD71FF-2774-4275-8B41-6D82800877E1} - \51202ba7-afb6-4b72-8080-6cb631f1e2cb-7 No Task File <==== ATTENTION
Task: {12970019-8B23-4567-8917-3242C0C49C74} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-31] (Microsoft Corporation)
Task: {18D6CC3B-C505-4B53-AFF1-9C367EFA8644} - \76555d1f-8655-49d3-916d-ae88d15696cb-7 No Task File <==== ATTENTION
Task: {1C751760-832C-4C16-A31F-D8FF553084BE} - \76555d1f-8655-49d3-916d-ae88d15696cb-1-6 No Task File <==== ATTENTION
Task: {23081905-CFAD-4C09-A628-F4C3868ABBB1} - \9587cbaa-083f-4fdc-8214-77a74fb9c0e7-5_user No Task File <==== ATTENTION
Task: {275AEA3A-4BA1-40F3-8297-B34A8D5A62D6} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2033786156-1746779195-2201224321-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {2BA8FDAC-E1FB-4AEF-A683-9690C70667C5} - \temp_e653cf25-f107-4cbe-b8d1-5dadaea354f2-6 No Task File <==== ATTENTION
Task: {3A5C5804-ABA6-42EF-B84F-993A2833C0BC} - \51202ba7-afb6-4b72-8080-6cb631f1e2cb-10_user No Task File <==== ATTENTION
Task: {448AA6FB-D641-4F0B-BCF5-DEECF2A738E1} - \temp_76555d1f-8655-49d3-916d-ae88d15696cb-6 No Task File <==== ATTENTION
Task: {455E58B6-A1A5-42B1-81C3-D8F38D659F45} - \9587cbaa-083f-4fdc-8214-77a74fb9c0e7-6 No Task File <==== ATTENTION
Task: {465E888E-FA32-4BDE-B965-CD5BF2A29314} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {487CC7C1-0E06-4CB2-80F7-CBDBA4686EBD} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-31] (Microsoft Corporation)
Task: {49781A3A-45F6-4162-AABF-BB9A218E3157} - \temp_3c3b847c-ea56-405b-bf47-ebfbdb9daf0b-1-6 No Task File <==== ATTENTION
Task: {49D13931-FC12-4800-B098-1C9F96DAD1DB} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {4BA7F0D6-655C-4503-A492-0D52608B95A7} - \51202ba7-afb6-4b72-8080-6cb631f1e2cb-3 No Task File <==== ATTENTION
Task: {4F7381E5-2542-465F-A4BA-3F0D74CB0228} - \Driver Booster Update No Task File <==== ATTENTION
Task: {55609717-C07C-40D5-8592-38B95E90C2A0} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-10] (Adobe Systems Incorporated)
Task: {59B0CB9F-CBD9-48B5-B334-42B8F6118890} - \9587cbaa-083f-4fdc-8214-77a74fb9c0e7-1-6 No Task File <==== ATTENTION
Task: {5BC2E78F-D281-4D6E-8AD0-D2E75F9274D5} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-07] ()
Task: {5E5AB514-8047-41BA-8B17-A43718FF71BC} - System32\Tasks\Uninstaller_SkipUac_Dumi => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-11-04] (IObit)
Task: {5F7BB063-803F-4907-A988-053788C97822} - \temp_3c3b847c-ea56-405b-bf47-ebfbdb9daf0b-6 No Task File <==== ATTENTION
Task: {5FDF1F4C-0C4F-42BF-A8BF-52DF8EEE9195} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-07] (Google Inc.)
Task: {6224B028-E2C3-4A5D-AE3A-EAE6839B75D3} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2014-12-23] ()
Task: {622DC563-E501-4798-A6E5-5F1A43DBAD00} - \Driver Booster SkipUAC (Dumi) No Task File <==== ATTENTION
Task: {639C083D-ACAA-419D-A647-2592CAE30E14} - \51202ba7-afb6-4b72-8080-6cb631f1e2cb-5 No Task File <==== ATTENTION
Task: {69B6436F-8D9F-45C5-A44D-27143863C856} - \temp_b02f989a-ebeb-478b-ab71-d3d9fb7d9e45-6 No Task File <==== ATTENTION
Task: {6C67C08F-A960-4FCC-8A67-44261F90B257} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-07] (Google Inc.)
Task: {785B5E24-8BA8-4ECA-90E8-9C1AF665C542} - \76555d1f-8655-49d3-916d-ae88d15696cb-5_user No Task File <==== ATTENTION
Task: {7B71FF44-FEF0-42C9-8818-D7D8325C3263} - \SmartDefrag4_Startup No Task File <==== ATTENTION
Task: {7DB61EFA-9934-4780-960B-E7CF9B2B3338} - \76555d1f-8655-49d3-916d-ae88d15696cb-6 No Task File <==== ATTENTION
Task: {82669D45-EA05-4EEB-B743-A87600565AF5} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-31] (Microsoft Corporation)
Task: {831F8E4F-87F2-4D35-A21B-B6C81618E11B} - \temp_9587cbaa-083f-4fdc-8214-77a74fb9c0e7-1-6 No Task File <==== ATTENTION
Task: {878476B9-6D28-4B03-AAFE-7D6E6ECA41F4} - \76555d1f-8655-49d3-916d-ae88d15696cb-1-7 No Task File <==== ATTENTION
Task: {8999B22A-601C-43B7-AAC5-CE7752D746D1} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe [2015-03-03] (IObit)
Task: {8A6641DC-E4B3-4989-86E3-640898298C55} - \temp_e653cf25-f107-4cbe-b8d1-5dadaea354f2-1-6 No Task File <==== ATTENTION
Task: {94F0F125-3F22-4EED-A3B5-30227835C5B1} - \temp_b02f989a-ebeb-478b-ab71-d3d9fb7d9e45-1-6 No Task File <==== ATTENTION
Task: {971B5228-BC47-4F0E-9CBB-82B6F2551E85} - \temp_76555d1f-8655-49d3-916d-ae88d15696cb-1-6 No Task File <==== ATTENTION
Task: {A22B0B8C-7260-49DA-9628-E024F965AF4C} - \9587cbaa-083f-4fdc-8214-77a74fb9c0e7-7 No Task File <==== ATTENTION
Task: {A306336D-1B96-4763-A199-263773E9885A} - \51202ba7-afb6-4b72-8080-6cb631f1e2cb-1-7 No Task File <==== ATTENTION
Task: {A901B7BF-DE1A-49AE-9305-D41965CCA221} - \76555d1f-8655-49d3-916d-ae88d15696cb-5 No Task File <==== ATTENTION
Task: {ADBD9B3C-4590-4DDF-AFD1-68C50A9D3C78} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-05-07] (Lenovo)
Task: {C2474950-BD4C-42C8-8355-788CD54E3157} - \51202ba7-afb6-4b72-8080-6cb631f1e2cb-1-6 No Task File <==== ATTENTION
Task: {C56B0A5E-F2ED-4C8F-91E8-EFD079C7EDA6} - \51202ba7-afb6-4b72-8080-6cb631f1e2cb-6 No Task File <==== ATTENTION
Task: {C959DF2A-925F-4B42-8857-3116CD471F8E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-19] (Microsoft Corporation)
Task: {D2C7E2B5-95A6-41CB-B4EA-41AAE43F0795} - \temp_9587cbaa-083f-4fdc-8214-77a74fb9c0e7-6 No Task File <==== ATTENTION
Task: {DE7E8938-6CAE-45BD-91D6-26FFBAD862EF} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-05-07] ()
Task: {E166238D-5424-481C-9AAD-E2F23532E10F} - \51202ba7-afb6-4b72-8080-6cb631f1e2cb-5_user No Task File <==== ATTENTION
Task: {E52CD799-4592-43E5-967C-170CAA900472} - System32\Tasks\Microsoft Office 15 Sync Maintenance for HORTENSIA-Dumi Hortensia => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation)
Task: {E6C16AA8-3D57-4FF4-9B11-1AFF7C57591A} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [2014-11-07] (IObit)
Task: {E7875FC9-89E8-4373-B871-9098E12D9B33} - \Optimize Start Menu Cache Files-S-1-5-21-2033786156-1746779195-2201224321-500 No Task File <==== ATTENTION
Task: {E7ECD3E9-EFE3-49F3-A1CC-6204FAC61BE3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {EB4205A9-617A-4F57-AC95-E99942EAFDB9} - System32\Tasks\Lenovo\Experience Improvement => C:\Users\Dumi\AppData\Local\Temp\LenovoExperienceImprovement.exe <==== ATTENTION
Task: {EC1EE4A9-C657-409D-B804-FA8243ABF116} - \9587cbaa-083f-4fdc-8214-77a74fb9c0e7-1-7 No Task File <==== ATTENTION
Task: {EC65BE6E-4496-415D-8C17-A1A64D3B0268} - \9587cbaa-083f-4fdc-8214-77a74fb9c0e7-5 No Task File <==== ATTENTION
Task: {EE2BE051-6860-47A5-BA37-1B2456DB4D3C} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-09] (CyberLink Corp.)
Task: {F13C13B5-C4C7-436C-AD14-12C1410216CC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {F74515D9-12EB-41BE-A11A-184DCC4D23EF} - System32\Tasks\ASC8_SkipUac_Dumi => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2014-11-07] (IObit)
Task: {F7D84BFE-CFC9-4312-B0E6-461CC2DF6841} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-05-22] ()
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\ASC8_SkipUac_Dumi.job => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Uninstaller_SkipUac_Dumi.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-05-19 11:42 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-12 20:18 - 2015-01-27 18:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-12-07 00:13 - 2014-07-11 17:04 - 01106720 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe
2015-05-18 14:28 - 2015-05-18 14:29 - 15597714 ____R () D:\Downloads\Hitman Pro 3.7.9 Cracked 32+64-Bit [danhuk]\Hitman Pro 3.7.9 Cracked 32+64-Bit [danhuk].exe
2014-12-07 00:13 - 2013-10-25 13:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\sqlite3.dll
2014-12-07 00:15 - 2014-10-16 11:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2015-05-15 11:43 - 2015-05-07 14:07 - 00348960 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madExcept_.bpl
2015-05-15 11:43 - 2015-05-07 14:07 - 00183584 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madBasic_.bpl
2015-05-15 11:43 - 2015-05-07 14:07 - 00050976 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madDisAsm_.bpl
2015-05-15 11:43 - 2015-05-07 14:07 - 00268920 _____ () C:\Program Files (x86)\IObit\Start Menu 8\sqlite3.dll
2015-05-15 11:43 - 2015-05-07 14:07 - 00053024 _____ () C:\Program Files (x86)\IObit\Start Menu 8\parseAuto.dll
2015-05-15 11:43 - 2015-05-07 14:07 - 00622880 _____ () C:\Program Files (x86)\IObit\Start Menu 8\ProductStatistics.dll
2014-12-07 00:13 - 2013-01-15 19:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madExcept_.bpl
2014-12-07 00:13 - 2013-01-15 19:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madBasic_.bpl
2014-12-07 00:13 - 2013-01-15 19:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madDisAsm_.bpl
2014-12-07 00:13 - 2014-10-16 11:26 - 00622880 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\ProductStatistics.dll
2015-05-15 11:43 - 2015-05-07 14:08 - 00041248 _____ () C:\Program Files (x86)\IObit\Start Menu 8\winkey.dll
2014-12-07 00:14 - 2013-01-15 19:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2014-12-07 00:14 - 2013-01-15 19:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2014-12-07 00:14 - 2013-01-15 19:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2015-05-21 12:35 - 2015-05-13 19:48 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libglesv2.dll
2015-05-21 12:35 - 2015-05-13 19:48 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libegl.dll
2015-05-21 12:35 - 2015-05-13 19:48 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\windows\system32\Drivers\atkomfwp.sys:changelist
AlternateDataStreams: C:\Users\Dumi\OneDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-2033786156-1746779195-2201224321-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2033786156-1746779195-2201224321-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2033786156-1746779195-2201224321-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2033786156-1746779195-2201224321-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2033786156-1746779195-2201224321-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2033786156-1746779195-2201224321-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2033786156-1746779195-2201224321-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2033786156-1746779195-2201224321-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2033786156-1746779195-2201224321-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2033786156-1746779195-2201224321-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2033786156-1746779195-2201224321-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2033786156-1746779195-2201224321-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2033786156-1746779195-2201224321-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2033786156-1746779195-2201224321-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2033786156-1746779195-2201224321-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2033786156-1746779195-2201224321-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2033786156-1746779195-2201224321-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2033786156-1746779195-2201224321-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2033786156-1746779195-2201224321-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2033786156-1746779195-2201224321-1001\...\100sexlinks.com -> 100sexlinks.com
 
There are 4788 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2033786156-1746779195-2201224321-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dumi\Pictures\wallpapers\ageeba_beach_marsa_matrouh_egypt_2560x1600.jpg
DNS Servers: 95.77.94.88 - 78.96.7.88
 
==================== MSCONFIG/TASK MANAGER Error getting ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdvancedSystemCareService8 => 2
MSCONFIG\Services: BTDevManager => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: CxAudMsg => 2
MSCONFIG\Services: ETDService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: ICCS => 3
MSCONFIG\Services: igfxCUIService1.0.0.0 => 2
MSCONFIG\Services: Intel® Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel® Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: Lenovo EasyPlus Hotspot => 3
MSCONFIG\Services: Lenovo System Agent Service => 2
MSCONFIG\Services: LenovoWiFiHotspotSvr => 2
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: LSCWinService => 3
MSCONFIG\Services: LUService => 2
MSCONFIG\Services: PhoneCompanionPusher => 2
MSCONFIG\Services: PhoneCompanionVap => 3
MSCONFIG\Services: RichVideo64 => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: VeriFaceSrv => 2
MSCONFIG\Services: VisualDiscovery => 2
MSCONFIG\Services: YahooAUService => 2
HKLM\...\StartupApproved\Run: => "cAudioFilterAgent"
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "ForteConfig"
HKLM\...\StartupApproved\Run: => "Energy Manager"
HKLM\...\StartupApproved\Run: => "PhoneCompanion"
HKLM\...\StartupApproved\Run: => "Lenovo Utility"
HKLM\...\StartupApproved\Run: => "BtServer"
HKLM\...\StartupApproved\Run: => "RtsFT"
HKLM\...\StartupApproved\Run: => "SmartAudio"
HKLM\...\StartupApproved\Run32: => "UpdateP2GShortCut"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-2033786156-1746779195-2201224321-1001\...\StartupApproved\Run: => "Advanced SystemCare 8"
HKU\S-1-5-21-2033786156-1746779195-2201224321-1001\...\StartupApproved\Run: => "Messenger (Yahoo!)"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{3402D8E8-D35E-4104-9498-3CA3C175367A}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{04EFF46B-4396-448B-AD08-B24F3569D1A1}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{FE07A20C-DAF3-4902-9558-B00EE222F6B3}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{C9549B8B-9A06-40F6-8036-6154FEA3320F}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{A7B9765F-4689-41D5-AD8C-6EAB21514A88}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{36356048-1133-4219-9D81-29CA4049938A}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoPlus.exe
FirewallRules: [{FA855127-2675-4DF3-9392-B36E2DF5158D}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\AdvPhotoEditor\PhotoDirector5.exe
FirewallRules: [{4AB02162-C9F0-4D15-B0C4-2A0F6AE88095}] => (Allow) LPort=55100
FirewallRules: [{641949F7-046C-458D-B831-9B424286C6EE}] => (Allow) C:\Program Files\Lenovo PhotoMasterImport\PhotoMasterImport.exe
FirewallRules: [{CBEEE03C-C685-461D-892C-8439A5E9BAC2}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{D31F921A-D576-4B0A-862E-857E0BB3B7C7}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{03CF86BD-4C1A-4769-B05F-DD81B270A6B6}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [UDP Query User{8CDFB682-8DCB-43FD-9544-7797D9E9C1C5}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [TCP Query User{3B6925B2-169B-4420-97F7-79FD65BDD899}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [UDP Query User{13CED77F-F2D7-4C14-BDB1-FA799281B481}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [{03DF37DA-717C-4115-A4C3-204E00BF8D43}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{D8CC56E6-31C6-4C07-8429-B40A66D10D3E}] => (Allow) C:\Users\Dumi\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{5781D3CB-2E36-4864-8BF7-0C99FCFABD26}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{8F5C8787-B4FC-47EB-A012-5FC12084ED47}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{0E8F9C71-B0C0-4FE0-B04D-A410C03C6F72}C:\users\dumi\documents\desktop\utorrent.exe] => (Block) C:\users\dumi\documents\desktop\utorrent.exe
FirewallRules: [UDP Query User{1F7213ED-8668-4CA9-8E1E-44DD2B8D8C9E}C:\users\dumi\documents\desktop\utorrent.exe] => (Block) C:\users\dumi\documents\desktop\utorrent.exe
FirewallRules: [{44DF8747-61FD-40C1-90E7-F7E480ABFDD2}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{679EED0D-6746-4948-AC5B-88A970BCC347}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{DC24D4D3-1DF1-44E4-910D-8E0A9E8D472E}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{F4897859-A252-4BDE-B882-2E2D9885D854}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [TCP Query User{655A0311-F99C-4993-B6E8-233684E498E7}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{1D9BB935-C5FA-4F6E-8774-BEB2AC18C5EF}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{4449BAAD-660B-40B7-B7FD-A3F27EDEE410}C:\games\quake iii arena\quake3\quake3.exe] => (Allow) C:\games\quake iii arena\quake3\quake3.exe
FirewallRules: [UDP Query User{904677E5-2DE1-4438-AFCB-405450489574}C:\games\quake iii arena\quake3\quake3.exe] => (Allow) C:\games\quake iii arena\quake3\quake3.exe
FirewallRules: [{D86987F5-FABE-4F0D-984D-BF2EBE37BCBC}] => (Block) C:\games\quake iii arena\quake3\quake3.exe
FirewallRules: [{3B3BAD7C-5274-49B9-A051-611EE60517EE}] => (Block) C:\games\quake iii arena\quake3\quake3.exe
FirewallRules: [TCP Query User{4C1F22BD-FB33-477F-87C7-BFD7A6BB6C4C}C:\games\quake iii arena\quake3\cnq3.exe] => (Allow) C:\games\quake iii arena\quake3\cnq3.exe
FirewallRules: [UDP Query User{4835B40A-05A5-4D85-8714-EB81FBD5A448}C:\games\quake iii arena\quake3\cnq3.exe] => (Allow) C:\games\quake iii arena\quake3\cnq3.exe
FirewallRules: [{6E8708B2-1414-48EE-AE62-1F646555B4A7}] => (Block) C:\games\quake iii arena\quake3\cnq3.exe
FirewallRules: [{0B5445CA-D10E-4872-848F-40B5536351B0}] => (Block) C:\games\quake iii arena\quake3\cnq3.exe
FirewallRules: [TCP Query User{7C1F53BE-F5B9-4C4C-9A1C-C7021758D346}C:\program files (x86)\xfire2\xfire.exe] => (Allow) C:\program files (x86)\xfire2\xfire.exe
FirewallRules: [UDP Query User{10CC3F9E-ACD2-427A-BB9A-DE6C824E2C84}C:\program files (x86)\xfire2\xfire.exe] => (Allow) C:\program files (x86)\xfire2\xfire.exe
FirewallRules: [{9679557C-9C83-4C56-804A-B956AA7BCD75}] => (Block) C:\program files (x86)\xfire2\xfire.exe
FirewallRules: [{0A76895A-54AB-4702-80C8-1ABC7FD70A10}] => (Block) C:\program files (x86)\xfire2\xfire.exe
FirewallRules: [TCP Query User{0E96FCC4-014D-410B-9A3B-3842A038946A}C:\users\dumi\appdata\local\id software\quakelive\quakelive.exe] => (Allow) C:\users\dumi\appdata\local\id software\quakelive\quakelive.exe
FirewallRules: [UDP Query User{147AB6D1-6DBD-4E1D-AC1E-976BC9C06B7E}C:\users\dumi\appdata\local\id software\quakelive\quakelive.exe] => (Allow) C:\users\dumi\appdata\local\id software\quakelive\quakelive.exe
FirewallRules: [{88BB7C56-9659-48B1-9E8B-D2B9F32E1865}] => (Block) C:\users\dumi\appdata\local\id software\quakelive\quakelive.exe
FirewallRules: [{F875297C-802A-4442-AC92-1744D528DB7E}] => (Block) C:\users\dumi\appdata\local\id software\quakelive\quakelive.exe
FirewallRules: [{BED013B6-36CC-4A34-BD2B-55E56E8D94D6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/21/2015 11:25:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 11.3.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 8d8
 
Start Time: 01d094043fd81709
 
Termination Time: 0
 
Application Path: C:\Users\Dumi\Desktop\FRST64.exe
 
Report Id: 8c176d33-fff7-11e4-832a-28d244f27523
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (05/21/2015 11:25:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 11.3.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: f20
 
Start Time: 01d094042b63d8b3
 
Termination Time: 21
 
Application Path: C:\Users\Dumi\Desktop\FRST64.exe
 
Report Id: 76078099-fff7-11e4-832a-28d244f27523
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (05/21/2015 10:56:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
 
Error: (05/21/2015 04:25:32 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (05/21/2015 04:16:52 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
 
Error: (05/21/2015 11:57:21 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
 
Error: (05/21/2015 02:48:17 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (05/21/2015 02:48:17 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (05/20/2015 04:11:37 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (05/20/2015 11:40:17 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifest.
 
 
System errors:
=============
Error: (05/21/2015 10:53:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Lock Collate service failed to start due to the following error: 
%%3
 
Error: (05/21/2015 10:53:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Symbol Normal service failed to start due to the following error: 
%%3
 
Error: (05/21/2015 10:52:48 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\windows\system32\Rtlihvs.dll
 
Error: (05/21/2015 10:52:48 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\windows\system32\Rtlihvs.dll
 
Error: (05/21/2015 10:51:58 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\windows\system32\Rtlihvs.dll
 
Error: (05/21/2015 10:51:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (05/21/2015 10:51:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (05/21/2015 10:51:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: 
%%1053
 
Error: (05/21/2015 10:51:40 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
 
Error: (05/21/2015 10:51:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The StartMenu8 Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office:
=========================
Error: (05/21/2015 11:25:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe11.3.2015.08d801d094043fd817090C:\Users\Dumi\Desktop\FRST64.exe8c176d33-fff7-11e4-832a-28d244f27523
 
Error: (05/21/2015 11:25:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe11.3.2015.0f2001d094042b63d8b321C:\Users\Dumi\Desktop\FRST64.exe76078099-fff7-11e4-832a-28d244f27523
 
Error: (05/21/2015 10:56:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
 
Error: (05/21/2015 04:25:32 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (05/21/2015 04:16:52 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
 
Error: (05/21/2015 11:57:21 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
 
Error: (05/21/2015 02:48:17 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (05/21/2015 02:48:17 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid
 
Error: (05/20/2015 04:11:37 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (05/20/2015 11:40:17 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_a9ed7f470139b3c1.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17415_none_6240486fecbd8abb.manifestC:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-05-19 16:49:45.170
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-19 16:49:43.633
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-19 16:49:42.297
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-19 16:49:41.284
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-19 16:49:40.320
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-19 16:49:39.348
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-19 16:49:35.336
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-19 16:49:34.230
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-19 16:49:33.170
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-19 16:49:31.993
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU N2830 @ 2.16GHz
Percentage of memory in use: 69%
Total physical RAM: 3979.21 MB
Available physical RAM: 1214.38 MB
Total Pagefile: 5910.21 MB
Available Pagefile: 2760.09 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:425.38 GB) (Free:358.92 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:3.73 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 60FD6A54)
 
Partition: GPT Partition Type.
 
==================== End of log ============================

 

 

 

 

 

MALWARE BYTES LOG FROM TODAY:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 21/05/2015
Scan Time: 21:44:24
Logfile: asdf.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.05.21.03
Rootkit Database: v2015.05.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Dumi
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 408749
Time Elapsed: 49 min, 18 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
PUP.Optional.AnyProtect, C:\Users\Dumi\AppData\Local\nse8939.tmp, Quarantined, [60e7dcbaec9ee650c537044e52b151af], 
PUP.Optional.AnyProtect, C:\Users\Dumi\AppData\Local\nsz341.tmp, Quarantined, [a4a3b0e6d5b5b28432ca2f23e12207f9], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

Advertisements


#2
Wolffie

Wolffie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts

i managed to get the cracked version for hitmanpro and deleted the threats that were bothering me cause they weren`t detected in malware or adwcleaner

i hope they won`t show up again in later scans, but for now i think i fixed it myself 

here is the log:

 

 

HitmanPro 3.7.9.212
www.hitmanpro.com
 
   Computer name . . . . : HORTENSIA
   Windows . . . . . . . : 6.3.0.9600.X64/2
   User name . . . . . . : HORTENSIA\Dumi
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Paid (255 days left)
 
   Scan date . . . . . . : 2015-05-24 11:45:28
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 6m 58s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 6
   Traces  . . . . . . . : 57
 
   Objects scanned . . . : 1,594,282
   Files scanned . . . . : 32,921
   Remnants scanned  . . : 435,027 files / 1,126,334 keys
 
Malware _____________________________________________________________________
 
   C:\Users\Dumi\AppData\Local\Microsoft\Windows\INetCache\IE\VHMNU1MH\CASrv[1].exe
      Size . . . . . . . : 230,912 bytes
      Age  . . . . . . . : 6.0 days (2015-05-18 12:50:37)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 651D68A6B124FE837A868A66B2CAC1C02BB52FB419E3C77C1EF7D6058EAA6358
      Source URL . . . . : hxxp://d1mdi78qyff344.cloudfront.net/CASrv.exe
    > Bitdefender  . . . : Trojan.GenericKD.2418819
      Fuzzy  . . . . . . : 108.0
 
   C:\Users\Dumi\AppData\Local\Microsoft\Windows\INetCache\IE\VHMNU1MH\VOsrv[1].exe
      Size . . . . . . . : 179,200 bytes
      Age  . . . . . . . : 6.0 days (2015-05-18 12:47:09)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : DF188EAA4EA462A92C7BEA212A9393AF2A42722E8756E69C2F8362EF36E2D734
      Source URL . . . . : hxxp://d1mdi78qyff344.cloudfront.net/VOsrv.exe
    > Bitdefender  . . . : Trojan.GenericKD.2419164
      Fuzzy  . . . . . . : 108.0
 
   C:\Users\Dumi\AppData\Local\Microsoft\Windows\INetCache\IE\ZF8XHVS2\ConvertAdSetup[1].exe
      Size . . . . . . . : 1,424,094 bytes
      Age  . . . . . . . : 6.0 days (2015-05-18 12:50:09)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 4DF6CA7ED732A5297AA9A8409117AD260E304751ECEE4B4AFC75DB24B1CED362
      Source URL . . . . : hxxp://d1mdi78qyff344.cloudfront.net/ConvertAdSetup.exe
    > Bitdefender  . . . : Trojan.GenericKD.2420965
    > Kaspersky  . . . . : Trojan-Downloader.Win32.Genome.rcor
      Fuzzy  . . . . . . : 116.0
 
   C:\Users\Dumi\AppData\Local\Microsoft\Windows\INetCache\IE\ZF8XHVS2\JOSrv[1].exe
      Size . . . . . . . : 212,992 bytes
      Age  . . . . . . . : 6.0 days (2015-05-18 12:47:27)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : 40FBFF6B0FEBD5DCAD64D83ED6CD1BC21CFD0EBEECC8749B2EB7822B27B73527
      Source URL . . . . : hxxp://d1mdi78qyff344.cloudfront.net/JOSrv.exe
    > Bitdefender  . . . : Trojan.GenericKD.2419165
      Fuzzy  . . . . . . : 108.0
 
   C:\Users\Dumi\AppData\Local\Microsoft\Windows\INetCache\IE\ZQQMDUAX\SearchUpdater[1].exe
      Size . . . . . . . : 165,530 bytes
      Age  . . . . . . . : 5.8 days (2015-05-18 15:39:28)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : B4545D3A60EC3616DB2E843187B4651E03BFB951396601A02379DA69B00990D4
      Source URL . . . . : hxxps://s3.amazonaws.com/cf_vopackage/SysInfo/SearchUpdater.exe
    > Kaspersky  . . . . : Trojan-Downloader.Win32.Genome.rcrz
      Fuzzy  . . . . . . : 116.0
      Forensic Cluster
         -47.4s C:\Users\Dumi\AppData\Local\Microsoft\Windows\INetCache\IE\ZF8XHVS2\stats[2].htm
         -47.0s C:\Users\Dumi\AppData\Local\Temp\nsb4515.tmp
         -41.6s C:\Users\Dumi\AppData\Local\Microsoft\Windows\INetCache\IE\ZF8XHVS2\dl[1].htm
         -41.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\70\AD7ADF5A531489CA.dat
         -17.7s C:\Users\Dumi\AppData\Local\Temp\nsgB75F.tmp
         -15.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2C257A1D-2C1C-4B9B-A473-A33CE87E7EA3}
         -8.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\39\A2D002FEC4BC559F.dat
         -8.4s C:\Users\Dumi\AppData\Local\Temp\nsaDBCE.tmp\
         -8.4s C:\Users\Dumi\AppData\Local\Temp\nsaDBCE.tmp\inetc.dll
         -7.0s C:\AdwCleaner\Quarantine\C\Users\Dumi\AppData\Local\Temp\Uninstall.exe.vir
         -6.4s C:\Users\Dumi\AppData\Local\Microsoft\Windows\INetCache\IE\ZF8XHVS2\Validate[2].exe
         -5.1s C:\Users\Dumi\AppData\Local\Temp\nslE8C2.tmp
         -4.6s C:\Users\Dumi\AppData\Local\Microsoft\Windows\INetCache\IE\ZF8XHVS2\install_VO[2].htm
         -4.2s C:\Users\Dumi\AppData\Local\Microsoft\Windows\INetCache\IE\ZF8XHVS2\cmmdWriter[1].exe
          0.0s C:\Users\Dumi\AppData\Local\Microsoft\Windows\INetCache\IE\ZQQMDUAX\SearchUpdater[1].exe
          0.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{024D938E-3FA4-4785-8965-D41F5CD3B50B}
         16.5s C:\Users\Dumi\AppData\Local\Microsoft\Windows\INetCache\IE\VHMNU1MH\analytics[1].htm
         17.2s C:\Users\Dumi\AppData\Local\Microsoft\Windows\INetCache\IE\ZF8XHVS2\face_istartsurf[1].exe
         20.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\31\ECDF7CA69DFA7FA3.dat
         21.3s C:\Windows\Prefetch\NSGF643.TMP-0CA3FD35.pf
         21.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{4D684D04-BCAF-486C-9A39-2C8A751BC8D7}
         21.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{629205B5-4F0F-4D04-A62B-0DC23F93453F}
         22.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\02\23D9091397F9D482.dat
         24.0s C:\Users\Dumi\AppData\Local\Temp\jue5A43.tmp
         25.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\86\3E9E6199D224820A.dat
         31.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{122BB2FC-00CA-498B-B883-3A15B979DA9C}
         32.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{25122127-9C24-4836-8EC4-72E941074289}
         47.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{765A660D-0C33-46B7-83F7-8FC1811BACDB}
 
   C:\Users\Dumi\AppData\Local\Temp\nsqBB37.tmp
      Size . . . . . . . : 1,424,094 bytes
      Age  . . . . . . . : 6.0 days (2015-05-18 12:50:04)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 4DF6CA7ED732A5297AA9A8409117AD260E304751ECEE4B4AFC75DB24B1CED362
      Source URL . . . . : hxxp://d1mdi78qyff344.cloudfront.net/ConvertAdSetup.exe
    > Bitdefender  . . . : Trojan.GenericKD.2420965
    > Kaspersky  . . . . : Trojan-Downloader.Win32.Genome.rcor
      Fuzzy  . . . . . . : 126.0
 
 
Suspicious files ____________________________________________________________
 
   C:\Users\Dumi\AppData\Local\Temp\ICReinstall_nsuF13B.tmp
      Size . . . . . . . : 593,004 bytes
      Age  . . . . . . . : 5.9 days (2015-05-18 14:56:37)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : DAEC838D05617476CEE8F386FE91F054E4DFDED401113E035DE29F13C551438E
      Product  . . . . . :                                                             
      Publisher  . . . . :                                                             
      Description  . . . :                                                             
      Version
      Copyright  . . . . :                                                                                                     
      Source URL . . . . : hxxp://livestatscounter.com/vuupc/dljo.php?r=vu_vo2_&rr=J&sct=AGR&sid=4DC39685-3BB8-11E4-9F6E-28D244F27523&civ=0&pac=AS
      Fuzzy  . . . . . . : 23.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The file is downloaded from the Internet to this computer.
         The file name extension of this program is not common.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -0.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{C7E21593-FB65-42F6-AEBC-990C9E0DF5C7}
          0.0s C:\Users\Dumi\AppData\Local\Temp\ICReinstall_nsuF13B.tmp
          0.0s C:\Users\Dumi\AppData\Local\Temp\is45637729\2108364_stp.CIS
          0.6s C:\Users\Dumi\AppData\Local\Temp\is45637729\2108364_stp.CIS.part
          1.1s C:\Users\Dumi\AppData\Local\Temp\is45637729\2108364_stp\
          1.1s C:\Users\Dumi\AppData\Local\Temp\is45637729\2108364_stp\gvstb.exe
          3.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\34\6F1C4E574F515406.dat
          3.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\81\
          3.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\81\A8B08DDAFBC9FB7D.dat
 
   C:\Users\Dumi\AppData\Local\Temp\ICReinstall_nsv15BE.tmp
      Size . . . . . . . : 593,004 bytes
      Age  . . . . . . . : 5.9 days (2015-05-18 14:09:03)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : DAEC838D05617476CEE8F386FE91F054E4DFDED401113E035DE29F13C551438E
      Product  . . . . . :                                                             
      Publisher  . . . . :                                                             
      Description  . . . :                                                             
      Version
      Copyright  . . . . :                                                                                                     
      Source URL . . . . : hxxp://livestatscounter.com/vuupc/dljo.php?r=vu_vo2_&rr=J&sct=AGR&sid=4DC39685-3BB8-11E4-9F6E-28D244F27523&civ=0&pac=AS
      Fuzzy  . . . . . . : 23.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The file is downloaded from the Internet to this computer.
         The file name extension of this program is not common.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -33.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\10\C235824E5C46A27E.dat
         -2.6s C:\Users\Dumi\AppData\Local\Temp\ish1839750\
         -2.6s C:\Users\Dumi\AppData\Local\Temp\ish1839750\css\
         -2.6s C:\Users\Dumi\AppData\Local\Temp\ish1839750\css\ie6_main.css
         -2.6s C:\Users\Dumi\AppData\Local\Temp\ish1839750\css\main.css
         -2.6s C:\Users\Dumi\AppData\Local\Temp\ish1839750\css\sdk-ui\
         -2.6s C:\Users\Dumi\AppData\Local\Temp\ish1839750\css\sdk-ui\browse.css
         -2.6s C:\Users\Dumi\AppData\Local\Temp\ish1839750\css\sdk-ui\button.css
         -2.5s C:\Users\Dumi\AppData\Local\Temp\ish1839750\css\sdk-ui\checkbox.css
         -2.5s C:\Users\Dumi\AppData\Local\Temp\ish1839750\css\sdk-ui\images\
         -2.5s C:\Users\Dumi\AppData\Local\Temp\ish1839750\css\sdk-ui\images\button-bg.png
         -2.5s C:\Users\Dumi\AppData\Local\Temp\ish1839750\css\sdk-ui\images\progress-bg-corner.png
         -2.5s C:\Users\Dumi\AppData\Local\Temp\ish1839750\css\sdk-ui\images\progress-bg.png
         -2.5s C:\Users\Dumi\AppData\Local\Temp\ish1839750\css\sdk-ui\images\progress-bg2.png
         -2.5s C:\Users\Dumi\AppData\Local\Temp\ish1839750\css\sdk-ui\progress-bar.css
         -2.4s C:\Users\Dumi\AppData\Local\Temp\ish1839750\csshover3.htc
         -2.3s C:\Users\Dumi\AppData\Local\Temp\ish1839750\images\
         -2.3s C:\Users\Dumi\AppData\Local\Temp\ish1839750\images\BG.png
         -2.3s C:\Users\Dumi\AppData\Local\Temp\ish1839750\images\Close.png
         -2.3s C:\Users\Dumi\AppData\Local\Temp\ish1839750\images\Close_Hover.png
         -2.3s C:\Users\Dumi\AppData\Local\Temp\ish1839750\images\Color_Button.png
         -2.3s C:\Users\Dumi\AppData\Local\Temp\ish1839750\images\Color_Button_Hover.png
         -2.3s C:\Users\Dumi\AppData\Local\Temp\ish1839750\images\Grey_Button.png
         -2.3s C:\Users\Dumi\AppData\Local\Temp\ish1839750\images\Grey_Button_Hover.png
         -2.3s C:\Users\Dumi\AppData\Local\Temp\ish1839750\images\Loader.gif
         -2.3s C:\Users\Dumi\AppData\Local\Temp\ish1839750\images\Logo.png
         -2.3s C:\Users\Dumi\AppData\Local\Temp\ish1839750\images\Progress.png
         -2.3s C:\Users\Dumi\AppData\Local\Temp\ish1839750\images\ProgressBar.png
         -2.3s C:\Users\Dumi\AppData\Local\Temp\ish1839750\images\sponsored.png
         -2.3s C:\Users\Dumi\AppData\Local\Temp\ish1839750\locale\
         -2.3s C:\Users\Dumi\AppData\Local\Temp\ish1839750\locale\EN.locale
         -1.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1EAE0BAD-7E79-47EC-B101-B552C9401A79}
          0.0s C:\Users\Dumi\AppData\Local\Temp\ICReinstall_nsv15BE.tmp
          0.1s C:\Users\Dumi\AppData\Local\Temp\is45637729\1842455_stp.CIS
          0.6s C:\Users\Dumi\AppData\Local\Temp\is45637729\1842455_stp.CIS.part
          0.9s C:\Users\Dumi\AppData\Local\Temp\is45637729\1842455_stp\
          0.9s C:\Users\Dumi\AppData\Local\Temp\is45637729\1842455_stp\gvstb.exe
          2.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\38\46209B8439913806.dat
         25.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\78\656AF13F1E170D06.dat
         25.6s C:\AdwCleaner\Quarantine\C\Users\Dumi\Desktop\Continue Live Installation.lnk.vir
         26.8s C:\Users\Dumi\AppData\Local\Temp\is45637729\1842486_stp.CIS
         28.8s C:\Users\Dumi\AppData\Local\Temp\is45637729\1842486_stp.CIS.part
         29.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\46\24B6F9652EE568EA.dat
         29.9s C:\Users\Dumi\AppData\Local\Temp\is45637729\1842486_stp\
         29.9s C:\Users\Dumi\AppData\Local\Temp\is45637729\1842486_stp\sqlite3.dll
         29.9s C:\Users\Dumi\AppData\Local\Temp\is45637729\1842486_stp\icc.dll
         30.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\43\7767FF08B002811F.dat
         31.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\46\24B6F9652EE568EA.dat
         31.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\52\DAA62567DA762FF0.dat
 
   C:\Users\Dumi\AppData\Local\Temp\nsl8852.tmp
      Size . . . . . . . : 233,160 bytes
      Age  . . . . . . . : 5.9 days (2015-05-18 15:04:39)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : 9B5D51B35D8741344F91514DC21DCE842BF5D37F1BB9B2DAF62EAC659F4EC139
      Source URL . . . . : hxxp://secured.westsecurecdn.us/VuuPC_VO2_8907.exe
      Fuzzy  . . . . . . : 26.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The file is downloaded from the Internet to this computer.
         The file name extension of this program is not common.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -35.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\09\1C2CCCF42F809181.dat
         -30.7s C:\Users\Dumi\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\jueBD67.exe.log
         -27.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\99\55A87BD68FFF7897.dat
         -17.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\56\947901CC117832C8.dat
         -13.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{7A811481-1DAC-4606-9D53-3A35FB8455AE}
          0.0s C:\Users\Dumi\AppData\Local\Temp\nsl8852.tmp
          0.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{5A490A6E-0570-4DC6-AB33-F7667369F23D}
          1.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\83\4D09309B4234C6A3.dat
          1.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\95\
          1.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\95\0681A8D8BAE3CA5B.dat
          1.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\86\
          1.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\86\16BEE517B9FCD8D6.dat
          1.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\87\0ED3F3082C89933F.dat
          2.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\14\C6B71B789386820A.dat
          2.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\81\E9AC503E2BABFCAD.dat
          3.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\77\
          3.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\77\F2BF6F55F7404F5D.dat
          4.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\67\5B627F2BF06C33EF.dat
          9.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\51\
          9.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\51\AAE999E5A2B66D7B.dat
         20.7s C:\Users\Dumi\AppData\Local\Temp\nsnD94C.tmp\
         20.8s C:\Users\Dumi\AppData\Local\Temp\nsnD94C.tmp\System.dll
         20.8s C:\Users\Dumi\AppData\Local\Temp\nsnD94C.tmp\nsDialogs.dll
         20.8s C:\Users\Dumi\AppData\Local\Temp\nsnD94C.tmp\header.bmp
         21.1s C:\Users\Dumi\AppData\Local\Temp\nsnD94C.tmp\registry.dll
         21.2s C:\Users\Dumi\AppData\Local\Temp\nsnD94C.tmp\Math.dll
         21.4s C:\Users\Dumi\AppData\Local\Temp\nsnD94C.tmp\blowfish.dll
         21.4s C:\Users\Dumi\AppData\Local\Temp\nsnD94C.tmp\UserInfo.dll
         21.4s C:\Users\Dumi\AppData\Local\Temp\nsnD94C.tmp\GetVersion.dll
         21.7s C:\Users\Dumi\AppData\Local\Temp\nsnD94C.tmp\manlib.dll
         21.9s C:\Users\Dumi\AppData\Local\Temp\nsnD94C.tmp\FirstResult.txt
         24.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{9F77C720-EE34-4743-BCEA-6661D00C0F47}
         26.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\25\A21D9A19DD028A1D.dat
         27.2s C:\Users\Dumi\AppData\Local\Temp\nsnD94C.tmp\SecondResult.txt
         28.1s C:\Users\Dumi\AppData\Local\Temp\nsnD94C.tmp\serlib.dll
         28.1s C:\Users\Dumi\AppData\Local\Temp\nsnD94C.tmp\Offer1.zip
         28.1s C:\Users\Dumi\AppData\Local\Temp\nsnD94C.tmp\Offer2.zip
         28.1s C:\Users\Dumi\AppData\Local\Temp\nsnD94C.tmp\Offer3.zip
         28.3s C:\Users\Dumi\AppData\Local\Temp\nsnD94C.tmp\nsisunz.dll
         28.4s C:\Users\Dumi\AppData\Local\Temp\nsnD94C.tmp\inner.png
         28.4s C:\Users\Dumi\AppData\Local\Temp\nsnD94C.tmp\OfferScreen_456.html
         28.4s C:\Users\Dumi\AppData\Local\Temp\nsnD94C.tmp\OfferScreen_12.html
         28.4s C:\Users\Dumi\AppData\Local\Temp\nsnD94C.tmp\img12_1.jpg
         28.4s C:\Users\Dumi\AppData\Local\Temp\nsnD94C.tmp\logo.png
         28.4s C:\Users\Dumi\AppData\Local\Temp\nsnD94C.tmp\OfferScreen_544.html
         28.4s C:\Users\Dumi\AppData\Local\Temp\nsnD94C.tmp\nsPage_LoadOffer.dll
         29.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\77\C71499B36D38CC61.dat
         29.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{ABDEE86E-9911-4AAA-9EF3-F19CB1C387B8}
         31.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\46\6637EFE54228CC1A.dat
         31.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\98\D9F9905F98D68FEA.dat
         32.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\25\A21D9A19DD028A1D.dat
         32.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\09\86F002DAFCAB919D.dat
         33.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{6140152A-2C29-429A-870C-88F01D508E6A}
         36.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\33\
         36.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\33\BCC1C10BECD8B591.dat
         39.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\85\
         39.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\85\16B0DA15A706CFAD.dat
         46.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\60\
         46.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\60\96F15293080BEF70.dat
         48.2s C:\Users\Dumi\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9A19ADAD9D098E039450ABBEDD5616EB_31E3EC65479421CB4DE847C4916BA1AE
         48.2s C:\Users\Dumi\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9A19ADAD9D098E039450ABBEDD5616EB_31E3EC65479421CB4DE847C4916BA1AE
         53.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\40\713EF710DA23E834.dat
         53.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\40\713EF710DA23E834.dat
         57.5s C:\Windows\Prefetch\7ZA.EXE-A476389E.pf
         57.6s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9A19ADAD9D098E039450ABBEDD5616EB_31E3EC65479421CB4DE847C4916BA1AE
         57.6s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9A19ADAD9D098E039450ABBEDD5616EB_31E3EC65479421CB4DE847C4916BA1AE
         57.8s C:\Users\Dumi\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\utilEduApp.exe.log
         58.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\35\41EFF7392889B6CB.dat
         60.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\56\2682DBE0E86CD520.dat
         72.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\56\EC5B7830177DB520.dat
 
   C:\Users\Dumi\AppData\Local\Temp\nsuF13B.tmp
      Size . . . . . . . : 593,004 bytes
      Age  . . . . . . . : 5.9 days (2015-05-18 14:55:16)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : DAEC838D05617476CEE8F386FE91F054E4DFDED401113E035DE29F13C551438E
      Product  . . . . . :                                                             
      Publisher  . . . . :                                                             
      Description  . . . :                                                             
      Version
      Copyright  . . . . :                                                                                                     
      Source URL . . . . : hxxp://livestatscounter.com/vuupc/dljo.php?r=vu_vo2_&rr=J&sct=AGR&sid=4DC39685-3BB8-11E4-9F6E-28D244F27523&civ=0&pac=AS
      Fuzzy  . . . . . . : 23.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The file is downloaded from the Internet to this computer.
         The file name extension of this program is not common.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
 
   C:\Users\Dumi\AppData\Local\Temp\nsv15BE.tmp
      Size . . . . . . . : 593,004 bytes
      Age  . . . . . . . : 5.9 days (2015-05-18 14:07:56)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : DAEC838D05617476CEE8F386FE91F054E4DFDED401113E035DE29F13C551438E
      Product  . . . . . :                                                             
      Publisher  . . . . :                                                             
      Description  . . . :                                                             
      Version
      Copyright  . . . . :                                                                                                     
      Source URL . . . . : hxxp://livestatscounter.com/vuupc/dljo.php?r=vu_vo2_&rr=J&sct=AGR&sid=4DC39685-3BB8-11E4-9F6E-28D244F27523&civ=0&pac=AS
      Fuzzy  . . . . . . : 23.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The file is downloaded from the Internet to this computer.
         The file name extension of this program is not common.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
 
   C:\Users\Dumi\AppData\Local\Temp\nsv8C6D.tmp
      Size . . . . . . . : 482,263 bytes
      Age  . . . . . . . : 6.0 days (2015-05-18 12:47:41)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : AEDDD5A97384128858DAE75228E486C08D3BAFA078311F4B40E0817FF28A0048
      Version  . . . . . : 1.0.0.0
      Source URL . . . . : hxxp://d1mdi78qyff344.cloudfront.net/WinCheckSetup.exe
      Fuzzy  . . . . . . : 23.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The file is downloaded from the Internet to this computer.
         The file name extension of this program is not common.
         Authors name is missing in version info. This is not common to most programs.
         Time indicates that the file appeared recently on this computer.
 
   C:\Users\Dumi\AppData\Local\Temp\RarSFX0\HitmanPro 3.7.9 (32bit)\HitmanPro.exe
      Size . . . . . . . : 9,988,304 bytes
      Age  . . . . . . . : 0.0 days (2015-05-24 11:44:56)
      Entropy  . . . . . : 7.3
      SHA-256  . . . . . : B6020675DAC33D4A47996DB5BAF90FFE7A4A541B9711A55E7E03CD92DDE864ED
      Product  . . . . . : HitmanPro
      Publisher  . . . . : SurfRight B.V.
      Description  . . . : HitmanPro 3.7
      Version  . . . . . : 3.7.9.212
      Copyright  . . . . : © 2013 SurfRight B.V.
      RSA Key Size . . . : 2048
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 24.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -18.5s C:\Windows\Prefetch\DLLHOST.EXE-BBBF6624.pf
         -15.0s C:\Windows\Prefetch\RUNDLL32.EXE-62A89ACB.pf
         -2.7s C:\Users\Dumi\AppData\Local\Temp\RarSFX0\
         -2.7s C:\Users\Dumi\AppData\Local\Temp\RarSFX0\info.nfo
         -2.7s C:\Users\Dumi\AppData\Local\Temp\RarSFX0\autorun.inf
         -2.4s C:\Users\Dumi\AppData\Local\Temp\RarSFX0\DANHUK.exe
         -0.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E1D326AC-1EB0-44CC-8304-C345D5C85BE5}
          0.0s C:\Users\Dumi\AppData\Local\Temp\RarSFX0\HitmanPro 3.7.9 (32bit)\
          0.0s C:\Users\Dumi\AppData\Local\Temp\RarSFX0\HitmanPro 3.7.9 (32bit)\HitmanPro.exe
          1.6s C:\Windows\Prefetch\DLLHOST.EXE-D3DC04E9.pf
          4.4s C:\Windows\Prefetch\AUDIODG.EXE-856E5CA0.pf
          5.9s C:\Users\Dumi\AppData\Local\Temp\RarSFX0\HitmanPro 3.7.9 (64bit)\
          5.9s C:\Users\Dumi\AppData\Local\Temp\RarSFX0\HitmanPro 3.7.9 (64bit)\HitmanPro_x64.exe
          8.2s C:\Users\Dumi\AppData\Local\Temp\RarSFX0\HitmanPro 3.7.9 (32bit)\100.ico
          8.3s C:\Users\Dumi\AppData\Local\Temp\RarSFX0\autorun.ico
          8.3s C:\Users\Dumi\AppData\Local\Temp\RarSFX0\hitmanscn.png
          8.3s C:\Users\Dumi\AppData\Local\Temp\RarSFX0\hitmanscn1.png
          8.3s C:\Users\Dumi\AppData\Local\Temp\RarSFX0\images\
          8.3s C:\Users\Dumi\AppData\Local\Temp\RarSFX0\images\hitmanscn1.png
          8.3s C:\Users\Dumi\AppData\Local\Temp\RarSFX0\images\Image 3696x1080.png
         10.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{DEF705CD-235A-4316-8934-6B54EDD7B1D8}
         11.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{CDE4670F-0FF0-4A84-A302-186F3F2DDE83}
 
 
Potential Unwanted Programs _________________________________________________
 
   HKLM\SOFTWARE\Classes\Interface\{47D25BF1-717C-4677-ADF0-75682D690204}\ (EduApp)
   HKLM\SOFTWARE\Classes\TypeLib\{1317E5F7-3ACF-4D74-A9AE-4CE526026E3F}\ (EduApp)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}\ (GlobalUpdate)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}\ (GlobalUpdate)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}\ (GlobalUpdate)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}\ (GlobalUpdate)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}\ (GlobalUpdate)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}\ (GlobalUpdate)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}\ (GlobalUpdate)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}\ (GlobalUpdate)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}\ (GlobalUpdate)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}\ (GlobalUpdate)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}\ (GlobalUpdate)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}\ (GlobalUpdate)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}\ (GlobalUpdate)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}\ (GlobalUpdate)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}\ (GlobalUpdate)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{A6D54287-7939-466A-8579-92546D946C8C}\ (GlobalUpdate)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}\ (GlobalUpdate)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}\ (GlobalUpdate)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}\ (GlobalUpdate)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}\ (GlobalUpdate)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}\ (GlobalUpdate)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}\ (GlobalUpdate)
   HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{1317E5F7-3ACF-4D74-A9AE-4CE526026E3F}\ (EduApp)
   HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ (QVO6)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ (QVO6)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}\ (DomalQ)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}\ (DomalQ)
   HKLM\SYSTEM\ControlSet001\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}\ (ShopperPro)
   HKLM\SYSTEM\ControlSet001\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}\ (ShopperPro)
   HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}\ (ShopperPro)
   HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}\ (ShopperPro)
   HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_\ (Crossrider)
   HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_\ (Crossrider)
   HKU\S-1-5-21-2033786156-1746779195-2201224321-1001\Software\Classes\*\ShellEx\ContextMenuHandlers\SysMenuExt\ (YTDownloader)
   HKU\S-1-5-21-2033786156-1746779195-2201224321-1001_Classes\*\ShellEx\ContextMenuHandlers\SysMenuExt\ (YTDownloader)
 
Cookies _____________________________________________________________________
 
   C:\Users\Dumi\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Dumi\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Dumi\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
   C:\Users\Dumi\AppData\Local\Google\Chrome\User Data\Default\Cookies:lintv.122.2o7.net
   C:\Users\Dumi\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Dumi\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\Dumi\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
 
 

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP