biadu antivirus removal help

flutered · 03-01-2016 5:14pm #1

guys i need your help to remove this, its uninstaller will not work, 10bit the same, i went into task master and tried from there windows removal tool hits a wall, they all give the impression it is gone but no, via taskmaster it tells me i cannot remove it, thanks in advance

jsa112 · 03-01-2016 6:03pm

run adwcleaner and post its log

http://www.bleepingcomputer.com/download/adwcleaner/

flutered · 03-01-2016 7:07pm

i am not very tech minded, i have both a zip file and a copy of the log on my desktop, how do i transfer them, as they will not copy and paste, thanks

jsa112 · 03-01-2016 7:09pm

can you attach the log here instead ?

click the full reply mode and you should see an attach button near the top of the reply box

flutered · 03-01-2016 7:48pm

hopefully

jsa112 · 03-01-2016 8:01pm

baidu still there ? if so do this

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Quick Scan button. Do not change any settings. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files here

flutered · 03-01-2016 10:27pm

sorry mate i cannot get it to upload, it says it is, it has but it never does

flutered · 03-01-2016 10:31pm

PRC - [2015/04/29 17:08:28 | 001,595,056 | ---- | M] (Kingsoft Corporation) -- C:\Program Files (x86)\Kingsoft\kingsoft antivirus\kxetray.exe PRC - [2015/04/29 17:08:28 | 000,123,992 | ---- | M] (Kingsoft Corporation) -- c:\Program Files (x86)\Kingsoft\kingsoft antivirus\kxescore.exe PRC - [2015/04/29 17:08:28 | 000,049,528 | ---- | M] (Kingsoft Corporation) -- c:\Program Files (x86)\Kingsoft\kingsoft antivirus\kupdata.exe PRC - [2014/12/17 12:15:28 | 000,208,928 | ---- | M] (Baidu, Inc.) -- C:\Program Files (x86)\Baidu Security\MoboMarket\1.2.8.4379\bassvc.exe PRC - [2014/12/17 12:15:22 | 002,201,632 | ---- | M] (Baidu, Inc.) -- C:\Program Files (x86)\Baidu Security\MoboMarket\1.2.8.4379\bas_helper.exe PRC - [2010/11/20 04:17:56 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe ========== Modules (No Company Name) ========== MOD - [2015/12/30 12:28:14 | 000,521,016 | ---- | M] () -- C:\Program Files (x86)\baidu\Baidu Browser\xnet.dll MOD - [2015/12/30 12:28:13 | 001,281,848 | ---- | M] () -- C:\Program Files (x86)\baidu\Baidu Browser\libglesv2.dll MOD - [2015/12/30 12:28:13 | 000,983,352 | ---- | M] () -- C:\Program Files (x86)\baidu\Baidu Browser\spark.exe MOD - [2015/12/30 12:28:13 | 000,276,792 | ---- | M] () -- C:\Program Files (x86)\baidu\Baidu Browser\p2squery.dll MOD - [2015/12/30 12:28:13 | 000,116,024 | ---- | M] () -- C:\Program Files (x86)\baidu\Baidu Browser\sparksafe.dll MOD - [2015/12/30 12:28:13 | 000,080,696 | ---- | M] () -- C:\Program Files (x86)\baidu\Baidu Browser\libegl.dll MOD - [2015/12/30 12:28:10 | 001,018,168 | ---- | M] () -- C:\Program Files (x86)\baidu\Baidu Browser\bdxui.dll MOD - [2015/12/30 12:28:10 | 000,581,432 | ---- | M] () -- C:\Program Files (x86)\baidu\Baidu Browser\bdstatreport.dll MOD - [2015/12/30 12:28:10 | 000,430,904 | ---- | M] () -- C:\Program Files (x86)\baidu\Baidu Browser\bdminiopenssl.dll MOD - [2015/12/30 12:28:10 | 000,410,936 | ---- | M] () -- C:\Program Files (x86)\baidu\Baidu Browser\bdxctrl.dll MOD - [2015/12/30 12:28:10 | 000,321,848 | ---- | M] () -- C:\Program Files (x86)\baidu\Baidu Browser\bdaccount.dll MOD - [2015/12/30 12:28:10 | 000,219,448 | ---- | M] () -- C:\Program Files (x86)\baidu\Baidu Browser\bdbrowsertray.dll MOD - [2015/10/28 21:00:28 | 004,932,688 | ---- | M] () -- C:\Free Download Manager\fdmbtsupp.dll MOD - [2015/05/16 18:18:57 | 000,085,816 | ---- | M] () -- C:\Users\winuser\AppData\Roaming\Baidu\Spark\SysData\ExtApp\SnapImg\SnapImg.dll MOD - [2015/05/15 03:09:37 | 000,277,488 | ---- | M] () -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Pulgin_Dark_DeleteFileTip.dll MOD - [2014/12/17 12:16:00 | 000,141,856 | ---- | M] () -- C:\Program Files (x86)\Baidu Security\MoboMarket\1.2.8.4379\zlib1.dll MOD - [2014/12/17 12:15:52 | 002,257,952 | ---- | M] () -- C:\Program Files (x86)\Baidu Security\MoboMarket\1.2.8.4379\skiax.dll ========== Services (SafeList) ========== SRV:64bit: - [2015/11/08 22:01:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:64bit: - [2014/07/22 23:31:23 | 000,172,344 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE) SRV:64bit: - [2013/12/20 18:13:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2015/12/30 12:28:13 | 000,097,080 | ---- | M] (Baidu Inc.) [Auto | Running] -- C:\Program Files (x86)\baidu\Baidu Browser\sparkservice.exe -- (SparkSvc) SRV - [2015/11/22 19:42:21 | 000,147,624 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2015/10/19 18:53:04 | 000,339,968 | ---- | M] (Popcorn Time) [Auto | Running] -- C:\Program Files (x86)\Popcorn Time\Updater.exe -- (Update service) SRV - [2015/10/05 08:48:46 | 001,135,416 | ---- | M] (Malwarebytes) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2015/06/30 23:30:40 | 000,115,936 | ---- | M] (Cloud Engines) [Auto | Running] -- C:\Program Files (x86)\PogoplugBackup\dokanmnt.exe -- (DokanCEMounter) SRV - [2015/06/23 18:24:35 | 000,268,464 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2015/06/11 15:36:48 | 000,233,472 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EagleGet\EGMonitor.exe -- (egGetSvc) SRV - [2015/05/15 03:09:50 | 002,572,928 | ---- | M] (Baidu, Inc.) [Auto | Running] -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe -- (BavSvc) SRV - [2015/05/15 03:09:23 | 000,531,232 | ---- | M] (Baidu, Inc.) [Auto | Running] -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe -- (BHipsSvc) SRV - [2015/04/29 17:08:28 | 000,123,992 | ---- | M] (Kingsoft Corporation) [Auto | Running] -- c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe -- (kxescore) SRV - [2015/04/03 03:38:25 | 001,370,424 | ---- | M] (Baidu.com, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\baidu\SparkUpdate\Sparkupdate.exe -- (SparkUpdater) SRV - [2015/03/05 05:12:04 | 000,490,528 | ---- | M] (Baidu, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdSandboxSrv64.exe -- (BdSandboxSrv) SRV - [2014/12/19 07:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2014/12/17 12:15:28 | 000,208,928 | ---- | M] (Baidu, Inc.) [Auto | Running] -- C:\Program Files (x86)\Baidu Security\MoboMarket\1.2.8.4379\bassvc.exe -- (BASSVC) SRV - [2014/10/08 17:18:56 | 000,211,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2014/10/08 17:18:50 | 000,534,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2014/04/11 22:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2014/03/20 22:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2013/12/17 07:49:08 | 000,374,600 | ---- | M] (Privacyware/PWI, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe -- (PFNet) SRV - [2007/12/17 03:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007/01/11 03:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [On_Demand | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) ========== Driver Services (SafeList) ========== DRV:64bit: - [2016/01/02 17:45:33 | 000,041,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37) DRV:64bit: - [2015/12/31 17:36:07 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2015/10/05 08:50:18 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl) DRV:64bit: - [2015/10/05 08:50:06 | 000,025,816 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2015/05/15 03:09:47 | 000,078,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bdark64.sys -- (bdark64) DRV:64bit: - [2015/05/15 03:09:46 | 000,485,672 | ---- | M] (Baidu, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bndef64.sys -- (Bndef) DRV:64bit: - [2015/05/15 03:09:46 | 000,062,792 | ---- | M] (Baidu, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bnbasex64.sys -- (Bnbase) DRV:64bit: - [2015/05/15 03:09:42 | 000,038,344 | ---- | M] (Baidu, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\Bfmon.sys -- (Bfmon) DRV:64bit: - [2015/05/15 03:09:41 | 000,062,920 | ---- | M] (Baidu, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\Bfilter.sys -- (Bfilter) DRV:64bit: - [2015/05/15 03:09:40 | 000,169,416 | ---- | M] (Baidu, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Bprotect.sys -- (Bprotect) DRV:64bit: - [2015/05/09 15:11:12 | 000,070,952 | ---- | M] (Baidu, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Bhbase.sys -- (Bhbase) DRV:64bit: - [2015/05/04 20:47:40 | 000,077,112 | ---- | M] (eagleGet) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\eagleGet.sys -- (eagleGet) DRV:64bit: - [2015/04/29 17:08:29 | 000,210,296 | ---- | M] (Kingsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\kisknl.sys -- (kisknl) DRV:64bit: - [2015/04/29 17:08:29 | 000,031,848 | ---- | M] (Kingsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kavbootc64.sys -- (kavbootc) DRV:64bit: - [2015/03/31 06:22:56 | 000,093,512 | ---- | M] (Baidu, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BprotectEx.sys -- (BprotectEx) DRV:64bit: - [2015/03/05 05:12:10 | 000,236,920 | ---- | M] (Baidu, Inc.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BdSandbox.sys -- (BdSandbox) DRV:64bit: - [2014/12/29 19:17:34 | 000,039,616 | ---- | M] (Connectify) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901cn.sys -- (tap0901cn) DRV:64bit: - [2014/10/08 17:18:56 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvolwin7.sys -- (Sftvol) DRV:64bit: - [2014/10/08 17:18:54 | 000,029,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirwin7.sys -- (Sftredir) DRV:64bit: - [2014/10/08 17:18:52 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaywin7.sys -- (Sftplay) DRV:64bit: - [2014/10/08 17:18:50 | 000,767,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfswin7.sys -- (Sftfs) DRV:64bit: - [2013/12/20 19:12:36 | 013,259,776 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2013/12/20 17:41:16 | 000,625,152 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2013/10/02 02:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2013/09/29 20:24:02 | 000,133,152 | ---- | M] (Privacyware/PWI, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pwipf6.sys -- (pwipf6) DRV:64bit: - [2013/06/28 20:37:46 | 002,259,248 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2013/02/12 04:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/07/22 16:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV:64bit: - [2011/07/12 21:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/01/07 02:20:22 | 000,448,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187.sys -- (RTL8187) DRV:64bit: - [2009/09/28 08:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 20:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2015/09/28 08:29:20 | 000,026,528 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS -- (HWiNFO32) DRV - [2015/06/30 23:30:40 | 000,072,416 | ---- | M] (Cloud Engines) [File_System | Auto | Running] -- C:\Program Files (x86)\PogoplugBackup\dokance.sys -- (DokanCEDriver) DRV - [2015/05/15 03:09:49 | 000,082,376 | ---- | M] (Baidu, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Bnmon64.sys -- (Bnmon) DRV - [2015/05/15 03:09:45 | 000,025,032 | ---- | M] (Baidu, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys -- (BdCameraProtect) DRV - [2015/05/15 03:09:44 | 000,116,936 | ---- | M] (Baidu, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys -- (BdApiUtil) DRV - [2015/04/29 17:08:29 | 000,164,696 | ---- | M] (Kingsoft Corporation) [Kernel | System | Running] -- c:\Program Files (x86)\Kingsoft\kingsoft antivirus\security\kxescan\kdhacker64.sys -- (KDHacker) DRV - [2015/04/29 17:08:28 | 000,018,296 | ---- | M] (Kingsoft Corporation) [Kernel | Disabled | Running] -- C:\Program Files (x86)\Kingsoft\kingsoft antivirus\kusbquery64.sys -- (KUsbGuard) DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 IE:64bit: - HKLM\..\SearchScopes\OldSearch: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-ie/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1D D2 AD 2C B9 82 D0 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 IE - HKCU\..\SearchScopes\OldSearch: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.countryCode: "IE" FF - prefs.js..browser.search.region: "IE" FF - prefs.js..browser.search.searchengine.alias: "yoursearching" FF - prefs.js..browser.search.searchengine.desc: "this is my first firefox searchEngine" FF - prefs.js..browser.search.searchengine.name: "yoursearching" FF - prefs.js..browser.search.searchengine.ptid: "obw" FF - prefs.js..browser.search.searchengine.uid: "HITACHIXHUA721010KLA330_PBHU5XEE" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledAddons: deskCutv2%40gmail.com:0.1.13 FF - prefs.js..extensions.enabledAddons: yahooprotected%40gmail.com:1.0.1.1042 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:42.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.45.2: C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.45.2: C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\eagleget.com/EagleGet32: C:\Program Files (x86)\EagleGet\npEagleget.dll (EagleGet) FF - HKCU\Software\MozillaPlugins\eagleget.com/EagleGet64_x86_64: C:\Program Files (x86)\EagleGet\npEagleget64.dll (EagleGet) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 42.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 42.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.39\extensions\\Components: C:\Program Files (x86)\SeaMonkey\components [2016/01/02 17:21:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.39\extensions\\Plugins: C:\Program Files (x86)\SeaMonkey\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\fdm_ffext@freedownloadmanager.org: C:\Free Download Manager\Firefox\Extension [2016/01/03 20:57:10 | 000,000,000 | ---D | M] [2015/08/14 11:58:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\winuser\AppData\Roaming\Mozilla\Extensions [2015/12/31 16:56:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\winuser\AppData\Roaming\Mozilla\Firefox\Profiles\0augc1ib.default\extensions [2016/01/03 20:42:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\winuser\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ctong26e.default\extensions [2015/11/22 19:42:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2016/01/01 12:25:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2015/12/27 19:51:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions [2016/01/01 12:25:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} File not found (No name found) -- C:\USERS\WINUSER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0AUGC1IB.DEFAULT\EXTENSIONS\DESKCUTV2@GMAIL.COM File not found (No name found) -- C:\USERS\WINUSER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0AUGC1IB.DEFAULT\EXTENSIONS\YAHOOPROTECTED@GMAIL.COM O1 HOSTS File: ([2016/01/01 16:09:35 | 000,003,466 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 0.0.0.0 statsfe2.update.microsoft.com.akadns.net O1 - Hosts: 0.0.0.0 fe2.update.microsoft.com.akadns.net O1 - Hosts: 0.0.0.0 s0.2mdn.net O1 - Hosts: 0.0.0.0 survey.watson.microsoft.com O1 - Hosts: 0.0.0.0 view.atdmt.com O1 - Hosts: 0.0.0.0 watson.microsoft.com O1 - Hosts: 0.0.0.0 watson.ppe.telemetry.microsoft.com O1 - Hosts: 0.0.0.0 vortex.data.microsoft.com O1 - Hosts: 0.0.0.0 vortex-win.data.microsoft.com O1 - Hosts: 0.0.0.0 telecommand.telemetry.microsoft.com O1 - Hosts: 0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net O1 - Hosts: 0.0.0.0 oca.telemetry.microsoft.com O1 - Hosts: 0.0.0.0 sqm.telemetry.microsoft.com O1 - Hosts: 0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net O1 - Hosts: 0.0.0.0 watson.telemetry.microsoft.com O1 - Hosts: 0.0.0.0 watson.telemetry.microsoft.com.nsatc.net O1 - Hosts: 0.0.0.0 redir.metaservices.microsoft.com O1 - Hosts: 0.0.0.0 choice.microsoft.com O1 - Hosts: 0.0.0.0 choice.microsoft.com.nsatc.net O1 - Hosts: 0.0.0.0 wes.df.telemetry.microsoft.com O1 - Hosts: 0.0.0.0 services.wes.df.telemetry.microsoft.com O1 - Hosts: 0.0.0.0 sqm.df.telemetry.microsoft.com O1 - Hosts: 0.0.0.0 telemetry.microsoft.com O1 - Hosts: 0.0.0.0 telemetry.appex.bing.net O1 - Hosts: 48 more lines... O2 - BHO: (EGet Class) - {1E871FF8-029C-4732-8AA7-39E3D3872057} - C:\Program Files (x86)\EagleGet\eagleSniffer.dll (EagleGet.com) O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG) O4 - HKLM..\Run: [Ad Muncher] C:\Program Files (x86)\Ad Muncher\AdMunch.exe (Murray Hurps Software Pty Ltd) O4 - HKLM..\Run: [Baidu Antivirus] C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe (Baidu, Inc.) O4 - HKLM..\Run: [kxesc] c:\program files (x86)\kingsoft\kingsoft antivirus\kxetray.exe (Kingsoft Corporation) O4 - HKLM..\Run: [Privatefirewall] C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe (Privacyware/PWI, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8:64bit: - Extra context menu item: Download all links with EagleGet - C:\Program Files (x86)\EagleGet\IEGraberBHO.dll (EagleGet.com) O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Free Download Manager\dlall.htm () O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Free Download Manager\dlselected.htm () O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Free Download Manager\dlfvideo.htm () O8:64bit: - Extra context menu item: Download with EagleGet - C:\Program Files (x86)\EagleGet\IEGraberBHO.dll (EagleGet.com) O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Free Download Manager\dllink.htm () O8 - Extra context menu item: Download all links with EagleGet - C:\Program Files (x86)\EagleGet\IEGraberBHO.dll (EagleGet.com) O8 - Extra context menu item: Download all with Free Download Manager - C:\Free Download Manager\dlall.htm () O8 - Extra context menu item: Download selected with Free Download Manager - C:\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Download video with Free Download Manager - C:\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Download with EagleGet - C:\Program Files (x86)\EagleGet\IEGraberBHO.dll (EagleGet.com) O8 - Extra context menu item: Download with Free Download Manager - C:\Free Download Manager\dllink.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: hola.org ([]http in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{815C647A-859B-4948-A0C8-45A54C64AC70}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FC2C987-DE2B-4957-9D11-45B98D0A7EE1}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FC2C987-DE2B-4957-9D11-45B98D0A7EE1}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE5D5A9E-C1DA-4F32-BEEE-7E8E003895E7}: DhcpNameServer = 192.168.0.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{391f5b17-a4b7-11e4-a801-002511a29cc9}\Shell - "" = AutoRun O33 - MountPoints2\{391f5b17-a4b7-11e4-a801-002511a29cc9}\Shell\AutoRun\command - "" = H:\DriverPackSolution.exe O33 - MountPoints2\{67701ae6-1045-11e5-a01c-7cdd905f62b1}\Shell - "" = AutoRun O33 - MountPoints2\{67701ae6-1045-11e5-a01c-7cdd905f62b1}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{f53e68a3-514c-11e5-b2b6-90fba600b44d}\Shell - "" = AutoRun O33 - MountPoints2\{f53e68a3-514c-11e5-b2b6-90fba600b44d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2016/01/03 21:04:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\winuser\Desktop\OTL.exe [2016/01/03 21:02:14 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeDownloadManager.ORG [2016/01/03 21:02:13 | 000,000,000 | ---D | C] -- C:\Users\winuser\AppData\Roaming\FreeDownloadManager.ORG [2016/01/03 21:02:13 | 000,000,000 | ---D | C] -- C:\Users\winuser\AppData\Roaming\Free Download Manager [2016/01/03 20:57:08 | 000,000,000 | ---D | C] -- C:\Free Download Manager [2016/01/03 18:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad Muncher [2016/01/03 18:08:35 | 000,560,760 | ---- | C] (Murray Hurps Software Pty Ltd) -- C:\Users\winuser\Desktop\AM-Install.exe [2016/01/03 17:45:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\PC Faster [2016/01/03 16:04:18 | 000,000,000 | ---D | C] -- C:\ca0f993fb5e4864d0f276b [2016/01/03 15:57:35 | 050,584,792 | ---- | C] (Microsoft Corporation) -- C:\Users\winuser\Desktop\Windows-KB890830-x64-V5.31.exe [2016/01/02 17:30:58 | 011,323,704 | ---- | C] (SurfRight B.V.) -- C:\Users\winuser\Desktop\HitmanPro_x64.exe [2016/01/02 17:21:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaMonkey [2016/01/02 17:21:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SeaMonkey [2016/01/02 16:17:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2016/01/02 16:17:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat [2016/01/01 16:05:27 | 000,462,848 | ---- | C] (WZT) -- C:\Users\winuser\Desktop\DWS_Lite.exe [2016/01/01 16:01:49 | 000,000,000 | ---D | C] -- C:\Users\winuser\Desktop\DWS [2016/01/01 15:56:49 | 000,000,000 | ---D | C] -- C:\Users\winuser\Desktop\Destroy Windows Spying {Final Version} [2016/01/01 12:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98} [2015/12/31 18:36:44 | 108,583,716 | ---- | C] (alch ) -- C:\Users\winuser\Desktop\clamwin-0.98.7-setup.exe [2015/12/31 18:24:22 | 005,503,236 | ---- | C] (Geeks3D ) -- C:\Users\winuser\Desktop\FurMark_1.17.0.0_Setup.exe [2015/12/31 17:38:05 | 000,000,000 | ---D | C] -- C:\Users\winuser\AppData\Roaming\QuickScan [2015/12/31 17:36:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender [2015/12/31 17:36:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bitdefender [2015/12/31 17:36:07 | 000,564,824 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys [2015/12/31 17:34:43 | 000,000,000 | ---D | C] -- C:\Users\winuser\AppData\Local\AviraResume [2015/12/27 19:04:16 | 000,000,000 | ---D | C] -- C:\Users\winuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kodi [2015/12/25 15:01:50 | 000,000,000 | ---D | C] -- C:\Users\winuser\Documents\omagh bombing_files [2015/12/25 14:11:41 | 006,805,328 | ---- | C] (Piriform Ltd) -- C:\Users\winuser\Desktop\ccsetup513.exe [2015/12/21 19:05:03 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll [2015/12/21 19:05:01 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll [2015/12/19 23:23:56 | 012,290,974 | ---- | C] (ImageWriter Developers ) -- C:\Users\winuser\Desktop\Win32DiskImager-0.9.5-install.exe [2015/12/19 20:01:58 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rcdnezrj.sys [2015/12/19 19:56:02 | 000,000,000 | ---D | C] -- C:\Users\winuser\AppData\Roaming\Opera Software [2015/12/19 19:56:02 | 000,000,000 | ---D | C] -- C:\Users\winuser\AppData\Local\Opera Software [2015/12/19 19:51:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera [2015/12/19 18:25:22 | 000,000,000 | ---D | C] -- C:\Users\winuser\Desktop\sf's budget proposals_files [2015/12/17 15:37:29 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin [2015/12/17 15:25:33 | 000,000,000 | ---D | C] -- C:\Users\winuser\AppData\Local\PopcornTimeDesktop [2015/12/17 13:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time 2 [2015/12/17 13:43:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Popcorn Time [2015/12/17 13:39:34 | 048,359,224 | ---- | C] (Popcorn Time ) -- C:\Users\winuser\Desktop\PopcornTime-latest.exe [2015/12/10 15:30:03 | 000,000,000 | ---D | C] -- C:\Users\winuser\Desktop\SpeedOf.Me, HTML5 Speed Test _ Non Flash_Java Broadband Speed Test_files [2015/12/09 10:59:51 | 000,802,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2015/12/09 10:59:48 | 003,170,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2015/12/09 10:59:48 | 000,709,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2015/12/09 10:59:48 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll [2015/12/09 10:59:48 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2015/12/09 10:59:48 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll [2015/12/09 10:59:48 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2015/12/09 10:59:48 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2015/12/09 10:59:48 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll [2015/12/09 10:59:48 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll [2015/12/09 10:59:48 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2015/12/09 10:59:48 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2015/12/09 10:59:48 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2015/12/09 10:59:48 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe [2015/12/09 10:59:48 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll [2015/12/09 10:59:48 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wu.upgrade.ps.dll [2015/12/09 10:59:25 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlsbres.dll [2015/12/09 10:59:25 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nlsbres.dll [2015/12/09 10:59:25 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kbdgeoqw.dll [2015/12/09 10:59:25 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDAZEL.DLL [2015/12/09 10:59:25 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDAZE.DLL [2015/12/09 10:59:25 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDAZE.DLL [2015/12/09 10:59:25 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kbdgeoqw.dll [2015/12/09 10:59:25 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDAZEL.DLL [2015/12/09 10:59:06 | 001,648,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2015/12/09 10:59:05 | 001,008,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll [2015/12/09 10:59:00 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rmcast.sys [2015/12/09 10:59:00 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshrm.dll [2015/12/09 10:59:00 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshrm.dll [2015/12/09 10:58:58 | 001,735,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comsvcs.dll [2015/12/09 10:58:58 | 000,525,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\catsrvut.dll [2015/12/09 10:58:57 | 001,242,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comsvcs.dll [2015/12/09 10:58:57 | 000,487,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\catsrvut.dll [2015/12/09 10:58:51 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe [2015/12/09 10:58:51 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2015/12/09 10:58:51 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll [2015/12/09 10:58:51 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll [2015/12/09 10:58:51 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2015/12/09 10:58:51 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2015/12/09 10:58:50 | 000,718,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2015/12/09 10:58:50 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2015/12/09 10:58:50 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll [2015/12/09 10:58:50 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2015/12/09 10:58:49 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll [2015/12/09 10:58:48 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2015/12/09 10:58:48 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2015/12/09 10:58:48 | 000,663,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2015/12/09 10:58:48 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2015/12/09 10:58:48 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2015/12/09 10:58:48 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll [2015/12/09 10:58:47 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2015/12/09 10:58:47 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2015/12/09 10:58:47 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2015/12/09 10:58:47 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2015/12/09 10:58:47 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2015/12/09 10:58:46 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2015/12/09 10:58:46 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2015/12/09 10:58:45 | 002,123,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2015/12/09 10:58:45 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2015/12/09 10:58:45 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2015/12/09 10:58:45 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2015/12/09 10:58:44 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2015/12/09 10:58:44 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2015/12/09 10:58:44 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2015/12/09 10:58:44 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2015/12/09 10:58:43 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2015/12/09 10:58:43 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2015/12/09 10:58:43 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2015/12/09 10:58:42 | 005,923,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2015/12/09 10:58:42 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2015/12/09 10:58:42 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2015/12/09 10:58:41 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2015/12/09 10:58:41 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll [2015/12/09 10:58:40 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2015/12/09 10:57:10 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\els.dll [2015/12/09 10:57:10 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\els.dll [5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2016/01/03 21:05:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\winuser\Desktop\OTL.exe [2016/01/03 20:57:11 | 000,000,690 | ---- | M] () -- C:\Users\winuser\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Download Manager.lnk [2016/01/03 20:57:11 | 000,000,666 | ---- | M] () -- C:\Users\winuser\Desktop\Free Download Manager.lnk [2016/01/03 20:49:41 | 000,014,448 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2016/01/03 20:49:41 | 000,014,448 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2016/01/03 20:41:51 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2016/01/03 20:41:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2016/01/03 20:40:57 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys [2016/01/03 20:39:58 | 000,008,362 | ---- | M] () -- C:\Windows\wininit.ini [2016/01/03 18:38:58 | 000,782,692 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2016/01/03 18:38:58 | 000,666,746 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2016/01/03 18:38:58 | 000,126,164 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2016/01/03 18:17:05 | 000,000,462 | ---- | M] () -- C:\Windows\tasks\KingSoft_201542918188.job [2016/01/03 18:08:28 | 000,560,760 | ---- | M] (Murray Hurps Software Pty Ltd) -- C:\Users\winuser\Desktop\AM-Install.exe [2016/01/03 17:52:19 | 000,001,344 | ---- | M] () -- C:\Users\winuser\Desktop\AdwCleaner[C1].zip [2016/01/03 17:32:11 | 001,745,920 | ---- | M] () -- C:\Users\winuser\Desktop\AdwCleaner.exe [2016/01/03 16:03:24 | 050,584,792 | ---- | M] (Microsoft Corporation) -- C:\Users\winuser\Desktop\Windows-KB890830-x64-V5.31.exe [2016/01/02 17:45:33 | 000,041,080 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys [2016/01/02 17:43:16 | 000,010,416 | ---- | M] () -- C:\Windows\SysNative\.crusader [2016/01/02 17:34:26 | 011,323,704 | ---- | M] (SurfRight B.V.) -- C:\Users\winuser\Desktop\HitmanPro_x64.exe [2016/01/02 17:21:41 | 000,001,966 | ---- | M] () -- C:\Users\winuser\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk [2016/01/02 17:21:41 | 000,001,942 | ---- | M] () -- C:\Users\Public\Desktop\SeaMonkey.lnk [2016/01/02 17:17:56 | 036,004,286 | ---- | M] () -- C:\Users\winuser\Desktop\SeaMonkey Setup 2.39.exe [2016/01/01 16:09:35 | 000,003,466 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2016/01/01 16:05:31 | 000,462,848 | ---- | M] (WZT) -- C:\Users\winuser\Desktop\DWS_Lite.exe [2016/01/01 16:00:40 | 000,001,052 | ---- | M] () -- C:\Users\winuser\Desktop\Destroy Windows Spying {Final Version} - Shortcut.lnk [2016/01/01 15:55:21 | 000,255,786 | ---- | M] () -- C:\Users\winuser\Desktop\Destroy Windows Spying {Final Version}.zip [2015/12/31 18:51:05 | 108,583,716 | ---- | M] (alch ) -- C:\Users\winuser\Desktop\clamwin-0.98.7-setup.exe [2015/12/31 18:25:06 | 005,503,236 | ---- | M] (Geeks3D ) -- C:\Users\winuser\Desktop\FurMark_1.17.0.0_Setup.exe [2015/12/31 17:38:35 | 000,094,004 | ---- | M] () -- C:\ProgramData\1451583486.bdinstall.bin [2015/12/31 17:36:07 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys [2015/12/31 17:24:30 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2015/12/31 17:24:30 | 000,001,716 | ---- | M] () -- C:\Users\Public\Desktop\TeraCopy.lnk [2015/12/31 17:24:30 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Popcorn Time.lnk [2015/12/31 17:24:30 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk [2015/12/31 17:24:30 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2015/12/31 17:24:30 | 000,001,051 | ---- | M] () -- C:\Users\Public\Desktop\Notepad++.lnk [2015/12/31 17:24:29 | 000,001,392 | ---- | M] () -- C:\Users\Public\Desktop\Kingsoft Writer.lnk [2015/12/31 17:24:29 | 000,001,392 | ---- | M] () -- C:\Users\Public\Desktop\Kingsoft Presentation.lnk [2015/12/31 17:24:29 | 000,001,377 | ---- | M] () -- C:\Users\Public\Desktop\Kingsoft Spreadsheets.lnk [2015/12/31 17:24:29 | 000,001,283 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube Downloader.lnk [2015/12/31 17:24:29 | 000,001,226 | ---- | M] () -- C:\Users\Public\Desktop\Media Player Classic Home Cinema.lnk [2015/12/31 17:24:29 | 000,001,222 | ---- | M] () -- C:\Users\Public\Desktop\IObit Uninstaller.lnk [2015/12/31 17:24:29 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\Kingsoft Antivirus.lnk [2015/12/31 17:24:29 | 000,001,056 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2015/12/31 17:24:29 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\EagleGet.lnk [2015/12/31 17:24:28 | 000,002,117 | ---- | M] () -- C:\Users\Public\Desktop\Baidu Browser.lnk [2015/12/31 17:24:28 | 000,001,978 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk [2015/12/31 17:24:28 | 000,001,772 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2015/12/31 17:24:28 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2015/12/31 17:23:57 | 000,001,437 | ---- | M] () -- C:\Users\winuser\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2015/12/31 17:23:57 | 000,000,290 | ---- | M] () -- C:\Users\winuser\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2015/12/31 17:23:57 | 000,000,272 | ---- | M] () -- C:\Users\winuser\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk [2015/12/31 17:23:56 | 000,008,100 | ---- | M] () -- C:\Users\winuser\Desktop\JetClean - Shortcut.lnk [2015/12/31 17:23:56 | 000,003,127 | ---- | M] () -- C:\Users\winuser\Desktop\Readon TV Movie Radio Player.lnk [2015/12/31 17:23:56 | 000,002,212 | ---- | M] () -- C:\Users\winuser\Application Data\Microsoft\Internet Explorer\Quick Launch\Baidu Browser.lnk [2015/12/31 17:23:56 | 000,002,195 | ---- | M] () -- C:\Users\winuser\Desktop\Watch The.Flintstones.and.WWE.Stone.Age.Smackdown.2015.BRRip.XviD.AC3-EVO online _ MovShare - Shortcut.lnk [2015/12/31 17:23:56 | 000,001,956 | ---- | M] () -- C:\Users\winuser\Application Data\Microsoft\Internet Explorer\Quick Launch\FilmOn HDi Player.lnk [2015/12/31 17:23:56 | 000,001,932 | ---- | M] () -- C:\Users\winuser\Desktop\FilmOn HDi Player.lnk [2015/12/31 17:23:56 | 000,001,742 | ---- | M] () -- C:\Users\winuser\Desktop\openvix-3.2.016.release-gb800seplus_usb - Shortcut.lnk [2015/12/31 17:23:56 | 000,001,555 | ---- | M] () -- C:\Users\winuser\Desktop\Watch The.Flintstones.and.WWE.Stone.Age.Smackdown.2015.BRRip.XviD.AC3-EVO online _ MovShare - Shortcut (2).lnk [2015/12/31 17:23:56 | 000,001,313 | ---- | M] () -- C:\Users\winuser\Application Data\Microsoft\Internet Explorer\Quick Launch\Free YouTube Downloader.lnk [2015/12/31 17:23:56 | 000,001,012 | ---- | M] () -- C:\Users\winuser\Desktop\detekt - Shortcut.lnk [2015/12/31 17:23:56 | 000,001,009 | ---- | M] () -- C:\Users\winuser\Desktop\Internet Download Manager.lnk [2015/12/31 17:23:55 | 000,002,298 | ---- | M] () -- C:\Users\winuser\Desktop\callerys cell mate - Shortcut.lnk [2015/12/31 17:23:42 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2015/12/31 16:07:59 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2015/12/30 19:03:56 | 000,000,123 | ---- | M] () -- C:\Users\winuser\Desktop\Unicrack.com.url [2015/12/29 13:25:48 | 000,000,164 | ---- | M] () -- C:\Windows\SysWow64\pluginbarseq.json [2015/12/28 16:18:10 | 071,111,070 | ---- | M] () -- C:\Users\winuser\Desktop\2b750e9f523a1ca7d98bb66e0a19ea0e.exe [2015/12/27 19:03:31 | 150,457,168 | ---- | M] () -- C:\Users\winuser\Desktop\media.zip [2015/12/25 15:01:50 | 000,115,316 | ---- | M] () -- C:\Users\winuser\Documents\omagh bombing.html [2015/12/25 14:12:45 | 006,805,328 | ---- | M] (Piriform Ltd) -- C:\Users\winuser\Desktop\ccsetup513.exe [2015/12/23 14:03:50 | 000,000,374 | ---- | M] () -- C:\Users\Public\Documents\KINGSTON (E) - Shortcut.lnk [2015/12/23 14:03:28 | 000,000,374 | ---- | M] () -- C:\Users\winuser\Documents\KINGSTON (E) - Shortcut.lnk [2015/12/22 17:09:50 | 000,000,439 | -H-- | M] () -- C:\Users\winuser\.swfinfo [2015/12/19 23:25:48 | 012,290,974 | ---- | M] (ImageWriter Developers ) -- C:\Users\winuser\Desktop\Win32DiskImager-0.9.5-install.exe [2015/12/19 20:01:58 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rcdnezrj.sys [2015/12/19 18:25:22 | 000,124,042 | ---- | M] () -- C:\Users\winuser\Desktop\sf's budget proposals.html [2015/12/17 13:41:32 | 048,359,224 | ---- | M] (Popcorn Time ) -- C:\Users\winuser\Desktop\PopcornTime-latest.exe [2015/12/10 15:30:03 | 000,716,583 | ---- | M] () -- C:\Users\winuser\Desktop\SpeedOf.Me, HTML5 Speed Test _ Non Flash_Java Broadband Speed Test.html [2015/12/10 09:38:53 | 000,295,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2015/12/05 12:15:26 | 000,167,223 | ---- | M] () -- C:\Users\winuser\Desktop\loose-peruvian-paddington-bear-rescued-183718417.html [5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2016/01/03 20:57:11 | 000,000,690 | ---- | C] () -- C:\Users\winuser\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Download Manager.lnk [2016/01/03 20:57:11 | 000,000,666 | ---- | C] () -- C:\Users\winuser\Desktop\Free Download Manager.lnk [2016/01/03 17:52:19 | 000,001,344 | ---- | C] () -- C:\Users\winuser\Desktop\AdwCleaner[C1].zip [2016/01/03 17:32:05 | 001,745,920 | ---- | C] () -- C:\Users\winuser\Desktop\AdwCleaner.exe [2016/01/02 17:45:33 | 000,041,080 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys [2016/01/02 17:43:16 | 000,010,416 | ---- | C] () -- C:\Windows\SysNative\.crusader [2016/01/02 17:21:41 | 000,001,966 | ---- | C] () -- C:\Users\winuser\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk [2016/01/02 17:21:41 | 000,001,942 | ---- | C] () -- C:\Users\Public\Desktop\SeaMonkey.lnk [2016/01/02 17:14:04 | 036,004,286 | ---- | C] () -- C:\Users\winuser\Desktop\SeaMonkey Setup 2.39.exe [2016/01/01 16:00:40 | 000,001,052 | ---- | C] () -- C:\Users\winuser\Desktop\Destroy Windows Spying {Final Version} - Shortcut.lnk [2016/01/01 15:55:17 | 000,255,786 | ---- | C] () -- C:\Users\winuser\Desktop\Destroy Windows Spying {Final Version}.zip [2015/12/31 17:38:35 | 000,094,004 | ---- | C] () -- C:\ProgramData\1451583486.bdinstall.bin [2015/12/31 17:23:42 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2015/12/30 19:03:56 | 000,000,123 | ---- | C] () -- C:\Users\winuser\Desktop\Unicrack.com.url [2015/12/28 16:10:40 | 071,111,070 | ---- | C] () -- C:\Users\winuser\Desktop\2b750e9f523a1ca7d98bb66e0a19ea0e.exe [2015/12/26 19:21:06 | 150,457,168 | ---- | C] () -- C:\Users\winuser\Desktop\media.zip [2015/12/25 15:01:47 | 000,115,316 | ---- | C] () -- C:\Users\winuser\Documents\omagh bombing.html [2015/12/23 14:03:50 | 000,000,374 | ---- | C] () -- C:\Users\Public\Documents\KINGSTON (E) - Shortcut.lnk [2015/12/23 14:03:28 | 000,000,374 | ---- | C] () -- C:\Users\winuser\Documents\KINGSTON (E) - Shortcut.lnk [2015/12/19 18:25:18 | 000,124,042 | ---- | C] () -- C:\Users\winuser\Desktop\sf's budget proposals.html [2015/12/17 13:43:21 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Popcorn Time.lnk [2015/12/10 15:30:02 | 000,716,583 | ---- | C] () -- C:\Users\winuser\Desktop\SpeedOf.Me, HTML5 Speed Test _ Non Flash_Java Broadband Speed Test.html [2015/12/05 12:15:24 | 000,167,223 | ---- | C] () -- C:\Users\winuser\Desktop\loose-peruvian-paddington-bear-rescued-183718417.html [2015/11/29 18:47:30 | 000,000,439 | -H-- | C] () -- C:\Users\winuser\.swfinfo [2015/11/09 14:38:18 | 000,000,122 | ---- | C] () -- C:\Windows\ProcessKO.ini [2015/08/14 21:27:39 | 000,000,146 | ---- | C] () -- C:\Windows\ODBC.INI [2015/07/14 15:24:38 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2015/05/22 19:35:43 | 000,007,598 | ---- | C] () -- C:\Users\winuser\AppData\Local\Resmon.ResmonCfg [2015/05/06 12:01:06 | 000,008,362 | ---- | C] () -- C:\Windows\wininit.ini [2015/05/06 09:45:33 | 000,033,512 | ---- | C] () -- C:\Windows\SysWow64\drivers\TrueSight.sys [2015/04/25 15:40:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2015/04/25 14:26:02 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2015/04/25 14:25:57 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2015/04/25 14:25:56 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2015/04/25 14:25:25 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe [2015/04/25 14:25:25 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe [2015/01/25 18:00:16 | 000,766,210 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2015/08/06 18:04:07 | 014,176,768 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2015/08/06 17:44:51 | 012,875,776 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 172 bytes -> C:\Program Files\DreamboxPlayer:{34005800-6200-6200-4B00-370052007500} < End of report >

jsa112 · 03-01-2016 10:47pm

try this, boot into safe mode and try uninstall it with iobit or ccleaner. chances are it wont allow itself be removed in normal mode

flutered · 04-01-2016 12:42pm

jsa112 wrote: »

try this, boot into safe mode and try uninstall it with iobit or ccleaner. chances are it wont allow itself be removed in normal mode

hi op, that worked a very large thank you

bside29 · 20-02-2016 6:18am

Just remove it using IOBIT Uninstaller or REVO to force uninstall. You can also try to uninstall via safe mode with networking. That should do it.

biadu antivirus removal help

Comments