Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

biadu antivirus removal help

  • 03-01-2016 4:14pm
    #1
    Registered Users, Registered Users 2 Posts: 6,710 ✭✭✭


    guys i need your help to remove this, its uninstaller will not work, 10bit the same, i went into task master and tried from there windows removal tool hits a wall, they all give the impression it is gone but no, via taskmaster it tells me i cannot remove it, thanks in advance


Comments

  • Registered Users, Registered Users 2 Posts: 840 ✭✭✭jsa112




  • Registered Users, Registered Users 2 Posts: 6,710 ✭✭✭flutered


    i am not very tech minded, i have both a zip file and a copy of the log on my desktop, how do i transfer them, as they will not copy and paste, thanks


  • Registered Users, Registered Users 2 Posts: 840 ✭✭✭jsa112


    can you attach the log here instead ?

    click the full reply mode and you should see an attach button near the top of the reply box


  • Registered Users, Registered Users 2 Posts: 6,710 ✭✭✭flutered


    AdwCleaner[C1].zip
    hopefully


  • Registered Users, Registered Users 2 Posts: 840 ✭✭✭jsa112


    baidu still there ? if so do this

    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files here


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 6,710 ✭✭✭flutered


    sorry mate i cannot get it to upload, it says it is, it has but it never does


  • Registered Users, Registered Users 2 Posts: 6,710 ✭✭✭flutered


    PRC - [2015/04/29 17:08:28 | 001,595,056 | ---- | M] (Kingsoft Corporation) -- C:\Program Files (x86)\Kingsoft\kingsoft antivirus\kxetray.exe PRC - [2015/04/29 17:08:28 | 000,123,992 | ---- | M] (Kingsoft Corporation) -- c:\Program Files (x86)\Kingsoft\kingsoft antivirus\kxescore.exe PRC - [2015/04/29 17:08:28 | 000,049,528 | ---- | M] (Kingsoft Corporation) -- c:\Program Files (x86)\Kingsoft\kingsoft antivirus\kupdata.exe PRC - [2014/12/17 12:15:28 | 000,208,928 | ---- | M] (Baidu, Inc.) -- C:\Program Files (x86)\Baidu Security\MoboMarket\1.2.8.4379\bassvc.exe PRC - [2014/12/17 12:15:22 | 002,201,632 | ---- | M] (Baidu, Inc.) -- C:\Program Files (x86)\Baidu Security\MoboMarket\1.2.8.4379\bas_helper.exe PRC - [2010/11/20 04:17:56 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe ========== Modules (No Company Name) ========== MOD - [2015/12/30 12:28:14 | 000,521,016 | ---- | M] () -- C:\Program Files (x86)\baidu\Baidu Browser\xnet.dll MOD - [2015/12/30 12:28:13 | 001,281,848 | ---- | M] () -- C:\Program Files (x86)\baidu\Baidu Browser\libglesv2.dll MOD - [2015/12/30 12:28:13 | 000,983,352 | ---- | M] () -- C:\Program Files (x86)\baidu\Baidu Browser\spark.exe MOD - [2015/12/30 12:28:13 | 000,276,792 | ---- | M] () -- C:\Program Files (x86)\baidu\Baidu Browser\p2squery.dll MOD - [2015/12/30 12:28:13 | 000,116,024 | ---- | M] () -- C:\Program Files (x86)\baidu\Baidu Browser\sparksafe.dll MOD - [2015/12/30 12:28:13 | 000,080,696 | ---- | M] () -- C:\Program Files (x86)\baidu\Baidu Browser\libegl.dll MOD - [2015/12/30 12:28:10 | 001,018,168 | ---- | M] () -- C:\Program Files (x86)\baidu\Baidu Browser\bdxui.dll MOD - [2015/12/30 12:28:10 | 000,581,432 | ---- | M] () -- C:\Program Files (x86)\baidu\Baidu Browser\bdstatreport.dll MOD - [2015/12/30 12:28:10 | 000,430,904 | ---- | M] () -- C:\Program Files (x86)\baidu\Baidu Browser\bdminiopenssl.dll MOD - [2015/12/30 12:28:10 | 000,410,936 | ---- | M] () -- C:\Program Files (x86)\baidu\Baidu Browser\bdxctrl.dll MOD - [2015/12/30 12:28:10 | 000,321,848 | ---- | M] () -- C:\Program Files (x86)\baidu\Baidu Browser\bdaccount.dll MOD - [2015/12/30 12:28:10 | 000,219,448 | ---- | M] () -- C:\Program Files (x86)\baidu\Baidu Browser\bdbrowsertray.dll MOD - [2015/10/28 21:00:28 | 004,932,688 | ---- | M] () -- C:\Free Download Manager\fdmbtsupp.dll MOD - [2015/05/16 18:18:57 | 000,085,816 | ---- | M] () -- C:\Users\winuser\AppData\Roaming\Baidu\Spark\SysData\ExtApp\SnapImg\SnapImg.dll MOD - [2015/05/15 03:09:37 | 000,277,488 | ---- | M] () -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Pulgin_Dark_DeleteFileTip.dll MOD - [2014/12/17 12:16:00 | 000,141,856 | ---- | M] () -- C:\Program Files (x86)\Baidu Security\MoboMarket\1.2.8.4379\zlib1.dll MOD - [2014/12/17 12:15:52 | 002,257,952 | ---- | M] () -- C:\Program Files (x86)\Baidu Security\MoboMarket\1.2.8.4379\skiax.dll ========== Services (SafeList) ========== SRV:64bit: - [2015/11/08 22:01:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:64bit: - [2014/07/22 23:31:23 | 000,172,344 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE) SRV:64bit: - [2013/12/20 18:13:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2015/12/30 12:28:13 | 000,097,080 | ---- | M] (Baidu Inc.) [Auto | Running] -- C:\Program Files (x86)\baidu\Baidu Browser\sparkservice.exe -- (SparkSvc) SRV - [2015/11/22 19:42:21 | 000,147,624 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2015/10/19 18:53:04 | 000,339,968 | ---- | M] (Popcorn Time) [Auto | Running] -- C:\Program Files (x86)\Popcorn Time\Updater.exe -- (Update service) SRV - [2015/10/05 08:48:46 | 001,135,416 | ---- | M] (Malwarebytes) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2015/06/30 23:30:40 | 000,115,936 | ---- | M] (Cloud Engines) [Auto | Running] -- C:\Program Files (x86)\PogoplugBackup\dokanmnt.exe -- (DokanCEMounter) SRV - [2015/06/23 18:24:35 | 000,268,464 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2015/06/11 15:36:48 | 000,233,472 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EagleGet\EGMonitor.exe -- (egGetSvc) SRV - [2015/05/15 03:09:50 | 002,572,928 | ---- | M] (Baidu, Inc.) [Auto | Running] -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe -- (BavSvc) SRV - [2015/05/15 03:09:23 | 000,531,232 | ---- | M] (Baidu, Inc.) [Auto | Running] -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe -- (BHipsSvc) SRV - [2015/04/29 17:08:28 | 000,123,992 | ---- | M] (Kingsoft Corporation) [Auto | Running] -- c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe -- (kxescore) SRV - [2015/04/03 03:38:25 | 001,370,424 | ---- | M] (Baidu.com, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\baidu\SparkUpdate\Sparkupdate.exe -- (SparkUpdater) SRV - [2015/03/05 05:12:04 | 000,490,528 | ---- | M] (Baidu, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdSandboxSrv64.exe -- (BdSandboxSrv) SRV - [2014/12/19 07:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2014/12/17 12:15:28 | 000,208,928 | ---- | M] (Baidu, Inc.) [Auto | Running] -- C:\Program Files (x86)\Baidu Security\MoboMarket\1.2.8.4379\bassvc.exe -- (BASSVC) SRV - [2014/10/08 17:18:56 | 000,211,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2014/10/08 17:18:50 | 000,534,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2014/04/11 22:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2014/03/20 22:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2013/12/17 07:49:08 | 000,374,600 | ---- | M] (Privacyware/PWI, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\pfsvc.exe -- (PFNet) SRV - [2007/12/17 03:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007/01/11 03:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [On_Demand | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) ========== Driver Services (SafeList) ========== DRV:64bit: - [2016/01/02 17:45:33 | 000,041,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37) DRV:64bit: - [2015/12/31 17:36:07 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2015/10/05 08:50:18 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl) DRV:64bit: - [2015/10/05 08:50:06 | 000,025,816 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2015/05/15 03:09:47 | 000,078,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bdark64.sys -- (bdark64) DRV:64bit: - [2015/05/15 03:09:46 | 000,485,672 | ---- | M] (Baidu, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bndef64.sys -- (Bndef) DRV:64bit: - [2015/05/15 03:09:46 | 000,062,792 | ---- | M] (Baidu, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bnbasex64.sys -- (Bnbase) DRV:64bit: - [2015/05/15 03:09:42 | 000,038,344 | ---- | M] (Baidu, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\Bfmon.sys -- (Bfmon) DRV:64bit: - [2015/05/15 03:09:41 | 000,062,920 | ---- | M] (Baidu, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\Bfilter.sys -- (Bfilter) DRV:64bit: - [2015/05/15 03:09:40 | 000,169,416 | ---- | M] (Baidu, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Bprotect.sys -- (Bprotect) DRV:64bit: - [2015/05/09 15:11:12 | 000,070,952 | ---- | M] (Baidu, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Bhbase.sys -- (Bhbase) DRV:64bit: - [2015/05/04 20:47:40 | 000,077,112 | ---- | M] (eagleGet) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\eagleGet.sys -- (eagleGet) DRV:64bit: - [2015/04/29 17:08:29 | 000,210,296 | ---- | M] (Kingsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\kisknl.sys -- (kisknl) DRV:64bit: - [2015/04/29 17:08:29 | 000,031,848 | ---- | M] (Kingsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kavbootc64.sys -- (kavbootc) DRV:64bit: - [2015/03/31 06:22:56 | 000,093,512 | ---- | M] (Baidu, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BprotectEx.sys -- (BprotectEx) DRV:64bit: - [2015/03/05 05:12:10 | 000,236,920 | ---- | M] (Baidu, Inc.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BdSandbox.sys -- (BdSandbox) DRV:64bit: - [2014/12/29 19:17:34 | 000,039,616 | ---- | M] (Connectify) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901cn.sys -- (tap0901cn) DRV:64bit: - [2014/10/08 17:18:56 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvolwin7.sys -- (Sftvol) DRV:64bit: - [2014/10/08 17:18:54 | 000,029,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirwin7.sys -- (Sftredir) DRV:64bit: - [2014/10/08 17:18:52 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaywin7.sys -- (Sftplay) DRV:64bit: - [2014/10/08 17:18:50 | 000,767,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfswin7.sys -- (Sftfs) DRV:64bit: - [2013/12/20 19:12:36 | 013,259,776 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2013/12/20 17:41:16 | 000,625,152 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2013/10/02 02:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2013/09/29 20:24:02 | 000,133,152 | ---- | M] (Privacyware/PWI, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pwipf6.sys -- (pwipf6) DRV:64bit: - [2013/06/28 20:37:46 | 002,259,248 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2013/02/12 04:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/07/22 16:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV:64bit: - [2011/07/12 21:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/01/07 02:20:22 | 000,448,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187.sys -- (RTL8187) DRV:64bit: - [2009/09/28 08:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 20:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2015/09/28 08:29:20 | 000,026,528 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS -- (HWiNFO32) DRV - [2015/06/30 23:30:40 | 000,072,416 | ---- | M] (Cloud Engines) [File_System | Auto | Running] -- C:\Program Files (x86)\PogoplugBackup\dokance.sys -- (DokanCEDriver) DRV - [2015/05/15 03:09:49 | 000,082,376 | ---- | M] (Baidu, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Bnmon64.sys -- (Bnmon) DRV - [2015/05/15 03:09:45 | 000,025,032 | ---- | M] (Baidu, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys -- (BdCameraProtect) DRV - [2015/05/15 03:09:44 | 000,116,936 | ---- | M] (Baidu, Inc.) [Kernel | On_Demand | Unknown] -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys -- (BdApiUtil) DRV - [2015/04/29 17:08:29 | 000,164,696 | ---- | M] (Kingsoft Corporation) [Kernel | System | Running] -- c:\Program Files (x86)\Kingsoft\kingsoft antivirus\security\kxescan\kdhacker64.sys -- (KDHacker) DRV - [2015/04/29 17:08:28 | 000,018,296 | ---- | M] (Kingsoft Corporation) [Kernel | Disabled | Running] -- C:\Program Files (x86)\Kingsoft\kingsoft antivirus\kusbquery64.sys -- (KUsbGuard) DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 IE:64bit: - HKLM\..\SearchScopes\OldSearch: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-ie/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1D D2 AD 2C B9 82 D0 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 IE - HKCU\..\SearchScopes\OldSearch: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.countryCode: "IE" FF - prefs.js..browser.search.region: "IE" FF - prefs.js..browser.search.searchengine.alias: "yoursearching" FF - prefs.js..browser.search.searchengine.desc: "this is my first firefox searchEngine" FF - prefs.js..browser.search.searchengine.name: "yoursearching" FF - prefs.js..browser.search.searchengine.ptid: "obw" FF - prefs.js..browser.search.searchengine.uid: "HITACHIXHUA721010KLA330_PBHU5XEE" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledAddons: deskCutv2%40gmail.com:0.1.13 FF - prefs.js..extensions.enabledAddons: yahooprotected%40gmail.com:1.0.1.1042 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:42.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.45.2: C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.45.2: C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\eagleget.com/EagleGet32: C:\Program Files (x86)\EagleGet\npEagleget.dll (EagleGet) FF - HKCU\Software\MozillaPlugins\eagleget.com/EagleGet64_x86_64: C:\Program Files (x86)\EagleGet\npEagleget64.dll (EagleGet) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 42.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 42.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.39\extensions\\Components: C:\Program Files (x86)\SeaMonkey\components [2016/01/02 17:21:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.39\extensions\\Plugins: C:\Program Files (x86)\SeaMonkey\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\fdm_ffext@freedownloadmanager.org: C:\Free Download Manager\Firefox\Extension [2016/01/03 20:57:10 | 000,000,000 | ---D | M] [2015/08/14 11:58:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\winuser\AppData\Roaming\Mozilla\Extensions [2015/12/31 16:56:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\winuser\AppData\Roaming\Mozilla\Firefox\Profiles\0augc1ib.default\extensions [2016/01/03 20:42:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\winuser\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ctong26e.default\extensions [2015/11/22 19:42:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2016/01/01 12:25:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2015/12/27 19:51:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions [2016/01/01 12:25:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} File not found (No name found) -- C:\USERS\WINUSER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0AUGC1IB.DEFAULT\EXTENSIONS\DESKCUTV2@GMAIL.COM File not found (No name found) -- C:\USERS\WINUSER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0AUGC1IB.DEFAULT\EXTENSIONS\YAHOOPROTECTED@GMAIL.COM O1 HOSTS File: ([2016/01/01 16:09:35 | 000,003,466 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 0.0.0.0 statsfe2.update.microsoft.com.akadns.net O1 - Hosts: 0.0.0.0 fe2.update.microsoft.com.akadns.net O1 - Hosts: 0.0.0.0 s0.2mdn.net O1 - Hosts: 0.0.0.0 survey.watson.microsoft.com O1 - Hosts: 0.0.0.0 view.atdmt.com O1 - Hosts: 0.0.0.0 watson.microsoft.com O1 - Hosts: 0.0.0.0 watson.ppe.telemetry.microsoft.com O1 - Hosts: 0.0.0.0 vortex.data.microsoft.com O1 - Hosts: 0.0.0.0 vortex-win.data.microsoft.com O1 - Hosts: 0.0.0.0 telecommand.telemetry.microsoft.com O1 - Hosts: 0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net O1 - Hosts: 0.0.0.0 oca.telemetry.microsoft.com O1 - Hosts: 0.0.0.0 sqm.telemetry.microsoft.com O1 - Hosts: 0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net O1 - Hosts: 0.0.0.0 watson.telemetry.microsoft.com O1 - Hosts: 0.0.0.0 watson.telemetry.microsoft.com.nsatc.net O1 - Hosts: 0.0.0.0 redir.metaservices.microsoft.com O1 - Hosts: 0.0.0.0 choice.microsoft.com O1 - Hosts: 0.0.0.0 choice.microsoft.com.nsatc.net O1 - Hosts: 0.0.0.0 wes.df.telemetry.microsoft.com O1 - Hosts: 0.0.0.0 services.wes.df.telemetry.microsoft.com O1 - Hosts: 0.0.0.0 sqm.df.telemetry.microsoft.com O1 - Hosts: 0.0.0.0 telemetry.microsoft.com O1 - Hosts: 0.0.0.0 telemetry.appex.bing.net O1 - Hosts: 48 more lines... O2 - BHO: (EGet Class) - {1E871FF8-029C-4732-8AA7-39E3D3872057} - C:\Program Files (x86)\EagleGet\eagleSniffer.dll (EagleGet.com) O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG) O4 - HKLM..\Run: [Ad Muncher] C:\Program Files (x86)\Ad Muncher\AdMunch.exe (Murray Hurps Software Pty Ltd) O4 - HKLM..\Run: [Baidu Antivirus] C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe (Baidu, Inc.) O4 - HKLM..\Run: [kxesc] c:\program files (x86)\kingsoft\kingsoft antivirus\kxetray.exe (Kingsoft Corporation) O4 - HKLM..\Run: [Privatefirewall] C:\Program Files (x86)\Privacyware\Privatefirewall 7.0\PFGUI.exe (Privacyware/PWI, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8:64bit: - Extra context menu item: Download all links with EagleGet - C:\Program Files (x86)\EagleGet\IEGraberBHO.dll (EagleGet.com) O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Free Download Manager\dlall.htm () O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Free Download Manager\dlselected.htm () O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Free Download Manager\dlfvideo.htm () O8:64bit: - Extra context menu item: Download with EagleGet - C:\Program Files (x86)\EagleGet\IEGraberBHO.dll (EagleGet.com) O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Free Download Manager\dllink.htm () O8 - Extra context menu item: Download all links with EagleGet - C:\Program Files (x86)\EagleGet\IEGraberBHO.dll (EagleGet.com) O8 - Extra context menu item: Download all with Free Download Manager - C:\Free Download Manager\dlall.htm () O8 - Extra context menu item: Download selected with Free Download Manager - C:\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Download video with Free Download Manager - C:\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Download with EagleGet - C:\Program Files (x86)\EagleGet\IEGraberBHO.dll (EagleGet.com) O8 - Extra context menu item: Download with Free Download Manager - C:\Free Download Manager\dllink.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: hola.org ([]http in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{815C647A-859B-4948-A0C8-45A54C64AC70}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FC2C987-DE2B-4957-9D11-45B98D0A7EE1}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FC2C987-DE2B-4957-9D11-45B98D0A7EE1}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE5D5A9E-C1DA-4F32-BEEE-7E8E003895E7}: DhcpNameServer = 192.168.0.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{391f5b17-a4b7-11e4-a801-002511a29cc9}\Shell - "" = AutoRun O33 - MountPoints2\{391f5b17-a4b7-11e4-a801-002511a29cc9}\Shell\AutoRun\command - "" = H:\DriverPackSolution.exe O33 - MountPoints2\{67701ae6-1045-11e5-a01c-7cdd905f62b1}\Shell - "" = AutoRun O33 - MountPoints2\{67701ae6-1045-11e5-a01c-7cdd905f62b1}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{f53e68a3-514c-11e5-b2b6-90fba600b44d}\Shell - "" = AutoRun O33 - MountPoints2\{f53e68a3-514c-11e5-b2b6-90fba600b44d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2016/01/03 21:04:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\winuser\Desktop\OTL.exe [2016/01/03 21:02:14 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeDownloadManager.ORG [2016/01/03 21:02:13 | 000,000,000 | ---D | C] -- C:\Users\winuser\AppData\Roaming\FreeDownloadManager.ORG [2016/01/03 21:02:13 | 000,000,000 | ---D | C] -- C:\Users\winuser\AppData\Roaming\Free Download Manager [2016/01/03 20:57:08 | 000,000,000 | ---D | C] -- C:\Free Download Manager [2016/01/03 18:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad Muncher [2016/01/03 18:08:35 | 000,560,760 | ---- | C] (Murray Hurps Software Pty Ltd) -- C:\Users\winuser\Desktop\AM-Install.exe [2016/01/03 17:45:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\PC Faster [2016/01/03 16:04:18 | 000,000,000 | ---D | C] -- C:\ca0f993fb5e4864d0f276b [2016/01/03 15:57:35 | 050,584,792 | ---- | C] (Microsoft Corporation) -- C:\Users\winuser\Desktop\Windows-KB890830-x64-V5.31.exe [2016/01/02 17:30:58 | 011,323,704 | ---- | C] (SurfRight B.V.) -- C:\Users\winuser\Desktop\HitmanPro_x64.exe [2016/01/02 17:21:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaMonkey [2016/01/02 17:21:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SeaMonkey [2016/01/02 16:17:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2016/01/02 16:17:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat [2016/01/01 16:05:27 | 000,462,848 | ---- | C] (WZT) -- C:\Users\winuser\Desktop\DWS_Lite.exe [2016/01/01 16:01:49 | 000,000,000 | ---D | C] -- C:\Users\winuser\Desktop\DWS [2016/01/01 15:56:49 | 000,000,000 | ---D | C] -- C:\Users\winuser\Desktop\Destroy Windows Spying {Final Version} [2016/01/01 12:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98} [2015/12/31 18:36:44 | 108,583,716 | ---- | C] (alch ) -- C:\Users\winuser\Desktop\clamwin-0.98.7-setup.exe [2015/12/31 18:24:22 | 005,503,236 | ---- | C] (Geeks3D ) -- C:\Users\winuser\Desktop\FurMark_1.17.0.0_Setup.exe [2015/12/31 17:38:05 | 000,000,000 | ---D | C] -- C:\Users\winuser\AppData\Roaming\QuickScan [2015/12/31 17:36:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender [2015/12/31 17:36:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bitdefender [2015/12/31 17:36:07 | 000,564,824 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys [2015/12/31 17:34:43 | 000,000,000 | ---D | C] -- C:\Users\winuser\AppData\Local\AviraResume [2015/12/27 19:04:16 | 000,000,000 | ---D | C] -- C:\Users\winuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kodi [2015/12/25 15:01:50 | 000,000,000 | ---D | C] -- C:\Users\winuser\Documents\omagh bombing_files [2015/12/25 14:11:41 | 006,805,328 | ---- | C] (Piriform Ltd) -- C:\Users\winuser\Desktop\ccsetup513.exe [2015/12/21 19:05:03 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll [2015/12/21 19:05:01 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll [2015/12/19 23:23:56 | 012,290,974 | ---- | C] (ImageWriter Developers ) -- C:\Users\winuser\Desktop\Win32DiskImager-0.9.5-install.exe [2015/12/19 20:01:58 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rcdnezrj.sys [2015/12/19 19:56:02 | 000,000,000 | ---D | C] -- C:\Users\winuser\AppData\Roaming\Opera Software [2015/12/19 19:56:02 | 000,000,000 | ---D | C] -- C:\Users\winuser\AppData\Local\Opera Software [2015/12/19 19:51:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera [2015/12/19 18:25:22 | 000,000,000 | ---D | C] -- C:\Users\winuser\Desktop\sf's budget proposals_files [2015/12/17 15:37:29 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin [2015/12/17 15:25:33 | 000,000,000 | ---D | C] -- C:\Users\winuser\AppData\Local\PopcornTimeDesktop [2015/12/17 13:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time 2 [2015/12/17 13:43:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Popcorn Time [2015/12/17 13:39:34 | 048,359,224 | ---- | C] (Popcorn Time ) -- C:\Users\winuser\Desktop\PopcornTime-latest.exe [2015/12/10 15:30:03 | 000,000,000 | ---D | C] -- C:\Users\winuser\Desktop\SpeedOf.Me, HTML5 Speed Test _ Non Flash_Java Broadband Speed Test_files [2015/12/09 10:59:51 | 000,802,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2015/12/09 10:59:48 | 003,170,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2015/12/09 10:59:48 | 000,709,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2015/12/09 10:59:48 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll [2015/12/09 10:59:48 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2015/12/09 10:59:48 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll [2015/12/09 10:59:48 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2015/12/09 10:59:48 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2015/12/09 10:59:48 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll [2015/12/09 10:59:48 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll [2015/12/09 10:59:48 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2015/12/09 10:59:48 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2015/12/09 10:59:48 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2015/12/09 10:59:48 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe [2015/12/09 10:59:48 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll [2015/12/09 10:59:48 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wu.upgrade.ps.dll [2015/12/09 10:59:25 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlsbres.dll [2015/12/09 10:59:25 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nlsbres.dll [2015/12/09 10:59:25 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kbdgeoqw.dll [2015/12/09 10:59:25 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDAZEL.DLL [2015/12/09 10:59:25 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDAZE.DLL [2015/12/09 10:59:25 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDAZE.DLL [2015/12/09 10:59:25 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kbdgeoqw.dll [2015/12/09 10:59:25 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDAZEL.DLL [2015/12/09 10:59:06 | 001,648,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2015/12/09 10:59:05 | 001,008,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll [2015/12/09 10:59:00 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rmcast.sys [2015/12/09 10:59:00 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshrm.dll [2015/12/09 10:59:00 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshrm.dll [2015/12/09 10:58:58 | 001,735,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comsvcs.dll [2015/12/09 10:58:58 | 000,525,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\catsrvut.dll [2015/12/09 10:58:57 | 001,242,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comsvcs.dll [2015/12/09 10:58:57 | 000,487,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\catsrvut.dll [2015/12/09 10:58:51 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe [2015/12/09 10:58:51 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2015/12/09 10:58:51 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll [2015/12/09 10:58:51 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll [2015/12/09 10:58:51 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2015/12/09 10:58:51 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2015/12/09 10:58:50 | 000,718,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2015/12/09 10:58:50 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2015/12/09 10:58:50 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll [2015/12/09 10:58:50 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2015/12/09 10:58:49 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll [2015/12/09 10:58:48 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2015/12/09 10:58:48 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2015/12/09 10:58:48 | 000,663,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2015/12/09 10:58:48 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2015/12/09 10:58:48 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2015/12/09 10:58:48 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll [2015/12/09 10:58:47 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2015/12/09 10:58:47 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2015/12/09 10:58:47 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2015/12/09 10:58:47 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2015/12/09 10:58:47 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2015/12/09 10:58:46 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2015/12/09 10:58:46 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2015/12/09 10:58:45 | 002,123,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2015/12/09 10:58:45 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2015/12/09 10:58:45 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2015/12/09 10:58:45 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2015/12/09 10:58:44 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2015/12/09 10:58:44 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2015/12/09 10:58:44 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2015/12/09 10:58:44 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2015/12/09 10:58:43 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2015/12/09 10:58:43 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2015/12/09 10:58:43 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2015/12/09 10:58:42 | 005,923,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2015/12/09 10:58:42 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2015/12/09 10:58:42 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2015/12/09 10:58:41 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2015/12/09 10:58:41 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll [2015/12/09 10:58:40 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2015/12/09 10:57:10 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\els.dll [2015/12/09 10:57:10 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\els.dll [5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2016/01/03 21:05:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\winuser\Desktop\OTL.exe [2016/01/03 20:57:11 | 000,000,690 | ---- | M] () -- C:\Users\winuser\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Download Manager.lnk [2016/01/03 20:57:11 | 000,000,666 | ---- | M] () -- C:\Users\winuser\Desktop\Free Download Manager.lnk [2016/01/03 20:49:41 | 000,014,448 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2016/01/03 20:49:41 | 000,014,448 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2016/01/03 20:41:51 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2016/01/03 20:41:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2016/01/03 20:40:57 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys [2016/01/03 20:39:58 | 000,008,362 | ---- | M] () -- C:\Windows\wininit.ini [2016/01/03 18:38:58 | 000,782,692 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2016/01/03 18:38:58 | 000,666,746 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2016/01/03 18:38:58 | 000,126,164 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2016/01/03 18:17:05 | 000,000,462 | ---- | M] () -- C:\Windows\tasks\KingSoft_201542918188.job [2016/01/03 18:08:28 | 000,560,760 | ---- | M] (Murray Hurps Software Pty Ltd) -- C:\Users\winuser\Desktop\AM-Install.exe [2016/01/03 17:52:19 | 000,001,344 | ---- | M] () -- C:\Users\winuser\Desktop\AdwCleaner[C1].zip [2016/01/03 17:32:11 | 001,745,920 | ---- | M] () -- C:\Users\winuser\Desktop\AdwCleaner.exe [2016/01/03 16:03:24 | 050,584,792 | ---- | M] (Microsoft Corporation) -- C:\Users\winuser\Desktop\Windows-KB890830-x64-V5.31.exe [2016/01/02 17:45:33 | 000,041,080 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys [2016/01/02 17:43:16 | 000,010,416 | ---- | M] () -- C:\Windows\SysNative\.crusader [2016/01/02 17:34:26 | 011,323,704 | ---- | M] (SurfRight B.V.) -- C:\Users\winuser\Desktop\HitmanPro_x64.exe [2016/01/02 17:21:41 | 000,001,966 | ---- | M] () -- C:\Users\winuser\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk [2016/01/02 17:21:41 | 000,001,942 | ---- | M] () -- C:\Users\Public\Desktop\SeaMonkey.lnk [2016/01/02 17:17:56 | 036,004,286 | ---- | M] () -- C:\Users\winuser\Desktop\SeaMonkey Setup 2.39.exe [2016/01/01 16:09:35 | 000,003,466 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2016/01/01 16:05:31 | 000,462,848 | ---- | M] (WZT) -- C:\Users\winuser\Desktop\DWS_Lite.exe [2016/01/01 16:00:40 | 000,001,052 | ---- | M] () -- C:\Users\winuser\Desktop\Destroy Windows Spying {Final Version} - Shortcut.lnk [2016/01/01 15:55:21 | 000,255,786 | ---- | M] () -- C:\Users\winuser\Desktop\Destroy Windows Spying {Final Version}.zip [2015/12/31 18:51:05 | 108,583,716 | ---- | M] (alch ) -- C:\Users\winuser\Desktop\clamwin-0.98.7-setup.exe [2015/12/31 18:25:06 | 005,503,236 | ---- | M] (Geeks3D ) -- C:\Users\winuser\Desktop\FurMark_1.17.0.0_Setup.exe [2015/12/31 17:38:35 | 000,094,004 | ---- | M] () -- C:\ProgramData\1451583486.bdinstall.bin [2015/12/31 17:36:07 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys [2015/12/31 17:24:30 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2015/12/31 17:24:30 | 000,001,716 | ---- | M] () -- C:\Users\Public\Desktop\TeraCopy.lnk [2015/12/31 17:24:30 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Popcorn Time.lnk [2015/12/31 17:24:30 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk [2015/12/31 17:24:30 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2015/12/31 17:24:30 | 000,001,051 | ---- | M] () -- C:\Users\Public\Desktop\Notepad++.lnk [2015/12/31 17:24:29 | 000,001,392 | ---- | M] () -- C:\Users\Public\Desktop\Kingsoft Writer.lnk [2015/12/31 17:24:29 | 000,001,392 | ---- | M] () -- C:\Users\Public\Desktop\Kingsoft Presentation.lnk [2015/12/31 17:24:29 | 000,001,377 | ---- | M] () -- C:\Users\Public\Desktop\Kingsoft Spreadsheets.lnk [2015/12/31 17:24:29 | 000,001,283 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube Downloader.lnk [2015/12/31 17:24:29 | 000,001,226 | ---- | M] () -- C:\Users\Public\Desktop\Media Player Classic Home Cinema.lnk [2015/12/31 17:24:29 | 000,001,222 | ---- | M] () -- C:\Users\Public\Desktop\IObit Uninstaller.lnk [2015/12/31 17:24:29 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\Kingsoft Antivirus.lnk [2015/12/31 17:24:29 | 000,001,056 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2015/12/31 17:24:29 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\EagleGet.lnk [2015/12/31 17:24:28 | 000,002,117 | ---- | M] () -- C:\Users\Public\Desktop\Baidu Browser.lnk [2015/12/31 17:24:28 | 000,001,978 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk [2015/12/31 17:24:28 | 000,001,772 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2015/12/31 17:24:28 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2015/12/31 17:23:57 | 000,001,437 | ---- | M] () -- C:\Users\winuser\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2015/12/31 17:23:57 | 000,000,290 | ---- | M] () -- C:\Users\winuser\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2015/12/31 17:23:57 | 000,000,272 | ---- | M] () -- C:\Users\winuser\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk [2015/12/31 17:23:56 | 000,008,100 | ---- | M] () -- C:\Users\winuser\Desktop\JetClean - Shortcut.lnk [2015/12/31 17:23:56 | 000,003,127 | ---- | M] () -- C:\Users\winuser\Desktop\Readon TV Movie Radio Player.lnk [2015/12/31 17:23:56 | 000,002,212 | ---- | M] () -- C:\Users\winuser\Application Data\Microsoft\Internet Explorer\Quick Launch\Baidu Browser.lnk [2015/12/31 17:23:56 | 000,002,195 | ---- | M] () -- C:\Users\winuser\Desktop\Watch The.Flintstones.and.WWE.Stone.Age.Smackdown.2015.BRRip.XviD.AC3-EVO online _ MovShare - Shortcut.lnk [2015/12/31 17:23:56 | 000,001,956 | ---- | M] () -- C:\Users\winuser\Application Data\Microsoft\Internet Explorer\Quick Launch\FilmOn HDi Player.lnk [2015/12/31 17:23:56 | 000,001,932 | ---- | M] () -- C:\Users\winuser\Desktop\FilmOn HDi Player.lnk [2015/12/31 17:23:56 | 000,001,742 | ---- | M] () -- C:\Users\winuser\Desktop\openvix-3.2.016.release-gb800seplus_usb - Shortcut.lnk [2015/12/31 17:23:56 | 000,001,555 | ---- | M] () -- C:\Users\winuser\Desktop\Watch The.Flintstones.and.WWE.Stone.Age.Smackdown.2015.BRRip.XviD.AC3-EVO online _ MovShare - Shortcut (2).lnk [2015/12/31 17:23:56 | 000,001,313 | ---- | M] () -- C:\Users\winuser\Application Data\Microsoft\Internet Explorer\Quick Launch\Free YouTube Downloader.lnk [2015/12/31 17:23:56 | 000,001,012 | ---- | M] () -- C:\Users\winuser\Desktop\detekt - Shortcut.lnk [2015/12/31 17:23:56 | 000,001,009 | ---- | M] () -- C:\Users\winuser\Desktop\Internet Download Manager.lnk [2015/12/31 17:23:55 | 000,002,298 | ---- | M] () -- C:\Users\winuser\Desktop\callerys cell mate - Shortcut.lnk [2015/12/31 17:23:42 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2015/12/31 16:07:59 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2015/12/30 19:03:56 | 000,000,123 | ---- | M] () -- C:\Users\winuser\Desktop\Unicrack.com.url [2015/12/29 13:25:48 | 000,000,164 | ---- | M] () -- C:\Windows\SysWow64\pluginbarseq.json [2015/12/28 16:18:10 | 071,111,070 | ---- | M] () -- C:\Users\winuser\Desktop\2b750e9f523a1ca7d98bb66e0a19ea0e.exe [2015/12/27 19:03:31 | 150,457,168 | ---- | M] () -- C:\Users\winuser\Desktop\media.zip [2015/12/25 15:01:50 | 000,115,316 | ---- | M] () -- C:\Users\winuser\Documents\omagh bombing.html [2015/12/25 14:12:45 | 006,805,328 | ---- | M] (Piriform Ltd) -- C:\Users\winuser\Desktop\ccsetup513.exe [2015/12/23 14:03:50 | 000,000,374 | ---- | M] () -- C:\Users\Public\Documents\KINGSTON (E) - Shortcut.lnk [2015/12/23 14:03:28 | 000,000,374 | ---- | M] () -- C:\Users\winuser\Documents\KINGSTON (E) - Shortcut.lnk [2015/12/22 17:09:50 | 000,000,439 | -H-- | M] () -- C:\Users\winuser\.swfinfo [2015/12/19 23:25:48 | 012,290,974 | ---- | M] (ImageWriter Developers ) -- C:\Users\winuser\Desktop\Win32DiskImager-0.9.5-install.exe [2015/12/19 20:01:58 | 000,055,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rcdnezrj.sys [2015/12/19 18:25:22 | 000,124,042 | ---- | M] () -- C:\Users\winuser\Desktop\sf's budget proposals.html [2015/12/17 13:41:32 | 048,359,224 | ---- | M] (Popcorn Time ) -- C:\Users\winuser\Desktop\PopcornTime-latest.exe [2015/12/10 15:30:03 | 000,716,583 | ---- | M] () -- C:\Users\winuser\Desktop\SpeedOf.Me, HTML5 Speed Test _ Non Flash_Java Broadband Speed Test.html [2015/12/10 09:38:53 | 000,295,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2015/12/05 12:15:26 | 000,167,223 | ---- | M] () -- C:\Users\winuser\Desktop\loose-peruvian-paddington-bear-rescued-183718417.html [5 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2016/01/03 20:57:11 | 000,000,690 | ---- | C] () -- C:\Users\winuser\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Download Manager.lnk [2016/01/03 20:57:11 | 000,000,666 | ---- | C] () -- C:\Users\winuser\Desktop\Free Download Manager.lnk [2016/01/03 17:52:19 | 000,001,344 | ---- | C] () -- C:\Users\winuser\Desktop\AdwCleaner[C1].zip [2016/01/03 17:32:05 | 001,745,920 | ---- | C] () -- C:\Users\winuser\Desktop\AdwCleaner.exe [2016/01/02 17:45:33 | 000,041,080 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys [2016/01/02 17:43:16 | 000,010,416 | ---- | C] () -- C:\Windows\SysNative\.crusader [2016/01/02 17:21:41 | 000,001,966 | ---- | C] () -- C:\Users\winuser\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk [2016/01/02 17:21:41 | 000,001,942 | ---- | C] () -- C:\Users\Public\Desktop\SeaMonkey.lnk [2016/01/02 17:14:04 | 036,004,286 | ---- | C] () -- C:\Users\winuser\Desktop\SeaMonkey Setup 2.39.exe [2016/01/01 16:00:40 | 000,001,052 | ---- | C] () -- C:\Users\winuser\Desktop\Destroy Windows Spying {Final Version} - Shortcut.lnk [2016/01/01 15:55:17 | 000,255,786 | ---- | C] () -- C:\Users\winuser\Desktop\Destroy Windows Spying {Final Version}.zip [2015/12/31 17:38:35 | 000,094,004 | ---- | C] () -- C:\ProgramData\1451583486.bdinstall.bin [2015/12/31 17:23:42 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2015/12/30 19:03:56 | 000,000,123 | ---- | C] () -- C:\Users\winuser\Desktop\Unicrack.com.url [2015/12/28 16:10:40 | 071,111,070 | ---- | C] () -- C:\Users\winuser\Desktop\2b750e9f523a1ca7d98bb66e0a19ea0e.exe [2015/12/26 19:21:06 | 150,457,168 | ---- | C] () -- C:\Users\winuser\Desktop\media.zip [2015/12/25 15:01:47 | 000,115,316 | ---- | C] () -- C:\Users\winuser\Documents\omagh bombing.html [2015/12/23 14:03:50 | 000,000,374 | ---- | C] () -- C:\Users\Public\Documents\KINGSTON (E) - Shortcut.lnk [2015/12/23 14:03:28 | 000,000,374 | ---- | C] () -- C:\Users\winuser\Documents\KINGSTON (E) - Shortcut.lnk [2015/12/19 18:25:18 | 000,124,042 | ---- | C] () -- C:\Users\winuser\Desktop\sf's budget proposals.html [2015/12/17 13:43:21 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Popcorn Time.lnk [2015/12/10 15:30:02 | 000,716,583 | ---- | C] () -- C:\Users\winuser\Desktop\SpeedOf.Me, HTML5 Speed Test _ Non Flash_Java Broadband Speed Test.html [2015/12/05 12:15:24 | 000,167,223 | ---- | C] () -- C:\Users\winuser\Desktop\loose-peruvian-paddington-bear-rescued-183718417.html [2015/11/29 18:47:30 | 000,000,439 | -H-- | C] () -- C:\Users\winuser\.swfinfo [2015/11/09 14:38:18 | 000,000,122 | ---- | C] () -- C:\Windows\ProcessKO.ini [2015/08/14 21:27:39 | 000,000,146 | ---- | C] () -- C:\Windows\ODBC.INI [2015/07/14 15:24:38 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2015/05/22 19:35:43 | 000,007,598 | ---- | C] () -- C:\Users\winuser\AppData\Local\Resmon.ResmonCfg [2015/05/06 12:01:06 | 000,008,362 | ---- | C] () -- C:\Windows\wininit.ini [2015/05/06 09:45:33 | 000,033,512 | ---- | C] () -- C:\Windows\SysWow64\drivers\TrueSight.sys [2015/04/25 15:40:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2015/04/25 14:26:02 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2015/04/25 14:25:57 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2015/04/25 14:25:56 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2015/04/25 14:25:25 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe [2015/04/25 14:25:25 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe [2015/01/25 18:00:16 | 000,766,210 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2015/08/06 18:04:07 | 014,176,768 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2015/08/06 17:44:51 | 012,875,776 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 172 bytes -> C:\Program Files\DreamboxPlayer:{34005800-6200-6200-4B00-370052007500} < End of report >


  • Registered Users, Registered Users 2 Posts: 840 ✭✭✭jsa112


    try this, boot into safe mode and try uninstall it with iobit or ccleaner. chances are it wont allow itself be removed in normal mode


  • Registered Users, Registered Users 2 Posts: 6,710 ✭✭✭flutered


    jsa112 wrote: »
    try this, boot into safe mode and try uninstall it with iobit or ccleaner. chances are it wont allow itself be removed in normal mode

    hi op, that worked a very large thank you


  • Registered Users, Registered Users 2 Posts: 69 ✭✭bside29


    Just remove it using IOBIT Uninstaller or REVO to force uninstall. You can also try to uninstall via safe mode with networking. That should do it.


  • Advertisement
Advertisement