Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2017
Ran by Anderson (administrator) on THALES (22-02-2017 20:17:30)
Running from C:\Users\Anderson\Downloads
Loaded Profiles: Anderson (Available Profiles: Anderson & thali & thale)
Platform: Windows 10 Pro Version 1607 (X64) Language: Inglês (Estados Unidos)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
() C:\ProgramData\NetworkPacketManitor\Nettrans.exe
(Microsoft Corporation) C:\Program Files\XBox\XBLive.exe
(Microsoft Corporation) C:\ProgramData\Windows Security\winsecurity.exe
() C:\Users\Anderson\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe
() C:\ProgramData\Logic Handler\set.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
() C:\Users\Anderson\AppData\Roaming\Event Monitor\em.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(B2QN) C:\Program Files\PKODETF5N0\KZ5K5X5OH.exe
(B2QN) C:\Program Files\4Q55IOK0OX\4Q55IOK0O.exe
(B2QN) C:\Program Files\J512JCQTE7\J512JCQTE.exe
(B2QN) C:\Program Files\DYLJXNRV1Z\DYLJXNRV1.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\ProgramData\AppxelfmuzyaH\AppxelfmuzyaH.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1298314804-3398324407-510087451-1001\...\Run: [ePgZRjLj1Y.exe] => C:\ProgramData\{a6b-70-1a-6f493-bc047-ec05-90e1d}\ePgZRjLj1Y.exe -r1_1 -r2_1
HKU\S-1-5-21-1298314804-3398324407-510087451-1001\...\Run: [WlZlqQmYvn.exe] => C:\ProgramData\{a6b-70-1a-6f493-bc047-ec05-90e1d}\WlZlqQmYvn.exe 1 1
HKU\S-1-5-21-1298314804-3398324407-510087451-1001\...\Run: [40672278-7a24-4392-87e4-7b9a64009bf0] => C:\Program Files\PKODETF5N0\KZ5K5X5OH.exe [850432 2017-02-22] (B2QN)
HKU\S-1-5-21-1298314804-3398324407-510087451-1001\...\Run: [b83d4260-0a27-4ec4-9750-af179093a740] => C:\Program Files\4Q55IOK0OX\4Q55IOK0O.exe [850432 2017-02-22] (B2QN)
HKU\S-1-5-21-1298314804-3398324407-510087451-1001\...\Run: [432fe699-8277-4a3a-b04e-db9d82010a10] => C:\Program Files\J512JCQTE7\J512JCQTE.exe [850432 2017-02-22] (B2QN)
HKU\S-1-5-21-1298314804-3398324407-510087451-1001\...\Run: [d718c67f-8ba7-45a5-a885-46e565d7abc4] => "C:\Program Files (x86)\BeCleaner\OUTDP.exe"
HKU\S-1-5-21-1298314804-3398324407-510087451-1001\...\Run: [5123cff2-7eff-467f-a34a-0ad6cf47926e] => C:\Program Files\DYLJXNRV1Z\DYLJXNRV1.exe [850432 2017-02-22] (B2QN)
HKU\S-1-5-18\...\Run: [] => [X]
HKLM\...\Providers\b9m7cnt2: C:\Program Files (x86)\Droheseruces Configuration\local64spl.dll [308736 2017-02-21] ()
AppInit_DLLs: C:\ProgramData\AppxelfmuzyaH\KeyIty.dll => C:\ProgramData\AppxelfmuzyaH\KeyIty.dll [358912 2017-02-22] ()
AppInit_DLLs-x32: C:\ProgramData\AppxelfmuzyaH\Tampcore.dll => C:\ProgramData\AppxelfmuzyaH\Tampcore.dll [248320 2017-02-22] ()
ShellExecuteHooks: No Name - {5705D9EC-F447-11E6-9C1B-64006A5CFC23} - C:\Program Files (x86)\Witlyanipipy\Reutatainvefuch.dll [145920 2017-02-21] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-1298314804-3398324407-510087451-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-1298314804-3398324407-510087451-1001] => http=127.0.0.1:8080;https=127.0.0.1:8080
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{c1e709e3-47e8-44ab-badc-b6e16e3b2de4}: [DhcpNameServer] 192.168.1.1 192.168.1.1
ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.123rede.com?oem=sv1&uid=Z2A45TTA_ST3250318AS&tm=1487724634
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.123rede.com?oem=sv1&uid=Z2A45TTA_ST3250318AS&tm=1487724634
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.123rede.com?oem=sv1&uid=Z2A45TTA_ST3250318AS&tm=1487724634
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.123rede.com?oem=sv1&uid=Z2A45TTA_ST3250318AS&tm=1487724634
HKU\S-1-5-21-1298314804-3398324407-510087451-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBKhl918K0qpwZ-oHt-8W_BcHInbYTtkqKeWXMBIjANy1rdw1hy6GaSDTLJdUl4NZ0yaEjydWmyoT0flG8JlJoE-focgrlESM0a2K5wazZGqZJnkC6OxEyKtuAH_n0zZ9SKEjzskjCTx2sodziPUl5wbuo6ZnzsvV-8visgAI4hnTmF4m-rkGfz_yI,&q={searchTerms}
HKU\S-1-5-21-1298314804-3398324407-510087451-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBKhl918K0qpwZ-oHt-8W_BcHInbYTtkqKeWXMBIjANy1rdw1hy6GaSDTLJdUl4NZ0yaEjydWmyoT0flG8JlJoE-focgrWkINMAxSO7_m_8h8Rzf6_DNB_pnQdqQVDazGL2vrmIUGxSjoSy97FDHUhaSWBUww-ZQ0awYdBeDpJ1jnc4fimdYO8oALE,
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBKhl918K0qpwZ-oHt-8W_BcHInbYTtkqKeWXMBIjANy1rdw1hy6GaSDTLJdUl4NZ0yaEjydWmyoT0flG8JlJoE-focgrlESM0a2K5wazZGqZJnkC6OxEyKtuAH_n0zZ9SKEjzskjCTx2sodziPUl5wbuo6ZnzsvV-8visgAI4hnTmF4m-rkGfz_yI,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1298314804-3398324407-510087451-1001 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBKhl918K0qpwZ-oHt-8W_BcHInbYTtkqKeWXMBIjANy1rdw1hy6GaSDTLJdUl4NZ0yaEjydWmyoT0flG8JlJoE-focgrlESM0a2K5wazZGqZJnkC6OxEyKtuAH_n0zZ9SKEjzskjCTx2sodziPUl5wbuo6ZnzsvV-8visgAI4hnTmF4m-rkGfz_yI,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1298314804-3398324407-510087451-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBKhl918K0qpwZ-oHt-8W_BcHInbYTtkqKeWXMBIjANy1rdw1hy6GaSDTLJdUl4NZ0yaEjydWmyoT0flG8JlJoE-focgrlESM0a2K5wazZGqZJnkC6OxEyKtuAH_n0zZ9SKEjzskjCTx2sodziPUl5wbuo6ZnzsvV-8visgAI4hnTmF4m-rkGfz_yI,&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-08] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-08] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-02-06] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-06] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-06] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-02-06] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-06] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-02-06] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-06] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-02-06] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-06] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-02-06] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe www.123rede.com?oem=sv1&uid=Z2A45TTA_ST3250318AS&tm=1487724634
FireFox:
========
FF DefaultProfile: 0t0ct6af.default
FF ProfilePath: C:\Users\Anderson\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\0t0ct6af.default\Profiles\0t0ct6af.default [not found]
FF ProfilePath: C:\Users\Anderson\AppData\Roaming\Mozilla\Firefox\Profiles\0t0ct6af.default [2017-02-22]
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-08] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-02-06] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-02-06] (Microsoft Corporation)
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe www.123rede.com?oem=sv1&uid=Z2A45TTA_ST3250318AS&tm=1487724634
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AppxelfmuzyaH; C:\ProgramData\\AppxelfmuzyaH\\AppxelfmuzyaH.exe [981504 2017-02-23] () [File not signed]
R2 backlh; C:\ProgramData\Logic Handler\set.exe [3786752 2017-02-22] () [File not signed]
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [486936 2016-12-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [470552 2016-12-13] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [511512 2016-12-13] (BlueStack Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3702472 2017-01-29] (Microsoft Corporation)
R2 Nettrans; C:\ProgramData\NetworkPacketManitor\Nettrans.exe [43520 2017-02-23] () [File not signed]
R2 OtherSearch; C:\Program Files (x86)\Jw9pwwRWvo\kl.dll [467456 2017-02-21] () [File not signed] <==== ATTENTION
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WindowsSecurity; C:\ProgramData\Windows Security\winsecurity.exe [1264640 2017-01-16] (Microsoft Corporation) [File not signed] <==== ATTENTION
R2 WMPNetworkAcSvc; C:\Users\Anderson\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe [5091840 2016-11-10] () [File not signed] <==== ATTENTION
R2 XBox; C:\Program Files\XBox\XBLive.exe [7068160 2017-02-14] (Microsoft Corporation) [File not signed]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-12-13] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-11-08] (Bluestack System Inc. )
R3 e1cexpress; C:\WINDOWS\system32\DRIVERS\e1c63x64.sys [452432 2012-11-02] (Intel Corporation)
R1 Lace514; C:\WINDOWS\System32\drivers\Lace_wpf_x64.sys [69400 2017-02-09] (Lace514)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-22 20:17 - 2017-02-22 20:18 - 00015759 _____ C:\Users\Anderson\Downloads\FRST.txt
2017-02-22 20:17 - 2017-02-22 20:17 - 00000000 ____D C:\FRST
2017-02-22 20:16 - 2017-02-22 20:16 - 02423296 _____ (Farbar) C:\Users\Anderson\Downloads\FRST64.exe
2017-02-22 20:13 - 2017-02-22 20:18 - 00000000 ____D C:\ProgramData\AppxelfmuzyaH
2017-02-22 20:13 - 2017-02-22 20:13 - 00002395 _____ C:\WINDOWS\SysWOW64\findit.xml
2017-02-22 20:13 - 2017-02-22 20:13 - 00000000 ____D C:\ProgramData\AppxelfmuzyaHs
2017-02-22 20:07 - 2017-02-22 20:07 - 00002052 _____ C:\WINDOWS\System32\Tasks\apqTet5AQU
2017-02-22 20:04 - 2017-02-22 20:07 - 00000000 ____D C:\Program Files (x86)\Jw9pwwRWvo
2017-02-22 19:58 - 2017-02-22 19:58 - 00000000 ____D C:\Users\Anderson\AppData\Roaming\Hetuentgrahs
2017-02-22 19:54 - 2017-02-22 19:54 - 00000000 ____D C:\Users\Anderson\AppData\Roaming\Coerbotain
2017-02-22 19:53 - 2017-02-22 19:53 - 00003716 _____ C:\WINDOWS\System32\Tasks\{753DB872-71B3-4AEC-8614-5524748E3117}
2017-02-22 19:48 - 2017-02-22 19:48 - 00000000 ____D C:\Program Files\DYLJXNRV1Z
2017-02-22 19:45 - 2017-02-22 19:45 - 00000000 ____D C:\ProgramData\Logic Handler
2017-02-22 19:44 - 2017-02-22 20:13 - 00000000 ____D C:\ProgramData\NetworkPacketManitor
2017-02-22 19:44 - 2017-02-22 19:44 - 07291904 _____ C:\Users\Anderson\AppData\Roaming\agent.dat
2017-02-22 19:44 - 2017-02-22 19:44 - 01938533 _____ C:\Users\Anderson\AppData\Roaming\Domdox.bin
2017-02-22 19:44 - 2017-02-22 19:44 - 01895568 _____ C:\Users\Anderson\AppData\Roaming\Freshnix.tst
2017-02-22 19:44 - 2017-02-22 19:44 - 00278518 _____ C:\Users\Anderson\AppData\Roaming\Zimdax.bin
2017-02-22 19:44 - 2017-02-22 19:44 - 00126464 _____ C:\Users\Anderson\AppData\Roaming\noah.dat
2017-02-22 19:44 - 2017-02-22 19:44 - 00070752 _____ C:\Users\Anderson\AppData\Roaming\Config.xml
2017-02-22 19:44 - 2017-02-22 19:44 - 00018432 _____ C:\Users\Anderson\AppData\Roaming\Main.dat
2017-02-22 19:44 - 2017-02-22 19:44 - 00006106 _____ C:\WINDOWS\System32\Tasks\Ittckoherly Core
2017-02-22 19:44 - 2017-02-22 19:44 - 00005568 _____ C:\Users\Anderson\AppData\Roaming\md.xml
2017-02-22 19:44 - 2017-02-22 19:44 - 00000000 ____D C:\Users\Public\Documents\Tools
2017-02-22 19:44 - 2017-02-22 19:44 - 00000000 ____D C:\Users\Public\Documents\Guid
2017-02-22 19:44 - 2017-02-22 19:44 - 00000000 ____D C:\Users\Public\Documents\Baidu
2017-02-22 19:44 - 2017-02-22 19:44 - 00000000 ____D C:\Users\Anderson\AppData\Local\Lcogeqamuk
2017-02-22 19:44 - 2017-02-22 19:44 - 00000000 ____D C:\Program Files (x86)\Plowiseprunoght
2017-02-22 19:44 - 2017-02-22 19:44 - 00000000 ____D C:\Program Files (x86)\Ittckoherly Core
2017-02-22 19:44 - 2017-02-22 19:43 - 00981504 _____ C:\Users\Anderson\AppData\Roaming\Freshnix.exe
2017-02-22 19:43 - 2017-02-22 20:07 - 00000002 _____ C:\END
2017-02-22 19:43 - 2017-02-22 19:58 - 00000000 ____D C:\Program Files (x86)\BeCleaner
2017-02-22 19:43 - 2017-02-22 19:43 - 00140288 _____ C:\Users\Anderson\AppData\Roaming\Installer.dat
2017-02-22 19:43 - 2017-02-22 19:43 - 00016080 _____ C:\Users\Anderson\AppData\Roaming\InstallationConfiguration.xml
2017-02-22 19:43 - 2017-02-22 19:43 - 00000000 ____D C:\Program Files\J512JCQTE7
2017-02-22 19:42 - 2017-02-22 20:04 - 00003112 _____ C:\WINDOWS\System32\Tasks\RunAtStartup
2017-02-22 19:42 - 2017-02-22 20:04 - 00000000 ____D C:\Users\Anderson\AppData\Roaming\Event Monitor
2017-02-22 19:42 - 2017-02-22 20:03 - 00000000 ____D C:\Program Files (x86)\pccleanplus
2017-02-22 19:42 - 2017-02-22 19:43 - 00000000 ____D C:\Users\Anderson\AppData\LocalLow\Mozilla
2017-02-22 19:42 - 2017-02-22 19:43 - 00000000 ____D C:\Program Files\4Q55IOK0OX
2017-02-22 19:42 - 2017-02-22 19:42 - 00000000 ____D C:\Users\Anderson\AppData\Roaming\Mozilla
2017-02-22 19:42 - 2017-02-22 19:42 - 00000000 ____D C:\Users\Anderson\AppData\Local\Mozilla
2017-02-22 19:42 - 2017-02-22 19:42 - 00000000 ____D C:\Program Files\PKODETF5N0
2017-02-21 21:50 - 2017-02-21 21:50 - 00000000 ____D C:\Users\Anderson\AppData\Roaming\excdir
2017-02-21 21:48 - 2017-02-21 21:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-02-21 21:48 - 2017-02-21 21:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-02-21 21:46 - 2017-02-22 19:55 - 00000000 ____D C:\WINDOWS\system32\SSL
2017-02-21 21:46 - 2017-02-21 22:10 - 00000388 ____H C:\WINDOWS\Tasks\Traffic Exchange Updater.job
2017-02-21 21:46 - 2017-02-21 22:10 - 00000346 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job
2017-02-21 21:46 - 2017-02-21 22:10 - 00000346 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job
2017-02-21 21:46 - 2017-02-21 22:10 - 00000346 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job
2017-02-21 21:46 - 2017-02-21 22:10 - 00000336 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job
2017-02-21 21:46 - 2017-02-21 22:10 - 00000336 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job
2017-02-21 21:46 - 2017-02-21 22:10 - 00000336 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job
2017-02-21 21:46 - 2017-02-21 21:46 - 00003708 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Guardian
2017-02-21 21:46 - 2017-02-21 21:46 - 00003702 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Guard
2017-02-21 21:46 - 2017-02-21 21:46 - 00003690 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange
2017-02-21 21:46 - 2017-02-21 21:46 - 00003276 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Updater
2017-02-21 21:46 - 2017-02-21 21:46 - 00003238 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 3
2017-02-21 21:46 - 2017-02-21 21:46 - 00003238 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 2
2017-02-21 21:46 - 2017-02-21 21:46 - 00003238 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 1
2017-02-21 21:46 - 2017-02-21 21:46 - 00003224 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 3
2017-02-21 21:46 - 2017-02-21 21:46 - 00003224 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 2
2017-02-21 21:46 - 2017-02-21 21:46 - 00003224 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 1
2017-02-21 21:46 - 2017-02-21 21:46 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-02-21 21:46 - 2017-02-21 21:46 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-02-21 21:46 - 2017-02-21 21:46 - 00000000 ____D C:\Program Files (x86)\Microleaves
2017-02-21 21:45 - 2017-02-22 20:08 - 00000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2017-02-21 21:45 - 2017-02-22 20:08 - 00000000 ____D C:\Users\Anderson\AppData\Roaming\WMPNetworkAcSvc
2017-02-21 21:45 - 2017-02-21 21:46 - 00000000 ____D C:\Users\Anderson\AppData\Roaming\Microleaves
2017-02-21 21:45 - 2017-02-21 21:45 - 00006196 _____ C:\WINDOWS\System32\Tasks\Droheseruces Configuration
2017-02-21 21:45 - 2017-02-21 21:45 - 00005112 _____ C:\WINDOWS\System32\Tasks\Therlitain
2017-02-21 21:45 - 2017-02-21 21:45 - 00000000 ____D C:\Users\Anderson\AppData\Local\Coidosecemodom
2017-02-21 21:45 - 2017-02-21 21:45 - 00000000 ____D C:\Program Files\XBox
2017-02-21 21:45 - 2017-02-21 21:45 - 00000000 ____D C:\Program Files (x86)\Witlyanipipy
2017-02-21 21:45 - 2017-02-21 21:45 - 00000000 ____D C:\Program Files (x86)\Droheseruces Configuration
2017-02-21 21:44 - 2017-02-21 21:45 - 00000000 ____D C:\ProgramData\Windows Security
2017-02-21 21:42 - 2017-02-21 21:53 - 00000000 ____D C:\ProgramData\VCE Exam Simulator
2017-02-21 21:42 - 2017-02-21 21:42 - 00001181 _____ C:\Users\Public\Desktop\VCE Designer Demo.lnk
2017-02-21 21:42 - 2017-02-21 21:42 - 00001169 _____ C:\Users\Public\Desktop\VCE Player Demo.lnk
2017-02-21 21:42 - 2017-02-21 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VCE Exam Simulator Demo
2017-02-21 21:42 - 2017-02-21 21:42 - 00000000 ____D C:\Program Files (x86)\VCE Exam Simulator Demo
2017-02-21 21:40 - 2017-02-21 21:40 - 16865432 _____ C:\Users\Anderson\Downloads\vce_exam_simulator_demo_setup.zip
2017-02-21 21:34 - 2017-02-21 21:35 - 01800192 _____ C:\Users\Anderson\Downloads\VCE Exam Simulator 2-3-2 Crack.iso
2017-02-21 21:33 - 2017-02-21 21:33 - 05740849 _____ C:\Users\Anderson\Downloads\gratisexam.com-Cisco.PracticeTest.300-115.v2016-07-08.by.Alexander.163q.vce
2017-02-20 21:15 - 2017-02-20 21:15 - 00000000 ____D C:\Users\Anderson\Documents\Custom Office Templates
2017-02-20 21:08 - 2017-02-21 20:50 - 00000000 ____D C:\Users\Anderson\Documents\Uninter
2017-02-17 18:05 - 2017-02-17 18:05 - 03225275 _____ C:\WINDOWS\36d7c39c19004c470a0e20f6792ff60b.exe
2017-02-09 06:03 - 2017-02-09 06:03 - 00069400 _____ (Lace514) C:\WINDOWS\system32\Drivers\Lace_wpf_x64.sys
2017-02-08 20:17 - 2017-02-08 20:17 - 00000000 ____D C:\Users\Anderson\Downloads\10-02_legacy_vista32-64_dd_ccc
2017-02-08 17:03 - 2017-02-08 17:04 - 00000000 ____D C:\Users\Anderson\Downloads\Chipset_Driver_DGVN0_WN_7.1.52.1176_A04
2017-02-08 17:03 - 2017-02-08 17:03 - 00000000 ____D C:\Users\Anderson\AppData\Local\Dell
2017-02-08 16:57 - 2017-02-08 16:57 - 00000000 ____D C:\Users\Anderson\AppData\LocalLow\Oracle
2017-02-07 11:38 - 2017-02-07 11:38 - 00000000 ____D C:\Users\thali\AppData\Roaming\Sun
2017-02-07 11:38 - 2017-02-07 11:38 - 00000000 ____D C:\Users\thali\AppData\LocalLow\Sun
2017-02-06 19:58 - 2017-02-06 19:58 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-02-06 14:10 - 2017-02-06 14:10 - 00000000 ____D C:\Users\Anderson\AppData\Roaming\Sun
2017-02-06 14:10 - 2017-02-06 14:10 - 00000000 ____D C:\Users\Anderson\AppData\LocalLow\Sun
2017-01-29 22:00 - 2016-12-21 04:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-29 22:00 - 2016-12-21 01:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-22 20:13 - 2017-01-09 21:40 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-22 20:13 - 2017-01-09 21:40 - 00001228 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-22 20:10 - 2016-07-16 08:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-22 20:10 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-22 20:07 - 2016-12-16 20:52 - 00416800 _____ C:\WINDOWS\system32\prfh0416.dat
2017-02-22 20:07 - 2016-12-16 20:52 - 00084926 _____ C:\WINDOWS\system32\prfc0416.dat
2017-02-22 20:07 - 2016-12-16 20:23 - 01440496 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-22 20:03 - 2016-12-16 20:19 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-22 20:02 - 2016-07-16 03:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-02-22 10:41 - 2017-01-16 14:09 - 00000000 ____D C:\Users\thale\AppData\Local\Troubleshooter
2017-02-21 22:19 - 2016-07-16 08:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-21 22:13 - 2017-01-09 21:58 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-02-21 21:53 - 2016-12-16 20:10 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-21 17:58 - 2017-01-15 20:14 - 00000000 ___RD C:\Users\thali\OneDrive
2017-02-20 21:56 - 2017-01-09 21:58 - 00000570 _____ C:\Users\thale\AppData\Local\TroubleshooterConfig.json
2017-02-19 11:52 - 2017-01-09 18:41 - 00000000 ____D C:\Users\thale
2017-02-18 22:58 - 2017-01-09 21:53 - 00000000 ____D C:\Users\thale\AppData\LocalLow\Mozilla
2017-02-10 12:18 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\system32\AppLocker
2017-02-09 09:11 - 2016-07-16 08:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-08 21:26 - 2016-07-16 11:15 - 00000000 ____D C:\WINDOWS\OCR
2017-02-08 17:01 - 2017-01-09 19:06 - 00000000 ____D C:\ProgramData\Oracle
2017-02-08 17:01 - 2017-01-09 19:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-08 17:01 - 2017-01-09 19:06 - 00000000 ____D C:\Program Files\Java
2017-02-08 17:00 - 2017-01-09 19:06 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-02-08 16:58 - 2007-01-06 00:20 - 00014256 _____ C:\WINDOWS\system32\Drivers\ativvpxx.vp
2017-02-08 16:58 - 2007-01-05 23:34 - 03107788 _____ C:\WINDOWS\SysWOW64\atiumdva.dat
2017-02-08 16:58 - 2007-01-05 23:34 - 03107788 _____ C:\WINDOWS\system32\atiumd6a.dat
2017-02-08 16:58 - 2006-08-24 05:26 - 00655825 _____ C:\WINDOWS\system32\Drivers\ativcaxx.cpa
2017-02-08 16:58 - 2006-08-24 05:26 - 00002096 _____ C:\WINDOWS\system32\Drivers\ativpkxx.vp
2017-02-08 16:58 - 2006-08-24 05:26 - 00002096 _____ C:\WINDOWS\system32\Drivers\ativokxx.vp
2017-02-08 16:58 - 2006-08-24 05:26 - 00002096 _____ C:\WINDOWS\system32\Drivers\ativdkxx.vp
2017-02-08 16:58 - 2006-08-24 05:26 - 00000929 _____ C:\WINDOWS\system32\Drivers\ativcaxx.vp
2017-02-07 11:33 - 2017-01-15 20:14 - 00002405 _____ C:\Users\thali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-07 11:32 - 2017-01-15 20:11 - 00000000 ____D C:\Users\thali\AppData\Local\Packages
2017-02-06 19:58 - 2016-07-16 08:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-02-06 19:58 - 2016-07-16 08:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-02-06 19:56 - 2017-01-09 20:22 - 00000000 ____D C:\Program Files\Microsoft Office
2017-02-06 18:50 - 2017-01-09 21:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-06 18:50 - 2017-01-09 21:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-06 14:05 - 2016-12-16 20:34 - 00003278 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-06 14:05 - 2016-12-16 20:33 - 00002414 _____ C:\Users\Anderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-06 14:05 - 2016-12-16 19:00 - 00000000 __RDO C:\Users\Anderson\SkyDrive
2017-01-30 07:50 - 2017-01-18 21:24 - 00000000 ____D C:\Users\thale\AppData\Roaming\uTorrent
==================== Files in the root of some directories =======
2017-02-22 19:44 - 2017-02-22 19:44 - 7291904 _____ () C:\Users\Anderson\AppData\Roaming\agent.dat
2017-02-22 19:44 - 2017-02-22 19:44 - 0070752 _____ () C:\Users\Anderson\AppData\Roaming\Config.xml
2017-02-22 19:44 - 2017-02-22 19:44 - 1938533 _____ () C:\Users\Anderson\AppData\Roaming\Domdox.bin
2017-02-22 19:44 - 2017-02-22 19:43 - 0981504 _____ () C:\Users\Anderson\AppData\Roaming\Freshnix.exe
2017-02-22 19:44 - 2017-02-22 19:44 - 1895568 _____ () C:\Users\Anderson\AppData\Roaming\Freshnix.tst
2017-02-22 19:43 - 2017-02-22 19:43 - 0016080 _____ () C:\Users\Anderson\AppData\Roaming\InstallationConfiguration.xml
2017-02-22 19:43 - 2017-02-22 19:43 - 0140288 _____ () C:\Users\Anderson\AppData\Roaming\Installer.dat
2017-02-22 19:44 - 2017-02-22 19:44 - 0018432 _____ () C:\Users\Anderson\AppData\Roaming\Main.dat
2017-02-22 19:44 - 2017-02-22 19:44 - 0005568 _____ () C:\Users\Anderson\AppData\Roaming\md.xml
2017-02-22 19:44 - 2017-02-22 19:44 - 0126464 _____ () C:\Users\Anderson\AppData\Roaming\noah.dat
2017-02-22 19:45 - 2017-02-22 19:45 - 0032038 _____ () C:\Users\Anderson\AppData\Roaming\uninstall_temp.ico
2017-02-22 19:44 - 2017-02-22 19:44 - 0278518 _____ () C:\Users\Anderson\AppData\Roaming\Zimdax.bin
Some files in TEMP:
====================
2017-02-22 19:43 - 2017-02-22 19:43 - 0425674 _____ (WeMonetize ) C:\Users\Anderson\AppData\Local\Temp\8XCWVM0.exe
2017-02-22 19:58 - 2017-02-22 19:58 - 0534528 _____ (B2QN) C:\Users\Anderson\AppData\Local\Temp\FFASPJF1MFDH.exe
2017-02-08 16:57 - 2017-02-08 16:57 - 0739904 _____ (Oracle Corporation) C:\Users\Anderson\AppData\Local\Temp\jre-8u121-windows-au.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-19 18:15
==================== End of FRST.txt ============================
Ran by Anderson (administrator) on THALES (22-02-2017 20:17:30)
Running from C:\Users\Anderson\Downloads
Loaded Profiles: Anderson (Available Profiles: Anderson & thali & thale)
Platform: Windows 10 Pro Version 1607 (X64) Language: Inglês (Estados Unidos)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
() C:\ProgramData\NetworkPacketManitor\Nettrans.exe
(Microsoft Corporation) C:\Program Files\XBox\XBLive.exe
(Microsoft Corporation) C:\ProgramData\Windows Security\winsecurity.exe
() C:\Users\Anderson\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe
() C:\ProgramData\Logic Handler\set.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
() C:\Users\Anderson\AppData\Roaming\Event Monitor\em.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(B2QN) C:\Program Files\PKODETF5N0\KZ5K5X5OH.exe
(B2QN) C:\Program Files\4Q55IOK0OX\4Q55IOK0O.exe
(B2QN) C:\Program Files\J512JCQTE7\J512JCQTE.exe
(B2QN) C:\Program Files\DYLJXNRV1Z\DYLJXNRV1.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\ProgramData\AppxelfmuzyaH\AppxelfmuzyaH.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1298314804-3398324407-510087451-1001\...\Run: [ePgZRjLj1Y.exe] => C:\ProgramData\{a6b-70-1a-6f493-bc047-ec05-90e1d}\ePgZRjLj1Y.exe -r1_1 -r2_1
HKU\S-1-5-21-1298314804-3398324407-510087451-1001\...\Run: [WlZlqQmYvn.exe] => C:\ProgramData\{a6b-70-1a-6f493-bc047-ec05-90e1d}\WlZlqQmYvn.exe 1 1
HKU\S-1-5-21-1298314804-3398324407-510087451-1001\...\Run: [40672278-7a24-4392-87e4-7b9a64009bf0] => C:\Program Files\PKODETF5N0\KZ5K5X5OH.exe [850432 2017-02-22] (B2QN)
HKU\S-1-5-21-1298314804-3398324407-510087451-1001\...\Run: [b83d4260-0a27-4ec4-9750-af179093a740] => C:\Program Files\4Q55IOK0OX\4Q55IOK0O.exe [850432 2017-02-22] (B2QN)
HKU\S-1-5-21-1298314804-3398324407-510087451-1001\...\Run: [432fe699-8277-4a3a-b04e-db9d82010a10] => C:\Program Files\J512JCQTE7\J512JCQTE.exe [850432 2017-02-22] (B2QN)
HKU\S-1-5-21-1298314804-3398324407-510087451-1001\...\Run: [d718c67f-8ba7-45a5-a885-46e565d7abc4] => "C:\Program Files (x86)\BeCleaner\OUTDP.exe"
HKU\S-1-5-21-1298314804-3398324407-510087451-1001\...\Run: [5123cff2-7eff-467f-a34a-0ad6cf47926e] => C:\Program Files\DYLJXNRV1Z\DYLJXNRV1.exe [850432 2017-02-22] (B2QN)
HKU\S-1-5-18\...\Run: [] => [X]
HKLM\...\Providers\b9m7cnt2: C:\Program Files (x86)\Droheseruces Configuration\local64spl.dll [308736 2017-02-21] ()
AppInit_DLLs: C:\ProgramData\AppxelfmuzyaH\KeyIty.dll => C:\ProgramData\AppxelfmuzyaH\KeyIty.dll [358912 2017-02-22] ()
AppInit_DLLs-x32: C:\ProgramData\AppxelfmuzyaH\Tampcore.dll => C:\ProgramData\AppxelfmuzyaH\Tampcore.dll [248320 2017-02-22] ()
ShellExecuteHooks: No Name - {5705D9EC-F447-11E6-9C1B-64006A5CFC23} - C:\Program Files (x86)\Witlyanipipy\Reutatainvefuch.dll [145920 2017-02-21] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-1298314804-3398324407-510087451-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-1298314804-3398324407-510087451-1001] => http=127.0.0.1:8080;https=127.0.0.1:8080
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{c1e709e3-47e8-44ab-badc-b6e16e3b2de4}: [DhcpNameServer] 192.168.1.1 192.168.1.1
ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.123rede.com?oem=sv1&uid=Z2A45TTA_ST3250318AS&tm=1487724634
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.123rede.com?oem=sv1&uid=Z2A45TTA_ST3250318AS&tm=1487724634
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.123rede.com?oem=sv1&uid=Z2A45TTA_ST3250318AS&tm=1487724634
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.123rede.com?oem=sv1&uid=Z2A45TTA_ST3250318AS&tm=1487724634
HKU\S-1-5-21-1298314804-3398324407-510087451-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBKhl918K0qpwZ-oHt-8W_BcHInbYTtkqKeWXMBIjANy1rdw1hy6GaSDTLJdUl4NZ0yaEjydWmyoT0flG8JlJoE-focgrlESM0a2K5wazZGqZJnkC6OxEyKtuAH_n0zZ9SKEjzskjCTx2sodziPUl5wbuo6ZnzsvV-8visgAI4hnTmF4m-rkGfz_yI,&q={searchTerms}
HKU\S-1-5-21-1298314804-3398324407-510087451-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBKhl918K0qpwZ-oHt-8W_BcHInbYTtkqKeWXMBIjANy1rdw1hy6GaSDTLJdUl4NZ0yaEjydWmyoT0flG8JlJoE-focgrWkINMAxSO7_m_8h8Rzf6_DNB_pnQdqQVDazGL2vrmIUGxSjoSy97FDHUhaSWBUww-ZQ0awYdBeDpJ1jnc4fimdYO8oALE,
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBKhl918K0qpwZ-oHt-8W_BcHInbYTtkqKeWXMBIjANy1rdw1hy6GaSDTLJdUl4NZ0yaEjydWmyoT0flG8JlJoE-focgrlESM0a2K5wazZGqZJnkC6OxEyKtuAH_n0zZ9SKEjzskjCTx2sodziPUl5wbuo6ZnzsvV-8visgAI4hnTmF4m-rkGfz_yI,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1298314804-3398324407-510087451-1001 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBKhl918K0qpwZ-oHt-8W_BcHInbYTtkqKeWXMBIjANy1rdw1hy6GaSDTLJdUl4NZ0yaEjydWmyoT0flG8JlJoE-focgrlESM0a2K5wazZGqZJnkC6OxEyKtuAH_n0zZ9SKEjzskjCTx2sodziPUl5wbuo6ZnzsvV-8visgAI4hnTmF4m-rkGfz_yI,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1298314804-3398324407-510087451-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBKhl918K0qpwZ-oHt-8W_BcHInbYTtkqKeWXMBIjANy1rdw1hy6GaSDTLJdUl4NZ0yaEjydWmyoT0flG8JlJoE-focgrlESM0a2K5wazZGqZJnkC6OxEyKtuAH_n0zZ9SKEjzskjCTx2sodziPUl5wbuo6ZnzsvV-8visgAI4hnTmF4m-rkGfz_yI,&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-08] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-08] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-02-06] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-06] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-06] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-02-06] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-06] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-02-06] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-06] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-02-06] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-06] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-02-06] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe www.123rede.com?oem=sv1&uid=Z2A45TTA_ST3250318AS&tm=1487724634
FireFox:
========
FF DefaultProfile: 0t0ct6af.default
FF ProfilePath: C:\Users\Anderson\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\0t0ct6af.default\Profiles\0t0ct6af.default [not found]
FF ProfilePath: C:\Users\Anderson\AppData\Roaming\Mozilla\Firefox\Profiles\0t0ct6af.default [2017-02-22]
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-08] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-02-06] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-02-06] (Microsoft Corporation)
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe www.123rede.com?oem=sv1&uid=Z2A45TTA_ST3250318AS&tm=1487724634
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AppxelfmuzyaH; C:\ProgramData\\AppxelfmuzyaH\\AppxelfmuzyaH.exe [981504 2017-02-23] () [File not signed]
R2 backlh; C:\ProgramData\Logic Handler\set.exe [3786752 2017-02-22] () [File not signed]
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [486936 2016-12-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [470552 2016-12-13] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [511512 2016-12-13] (BlueStack Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3702472 2017-01-29] (Microsoft Corporation)
R2 Nettrans; C:\ProgramData\NetworkPacketManitor\Nettrans.exe [43520 2017-02-23] () [File not signed]
R2 OtherSearch; C:\Program Files (x86)\Jw9pwwRWvo\kl.dll [467456 2017-02-21] () [File not signed] <==== ATTENTION
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WindowsSecurity; C:\ProgramData\Windows Security\winsecurity.exe [1264640 2017-01-16] (Microsoft Corporation) [File not signed] <==== ATTENTION
R2 WMPNetworkAcSvc; C:\Users\Anderson\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe [5091840 2016-11-10] () [File not signed] <==== ATTENTION
R2 XBox; C:\Program Files\XBox\XBLive.exe [7068160 2017-02-14] (Microsoft Corporation) [File not signed]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-12-13] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-11-08] (Bluestack System Inc. )
R3 e1cexpress; C:\WINDOWS\system32\DRIVERS\e1c63x64.sys [452432 2012-11-02] (Intel Corporation)
R1 Lace514; C:\WINDOWS\System32\drivers\Lace_wpf_x64.sys [69400 2017-02-09] (Lace514)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-22 20:17 - 2017-02-22 20:18 - 00015759 _____ C:\Users\Anderson\Downloads\FRST.txt
2017-02-22 20:17 - 2017-02-22 20:17 - 00000000 ____D C:\FRST
2017-02-22 20:16 - 2017-02-22 20:16 - 02423296 _____ (Farbar) C:\Users\Anderson\Downloads\FRST64.exe
2017-02-22 20:13 - 2017-02-22 20:18 - 00000000 ____D C:\ProgramData\AppxelfmuzyaH
2017-02-22 20:13 - 2017-02-22 20:13 - 00002395 _____ C:\WINDOWS\SysWOW64\findit.xml
2017-02-22 20:13 - 2017-02-22 20:13 - 00000000 ____D C:\ProgramData\AppxelfmuzyaHs
2017-02-22 20:07 - 2017-02-22 20:07 - 00002052 _____ C:\WINDOWS\System32\Tasks\apqTet5AQU
2017-02-22 20:04 - 2017-02-22 20:07 - 00000000 ____D C:\Program Files (x86)\Jw9pwwRWvo
2017-02-22 19:58 - 2017-02-22 19:58 - 00000000 ____D C:\Users\Anderson\AppData\Roaming\Hetuentgrahs
2017-02-22 19:54 - 2017-02-22 19:54 - 00000000 ____D C:\Users\Anderson\AppData\Roaming\Coerbotain
2017-02-22 19:53 - 2017-02-22 19:53 - 00003716 _____ C:\WINDOWS\System32\Tasks\{753DB872-71B3-4AEC-8614-5524748E3117}
2017-02-22 19:48 - 2017-02-22 19:48 - 00000000 ____D C:\Program Files\DYLJXNRV1Z
2017-02-22 19:45 - 2017-02-22 19:45 - 00000000 ____D C:\ProgramData\Logic Handler
2017-02-22 19:44 - 2017-02-22 20:13 - 00000000 ____D C:\ProgramData\NetworkPacketManitor
2017-02-22 19:44 - 2017-02-22 19:44 - 07291904 _____ C:\Users\Anderson\AppData\Roaming\agent.dat
2017-02-22 19:44 - 2017-02-22 19:44 - 01938533 _____ C:\Users\Anderson\AppData\Roaming\Domdox.bin
2017-02-22 19:44 - 2017-02-22 19:44 - 01895568 _____ C:\Users\Anderson\AppData\Roaming\Freshnix.tst
2017-02-22 19:44 - 2017-02-22 19:44 - 00278518 _____ C:\Users\Anderson\AppData\Roaming\Zimdax.bin
2017-02-22 19:44 - 2017-02-22 19:44 - 00126464 _____ C:\Users\Anderson\AppData\Roaming\noah.dat
2017-02-22 19:44 - 2017-02-22 19:44 - 00070752 _____ C:\Users\Anderson\AppData\Roaming\Config.xml
2017-02-22 19:44 - 2017-02-22 19:44 - 00018432 _____ C:\Users\Anderson\AppData\Roaming\Main.dat
2017-02-22 19:44 - 2017-02-22 19:44 - 00006106 _____ C:\WINDOWS\System32\Tasks\Ittckoherly Core
2017-02-22 19:44 - 2017-02-22 19:44 - 00005568 _____ C:\Users\Anderson\AppData\Roaming\md.xml
2017-02-22 19:44 - 2017-02-22 19:44 - 00000000 ____D C:\Users\Public\Documents\Tools
2017-02-22 19:44 - 2017-02-22 19:44 - 00000000 ____D C:\Users\Public\Documents\Guid
2017-02-22 19:44 - 2017-02-22 19:44 - 00000000 ____D C:\Users\Public\Documents\Baidu
2017-02-22 19:44 - 2017-02-22 19:44 - 00000000 ____D C:\Users\Anderson\AppData\Local\Lcogeqamuk
2017-02-22 19:44 - 2017-02-22 19:44 - 00000000 ____D C:\Program Files (x86)\Plowiseprunoght
2017-02-22 19:44 - 2017-02-22 19:44 - 00000000 ____D C:\Program Files (x86)\Ittckoherly Core
2017-02-22 19:44 - 2017-02-22 19:43 - 00981504 _____ C:\Users\Anderson\AppData\Roaming\Freshnix.exe
2017-02-22 19:43 - 2017-02-22 20:07 - 00000002 _____ C:\END
2017-02-22 19:43 - 2017-02-22 19:58 - 00000000 ____D C:\Program Files (x86)\BeCleaner
2017-02-22 19:43 - 2017-02-22 19:43 - 00140288 _____ C:\Users\Anderson\AppData\Roaming\Installer.dat
2017-02-22 19:43 - 2017-02-22 19:43 - 00016080 _____ C:\Users\Anderson\AppData\Roaming\InstallationConfiguration.xml
2017-02-22 19:43 - 2017-02-22 19:43 - 00000000 ____D C:\Program Files\J512JCQTE7
2017-02-22 19:42 - 2017-02-22 20:04 - 00003112 _____ C:\WINDOWS\System32\Tasks\RunAtStartup
2017-02-22 19:42 - 2017-02-22 20:04 - 00000000 ____D C:\Users\Anderson\AppData\Roaming\Event Monitor
2017-02-22 19:42 - 2017-02-22 20:03 - 00000000 ____D C:\Program Files (x86)\pccleanplus
2017-02-22 19:42 - 2017-02-22 19:43 - 00000000 ____D C:\Users\Anderson\AppData\LocalLow\Mozilla
2017-02-22 19:42 - 2017-02-22 19:43 - 00000000 ____D C:\Program Files\4Q55IOK0OX
2017-02-22 19:42 - 2017-02-22 19:42 - 00000000 ____D C:\Users\Anderson\AppData\Roaming\Mozilla
2017-02-22 19:42 - 2017-02-22 19:42 - 00000000 ____D C:\Users\Anderson\AppData\Local\Mozilla
2017-02-22 19:42 - 2017-02-22 19:42 - 00000000 ____D C:\Program Files\PKODETF5N0
2017-02-21 21:50 - 2017-02-21 21:50 - 00000000 ____D C:\Users\Anderson\AppData\Roaming\excdir
2017-02-21 21:48 - 2017-02-21 21:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-02-21 21:48 - 2017-02-21 21:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-02-21 21:46 - 2017-02-22 19:55 - 00000000 ____D C:\WINDOWS\system32\SSL
2017-02-21 21:46 - 2017-02-21 22:10 - 00000388 ____H C:\WINDOWS\Tasks\Traffic Exchange Updater.job
2017-02-21 21:46 - 2017-02-21 22:10 - 00000346 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job
2017-02-21 21:46 - 2017-02-21 22:10 - 00000346 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job
2017-02-21 21:46 - 2017-02-21 22:10 - 00000346 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job
2017-02-21 21:46 - 2017-02-21 22:10 - 00000336 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job
2017-02-21 21:46 - 2017-02-21 22:10 - 00000336 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job
2017-02-21 21:46 - 2017-02-21 22:10 - 00000336 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job
2017-02-21 21:46 - 2017-02-21 21:46 - 00003708 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Guardian
2017-02-21 21:46 - 2017-02-21 21:46 - 00003702 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Guard
2017-02-21 21:46 - 2017-02-21 21:46 - 00003690 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange
2017-02-21 21:46 - 2017-02-21 21:46 - 00003276 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Updater
2017-02-21 21:46 - 2017-02-21 21:46 - 00003238 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 3
2017-02-21 21:46 - 2017-02-21 21:46 - 00003238 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 2
2017-02-21 21:46 - 2017-02-21 21:46 - 00003238 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 1
2017-02-21 21:46 - 2017-02-21 21:46 - 00003224 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 3
2017-02-21 21:46 - 2017-02-21 21:46 - 00003224 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 2
2017-02-21 21:46 - 2017-02-21 21:46 - 00003224 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 1
2017-02-21 21:46 - 2017-02-21 21:46 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-02-21 21:46 - 2017-02-21 21:46 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-02-21 21:46 - 2017-02-21 21:46 - 00000000 ____D C:\Program Files (x86)\Microleaves
2017-02-21 21:45 - 2017-02-22 20:08 - 00000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2017-02-21 21:45 - 2017-02-22 20:08 - 00000000 ____D C:\Users\Anderson\AppData\Roaming\WMPNetworkAcSvc
2017-02-21 21:45 - 2017-02-21 21:46 - 00000000 ____D C:\Users\Anderson\AppData\Roaming\Microleaves
2017-02-21 21:45 - 2017-02-21 21:45 - 00006196 _____ C:\WINDOWS\System32\Tasks\Droheseruces Configuration
2017-02-21 21:45 - 2017-02-21 21:45 - 00005112 _____ C:\WINDOWS\System32\Tasks\Therlitain
2017-02-21 21:45 - 2017-02-21 21:45 - 00000000 ____D C:\Users\Anderson\AppData\Local\Coidosecemodom
2017-02-21 21:45 - 2017-02-21 21:45 - 00000000 ____D C:\Program Files\XBox
2017-02-21 21:45 - 2017-02-21 21:45 - 00000000 ____D C:\Program Files (x86)\Witlyanipipy
2017-02-21 21:45 - 2017-02-21 21:45 - 00000000 ____D C:\Program Files (x86)\Droheseruces Configuration
2017-02-21 21:44 - 2017-02-21 21:45 - 00000000 ____D C:\ProgramData\Windows Security
2017-02-21 21:42 - 2017-02-21 21:53 - 00000000 ____D C:\ProgramData\VCE Exam Simulator
2017-02-21 21:42 - 2017-02-21 21:42 - 00001181 _____ C:\Users\Public\Desktop\VCE Designer Demo.lnk
2017-02-21 21:42 - 2017-02-21 21:42 - 00001169 _____ C:\Users\Public\Desktop\VCE Player Demo.lnk
2017-02-21 21:42 - 2017-02-21 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VCE Exam Simulator Demo
2017-02-21 21:42 - 2017-02-21 21:42 - 00000000 ____D C:\Program Files (x86)\VCE Exam Simulator Demo
2017-02-21 21:40 - 2017-02-21 21:40 - 16865432 _____ C:\Users\Anderson\Downloads\vce_exam_simulator_demo_setup.zip
2017-02-21 21:34 - 2017-02-21 21:35 - 01800192 _____ C:\Users\Anderson\Downloads\VCE Exam Simulator 2-3-2 Crack.iso
2017-02-21 21:33 - 2017-02-21 21:33 - 05740849 _____ C:\Users\Anderson\Downloads\gratisexam.com-Cisco.PracticeTest.300-115.v2016-07-08.by.Alexander.163q.vce
2017-02-20 21:15 - 2017-02-20 21:15 - 00000000 ____D C:\Users\Anderson\Documents\Custom Office Templates
2017-02-20 21:08 - 2017-02-21 20:50 - 00000000 ____D C:\Users\Anderson\Documents\Uninter
2017-02-17 18:05 - 2017-02-17 18:05 - 03225275 _____ C:\WINDOWS\36d7c39c19004c470a0e20f6792ff60b.exe
2017-02-09 06:03 - 2017-02-09 06:03 - 00069400 _____ (Lace514) C:\WINDOWS\system32\Drivers\Lace_wpf_x64.sys
2017-02-08 20:17 - 2017-02-08 20:17 - 00000000 ____D C:\Users\Anderson\Downloads\10-02_legacy_vista32-64_dd_ccc
2017-02-08 17:03 - 2017-02-08 17:04 - 00000000 ____D C:\Users\Anderson\Downloads\Chipset_Driver_DGVN0_WN_7.1.52.1176_A04
2017-02-08 17:03 - 2017-02-08 17:03 - 00000000 ____D C:\Users\Anderson\AppData\Local\Dell
2017-02-08 16:57 - 2017-02-08 16:57 - 00000000 ____D C:\Users\Anderson\AppData\LocalLow\Oracle
2017-02-07 11:38 - 2017-02-07 11:38 - 00000000 ____D C:\Users\thali\AppData\Roaming\Sun
2017-02-07 11:38 - 2017-02-07 11:38 - 00000000 ____D C:\Users\thali\AppData\LocalLow\Sun
2017-02-06 19:58 - 2017-02-06 19:58 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-02-06 14:10 - 2017-02-06 14:10 - 00000000 ____D C:\Users\Anderson\AppData\Roaming\Sun
2017-02-06 14:10 - 2017-02-06 14:10 - 00000000 ____D C:\Users\Anderson\AppData\LocalLow\Sun
2017-01-29 22:00 - 2016-12-21 04:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-29 22:00 - 2016-12-21 01:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-22 20:13 - 2017-01-09 21:40 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-22 20:13 - 2017-01-09 21:40 - 00001228 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-22 20:10 - 2016-07-16 08:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-22 20:10 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-22 20:07 - 2016-12-16 20:52 - 00416800 _____ C:\WINDOWS\system32\prfh0416.dat
2017-02-22 20:07 - 2016-12-16 20:52 - 00084926 _____ C:\WINDOWS\system32\prfc0416.dat
2017-02-22 20:07 - 2016-12-16 20:23 - 01440496 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-22 20:03 - 2016-12-16 20:19 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-22 20:02 - 2016-07-16 03:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-02-22 10:41 - 2017-01-16 14:09 - 00000000 ____D C:\Users\thale\AppData\Local\Troubleshooter
2017-02-21 22:19 - 2016-07-16 08:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-21 22:13 - 2017-01-09 21:58 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-02-21 21:53 - 2016-12-16 20:10 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-21 17:58 - 2017-01-15 20:14 - 00000000 ___RD C:\Users\thali\OneDrive
2017-02-20 21:56 - 2017-01-09 21:58 - 00000570 _____ C:\Users\thale\AppData\Local\TroubleshooterConfig.json
2017-02-19 11:52 - 2017-01-09 18:41 - 00000000 ____D C:\Users\thale
2017-02-18 22:58 - 2017-01-09 21:53 - 00000000 ____D C:\Users\thale\AppData\LocalLow\Mozilla
2017-02-10 12:18 - 2016-07-16 08:47 - 00000000 ____D C:\WINDOWS\system32\AppLocker
2017-02-09 09:11 - 2016-07-16 08:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-08 21:26 - 2016-07-16 11:15 - 00000000 ____D C:\WINDOWS\OCR
2017-02-08 17:01 - 2017-01-09 19:06 - 00000000 ____D C:\ProgramData\Oracle
2017-02-08 17:01 - 2017-01-09 19:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-08 17:01 - 2017-01-09 19:06 - 00000000 ____D C:\Program Files\Java
2017-02-08 17:00 - 2017-01-09 19:06 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-02-08 16:58 - 2007-01-06 00:20 - 00014256 _____ C:\WINDOWS\system32\Drivers\ativvpxx.vp
2017-02-08 16:58 - 2007-01-05 23:34 - 03107788 _____ C:\WINDOWS\SysWOW64\atiumdva.dat
2017-02-08 16:58 - 2007-01-05 23:34 - 03107788 _____ C:\WINDOWS\system32\atiumd6a.dat
2017-02-08 16:58 - 2006-08-24 05:26 - 00655825 _____ C:\WINDOWS\system32\Drivers\ativcaxx.cpa
2017-02-08 16:58 - 2006-08-24 05:26 - 00002096 _____ C:\WINDOWS\system32\Drivers\ativpkxx.vp
2017-02-08 16:58 - 2006-08-24 05:26 - 00002096 _____ C:\WINDOWS\system32\Drivers\ativokxx.vp
2017-02-08 16:58 - 2006-08-24 05:26 - 00002096 _____ C:\WINDOWS\system32\Drivers\ativdkxx.vp
2017-02-08 16:58 - 2006-08-24 05:26 - 00000929 _____ C:\WINDOWS\system32\Drivers\ativcaxx.vp
2017-02-07 11:33 - 2017-01-15 20:14 - 00002405 _____ C:\Users\thali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-07 11:32 - 2017-01-15 20:11 - 00000000 ____D C:\Users\thali\AppData\Local\Packages
2017-02-06 19:58 - 2016-07-16 08:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-02-06 19:58 - 2016-07-16 08:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-02-06 19:56 - 2017-01-09 20:22 - 00000000 ____D C:\Program Files\Microsoft Office
2017-02-06 18:50 - 2017-01-09 21:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-06 18:50 - 2017-01-09 21:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-06 14:05 - 2016-12-16 20:34 - 00003278 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-06 14:05 - 2016-12-16 20:33 - 00002414 _____ C:\Users\Anderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-06 14:05 - 2016-12-16 19:00 - 00000000 __RDO C:\Users\Anderson\SkyDrive
2017-01-30 07:50 - 2017-01-18 21:24 - 00000000 ____D C:\Users\thale\AppData\Roaming\uTorrent
==================== Files in the root of some directories =======
2017-02-22 19:44 - 2017-02-22 19:44 - 7291904 _____ () C:\Users\Anderson\AppData\Roaming\agent.dat
2017-02-22 19:44 - 2017-02-22 19:44 - 0070752 _____ () C:\Users\Anderson\AppData\Roaming\Config.xml
2017-02-22 19:44 - 2017-02-22 19:44 - 1938533 _____ () C:\Users\Anderson\AppData\Roaming\Domdox.bin
2017-02-22 19:44 - 2017-02-22 19:43 - 0981504 _____ () C:\Users\Anderson\AppData\Roaming\Freshnix.exe
2017-02-22 19:44 - 2017-02-22 19:44 - 1895568 _____ () C:\Users\Anderson\AppData\Roaming\Freshnix.tst
2017-02-22 19:43 - 2017-02-22 19:43 - 0016080 _____ () C:\Users\Anderson\AppData\Roaming\InstallationConfiguration.xml
2017-02-22 19:43 - 2017-02-22 19:43 - 0140288 _____ () C:\Users\Anderson\AppData\Roaming\Installer.dat
2017-02-22 19:44 - 2017-02-22 19:44 - 0018432 _____ () C:\Users\Anderson\AppData\Roaming\Main.dat
2017-02-22 19:44 - 2017-02-22 19:44 - 0005568 _____ () C:\Users\Anderson\AppData\Roaming\md.xml
2017-02-22 19:44 - 2017-02-22 19:44 - 0126464 _____ () C:\Users\Anderson\AppData\Roaming\noah.dat
2017-02-22 19:45 - 2017-02-22 19:45 - 0032038 _____ () C:\Users\Anderson\AppData\Roaming\uninstall_temp.ico
2017-02-22 19:44 - 2017-02-22 19:44 - 0278518 _____ () C:\Users\Anderson\AppData\Roaming\Zimdax.bin
Some files in TEMP:
====================
2017-02-22 19:43 - 2017-02-22 19:43 - 0425674 _____ (WeMonetize ) C:\Users\Anderson\AppData\Local\Temp\8XCWVM0.exe
2017-02-22 19:58 - 2017-02-22 19:58 - 0534528 _____ (B2QN) C:\Users\Anderson\AppData\Local\Temp\FFASPJF1MFDH.exe
2017-02-08 16:57 - 2017-02-08 16:57 - 0739904 _____ (Oracle Corporation) C:\Users\Anderson\AppData\Local\Temp\jre-8u121-windows-au.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-19 18:15
==================== End of FRST.txt ============================