Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Svchost.exe miner, Creates itself in windows/temp


  • This topic is locked This topic is locked
6 replies to this topic

#1 Owoch

Owoch

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 10 July 2015 - 10:28 AM

Hey

 

So i've got that fancy annoying miner and I'm tired of killing that nasty process.

 

Hoping to find some help here.

 

Here are the FRST logs :

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-07-2015

Ran by Zesh (administrator) on ZESH-PC on 10-07-2015 17:25:52
Running from C:\Users\Zesh\Desktop
Loaded Profiles: Zesh (Available Profiles: Zesh)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3494139373-2628354773-2896244957-1000\...\MountPoints2: H - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3494139373-2628354773-2896244957-1000\...\MountPoints2: {77db71f4-c326-11e4-b65b-c86000bfb683} - H:\HTC_Sync_Manager_PC.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3494139373-2628354773-2896244957-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/fr-be/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-08-12] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-11-17] (Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-07-27] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-17] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-08-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-17] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-07-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-17] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-17] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-11-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3494139373-2628354773-2896244957-1000: vasco.com/VascoCardReaderPlugin -> C:\Users\Zesh\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin.dll [2014-10-27] (VASCO Data Security)
FF Plugin HKU\S-1-5-21-3494139373-2628354773-2896244957-1000: vasco.com/VascoCardReaderPlugin64 -> C:\Users\Zesh\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin64.dll [2014-10-27] (VASCO Data Security)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-11-15] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-09-24]
 
Chrome: 
=======
CHR Profile: C:\Users\Zesh\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Zesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-25]
CHR Extension: (Belfius Smart Card Reader Chrome Extension) - C:\Users\Zesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\agicnfmechmlphpjmeefookfjhifbmhi [2015-04-24]
CHR Extension: (Google Docs) - C:\Users\Zesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-25]
CHR Extension: (Google Drive) - C:\Users\Zesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-25]
CHR Extension: (YouTube) - C:\Users\Zesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-25]
CHR Extension: (Google Search) - C:\Users\Zesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-25]
CHR Extension: (Google Sheets) - C:\Users\Zesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-25]
CHR Extension: (AdBlock) - C:\Users\Zesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-25]
CHR Extension: (Hola Better Internet) - C:\Users\Zesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-07-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Zesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Hola Better Internet) - C:\Users\Zesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhcmfkkjmkcfgelgdpndepmimbmkbpfp [2015-06-06]
CHR Extension: (Google Wallet) - C:\Users\Zesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-25]
CHR Extension: (Gmail) - C:\Users\Zesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-25]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3472368 2014-12-01] (INCA Internet Co., Ltd.)
S4 vncserver; C:\Program Files\RealVNC\VNC Server\vncservice.exe [639808 2014-11-28] (RealVNC Ltd)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-04-09] (NVIDIA Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-10 17:25 - 2015-07-10 17:26 - 00011585 _____ C:\Users\Zesh\Desktop\FRST.txt
2015-07-10 17:25 - 2015-07-10 17:25 - 00000000 ____D C:\FRST
2015-07-10 17:20 - 2015-07-10 17:20 - 00003708 _____ C:\Users\Zesh\Desktop\JRT.txt
2015-07-10 17:14 - 2015-07-10 17:15 - 00000000 ____D C:\AdwCleaner
2015-07-10 17:14 - 2015-07-10 17:14 - 00000470 _____ C:\Users\Zesh\Desktop\defogger_disable.log
2015-07-10 17:14 - 2015-07-10 17:14 - 00000000 _____ C:\Users\Zesh\defogger_reenable
2015-07-10 17:13 - 2015-07-10 17:13 - 02248704 _____ C:\Users\Zesh\Downloads\Unconfirmed 898609.crdownload
2015-07-10 17:12 - 2015-07-10 17:12 - 03034090 _____ (Malwarebytes Corporation) C:\Users\Zesh\Desktop\JRT.exe
2015-07-10 17:12 - 2015-07-10 17:12 - 02248704 _____ C:\Users\Zesh\Desktop\adw.Exe
2015-07-10 17:11 - 2015-07-10 17:11 - 02112512 _____ (Farbar) C:\Users\Zesh\Desktop\FRST64.exe
2015-07-10 17:07 - 2015-07-10 17:07 - 00050477 _____ C:\Users\Zesh\Desktop\Defogger.exe
2015-07-10 13:07 - 2015-07-10 17:16 - 00000224 _____ C:\Windows\setupact.log
2015-07-10 13:07 - 2015-07-10 13:07 - 00000000 _____ C:\Windows\setuperr.log
2015-07-10 03:31 - 2015-07-10 03:31 - 00025566 _____ C:\Users\Zesh\Downloads\eve-overview-v0.6.1.zip
2015-07-10 03:25 - 2015-07-10 03:25 - 00023207 _____ C:\Users\Zesh\Downloads\Sarah Overview Pack 0.3.4a.zip
2015-07-10 03:20 - 2015-07-10 03:20 - 00076587 _____ C:\Users\Zesh\Documents\SaraShawa Overview Pack v7.1.yaml
2015-07-10 01:21 - 2015-07-10 17:17 - 00004950 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Zesh-PC-Zesh Zesh-PC
2015-07-10 01:11 - 2015-07-10 01:11 - 00388608 _____ (Trend Micro Inc.) C:\Users\Zesh\Downloads\HijackThis.exe
2015-07-10 01:06 - 2015-07-10 01:08 - 00000000 ____D C:\Users\Zesh\Desktop\EVE
2015-07-09 22:39 - 2015-07-09 22:39 - 00000936 _____ C:\Users\Public\Desktop\Guild Wars 2.lnk
2015-07-09 22:39 - 2015-07-09 22:39 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2
2015-07-09 22:38 - 2015-07-09 22:38 - 26068984 _____ (ArenaNet) C:\Users\Zesh\Downloads\Gw2Setup.exe
2015-07-09 17:55 - 2015-07-09 17:55 - 00690336 _____ C:\Users\Zesh\Downloads\EVEPilot_Help.zip
2015-07-09 17:21 - 2015-07-09 18:50 - 00000000 ____D C:\Users\Zesh\Desktop\vbot
2015-07-09 16:03 - 2015-07-09 18:44 - 00000640 _____ C:\Windows\SysWOW64\debug.log
2015-07-09 15:56 - 2015-07-09 15:56 - 00000000 ____D C:\Users\Zesh\AppData\Local\MacroLab
2015-07-09 15:54 - 2015-07-09 15:54 - 00000000 ____D C:\ProgramData\Isolated Storage
2015-07-09 15:51 - 2015-07-09 15:51 - 15504336 _____ C:\Users\Zesh\Downloads\evepilot.zip
2015-07-09 04:21 - 2015-07-09 04:21 - 00017802 _____ C:\Users\Zesh\Downloads\zoo-first-season_english-1147951.zip
2015-07-08 22:59 - 2015-07-08 22:59 - 00000000 ____D C:\ProgramData\CCP
2015-07-08 19:09 - 2015-07-08 19:09 - 00043240 _____ C:\Users\Zesh\Downloads\CG3100 (3).cfg
2015-07-07 18:17 - 2015-07-07 18:22 - 00000000 ____D C:\Users\Zesh\Documents\avia
2015-07-07 17:23 - 2015-07-07 17:23 - 00000000 _____ C:\Users\Zesh\AppData\Local\Temptable.xml
2015-07-07 17:18 - 2015-07-07 18:22 - 00000000 ____D C:\Users\Zesh\AppData\Local\TempSWBackupDirectory
2015-07-07 17:18 - 2015-07-07 17:18 - 00000000 ____D C:\Users\Zesh\Documents\SOLIDWORKSComposer
2015-07-07 17:17 - 2015-07-07 17:17 - 00000000 ____D C:\Users\Zesh\AppData\Local\SolidWorks
2015-07-07 17:12 - 2015-07-07 17:12 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2015-07-07 17:12 - 2014-04-25 17:44 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2015-07-07 17:12 - 2014-04-25 17:44 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2015-07-07 17:12 - 2014-04-25 17:44 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2015-07-07 15:21 - 2015-07-07 15:21 - 00000000 ____D C:\Users\Zesh\Documents\SOLIDWORKS Visual Studio Tools for Applications
2015-07-07 15:21 - 2015-07-07 15:21 - 00000000 ____D C:\Users\Zesh\AppData\Roaming\DassaultSystemes
2015-07-07 15:21 - 2015-07-07 15:21 - 00000000 ____D C:\Users\Zesh\AppData\Local\DassaultSystemes
2015-07-07 15:21 - 2015-07-07 15:21 - 00000000 ____D C:\ProgramData\DassaultSystemes
2015-07-07 15:08 - 2015-07-07 18:28 - 00000000 ____D C:\ProgramData\SOLIDWORKS
2015-07-07 15:08 - 2015-07-07 18:28 - 00000000 ____D C:\Program Files\SOLIDWORKS Corp
2015-07-07 15:08 - 2015-07-07 15:08 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 8
2015-07-07 15:07 - 2012-02-11 08:46 - 00180312 _____ (Microsoft Corporation) C:\Windows\system32\hadrres.dll
2015-07-07 15:07 - 2012-02-11 08:46 - 00082520 _____ (Microsoft Corporation) C:\Windows\system32\fssres.dll
2015-07-07 15:04 - 2015-07-07 15:04 - 00000000 ____D C:\Program Files\Bonjour
2015-07-07 15:04 - 2015-07-07 15:04 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-07-07 14:50 - 2015-07-07 14:50 - 00000000 ____D C:\Users\Zesh\Documents\Visual Studio 2005
2015-07-07 14:49 - 2015-07-07 14:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005
2015-07-07 14:49 - 2015-07-07 14:49 - 00000000 ____D C:\Program Files (x86)\MSECache
2015-07-07 14:49 - 2015-07-07 14:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2015-07-07 14:47 - 2015-07-07 18:25 - 00000000 ____D C:\ProgramData\SOLIDWORKS Electrical
2015-07-07 14:47 - 2015-07-07 15:13 - 00000000 ____D C:\SOLIDWORKS Data
2015-07-07 14:47 - 2015-07-07 14:47 - 00000000 ____D C:\ProgramData\FLEXnet
2015-07-07 14:42 - 2015-07-07 17:18 - 00000000 ____D C:\Users\Zesh\AppData\Roaming\SOLIDWORKS
2015-07-07 14:06 - 2015-07-07 14:06 - 00000000 ____D C:\Users\Zesh\AppData\Roaming\SketchUp
2015-07-07 14:06 - 2015-07-07 14:06 - 00000000 ____D C:\ProgramData\SketchUp
2015-07-07 14:06 - 2015-07-07 14:06 - 00000000 ____D C:\ProgramData\Reprise
2015-07-07 14:04 - 2015-07-07 14:05 - 114480888 _____ (Trimble Navigation Limited) C:\Users\Zesh\Downloads\SketchUpMake-en-x64.exe
2015-07-04 00:43 - 2015-07-04 00:43 - 00043248 _____ C:\Users\Zesh\Downloads\CG3100 (2).cfg
2015-07-03 18:01 - 2015-07-03 18:01 - 00007464 _____ C:\Users\Zesh\Downloads\[Scales] Gangsta - 01 [82280D1D].mp4.torrent
2015-07-03 12:03 - 2015-07-03 12:03 - 00043272 _____ C:\Users\Zesh\Downloads\CG3100 (1).cfg
2015-07-02 23:59 - 2015-07-02 23:59 - 00021349 _____ C:\Users\Zesh\Downloads\zoo-first-season_HI_english-1144550.zip
2015-07-02 01:01 - 2015-07-02 01:01 - 00018256 _____ C:\Users\Zesh\Downloads\Shackles.zip.torrent
2015-07-02 01:00 - 2015-07-02 01:00 - 00019515 _____ C:\Users\Zesh\Downloads\Girls In Chairs.zip.torrent
2015-07-01 18:01 - 2015-07-01 18:01 - 00029480 _____ C:\Users\Zesh\Downloads\VideoGame Vixens Galore.zip.torrent
2015-07-01 18:00 - 2015-07-01 18:00 - 00016684 _____ C:\Users\Zesh\Downloads\Nylon Galore II.zip.torrent
2015-07-01 17:54 - 2015-07-01 17:55 - 00043224 _____ C:\Users\Zesh\Downloads\CG3100.cfg
2015-06-29 16:16 - 2015-06-29 16:16 - 00028676 _____ C:\Users\Zesh\Downloads\true-detective-second-season_english-1143105.zip
2015-06-29 11:49 - 2015-06-29 11:49 - 00023478 _____ C:\Users\Zesh\Downloads\true-detective-second-season_english-1138111.zip
2015-06-29 11:12 - 2015-06-29 11:12 - 03147776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-06-29 11:12 - 2015-06-29 11:12 - 02589184 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-06-29 11:12 - 2015-06-29 11:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-06-29 11:12 - 2015-06-29 11:12 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-06-29 11:12 - 2015-06-29 11:12 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-06-29 11:12 - 2015-06-29 11:12 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-06-29 11:12 - 2015-06-29 11:12 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-06-29 11:12 - 2015-06-29 11:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-06-29 11:12 - 2015-06-29 11:12 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-06-29 11:12 - 2015-06-29 11:12 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-06-29 11:12 - 2015-06-29 11:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-06-29 11:12 - 2015-06-29 11:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-06-29 11:12 - 2015-06-29 11:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-06-29 11:12 - 2015-06-29 11:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-06-29 11:12 - 2015-06-29 11:12 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-06-29 11:12 - 2015-06-29 11:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-06-29 11:11 - 2015-06-29 11:11 - 12339160 _____ (Microsoft Corporation) C:\Users\Zesh\Downloads\Windows10InsiderPreview.exe
2015-06-29 11:10 - 2015-06-29 11:29 - 4045158400 _____ C:\Users\Zesh\Downloads\Windows10_InsiderPreview_x64_EN-GB_10130.iso
2015-06-29 11:10 - 2015-06-29 11:10 - 00000029 _____ C:\Users\Zesh\Desktop\WIN10KEy.txt
2015-06-27 20:27 - 2015-06-27 20:27 - 00056207 _____ C:\Users\Zesh\Downloads\interstellar_french-1083383.zip
2015-06-25 01:07 - 2015-06-25 01:07 - 00016912 _____ C:\Users\Zesh\Downloads\game-of-thrones-third-season_english-1093636.zip
2015-06-25 00:33 - 2015-06-25 00:33 - 00021059 _____ C:\Users\Zesh\Downloads\game-of-thrones-third-season_english-1093635.zip
2015-06-24 23:14 - 2015-06-24 23:14 - 00019321 _____ C:\Users\Zesh\Downloads\game-of-thrones-third-season_english-1093634.zip
2015-06-24 23:00 - 2015-06-24 23:00 - 00049718 _____ C:\Users\Zesh\Downloads\Utamaru - Ornstein and Smough.gp5
2015-06-24 22:58 - 2015-06-24 22:58 - 00049601 _____ C:\Users\Zesh\Downloads\Misc Computer Games - Dark Souls Ost - Ornstein And Smough Theme Metal Cover (Pro).gp5
2015-06-24 21:21 - 2015-06-24 21:21 - 00023937 _____ C:\Users\Zesh\Downloads\game.of.thrones.kissed.by.fire.(2013).eng.1cd.(5647396).zip
2015-06-24 20:09 - 2015-06-24 20:09 - 00021199 _____ C:\Users\Zesh\Downloads\game.of.thrones.and.now.his.watch.is.ended.(2013).eng.1cd.(5647314).zip
2015-06-24 17:00 - 2015-06-24 17:00 - 00020179 _____ C:\Users\Zesh\Downloads\game.of.thrones.walk.of.punishment.(2013).eng.1cd.(5575823).zip
2015-06-24 16:59 - 2015-06-24 16:59 - 00020196 _____ C:\Users\Zesh\Downloads\game.of.thrones.walk.of.punishment.(2013).eng.1cd.(5645694).zip
2015-06-23 22:58 - 2015-06-23 22:58 - 02411619 _____ C:\Users\Zesh\Documents\Untitled (3).wma
2015-06-22 03:12 - 2015-06-22 03:12 - 00021708 _____ C:\Users\Zesh\Downloads\game.of.thrones.baelor.(2011).eng.1cd.(4512129).zip
2015-06-22 03:12 - 2015-06-22 03:12 - 00020834 _____ C:\Users\Zesh\Downloads\game-of-thrones-first-season_english-588085.zip
2015-06-22 03:11 - 2015-06-22 03:11 - 00025056 _____ C:\Users\Zesh\Downloads\game.of.thrones.baelor.(2011).eng.1cd.(4192189).zip
2015-06-22 03:10 - 2015-06-22 03:10 - 00020691 _____ C:\Users\Zesh\Downloads\en-game-of-thrones-2011-S01E09-SubRip-utf-8.zip
2015-06-22 03:10 - 2015-06-22 03:10 - 00002378 _____ C:\Users\Zesh\Downloads\game.of.thrones.baelor.(2011).eng.1cd.(5609629).zip
2015-06-22 03:09 - 2015-06-22 03:09 - 00019858 _____ C:\Users\Zesh\Downloads\game.of.thrones.blackwater.(2012).eng.1cd.(5765759).zip
2015-06-22 02:13 - 2015-06-22 02:13 - 00019408 _____ C:\Users\Zesh\Downloads\Game.of.Thrones.S01.Ep08.1080p.BluRay.DTS.x264-ESiR._www.ENGSUB.NET.zip
2015-06-22 02:12 - 2015-06-22 02:12 - 00021150 _____ C:\Users\Zesh\Downloads\game.of.thrones.the.pointy.end.(2011).eng.1cd.(5006171).zip
2015-06-21 23:47 - 2015-06-21 23:47 - 00020102 _____ C:\Users\Zesh\Downloads\game.of.thrones.a.golden.crown.(2011).fre.1cd.(4182835).zip
2015-06-21 23:46 - 2015-06-21 23:46 - 00019992 _____ C:\Users\Zesh\Downloads\game.of.thrones.a.golden.crown.(2011).spa.1cd.(4193085).zip
2015-06-21 22:47 - 2015-06-21 22:47 - 00027387 _____ C:\Users\Zesh\Downloads\game.of.thrones.the.wolf.and.the.lion.(2011).fre.1cd.(4591247).zip
2015-06-21 21:42 - 2015-06-21 21:42 - 00029061 _____ C:\Users\Zesh\Downloads\game.of.thrones.cripples.bastards.and.broken.things.(2011).fre.1cd.(5190771).zip
2015-06-21 21:42 - 2015-06-21 21:42 - 00023776 _____ C:\Users\Zesh\Downloads\game.of.thrones.cripples.bastards.and.broken.things.(2011).fre.1cd.(5652930).zip
2015-06-21 16:23 - 2015-06-21 16:23 - 00011305 _____ C:\Users\Zesh\Downloads\281d14551e7851e4feeef9ecf8e2dbf0ca4b39e1.zip
2015-06-21 16:14 - 2015-06-21 16:14 - 00020457 _____ C:\Users\Zesh\Downloads\angel.eyes.(2001).fre.1cd.(25416).zip
2015-06-20 19:58 - 2015-06-20 19:58 - 00043731 _____ C:\Users\Zesh\Downloads\[HorribleSubs] Fate Stay Night - Unlimited Blade Works - 24 [1080p].mkv (1).torrent
2015-06-20 19:57 - 2015-06-20 19:57 - 00043731 _____ C:\Users\Zesh\Downloads\[HorribleSubs] Fate Stay Night - Unlimited Blade Works - 24 [1080p].mkv.torrent
2015-06-20 10:58 - 2015-06-20 10:58 - 00000000 ____D C:\Users\Zesh\Documents\FLiNGTrainer
2015-06-20 10:57 - 2015-06-20 10:58 - 00556400 _____ C:\Users\Zesh\Downloads\DARK.SOULS.2.SOTFS.V1.01.PLUS25TRN.FLING.ZIP
2015-06-20 02:11 - 2015-07-09 23:43 - 00001823 _____ C:\Users\Zesh\Desktop\New Text Document.txt
2015-06-19 23:02 - 2015-06-19 23:02 - 00001177 _____ C:\Users\Public\Desktop\ZBrush 4R6.lnk
2015-06-19 23:02 - 2015-06-19 23:02 - 00000000 ____D C:\Users\Public\Pixologic
2015-06-19 23:02 - 2015-06-19 23:02 - 00000000 ____D C:\Users\Public\Documents\ZBrushData
2015-06-19 23:02 - 2015-06-19 23:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixologic
2015-06-19 23:01 - 2015-06-19 23:01 - 00000000 ____D C:\Program Files (x86)\Pixologic
2015-06-19 20:25 - 2015-06-19 20:25 - 00017018 _____ C:\Users\Zesh\Downloads\[DeadFish] Yahari Ore no Seishun Love Comedy wa Machigatteiru. Zoku - 12 [720p][AAC].mp4.torrent
2015-06-19 16:47 - 2015-06-19 16:47 - 00000000 ____D C:\Users\Zesh\AppData\Roaming\DarkSoulsII
2015-06-19 15:19 - 2015-06-19 15:19 - 00001335 _____ C:\Users\Zesh\Desktop\Dark Souls II Scholar of the First Sin.lnk
2015-06-19 15:18 - 2015-06-19 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dark Souls II Scholar of the First Sin
2015-06-19 15:12 - 2015-06-19 15:18 - 00000000 ____D C:\Program Files (x86)\Dark Souls II Scholar of the First Sin
2015-06-19 01:45 - 2015-06-19 01:45 - 00292853 _____ C:\Users\Zesh\Downloads\Games for Windows LIVE Disable-1086.zip
2015-06-19 00:20 - 2015-06-19 00:20 - 00378368 _____ C:\Users\Zesh\Downloads\brief450.msi
2015-06-19 00:14 - 2015-06-19 00:14 - 04796149 _____ C:\Users\Zesh\Downloads\WS7.zip
2015-06-18 23:12 - 2015-06-18 23:12 - 00000000 ____D C:\Users\Zesh\AppData\Local\FOMM
2015-06-18 23:03 - 2015-06-19 00:09 - 00000000 ____D C:\Program Files (x86)\Mr DJ
2015-06-17 23:59 - 2015-06-17 23:59 - 00026190 _____ C:\Users\Zesh\Downloads\house.m.d.pilot.(2004).eng.1cd.(6100034).zip
2015-06-16 12:41 - 2015-06-16 12:41 - 00000000 _____ C:\ZGtouch.txt
2015-06-16 12:41 - 2015-06-16 12:41 - 00000000 _____ C:\Users\Zesh\ad629d07-1f13-11b2-ab67-bcc29142dc43.tmp
2015-06-15 01:23 - 2015-06-15 01:23 - 01009102 _____ C:\Users\Zesh\Downloads\Avian ophthalmology.ashx
2015-06-14 23:24 - 2015-06-14 23:24 - 00000526 _____ C:\Users\Zesh\Downloads\url (1).htm
2015-06-14 20:30 - 2015-06-14 20:30 - 00004422 _____ C:\Users\Zesh\Downloads\Grief.gp5
2015-06-14 20:28 - 2015-06-14 20:28 - 00008736 _____ C:\Users\Zesh\Downloads\Ideal White tabbed by Lok Yin.gp5
2015-06-14 20:26 - 2015-06-14 20:26 - 00001842 _____ C:\Users\Zesh\Downloads\fate ubw op-ideal white (1).rar
2015-06-14 13:30 - 2015-06-14 13:30 - 00834269 _____ C:\Users\Zesh\Downloads\MyCPFB.UF312.1-_Syllabus_et_documents_de_calcul.zip
2015-06-14 12:21 - 2015-06-14 12:21 - 02831686 _____ C:\Users\Zesh\Downloads\MyCPFB.UF312.2-_Document_de_calculs.zip
2015-06-14 00:21 - 2015-06-14 00:21 - 00018139 _____ C:\Users\Zesh\Downloads\{EHT PERSONALIZED TORRENT - DO NOT REDISTRIBUTE} Juicy Asses.torrent
2015-06-13 19:08 - 2015-06-13 19:08 - 03084476 _____ C:\Users\Zesh\Downloads\gzdoom-bin-2-0-05.zip
2015-06-10 10:10 - 2015-07-09 23:38 - 00000000 ____D C:\Users\Zesh\Desktop\pics
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-10 17:20 - 2009-07-14 07:13 - 00784524 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-10 17:19 - 2009-07-14 06:45 - 00019312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-10 17:19 - 2009-07-14 06:45 - 00019312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-10 17:18 - 2014-12-06 12:10 - 00000000 ____D C:\Windows\pss
2015-07-10 17:17 - 2014-11-16 17:55 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2015-07-10 17:17 - 2014-09-25 07:12 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-10 17:16 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-10 17:14 - 2014-09-25 15:16 - 00000000 ____D C:\Users\Zesh\AppData\Roaming\Skype
2015-07-10 17:14 - 2014-09-25 06:58 - 00000000 ____D C:\Users\Zesh
2015-07-10 17:05 - 2014-12-01 18:30 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-10 17:02 - 2014-09-25 07:13 - 00000000 ____D C:\Users\Zesh\AppData\Roaming\TS3Client
2015-07-10 16:42 - 2014-09-25 07:12 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-10 01:22 - 2015-02-23 01:45 - 00000000 ____D C:\Windows\Minidump
2015-07-10 01:10 - 2015-04-25 23:17 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-10 01:07 - 2014-09-25 00:41 - 00000000 ____D C:\Users\Zesh\AppData\Roaming\uTorrent
2015-07-10 00:15 - 2015-04-16 23:15 - 00000080 _____ C:\Users\Zesh\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-07-10 00:15 - 2015-04-16 20:28 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2015-07-10 00:14 - 2015-04-16 20:27 - 00000000 ____D C:\Program Files\Rockstar Games
2015-07-09 23:57 - 2009-07-14 06:45 - 00441768 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-09 22:36 - 2014-10-12 11:25 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2015-07-09 22:36 - 2014-10-12 11:25 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2015-07-09 22:36 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-07-09 22:30 - 2015-04-07 05:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2015-07-09 22:30 - 2015-04-07 05:44 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2015-07-09 22:30 - 2014-11-01 00:18 - 00000000 ____D C:\Users\Zesh\Documents\My Games
2015-07-07 23:45 - 2014-09-25 07:13 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-07 22:01 - 2014-09-25 15:16 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-07 22:01 - 2014-09-25 15:16 - 00000000 ____D C:\ProgramData\Skype
2015-07-07 22:01 - 2014-09-25 07:00 - 00111864 _____ C:\Users\Zesh\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-07 15:02 - 2014-09-24 22:19 - 00867422 _____ C:\Windows\PFRO.log
2015-07-07 14:54 - 2014-09-24 21:55 - 01764047 _____ C:\Windows\WindowsUpdate.log
2015-07-07 14:52 - 2014-09-25 14:13 - 00768390 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-07-07 14:50 - 2014-10-12 11:23 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-07 14:49 - 2014-10-12 11:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-07-05 11:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-07-04 19:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-24 16:49 - 2015-01-06 23:35 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-16 12:42 - 2015-05-30 00:58 - 00000000 ____D C:\Program Files (x86)\Zenimax Online
2015-06-16 12:41 - 2015-05-30 00:58 - 00000000 ____D C:\Windows\jre
 
==================== Files in the root of some directories =======
 
2014-10-08 13:16 - 2015-03-15 14:52 - 0000132 _____ () C:\Users\Zesh\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-01-03 14:20 - 2015-01-03 14:20 - 0000712 _____ () C:\Users\Zesh\AppData\Local\recently-used.xbel
2014-09-24 23:46 - 2014-09-24 23:46 - 0007606 _____ () C:\Users\Zesh\AppData\Local\Resmon.ResmonCfg
2015-07-07 17:23 - 2015-07-07 17:23 - 0000000 _____ () C:\Users\Zesh\AppData\Local\Temptable.xml
 
Files to move or delete:
====================
C:\Users\Zesh\AppData\Roaming\Origin\update.vbe
 
 
Some files in TEMP:
====================
C:\Users\Zesh\AppData\Local\Temp\Quarantine.exe
C:\Users\Zesh\AppData\Local\Temp\sqlite3.dll
C:\Users\Zesh\AppData\Local\Temp\unins000.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-03 01:06
 
==================== End of log ============================

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-07-2015

Ran by Zesh at 2015-07-10 17:26:44
Running from C:\Users\Zesh\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3494139373-2628354773-2896244957-500 - Administrator - Disabled)
Guest (S-1-5-21-3494139373-2628354773-2896244957-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3494139373-2628354773-2896244957-1002 - Limited - Enabled)
Zesh (S-1-5-21-3494139373-2628354773-2896244957-1000 - Administrator - Enabled) => C:\Users\Zesh
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3494139373-2628354773-2896244957-1000\...\uTorrent) (Version: 3.4.3.40097 - BitTorrent Inc.)
Adobe Photoshop CS6 (HKLM-x32\...\Adobe Photoshop CS6) (Version: 13.0.0.0 - © The Computer Guy Tony)
Adobe Reader XI (11.0.11) - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Advanced Port Scanner v1.3 (HKLM-x32\...\Advanced Port Scanner v1.3) (Version:  - )
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version:  - )
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.2.0 - Asmedia Technology)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Belfius Smart Card Reader Chrome-App (HKU\S-1-5-21-3494139373-2628354773-2896244957-1000\...\{22723509-aab9-4276-8b57-734560faf359}) (Version: 2.3.2.0 - VASCO Data Security)
Belfius Smart Card Reader Chrome-App (x32 Version: 2.3.2.0 - VASCO Data Security) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CPUID HWMonitor 1.26 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Dark Souls - Prepare to Die Edition (HKLM-x32\...\Dark Souls - Prepare to Die Edition_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Dark Souls II Scholar of the First Sin (HKLM-x32\...\Dark Souls II Scholar of the First Sin_is1) (Version:  - )
Dxtory version 2.0.122 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.122 - Dxtory Software)
EVE Online (HKLM-x32\...\Steam App 8500) (Version:  - CCP)
EVE Online (remove only) (HKLM-x32\...\EVE) (Version:  - CCP Games Ltd.)
EVEMon (HKLM-x32\...\EVEMon) (Version: 1.9.1 - battleclinic.com)
FL Studio 9 (HKLM-x32\...\FL Studio 9) (Version:  - Image-Line)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
GS Auto Clicker (HKLM-x32\...\GS Auto Clicker_is1) (Version: V3.1.3 - goldensoft.org)
GUILD WARS (HKLM-x32\...\Guild Wars) (Version:  - )
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version:  - Arobas Music)
Hardcore (HKLM-x32\...\Hardcore) (Version:  - Image-Line)
HexChat (HKLM\...\HexChat_is1) (Version: 2.10.2 - HexChat)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
Mumble 1.2.8 (HKLM-x32\...\{5D198290-6E7D-426C-9AF0-8DA34CC7E596}) (Version: 1.2.8 - Thorvald Natvig)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA Graphics Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Phantasy Star Online 2: EPISODE 3 (HKLM-x32\...\{38CA1868-3A03-4B5D-93A1-FD6F61D6723A}_is1) (Version:  - SEGA)
PoiZone (HKLM-x32\...\PoiZone) (Version:  - Image-Line)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.1 - Rockstar Games)
Satsuki Decoder Pack (HKLM-x32\...\Satsuki Decoder Pack) (Version: 5104 - Satsuki Yatoshi'S Softs)
Sawer (HKLM-x32\...\Sawer) (Version:  - Image-Line)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Tone Stack Calculator version 1.3 (HKLM-x32\...\{D1385B9C-DD6D-43FE-B07C-28A80B23422F}_is1) (Version: 1.3 - Duncan Amplification)
Toxic Biohazard (HKLM-x32\...\Toxic Biohazard) (Version:  - Image-Line)
VASCO Card Reader Plug-In (64-Bit) (Version: 3.2.3.4 - VASCO Data Security) Hidden
VASCO Smart Card Reader Plug-In (User) (HKU\S-1-5-21-3494139373-2628354773-2896244957-1000\...\{c77cb28d-ddd3-46f7-b51a-14a599127ba7}) (Version: 3.2.3.4 - VASCO Data Security)
VirtualDJ 8 (HKLM-x32\...\{C322F3EC-3737-47E7-8FAF-1E1A1DE237ED}) (Version: 8.0.2179.0 - Atomix Productions)
VNC Server 5.2.2 (HKLM\...\{AAE140B3-14D5-4AF9-A4AF-1628250A8EF1}) (Version: 5.2.2 - RealVNC Ltd)
VNC Viewer 5.2.2 (HKLM\...\{FF0D75AD-1856-4170-95CE-556CC3B0E36C}) (Version: 5.2.2 - RealVNC Ltd)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
ZBrush 4R6 (HKLM-x32\...\ZBrush 4R6 4R6) (Version: 4R6 - Pixologic)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3494139373-2628354773-2896244957-1000_Classes\CLSID\{9E436272-69C3-5FBA-9C1D-15694337F4AC}\InprocServer32 -> C:\Users\Zesh\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin64.dll (VASCO Data Security)
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0E1EF7F3-8361-40C7-B8DD-0F1B9B36198A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-25] (Google Inc.)
Task: {392A91F4-D013-4832-B9F2-F8835574FD79} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-10-12] ()
Task: {4344DC90-FB27-498A-A947-042547FC604E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {8B61977B-A432-4705-B678-FEDDAAF94C52} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {8D3907FC-8A13-4872-AC9C-551DFDD08472} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {8FC6DC80-5278-4698-9B9E-0C74B96D1E73} - System32\Tasks\{1CFF7B28-3B84-4F45-998B-AFCA9F10C046} => pcalua.exe -a "D:\Anime\FAR CRY 4 GOLD EDITION-SC\GDFInstall.exe" -d "D:\Anime\FAR CRY 4 GOLD EDITION-SC"
Task: {915DADB7-46DB-4E58-A516-7E7C29379CD5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-25] (Google Inc.)
Task: {96855031-96C4-4AE4-AF92-1319476CB1FE} - System32\Tasks\{C11018B3-8130-4228-AE8F-26D7742ADF89} => Chrome.exe http://ui.skype.com/ui/0/7.3.60.101/en/abandoninstall?page=tsMain
Task: {D4C5D7CD-FB9D-424A-B10B-48B3C2B1B5F6} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Zesh-PC-Zesh Zesh-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {D995C50A-4418-46DC-99C6-FFE8328A42F1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {E0F9FF6F-B8ED-4297-8FF9-D744AE552E08} - System32\Tasks\Origin => C:\Users\Zesh\AppData\Roaming\Origin\update.vbe [2015-06-09] () <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-07-27 11:41 - 2014-07-27 11:41 - 08892576 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-04-17 00:42 - 2015-04-08 23:30 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-07-07 23:45 - 2015-07-07 05:49 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libglesv2.dll
2015-07-07 23:45 - 2015-07-07 05:49 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libegl.dll
2015-07-07 23:45 - 2015-07-07 05:49 - 16285512 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
AlternateDataStreams: C:\Users\Zesh\Desktop\vbot:{55003700-6F00-6A00-6200-5A0046007900}
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3494139373-2628354773-2896244957-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Zesh\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: vncserver => 3
MSCONFIG\Services: WinDefend => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupfolder: C:^Users^Zesh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerReg Scheduler.exe => C:\Windows\pss\PowerReg Scheduler.exe.Startup
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: Viber => "C:\Users\Zesh\AppData\Local\Viber\Viber.exe" StartMinimized
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{CDBBDD72-3F1C-45A0-AFEC-6D1285839864}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{AA45C155-9E0E-4B25-A3E0-B1D3075DA469}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{783109BF-A731-4A3C-A167-F22ACBFB4790}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{D2661CAC-3D8A-4A27-8CEB-070CCCCF5F06}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe] => (Allow) C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe
FirewallRules: [UDP Query User{75832C3F-E74B-4A36-B78F-5D2BF1D3B4A2}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe] => (Allow) C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe
FirewallRules: [TCP Query User{53214C33-39DE-4EEB-8704-6E90D5C47199}C:\program files (x86)\r.g. catalyst\crysis 2\bin32\crysis2.exe] => (Allow) C:\program files (x86)\r.g. catalyst\crysis 2\bin32\crysis2.exe
FirewallRules: [UDP Query User{E0B02FBF-4682-41AC-8C4F-2A74221AC044}C:\program files (x86)\r.g. catalyst\crysis 2\bin32\crysis2.exe] => (Allow) C:\program files (x86)\r.g. catalyst\crysis 2\bin32\crysis2.exe
FirewallRules: [TCP Query User{BE960058-6F0E-4F8A-9FA5-07F4D63F2696}C:\program files (x86)\r.g. mechanics\alien isolation\ai.exe] => (Allow) C:\program files (x86)\r.g. mechanics\alien isolation\ai.exe
FirewallRules: [UDP Query User{920044AC-204B-4E85-90F7-8C2F5979851F}C:\program files (x86)\r.g. mechanics\alien isolation\ai.exe] => (Allow) C:\program files (x86)\r.g. mechanics\alien isolation\ai.exe
FirewallRules: [{C4B7B6E0-9D4F-49F2-9B1E-C823BA930B2C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{02B6C1A4-CF1D-4A34-816F-976C2324C5D8}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{57EF002D-2F7E-4407-987A-BFC2E170DBF3}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{DA29257B-445C-421A-9520-DABB696C7EC6}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{24676E69-D71E-40D6-AE9D-26101F672F58}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{E68397DD-930E-4E09-90E6-E446951E4064}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{01F120B5-B10B-4723-BB22-A643BC161D30}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{07AC3A3C-28E4-4E03-A49A-3767055D3FFD}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{F725AC92-3609-46B9-AB59-27C531ED2EE7}C:\program files\java\jre1.8.0_25\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\java.exe
FirewallRules: [UDP Query User{DAC1E28B-D512-4CC0-8F3F-03EB7F54EC4A}C:\program files\java\jre1.8.0_25\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\java.exe
FirewallRules: [{83AB6B41-50DE-4C3B-82C8-83988283D79C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E06B3D0B-F94A-41AC-AD8A-1D7E314A011A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9D79F233-B65C-4CBA-9E2F-0F4E740AB757}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{79D4503E-84C4-4831-AA5F-5D0198E6009B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2ECB5700-5D74-421F-98FB-BABBB99FE6C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Eve Online\eve.exe
FirewallRules: [{519B6EB8-AAF2-4433-8B89-4AB69F7E21DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Eve Online\eve.exe
FirewallRules: [TCP Query User{8F8C0A86-0A81-4641-82E7-7C3A1BB719A5}C:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe
FirewallRules: [UDP Query User{71D17E2C-D0E1-4E97-9C1B-FB3290C4FD4C}C:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe
FirewallRules: [TCP Query User{5EBCC9FC-DB64-486F-92F3-D283AC6E4EE1}C:\program files (x86)\ccp\eve\bin\exefile.exe] => (Allow) C:\program files (x86)\ccp\eve\bin\exefile.exe
FirewallRules: [UDP Query User{6318FB5B-77E3-459C-A352-C8A151C36535}C:\program files (x86)\ccp\eve\bin\exefile.exe] => (Allow) C:\program files (x86)\ccp\eve\bin\exefile.exe
FirewallRules: [TCP Query User{757A3903-DE32-48C5-B887-EF69B62B19F3}C:\program files\hexchat\hexchat.exe] => (Allow) C:\program files\hexchat\hexchat.exe
FirewallRules: [UDP Query User{E39F537E-2E72-4CD6-BA8E-6A31C720AECC}C:\program files\hexchat\hexchat.exe] => (Allow) C:\program files\hexchat\hexchat.exe
FirewallRules: [TCP Query User{0041A392-ED63-420D-A53D-9F0ADC7D21AD}C:\program files (x86)\far cry 4\bin\farcry4.exe] => (Block) C:\program files (x86)\far cry 4\bin\farcry4.exe
FirewallRules: [UDP Query User{B91238EB-3E7F-4B23-89E1-AAC6CD70DC62}C:\program files (x86)\far cry 4\bin\farcry4.exe] => (Block) C:\program files (x86)\far cry 4\bin\farcry4.exe
FirewallRules: [{D8285882-E1A3-4495-84C9-14654CA118C4}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe
FirewallRules: [{383EC18D-E0A1-417A-B699-2C1B32D2FE1B}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe
FirewallRules: [TCP Query User{0E190639-006A-4CE6-AE05-ACE1C31A2FAC}C:\program files (x86)\ubisoft\far cry 4\bin\farcry4.exe] => (Block) C:\program files (x86)\ubisoft\far cry 4\bin\farcry4.exe
FirewallRules: [UDP Query User{C40A27EE-492F-47A4-9D50-179D27F5A148}C:\program files (x86)\ubisoft\far cry 4\bin\farcry4.exe] => (Block) C:\program files (x86)\ubisoft\far cry 4\bin\farcry4.exe
FirewallRules: [TCP Query User{0B26A9CB-90DB-47D5-B43D-4FB9F67CCA07}C:\users\zesh\desktop\perfect_dark_1.21\perfect dark.exe] => (Allow) C:\users\zesh\desktop\perfect_dark_1.21\perfect dark.exe
FirewallRules: [UDP Query User{1C301C46-5F9D-4276-AE02-C2C1CB5D64D1}C:\users\zesh\desktop\perfect_dark_1.21\perfect dark.exe] => (Allow) C:\users\zesh\desktop\perfect_dark_1.21\perfect dark.exe
FirewallRules: [TCP Query User{80D40604-E3B3-4EBF-9BB4-08511CEE1D96}C:\users\zesh\desktop\perfect_dark_1.21\perfect dark.update.exe] => (Allow) C:\users\zesh\desktop\perfect_dark_1.21\perfect dark.update.exe
FirewallRules: [UDP Query User{A7248D53-9CA2-4C1C-9F10-3B2A0A116B2C}C:\users\zesh\desktop\perfect_dark_1.21\perfect dark.update.exe] => (Allow) C:\users\zesh\desktop\perfect_dark_1.21\perfect dark.update.exe
FirewallRules: [TCP Query User{FB88F6EA-2DAC-478A-B299-C780DE176D4D}C:\program files (x86)\r.g. mechanics\dying light\dyinglightgame.exe] => (Allow) C:\program files (x86)\r.g. mechanics\dying light\dyinglightgame.exe
FirewallRules: [UDP Query User{5BB9CB99-785F-434E-9665-92A439935B83}C:\program files (x86)\r.g. mechanics\dying light\dyinglightgame.exe] => (Allow) C:\program files (x86)\r.g. mechanics\dying light\dyinglightgame.exe
FirewallRules: [TCP Query User{902BA798-D0DC-48DB-8CB4-DDA351740FE5}C:\program files\epic games\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe] => (Allow) C:\program files\epic games\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe
FirewallRules: [UDP Query User{AD4249F4-6D51-493A-8812-6FEE6C4A64AA}C:\program files\epic games\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe] => (Allow) C:\program files\epic games\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe
FirewallRules: [{9C399C17-3EF3-4E50-9E82-DD872A5CD886}] => (Allow) C:\Users\Zesh\AppData\Local\MyComGames\MyComGames.exe
FirewallRules: [{11479E53-CFD9-4B96-AC3A-479B1F552C62}] => (Allow) C:\Users\Zesh\AppData\Local\MyComGames\MyComGames.exe
FirewallRules: [TCP Query User{EB714125-ACE6-49E9-A259-FBE72582C020}C:\users\zesh\appdata\local\temp\i1426561225\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\zesh\appdata\local\temp\i1426561225\windows\resource\jre\bin\javaw.exe
FirewallRules: [UDP Query User{00A3D237-3FF3-4BA8-82CD-9EAF70420E58}C:\users\zesh\appdata\local\temp\i1426561225\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\zesh\appdata\local\temp\i1426561225\windows\resource\jre\bin\javaw.exe
FirewallRules: [{4BD0A348-E38B-40A6-A237-2A0766C5AB3D}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{3C5CF702-6896-415E-9DA1-7145F9C378F1}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{A1B02EF5-E5AA-48C9-BE41-48446D9E212D}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{BA68EF7B-FFEB-42C0-98EF-40122CEC6138}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{62822BE3-9DBF-4122-AF12-1AED0FA79028}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{8C589DC8-E587-4784-8587-E984CA45EF60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{F671A198-170B-43CC-B633-F495DD16D986}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{9A05BA48-58D6-48DC-8AF1-9A81B5BEC5A9}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{DFD11482-A7C5-412B-889C-012681CE931B}C:\games\the witcher 2 assassins of kings\bin\witcher2.exe] => (Block) C:\games\the witcher 2 assassins of kings\bin\witcher2.exe
FirewallRules: [UDP Query User{309A1442-7B2E-4B4C-A637-159AD0EAF0B0}C:\games\the witcher 2 assassins of kings\bin\witcher2.exe] => (Block) C:\games\the witcher 2 assassins of kings\bin\witcher2.exe
FirewallRules: [{2028C389-CB88-495B-BA0A-6F02A50E0EC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{CC09D1FA-C1BC-4E0E-9C51-860D7727BB6A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{108C8C08-B687-4191-98AC-9F941F0A270E}C:\users\zesh\appdata\local\temp\i1432940080\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\zesh\appdata\local\temp\i1432940080\windows\resource\jre\bin\javaw.exe
FirewallRules: [UDP Query User{A5501ED1-1BC5-406A-BDDD-CFD4A44A6EC3}C:\users\zesh\appdata\local\temp\i1432940080\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\zesh\appdata\local\temp\i1432940080\windows\resource\jre\bin\javaw.exe
FirewallRules: [{C008BE91-845C-464D-A229-C417AF82C170}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CA365E70-7B3C-45B8-B5E6-CE149A632691}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2631020C-4576-4D5E-A1F4-B2C5CBF551F2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D128434D-819C-4C96-9500-F2E2551CF4B0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{861D4BA9-F3B2-46E4-BBAC-64122D86CA5A}] => (Allow) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{5999F631-7DA7-4D7E-84F5-59A5C9729C15}] => (Allow) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{6DA86296-D701-4C60-8BF8-A2E4FF0011DE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/09/2015 05:04:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7785
 
Error: (07/09/2015 05:04:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7785
 
Error: (07/09/2015 05:04:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/09/2015 05:04:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6786
 
Error: (07/09/2015 05:04:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6786
 
Error: (07/09/2015 05:04:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/09/2015 05:04:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5788
 
Error: (07/09/2015 05:04:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5788
 
Error: (07/09/2015 05:04:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/09/2015 05:04:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4789
 
 
System errors:
=============
Error: (07/10/2015 05:19:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (07/10/2015 05:19:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office Software Protection Platform service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/10/2015 05:19:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (07/10/2015 05:19:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/10/2015 05:19:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/10/2015 05:19:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/10/2015 05:15:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (07/10/2015 05:15:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/10/2015 05:15:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/10/2015 05:15:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
Microsoft Office:
=========================
Error: (07/09/2015 05:04:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7785
 
Error: (07/09/2015 05:04:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7785
 
Error: (07/09/2015 05:04:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/09/2015 05:04:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6786
 
Error: (07/09/2015 05:04:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6786
 
Error: (07/09/2015 05:04:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/09/2015 05:04:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5788
 
Error: (07/09/2015 05:04:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5788
 
Error: (07/09/2015 05:04:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/09/2015 05:04:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4789
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 17%
Total physical RAM: 8147.51 MB
Available physical RAM: 6719.95 MB
Total Virtual: 16293.21 MB
Available Virtual: 14855.99 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:489.26 GB) (Free:248.62 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (LaCie A) (Fixed) (Total:900 GB) (Free:300.23 GB) NTFS
Drive e: (LaCie B) (Fixed) (Total:31.5 GB) (Free:31.37 GB) NTFS
Drive f: () (Fixed) (Total:106.91 GB) (Free:106.82 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E70B40D6)
Partition 2: (Active) - (Size=931.5 GB) - (Type=05)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: F98D6E74)
Partition 1: (Active) - (Size=489.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=106.9 GB) - (Type=07 NTFS)
 
==================== End of log ============================

 

Thanks in advance,

Cordialy,

[Followed the guide on malware removal request, please do point out any mistakes/things left out i might have missed.]


Edited by Owoch, 10 July 2015 - 03:30 PM.


BC AdBot (Login to Remove)

 


m

#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:00 PM

Posted 12 July 2015 - 06:48 AM

Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, this forum does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine

Having said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Owoch

Owoch
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 12 July 2015 - 09:22 AM

Alright so what should I do once i've uninstalled said programs, resend logs?



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:00 PM

Posted 13 July 2015 - 02:13 AM

Yes, please rescan with FRST (create a new addition.txt as well) and post the logs.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 Owoch

Owoch
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 13 July 2015 - 11:30 AM

Thanks for the help

 

Let me know if anything cracked/warez is left (sharing this comp with my brother), I only work on this machine, uninstalled all I could find.

 

FRST.txt

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015

Ran by Zesh (administrator) on ZESH-PC on 13-07-2015 18:22:53
Running from C:\Users\Zesh\Desktop
Loaded Profiles: Zesh (Available Profiles: Zesh)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Beepa P/L) C:\Fraps\fraps.exe
(Beepa P/L) C:\Fraps\fraps64.dat
(CCP hf.) C:\Program Files (x86)\Steam\steamapps\common\Eve Online\bin\exefile.exe
(Valve Corporation) C:\Program Files (x86)\Steam\GameOverlayUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-27] (Panda Security, S.L.)
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3494139373-2628354773-2896244957-1000\...\MountPoints2: H - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3494139373-2628354773-2896244957-1000\...\MountPoints2: {77db71f4-c326-11e4-b65b-c86000bfb683} - H:\HTC_Sync_Manager_PC.exe
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3494139373-2628354773-2896244957-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/fr-be/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-08-12] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-11-17] (Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-07-27] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-17] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-08-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-17] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-07-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-17] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-17] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-11-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3494139373-2628354773-2896244957-1000: vasco.com/VascoCardReaderPlugin -> C:\Users\Zesh\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin.dll [2014-10-27] (VASCO Data Security)
FF Plugin HKU\S-1-5-21-3494139373-2628354773-2896244957-1000: vasco.com/VascoCardReaderPlugin64 -> C:\Users\Zesh\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin64.dll [2014-10-27] (VASCO Data Security)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-11-15] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-09-24]
 
Chrome: 
=======
CHR Profile: C:\Users\Zesh\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Zesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-25]
CHR Extension: (Belfius Smart Card Reader Chrome Extension) - C:\Users\Zesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\agicnfmechmlphpjmeefookfjhifbmhi [2015-04-24]
CHR Extension: (Google Docs) - C:\Users\Zesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-25]
CHR Extension: (Google Drive) - C:\Users\Zesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-25]
CHR Extension: (YouTube) - C:\Users\Zesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-25]
CHR Extension: (Google Search) - C:\Users\Zesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-25]
CHR Extension: (Google Sheets) - C:\Users\Zesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-25]
CHR Extension: (AdBlock) - C:\Users\Zesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-25]
CHR Extension: (Hola Better Internet) - C:\Users\Zesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-07-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Zesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Hola Better Internet) - C:\Users\Zesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhcmfkkjmkcfgelgdpndepmimbmkbpfp [2015-06-06]
CHR Extension: (Google Wallet) - C:\Users\Zesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-25]
CHR Extension: (Gmail) - C:\Users\Zesh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-25]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-27] (Panda Security, S.L.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3472368 2014-12-01] (INCA Internet Co., Ltd.)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-27] (Panda Security, S.L.)
S4 vncserver; C:\Program Files\RealVNC\VNC Server\vncservice.exe [639808 2014-11-28] (RealVNC Ltd)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [48400 2014-12-31] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-09] (Panda Security, S.L.)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-04-09] (NVIDIA Corporation)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163576 2015-06-17] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-25] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-25] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-25] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-25] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-25] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-13 18:22 - 2015-07-13 18:23 - 00015509 _____ C:\Users\Zesh\Desktop\FRST.txt
2015-07-13 18:22 - 2015-07-13 18:22 - 00000000 ____D C:\Users\Zesh\Desktop\FRST-OlderVersion
2015-07-13 01:30 - 2015-07-13 01:31 - 00000085 _____ C:\Windows\wininit.ini
2015-07-12 23:15 - 2015-07-12 22:46 - 19953020 ____N C:\Users\Zesh\Desktop\DSCN0753.MOV
2015-07-12 22:10 - 2015-07-12 22:10 - 06949352 _____ (Wargaming.net ) C:\Users\Zesh\Downloads\WoWS_internet_install_eu.exe
2015-07-12 22:10 - 2015-07-12 22:10 - 00000795 _____ C:\Users\Zesh\Desktop\World of Warships.lnk
2015-07-12 22:10 - 2015-07-12 22:10 - 00000000 ____D C:\Users\Zesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Warships
2015-07-12 17:37 - 2015-07-12 17:37 - 00000938 ____R C:\Windows\system32\Drivers\etc\hosts.20150712-173717.backup
2015-07-12 17:29 - 2015-07-12 17:15 - 00450771 _____ C:\Windows\system32\Drivers\etc\hosts.20150712-172944.backup
2015-07-12 17:15 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20150712-171547.backup
2015-07-12 17:03 - 2015-07-12 17:03 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2015-07-12 17:02 - 2015-07-13 01:31 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-07-12 17:02 - 2015-07-13 01:31 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-07-12 17:01 - 2015-07-12 17:02 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Zesh\Downloads\spybot-2.4.exe
2015-07-12 16:56 - 2015-07-12 16:56 - 00291606 _____ C:\Users\Zesh\Downloads\TCPView.zip
2015-07-12 16:52 - 2015-07-12 16:52 - 00004064 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-12 16:52 - 2015-07-12 16:52 - 00003812 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-12 16:52 - 2015-07-12 16:52 - 00003172 _____ C:\Windows\System32\Tasks\{1CFF7B28-3B84-4F45-998B-AFCA9F10C046}
2015-07-12 16:52 - 2015-07-12 16:52 - 00003092 _____ C:\Windows\System32\Tasks\{C11018B3-8130-4228-AE8F-26D7742ADF89}
2015-07-12 16:41 - 2015-07-12 16:43 - 00004950 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Zesh-PC-Zesh Zesh-PC
2015-07-12 16:28 - 2015-07-12 16:37 - 00000000 ____D C:\ProgramData\RogueKiller
2015-07-12 16:28 - 2015-07-12 16:28 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-07-12 16:27 - 2015-07-12 16:28 - 21971528 _____ C:\Users\Zesh\Downloads\RogueKillerX64.exe
2015-07-12 03:13 - 2015-07-12 03:13 - 00026159 _____ C:\Users\Zesh\Downloads\true-detective-second-season_HI_english-1147348.zip
2015-07-10 17:33 - 2015-07-10 17:33 - 00000000 ____D C:\Users\Zesh\AppData\Roaming\Panda Security
2015-07-10 17:33 - 2015-07-10 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Internet Security 2015
2015-07-10 17:33 - 2015-07-10 17:33 - 00000000 ____D C:\Program Files (x86)\Panda Security
2015-07-10 17:33 - 2015-05-22 10:45 - 00061712 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-07-10 17:32 - 2015-07-10 17:33 - 00000000 ____D C:\ProgramData\Panda Security
2015-07-10 17:32 - 2015-07-10 17:32 - 02001488 _____ C:\Users\Zesh\Downloads\PANDAIS15.exe
2015-07-10 17:25 - 2015-07-13 18:22 - 00000000 ____D C:\FRST
2015-07-10 17:14 - 2015-07-10 17:14 - 00000000 _____ C:\Users\Zesh\defogger_reenable
2015-07-10 17:13 - 2015-07-10 17:13 - 02248704 _____ C:\Users\Zesh\Downloads\Unconfirmed 898609.crdownload
2015-07-10 17:12 - 2015-07-10 17:12 - 03034090 _____ (Malwarebytes Corporation) C:\Users\Zesh\Desktop\JRT.exe
2015-07-10 17:12 - 2015-07-10 17:12 - 02248704 _____ C:\Users\Zesh\Desktop\adw.Exe
2015-07-10 17:11 - 2015-07-13 18:22 - 02133504 _____ (Farbar) C:\Users\Zesh\Desktop\FRST64.exe
2015-07-10 17:07 - 2015-07-10 17:07 - 00050477 _____ C:\Users\Zesh\Desktop\Defogger.exe
2015-07-10 13:07 - 2015-07-13 15:59 - 00001848 _____ C:\Windows\setupact.log
2015-07-10 13:07 - 2015-07-10 13:07 - 00000000 _____ C:\Windows\setuperr.log
2015-07-10 03:31 - 2015-07-10 03:31 - 00025566 _____ C:\Users\Zesh\Downloads\eve-overview-v0.6.1.zip
2015-07-10 03:25 - 2015-07-10 03:25 - 00023207 _____ C:\Users\Zesh\Downloads\Sarah Overview Pack 0.3.4a.zip
2015-07-10 03:20 - 2015-07-10 03:20 - 00076587 _____ C:\Users\Zesh\Documents\SaraShawa Overview Pack v7.1.yaml
2015-07-10 01:11 - 2015-07-10 01:11 - 00388608 _____ (Trend Micro Inc.) C:\Users\Zesh\Downloads\HijackThis.exe
2015-07-10 01:06 - 2015-07-10 01:08 - 00000000 ____D C:\Users\Zesh\Desktop\EVE
2015-07-09 22:39 - 2015-07-09 22:39 - 00000936 _____ C:\Users\Public\Desktop\Guild Wars 2.lnk
2015-07-09 22:39 - 2015-07-09 22:39 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2
2015-07-09 22:38 - 2015-07-09 22:38 - 26068984 _____ (ArenaNet) C:\Users\Zesh\Downloads\Gw2Setup.exe
2015-07-09 17:55 - 2015-07-09 17:55 - 00690336 _____ C:\Users\Zesh\Downloads\EVEPilot_Help.zip
2015-07-09 17:21 - 2015-07-09 18:50 - 00000000 ____D C:\Users\Zesh\Desktop\vbot
2015-07-09 16:03 - 2015-07-09 18:44 - 00000640 _____ C:\Windows\SysWOW64\debug.log
2015-07-09 15:56 - 2015-07-09 15:56 - 00000000 ____D C:\Users\Zesh\AppData\Local\MacroLab
2015-07-09 15:54 - 2015-07-09 15:54 - 00000000 ____D C:\ProgramData\Isolated Storage
2015-07-09 15:51 - 2015-07-09 15:51 - 15504336 _____ C:\Users\Zesh\Downloads\evepilot.zip
2015-07-09 04:21 - 2015-07-09 04:21 - 00017802 _____ C:\Users\Zesh\Downloads\zoo-first-season_english-1147951.zip
2015-07-08 22:59 - 2015-07-08 22:59 - 00000000 ____D C:\ProgramData\CCP
2015-07-08 19:09 - 2015-07-08 19:09 - 00043240 _____ C:\Users\Zesh\Downloads\CG3100 (3).cfg
2015-07-07 18:17 - 2015-07-07 18:22 - 00000000 ____D C:\Users\Zesh\Documents\avia
2015-07-07 17:23 - 2015-07-07 17:23 - 00000000 _____ C:\Users\Zesh\AppData\Local\Temptable.xml
2015-07-07 17:18 - 2015-07-07 18:22 - 00000000 ____D C:\Users\Zesh\AppData\Local\TempSWBackupDirectory
2015-07-07 17:17 - 2015-07-07 17:17 - 00000000 ____D C:\Users\Zesh\AppData\Local\SolidWorks
2015-07-07 15:21 - 2015-07-07 15:21 - 00000000 ____D C:\Users\Zesh\AppData\Roaming\DassaultSystemes
2015-07-07 15:21 - 2015-07-07 15:21 - 00000000 ____D C:\Users\Zesh\AppData\Local\DassaultSystemes
2015-07-07 15:21 - 2015-07-07 15:21 - 00000000 ____D C:\ProgramData\DassaultSystemes
2015-07-07 15:08 - 2015-07-07 18:28 - 00000000 ____D C:\ProgramData\SOLIDWORKS
2015-07-07 15:08 - 2015-07-07 18:28 - 00000000 ____D C:\Program Files\SOLIDWORKS Corp
2015-07-07 15:08 - 2015-07-07 15:08 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 8
2015-07-07 15:07 - 2012-02-11 08:46 - 00180312 _____ (Microsoft Corporation) C:\Windows\system32\hadrres.dll
2015-07-07 15:07 - 2012-02-11 08:46 - 00082520 _____ (Microsoft Corporation) C:\Windows\system32\fssres.dll
2015-07-07 15:04 - 2015-07-07 15:04 - 00000000 ____D C:\Program Files\Bonjour
2015-07-07 15:04 - 2015-07-07 15:04 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-07-07 14:50 - 2015-07-07 14:50 - 00000000 ____D C:\Users\Zesh\Documents\Visual Studio 2005
2015-07-07 14:49 - 2015-07-07 14:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005
2015-07-07 14:49 - 2015-07-07 14:49 - 00000000 ____D C:\Program Files (x86)\MSECache
2015-07-07 14:49 - 2015-07-07 14:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2015-07-07 14:47 - 2015-07-07 18:25 - 00000000 ____D C:\ProgramData\SOLIDWORKS Electrical
2015-07-07 14:47 - 2015-07-07 14:47 - 00000000 ____D C:\ProgramData\FLEXnet
2015-07-07 14:42 - 2015-07-07 17:18 - 00000000 ____D C:\Users\Zesh\AppData\Roaming\SOLIDWORKS
2015-07-07 14:06 - 2015-07-07 14:06 - 00000000 ____D C:\Users\Zesh\AppData\Roaming\SketchUp
2015-07-07 14:06 - 2015-07-07 14:06 - 00000000 ____D C:\ProgramData\SketchUp
2015-07-07 14:06 - 2015-07-07 14:06 - 00000000 ____D C:\ProgramData\Reprise
2015-07-07 14:04 - 2015-07-07 14:05 - 114480888 _____ (Trimble Navigation Limited) C:\Users\Zesh\Downloads\SketchUpMake-en-x64.exe
2015-07-04 00:43 - 2015-07-04 00:43 - 00043248 _____ C:\Users\Zesh\Downloads\CG3100 (2).cfg
2015-07-03 18:01 - 2015-07-03 18:01 - 00007464 _____ C:\Users\Zesh\Downloads\[Scales] Gangsta - 01 [82280D1D].mp4.torrent
2015-07-03 12:03 - 2015-07-03 12:03 - 00043272 _____ C:\Users\Zesh\Downloads\CG3100 (1).cfg
2015-07-02 23:59 - 2015-07-02 23:59 - 00021349 _____ C:\Users\Zesh\Downloads\zoo-first-season_HI_english-1144550.zip
2015-07-02 01:01 - 2015-07-02 01:01 - 00018256 _____ C:\Users\Zesh\Downloads\Shackles.zip.torrent
2015-07-02 01:00 - 2015-07-02 01:00 - 00019515 _____ C:\Users\Zesh\Downloads\Girls In Chairs.zip.torrent
2015-07-01 18:01 - 2015-07-01 18:01 - 00029480 _____ C:\Users\Zesh\Downloads\VideoGame Vixens Galore.zip.torrent
2015-07-01 18:00 - 2015-07-01 18:00 - 00016684 _____ C:\Users\Zesh\Downloads\Nylon Galore II.zip.torrent
2015-07-01 17:54 - 2015-07-01 17:55 - 00043224 _____ C:\Users\Zesh\Downloads\CG3100.cfg
2015-06-29 16:16 - 2015-06-29 16:16 - 00028676 _____ C:\Users\Zesh\Downloads\true-detective-second-season_english-1143105.zip
2015-06-29 11:49 - 2015-06-29 11:49 - 00023478 _____ C:\Users\Zesh\Downloads\true-detective-second-season_english-1138111.zip
2015-06-29 11:12 - 2015-06-29 11:12 - 03147776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-06-29 11:12 - 2015-06-29 11:12 - 02589184 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-06-29 11:12 - 2015-06-29 11:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-06-29 11:12 - 2015-06-29 11:12 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-06-29 11:12 - 2015-06-29 11:12 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-06-29 11:12 - 2015-06-29 11:12 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-06-29 11:12 - 2015-06-29 11:12 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-06-29 11:12 - 2015-06-29 11:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-06-29 11:12 - 2015-06-29 11:12 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-06-29 11:12 - 2015-06-29 11:12 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-06-29 11:12 - 2015-06-29 11:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-06-29 11:12 - 2015-06-29 11:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-06-29 11:12 - 2015-06-29 11:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-06-29 11:12 - 2015-06-29 11:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-06-29 11:12 - 2015-06-29 11:12 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-06-29 11:12 - 2015-06-29 11:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-06-29 11:11 - 2015-06-29 11:11 - 12339160 _____ (Microsoft Corporation) C:\Users\Zesh\Downloads\Windows10InsiderPreview.exe
2015-06-29 11:10 - 2015-06-29 11:29 - 4045158400 _____ C:\Users\Zesh\Downloads\Windows10_InsiderPreview_x64_EN-GB_10130.iso
2015-06-29 11:10 - 2015-06-29 11:10 - 00000029 _____ C:\Users\Zesh\Desktop\WIN10KEy.txt
2015-06-27 20:27 - 2015-06-27 20:27 - 00056207 _____ C:\Users\Zesh\Downloads\interstellar_french-1083383.zip
2015-06-25 01:07 - 2015-06-25 01:07 - 00016912 _____ C:\Users\Zesh\Downloads\game-of-thrones-third-season_english-1093636.zip
2015-06-25 00:33 - 2015-06-25 00:33 - 00021059 _____ C:\Users\Zesh\Downloads\game-of-thrones-third-season_english-1093635.zip
2015-06-24 23:14 - 2015-06-24 23:14 - 00019321 _____ C:\Users\Zesh\Downloads\game-of-thrones-third-season_english-1093634.zip
2015-06-24 23:00 - 2015-06-24 23:00 - 00049718 _____ C:\Users\Zesh\Downloads\Utamaru - Ornstein and Smough.gp5
2015-06-24 22:58 - 2015-06-24 22:58 - 00049601 _____ C:\Users\Zesh\Downloads\Misc Computer Games - Dark Souls Ost - Ornstein And Smough Theme Metal Cover (Pro).gp5
2015-06-24 21:21 - 2015-06-24 21:21 - 00023937 _____ C:\Users\Zesh\Downloads\game.of.thrones.kissed.by.fire.(2013).eng.1cd.(5647396).zip
2015-06-24 20:09 - 2015-06-24 20:09 - 00021199 _____ C:\Users\Zesh\Downloads\game.of.thrones.and.now.his.watch.is.ended.(2013).eng.1cd.(5647314).zip
2015-06-24 17:00 - 2015-06-24 17:00 - 00020179 _____ C:\Users\Zesh\Downloads\game.of.thrones.walk.of.punishment.(2013).eng.1cd.(5575823).zip
2015-06-24 16:59 - 2015-06-24 16:59 - 00020196 _____ C:\Users\Zesh\Downloads\game.of.thrones.walk.of.punishment.(2013).eng.1cd.(5645694).zip
2015-06-23 22:58 - 2015-06-23 22:58 - 02411619 _____ C:\Users\Zesh\Documents\Untitled (3).wma
2015-06-22 03:12 - 2015-06-22 03:12 - 00021708 _____ C:\Users\Zesh\Downloads\game.of.thrones.baelor.(2011).eng.1cd.(4512129).zip
2015-06-22 03:12 - 2015-06-22 03:12 - 00020834 _____ C:\Users\Zesh\Downloads\game-of-thrones-first-season_english-588085.zip
2015-06-22 03:11 - 2015-06-22 03:11 - 00025056 _____ C:\Users\Zesh\Downloads\game.of.thrones.baelor.(2011).eng.1cd.(4192189).zip
2015-06-22 03:10 - 2015-06-22 03:10 - 00020691 _____ C:\Users\Zesh\Downloads\en-game-of-thrones-2011-S01E09-SubRip-utf-8.zip
2015-06-22 03:10 - 2015-06-22 03:10 - 00002378 _____ C:\Users\Zesh\Downloads\game.of.thrones.baelor.(2011).eng.1cd.(5609629).zip
2015-06-22 03:09 - 2015-06-22 03:09 - 00019858 _____ C:\Users\Zesh\Downloads\game.of.thrones.blackwater.(2012).eng.1cd.(5765759).zip
2015-06-22 02:13 - 2015-06-22 02:13 - 00019408 _____ C:\Users\Zesh\Downloads\Game.of.Thrones.S01.Ep08.1080p.BluRay.DTS.x264-ESiR._www.ENGSUB.NET.zip
2015-06-22 02:12 - 2015-06-22 02:12 - 00021150 _____ C:\Users\Zesh\Downloads\game.of.thrones.the.pointy.end.(2011).eng.1cd.(5006171).zip
2015-06-21 23:47 - 2015-06-21 23:47 - 00020102 _____ C:\Users\Zesh\Downloads\game.of.thrones.a.golden.crown.(2011).fre.1cd.(4182835).zip
2015-06-21 23:46 - 2015-06-21 23:46 - 00019992 _____ C:\Users\Zesh\Downloads\game.of.thrones.a.golden.crown.(2011).spa.1cd.(4193085).zip
2015-06-21 22:47 - 2015-06-21 22:47 - 00027387 _____ C:\Users\Zesh\Downloads\game.of.thrones.the.wolf.and.the.lion.(2011).fre.1cd.(4591247).zip
2015-06-21 21:42 - 2015-06-21 21:42 - 00029061 _____ C:\Users\Zesh\Downloads\game.of.thrones.cripples.bastards.and.broken.things.(2011).fre.1cd.(5190771).zip
2015-06-21 21:42 - 2015-06-21 21:42 - 00023776 _____ C:\Users\Zesh\Downloads\game.of.thrones.cripples.bastards.and.broken.things.(2011).fre.1cd.(5652930).zip
2015-06-21 16:23 - 2015-06-21 16:23 - 00011305 _____ C:\Users\Zesh\Downloads\281d14551e7851e4feeef9ecf8e2dbf0ca4b39e1.zip
2015-06-21 16:14 - 2015-06-21 16:14 - 00020457 _____ C:\Users\Zesh\Downloads\angel.eyes.(2001).fre.1cd.(25416).zip
2015-06-20 19:58 - 2015-06-20 19:58 - 00043731 _____ C:\Users\Zesh\Downloads\[HorribleSubs] Fate Stay Night - Unlimited Blade Works - 24 [1080p].mkv (1).torrent
2015-06-20 19:57 - 2015-06-20 19:57 - 00043731 _____ C:\Users\Zesh\Downloads\[HorribleSubs] Fate Stay Night - Unlimited Blade Works - 24 [1080p].mkv.torrent
2015-06-20 10:58 - 2015-06-20 10:58 - 00000000 ____D C:\Users\Zesh\Documents\FLiNGTrainer
2015-06-20 10:57 - 2015-06-20 10:58 - 00556400 _____ C:\Users\Zesh\Downloads\DARK.SOULS.2.SOTFS.V1.01.PLUS25TRN.FLING.ZIP
2015-06-20 02:11 - 2015-07-10 17:28 - 00001773 _____ C:\Users\Zesh\Desktop\New Text Document.txt
2015-06-19 23:02 - 2015-06-19 23:02 - 00000000 ____D C:\Users\Public\Documents\ZBrushData
2015-06-19 23:01 - 2015-06-19 23:01 - 00000000 ____D C:\Program Files (x86)\Pixologic
2015-06-19 20:25 - 2015-06-19 20:25 - 00017018 _____ C:\Users\Zesh\Downloads\[DeadFish] Yahari Ore no Seishun Love Comedy wa Machigatteiru. Zoku - 12 [720p][AAC].mp4.torrent
2015-06-19 16:47 - 2015-06-19 16:47 - 00000000 ____D C:\Users\Zesh\AppData\Roaming\DarkSoulsII
2015-06-19 01:45 - 2015-06-19 01:45 - 00292853 _____ C:\Users\Zesh\Downloads\Games for Windows LIVE Disable-1086.zip
2015-06-19 00:20 - 2015-06-19 00:20 - 00378368 _____ C:\Users\Zesh\Downloads\brief450.msi
2015-06-19 00:14 - 2015-06-19 00:14 - 04796149 _____ C:\Users\Zesh\Downloads\WS7.zip
2015-06-18 23:12 - 2015-06-18 23:12 - 00000000 ____D C:\Users\Zesh\AppData\Local\FOMM
2015-06-18 23:03 - 2015-06-19 00:09 - 00000000 ____D C:\Program Files (x86)\Mr DJ
2015-06-17 23:59 - 2015-06-17 23:59 - 00026190 _____ C:\Users\Zesh\Downloads\house.m.d.pilot.(2004).eng.1cd.(6100034).zip
2015-06-17 16:57 - 2015-06-17 16:57 - 00163576 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINAflt.sys
2015-06-16 12:41 - 2015-06-16 12:41 - 00000000 _____ C:\ZGtouch.txt
2015-06-16 12:41 - 2015-06-16 12:41 - 00000000 _____ C:\Users\Zesh\ad629d07-1f13-11b2-ab67-bcc29142dc43.tmp
2015-06-15 01:23 - 2015-06-15 01:23 - 01009102 _____ C:\Users\Zesh\Downloads\Avian ophthalmology.ashx
2015-06-14 23:24 - 2015-06-14 23:24 - 00000526 _____ C:\Users\Zesh\Downloads\url (1).htm
2015-06-14 20:30 - 2015-06-14 20:30 - 00004422 _____ C:\Users\Zesh\Downloads\Grief.gp5
2015-06-14 20:28 - 2015-06-14 20:28 - 00008736 _____ C:\Users\Zesh\Downloads\Ideal White tabbed by Lok Yin.gp5
2015-06-14 20:26 - 2015-06-14 20:26 - 00001842 _____ C:\Users\Zesh\Downloads\fate ubw op-ideal white (1).rar
2015-06-14 13:30 - 2015-06-14 13:30 - 00834269 _____ C:\Users\Zesh\Downloads\MyCPFB.UF312.1-_Syllabus_et_documents_de_calcul.zip
2015-06-14 12:21 - 2015-06-14 12:21 - 02831686 _____ C:\Users\Zesh\Downloads\MyCPFB.UF312.2-_Document_de_calculs.zip
2015-06-14 00:21 - 2015-06-14 00:21 - 00018139 _____ C:\Users\Zesh\Downloads\{EHT PERSONALIZED TORRENT - DO NOT REDISTRIBUTE} Juicy Asses.torrent
2015-06-13 19:08 - 2015-06-13 19:08 - 03084476 _____ C:\Users\Zesh\Downloads\gzdoom-bin-2-0-05.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-13 18:15 - 2014-09-25 15:16 - 00000000 ____D C:\Users\Zesh\AppData\Roaming\Skype
2015-07-13 17:42 - 2014-09-25 07:12 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-13 16:21 - 2014-12-01 18:30 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-13 14:07 - 2014-09-25 07:13 - 00000000 ____D C:\Users\Zesh\AppData\Roaming\TS3Client
2015-07-13 01:49 - 2014-09-25 07:12 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-12 23:00 - 2014-09-25 14:09 - 00000000 ____D C:\Users\Zesh\AppData\Roaming\.minecraft
2015-07-12 22:10 - 2015-03-18 01:22 - 00000000 ____D C:\Games
2015-07-12 20:21 - 2014-09-25 00:41 - 00000000 ____D C:\Users\Zesh\AppData\Roaming\uTorrent
2015-07-12 17:15 - 2009-07-14 04:34 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts.20150712-173708.backup
2015-07-12 16:45 - 2009-07-14 06:45 - 00019312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-12 16:45 - 2009-07-14 06:45 - 00019312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-12 16:43 - 2009-07-14 07:13 - 00784524 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-12 16:38 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-12 16:35 - 2014-11-14 03:53 - 00000000 ____D C:\Users\Zesh\AppData\Roaming\Guitar Pro 6
2015-07-12 16:35 - 2014-11-14 03:51 - 00000000 ____D C:\Program Files (x86)\Guitar Pro 6
2015-07-12 16:24 - 2015-01-08 15:10 - 00000000 ____D C:\Program Files (x86)\VstPlugins
2015-07-12 16:22 - 2015-04-07 06:13 - 00000000 ____D C:\Users\Zesh\Documents\NBGI
2015-07-12 16:22 - 2015-04-07 06:13 - 00000000 ____D C:\Users\Zesh\AppData\Local\NBGI
2015-07-12 16:22 - 2015-04-07 05:44 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2015-07-11 01:14 - 2014-11-14 20:01 - 00073728 ___SH C:\Users\Zesh\Documents\Thumbs.db
2015-07-10 18:57 - 2009-07-14 06:45 - 00481704 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-10 17:33 - 2014-09-25 07:00 - 00112336 _____ C:\Users\Zesh\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-10 17:18 - 2014-12-06 12:10 - 00000000 ____D C:\Windows\pss
2015-07-10 17:14 - 2014-09-25 06:58 - 00000000 ____D C:\Users\Zesh
2015-07-10 01:22 - 2015-02-23 01:45 - 00000000 ____D C:\Windows\Minidump
2015-07-10 01:10 - 2015-04-25 23:17 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-10 00:15 - 2015-04-16 23:15 - 00000080 _____ C:\Users\Zesh\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-07-10 00:15 - 2015-04-16 20:28 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2015-07-10 00:14 - 2015-04-16 20:27 - 00000000 ____D C:\Program Files\Rockstar Games
2015-07-09 23:38 - 2015-06-10 10:10 - 00000000 ____D C:\Users\Zesh\Desktop\pics
2015-07-09 22:36 - 2014-10-12 11:25 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2015-07-09 22:36 - 2014-10-12 11:25 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2015-07-09 22:36 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-07-09 22:30 - 2014-11-01 00:18 - 00000000 ____D C:\Users\Zesh\Documents\My Games
2015-07-07 23:45 - 2014-09-25 07:13 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-07 22:01 - 2014-09-25 15:16 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-07 22:01 - 2014-09-25 15:16 - 00000000 ____D C:\ProgramData\Skype
2015-07-07 15:02 - 2014-09-24 22:19 - 00867422 _____ C:\Windows\PFRO.log
2015-07-07 14:54 - 2014-09-24 21:55 - 01764047 _____ C:\Windows\WindowsUpdate.log
2015-07-07 14:52 - 2014-09-25 14:13 - 00768390 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-07-07 14:50 - 2014-10-12 11:23 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-07 14:49 - 2014-10-12 11:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-07-05 11:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-07-04 19:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-24 16:49 - 2015-01-06 23:35 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-16 12:42 - 2015-05-30 00:58 - 00000000 ____D C:\Program Files (x86)\Zenimax Online
2015-06-16 12:41 - 2015-05-30 00:58 - 00000000 ____D C:\Windows\jre
 
==================== Files in the root of some directories =======
 
2014-10-08 13:16 - 2015-03-15 14:52 - 0000132 _____ () C:\Users\Zesh\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-01-03 14:20 - 2015-01-03 14:20 - 0000712 _____ () C:\Users\Zesh\AppData\Local\recently-used.xbel
2014-09-24 23:46 - 2014-09-24 23:46 - 0007606 _____ () C:\Users\Zesh\AppData\Local\Resmon.ResmonCfg
2015-07-07 17:23 - 2015-07-07 17:23 - 0000000 _____ () C:\Users\Zesh\AppData\Local\Temptable.xml
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-03 01:06
 
==================== End of log ============================

 

Addition.txt

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015

Ran by Zesh at 2015-07-13 18:23:31
Running from C:\Users\Zesh\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3494139373-2628354773-2896244957-500 - Administrator - Disabled)
Guest (S-1-5-21-3494139373-2628354773-2896244957-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3494139373-2628354773-2896244957-1002 - Limited - Enabled)
Zesh (S-1-5-21-3494139373-2628354773-2896244957-1000 - Administrator - Enabled) => C:\Users\Zesh
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Panda Internet Security 2015 (Disabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Internet Security 2015 (Disabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Panda Firewall (Enabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3494139373-2628354773-2896244957-1000\...\uTorrent) (Version: 3.4.3.40097 - BitTorrent Inc.)
Adobe Photoshop CS6 (HKLM-x32\...\Adobe Photoshop CS6) (Version: 13.0.0.0 - © The Computer Guy Tony)
Adobe Reader XI (11.0.11) - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Advanced Port Scanner v1.3 (HKLM-x32\...\Advanced Port Scanner v1.3) (Version:  - )
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version:  - )
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.2.0 - Asmedia Technology)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Belfius Smart Card Reader Chrome-App (HKU\S-1-5-21-3494139373-2628354773-2896244957-1000\...\{22723509-aab9-4276-8b57-734560faf359}) (Version: 2.3.2.0 - VASCO Data Security)
Belfius Smart Card Reader Chrome-App (x32 Version: 2.3.2.0 - VASCO Data Security) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CPUID HWMonitor 1.26 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Dxtory version 2.0.122 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.122 - Dxtory Software)
EVE Online (HKLM-x32\...\Steam App 8500) (Version:  - CCP)
EVE Online (remove only) (HKLM-x32\...\EVE) (Version:  - CCP Games Ltd.)
EVEMon (HKLM-x32\...\EVEMon) (Version: 1.9.1 - battleclinic.com)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
GS Auto Clicker (HKLM-x32\...\GS Auto Clicker_is1) (Version: V3.1.3 - goldensoft.org)
GUILD WARS (HKLM-x32\...\Guild Wars) (Version:  - )
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
HexChat (HKLM\...\HexChat_is1) (Version: 2.10.2 - HexChat)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
Mumble 1.2.8 (HKLM-x32\...\{5D198290-6E7D-426C-9AF0-8DA34CC7E596}) (Version: 1.2.8 - Thorvald Natvig)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA Graphics Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Internet Security 2015 (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.01.00.0006 - Panda Security)
Panda Internet Security 2015 (Version: 7.84.00.0000 - Panda Security) Hidden
Phantasy Star Online 2: EPISODE 3 (HKLM-x32\...\{38CA1868-3A03-4B5D-93A1-FD6F61D6723A}_is1) (Version:  - SEGA)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.1 - Rockstar Games)
Satsuki Decoder Pack (HKLM-x32\...\Satsuki Decoder Pack) (Version: 5104 - Satsuki Yatoshi'S Softs)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Tone Stack Calculator version 1.3 (HKLM-x32\...\{D1385B9C-DD6D-43FE-B07C-28A80B23422F}_is1) (Version: 1.3 - Duncan Amplification)
VASCO Card Reader Plug-In (64-Bit) (Version: 3.2.3.4 - VASCO Data Security) Hidden
VASCO Smart Card Reader Plug-In (User) (HKU\S-1-5-21-3494139373-2628354773-2896244957-1000\...\{c77cb28d-ddd3-46f7-b51a-14a599127ba7}) (Version: 3.2.3.4 - VASCO Data Security)
VirtualDJ 8 (HKLM-x32\...\{C322F3EC-3737-47E7-8FAF-1E1A1DE237ED}) (Version: 8.0.2179.0 - Atomix Productions)
VNC Server 5.2.2 (HKLM\...\{AAE140B3-14D5-4AF9-A4AF-1628250A8EF1}) (Version: 5.2.2 - RealVNC Ltd)
VNC Viewer 5.2.2 (HKLM\...\{FF0D75AD-1856-4170-95CE-556CC3B0E36C}) (Version: 5.2.2 - RealVNC Ltd)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
World of Warships (HKU\S-1-5-21-3494139373-2628354773-2896244957-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814eu}_is1) (Version:  - Wargaming.net)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3494139373-2628354773-2896244957-1000_Classes\CLSID\{9E436272-69C3-5FBA-9C1D-15694337F4AC}\InprocServer32 -> C:\Users\Zesh\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin64.dll (VASCO Data Security)
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2015-07-12 17:37 - 00000938 ____R C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0E1EF7F3-8361-40C7-B8DD-0F1B9B36198A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-25] (Google Inc.)
Task: {4344DC90-FB27-498A-A947-042547FC604E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {7F2E5568-71A3-4292-B8EF-7BB0A7E11989} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Zesh-PC-Zesh Zesh-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe
Task: {8B61977B-A432-4705-B678-FEDDAAF94C52} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {8D3907FC-8A13-4872-AC9C-551DFDD08472} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {8FC6DC80-5278-4698-9B9E-0C74B96D1E73} - System32\Tasks\{1CFF7B28-3B84-4F45-998B-AFCA9F10C046} => pcalua.exe -a "D:\Anime\FAR CRY 4 GOLD EDITION-SC\GDFInstall.exe" -d "D:\Anime\FAR CRY 4 GOLD EDITION-SC"
Task: {915DADB7-46DB-4E58-A516-7E7C29379CD5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-25] (Google Inc.)
Task: {96855031-96C4-4AE4-AF92-1319476CB1FE} - System32\Tasks\{C11018B3-8130-4228-AE8F-26D7742ADF89} => Chrome.exe http://ui.skype.com/ui/0/7.3.60.101/en/abandoninstall?page=tsMain
Task: {D995C50A-4418-46DC-99C6-FFE8328A42F1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-04-17 00:42 - 2015-04-08 23:30 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-07-27 11:41 - 2014-07-27 11:41 - 08892576 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-02-28 11:14 - 2014-02-28 11:14 - 00173568 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 01080832 _____ () C:\Program Files\TeamSpeak 3 Client\platforms\qwindows.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00833024 _____ () C:\Program Files\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
2014-08-04 15:43 - 2014-08-04 15:43 - 00102344 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2014-08-04 15:43 - 2014-08-04 15:43 - 00108488 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00030208 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qgif.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00233984 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qjpeg.dll
2014-08-04 15:46 - 2014-08-04 15:46 - 00563656 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2014-08-04 15:46 - 2014-08-04 15:46 - 00579016 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-02-27 16:51 - 2014-02-27 16:51 - 00159232 _____ () C:\Program Files\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll
2013-04-12 19:23 - 2013-04-12 19:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2014-07-27 11:41 - 2014-07-27 11:41 - 08892576 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-09-25 14:23 - 2014-02-10 22:44 - 04592128 _____ () C:\Users\Zesh\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-09-25 14:23 - 2014-02-10 22:44 - 00112128 _____ () C:\Users\Zesh\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2014-12-01 18:31 - 2015-04-16 19:40 - 00776192 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-20 01:00 - 2015-04-23 04:16 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-20 01:00 - 2015-04-23 04:16 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-20 01:00 - 2015-04-23 04:16 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-12-01 18:31 - 2015-06-04 20:56 - 02407104 _____ () C:\Program Files (x86)\Steam\video.dll
2014-12-01 18:31 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-12-01 18:31 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-12-01 18:31 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-12-01 18:31 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-12-01 18:31 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-12-01 18:31 - 2015-06-04 20:56 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-12-01 18:31 - 2015-05-11 21:01 - 36302728 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-05-14 04:43 - 2015-05-11 21:01 - 08958344 _____ () C:\Program Files (x86)\Steam\bin\pdf.dll
2014-12-01 22:07 - 2015-07-08 23:24 - 03499136 _____ () C:\Program Files (x86)\Steam\steamapps\common\Eve Online\bin\blue.dll
2014-12-01 22:07 - 2014-12-01 22:08 - 00877568 _____ () C:\Program Files (x86)\Steam\steamapps\common\Eve Online\bin\_ssl.pyd
2014-12-01 22:08 - 2014-12-09 21:23 - 00083072 _____ () C:\Program Files (x86)\Steam\steamapps\common\Eve Online\bin\_ctypes.pyd
2014-12-01 22:07 - 2014-12-09 21:19 - 00205440 _____ () C:\Program Files (x86)\Steam\steamapps\common\Eve Online\bin\_yaml.pyd
2014-12-01 22:07 - 2014-12-01 22:07 - 00631936 _____ () C:\Program Files (x86)\Steam\steamapps\common\Eve Online\bin\d3dinfo.pyd
2014-12-01 22:07 - 2014-12-01 22:07 - 00461824 _____ () C:\Program Files (x86)\Steam\steamapps\common\Eve Online\bin\pyFSD.pyd
2014-12-01 22:07 - 2014-12-09 21:23 - 00131200 _____ () C:\Program Files (x86)\Steam\steamapps\common\Eve Online\bin\pyexpat.pyd
2014-12-01 22:07 - 2014-12-01 22:07 - 00276840 _____ () C:\Program Files (x86)\Steam\steamapps\common\Eve Online\bin\ortp.dll
2014-12-01 22:07 - 2014-12-01 22:08 - 01150976 _____ () C:\Program Files (x86)\Steam\steamapps\common\Eve Online\bin\ccpBrowserHost.pyd
2014-12-01 22:07 - 2014-12-01 22:07 - 00075080 _____ () C:\Program Files (x86)\Steam\steamapps\common\Eve Online\bin\pychartdir27.pyd
2014-12-01 22:07 - 2014-12-09 21:19 - 00690816 _____ () C:\Program Files (x86)\Steam\steamapps\common\Eve Online\bin\unicodedata.pyd
2014-12-01 22:07 - 2015-07-08 23:24 - 00632448 _____ () C:\Program Files (x86)\Steam\steamapps\common\Eve Online\bin\pyEvePathfinder.dll
2014-12-01 22:07 - 2015-07-08 23:24 - 00130176 _____ () C:\Program Files (x86)\Steam\steamapps\common\Eve Online\bin\_twitch.dll
2014-12-01 22:07 - 2014-12-01 22:07 - 00890368 _____ () C:\Program Files (x86)\Steam\steamapps\common\Eve Online\bin\twitchsdk_32_release.dll
2014-12-01 22:07 - 2014-12-01 22:07 - 00394810 _____ () C:\Program Files (x86)\Steam\steamapps\common\Eve Online\bin\libmp3lame-ttv.dll
2014-12-01 22:07 - 2014-12-01 22:07 - 00113171 _____ () C:\Program Files (x86)\Steam\steamapps\common\Eve Online\bin\swresample-ttv-0.dll
2014-12-01 22:07 - 2014-12-01 22:07 - 00246332 _____ () C:\Program Files (x86)\Steam\steamapps\common\Eve Online\bin\avutil-ttv-51.dll
2014-12-09 21:25 - 2015-07-08 23:24 - 00064640 _____ () C:\Program Files (x86)\Steam\steamapps\common\Eve Online\bin\_ime.dll
2015-07-07 23:45 - 2015-07-07 05:49 - 16285512 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
AlternateDataStreams: C:\Users\Zesh\Desktop\vbot:{55003700-6F00-6A00-6200-5A0046007900}
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3494139373-2628354773-2896244957-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Zesh\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: vncserver => 3
MSCONFIG\Services: WinDefend => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupfolder: C:^Users^Zesh^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerReg Scheduler.exe => C:\Windows\pss\PowerReg Scheduler.exe.Startup
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: Viber => "C:\Users\Zesh\AppData\Local\Viber\Viber.exe" StartMinimized
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{CDBBDD72-3F1C-45A0-AFEC-6D1285839864}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{AA45C155-9E0E-4B25-A3E0-B1D3075DA469}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{783109BF-A731-4A3C-A167-F22ACBFB4790}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{D2661CAC-3D8A-4A27-8CEB-070CCCCF5F06}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe] => (Allow) C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe
FirewallRules: [UDP Query User{75832C3F-E74B-4A36-B78F-5D2BF1D3B4A2}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe] => (Allow) C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe
FirewallRules: [TCP Query User{53214C33-39DE-4EEB-8704-6E90D5C47199}C:\program files (x86)\r.g. catalyst\crysis 2\bin32\crysis2.exe] => (Allow) C:\program files (x86)\r.g. catalyst\crysis 2\bin32\crysis2.exe
FirewallRules: [UDP Query User{E0B02FBF-4682-41AC-8C4F-2A74221AC044}C:\program files (x86)\r.g. catalyst\crysis 2\bin32\crysis2.exe] => (Allow) C:\program files (x86)\r.g. catalyst\crysis 2\bin32\crysis2.exe
FirewallRules: [TCP Query User{BE960058-6F0E-4F8A-9FA5-07F4D63F2696}C:\program files (x86)\r.g. mechanics\alien isolation\ai.exe] => (Allow) C:\program files (x86)\r.g. mechanics\alien isolation\ai.exe
FirewallRules: [UDP Query User{920044AC-204B-4E85-90F7-8C2F5979851F}C:\program files (x86)\r.g. mechanics\alien isolation\ai.exe] => (Allow) C:\program files (x86)\r.g. mechanics\alien isolation\ai.exe
FirewallRules: [{C4B7B6E0-9D4F-49F2-9B1E-C823BA930B2C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{02B6C1A4-CF1D-4A34-816F-976C2324C5D8}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{57EF002D-2F7E-4407-987A-BFC2E170DBF3}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{DA29257B-445C-421A-9520-DABB696C7EC6}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{24676E69-D71E-40D6-AE9D-26101F672F58}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{E68397DD-930E-4E09-90E6-E446951E4064}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{01F120B5-B10B-4723-BB22-A643BC161D30}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{07AC3A3C-28E4-4E03-A49A-3767055D3FFD}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{F725AC92-3609-46B9-AB59-27C531ED2EE7}C:\program files\java\jre1.8.0_25\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\java.exe
FirewallRules: [UDP Query User{DAC1E28B-D512-4CC0-8F3F-03EB7F54EC4A}C:\program files\java\jre1.8.0_25\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\java.exe
FirewallRules: [{83AB6B41-50DE-4C3B-82C8-83988283D79C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E06B3D0B-F94A-41AC-AD8A-1D7E314A011A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9D79F233-B65C-4CBA-9E2F-0F4E740AB757}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{79D4503E-84C4-4831-AA5F-5D0198E6009B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2ECB5700-5D74-421F-98FB-BABBB99FE6C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Eve Online\eve.exe
FirewallRules: [{519B6EB8-AAF2-4433-8B89-4AB69F7E21DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Eve Online\eve.exe
FirewallRules: [TCP Query User{8F8C0A86-0A81-4641-82E7-7C3A1BB719A5}C:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe
FirewallRules: [UDP Query User{71D17E2C-D0E1-4E97-9C1B-FB3290C4FD4C}C:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\eve online\bin\exefile.exe
FirewallRules: [TCP Query User{5EBCC9FC-DB64-486F-92F3-D283AC6E4EE1}C:\program files (x86)\ccp\eve\bin\exefile.exe] => (Allow) C:\program files (x86)\ccp\eve\bin\exefile.exe
FirewallRules: [UDP Query User{6318FB5B-77E3-459C-A352-C8A151C36535}C:\program files (x86)\ccp\eve\bin\exefile.exe] => (Allow) C:\program files (x86)\ccp\eve\bin\exefile.exe
FirewallRules: [TCP Query User{757A3903-DE32-48C5-B887-EF69B62B19F3}C:\program files\hexchat\hexchat.exe] => (Allow) C:\program files\hexchat\hexchat.exe
FirewallRules: [UDP Query User{E39F537E-2E72-4CD6-BA8E-6A31C720AECC}C:\program files\hexchat\hexchat.exe] => (Allow) C:\program files\hexchat\hexchat.exe
FirewallRules: [TCP Query User{0041A392-ED63-420D-A53D-9F0ADC7D21AD}C:\program files (x86)\far cry 4\bin\farcry4.exe] => (Block) C:\program files (x86)\far cry 4\bin\farcry4.exe
FirewallRules: [UDP Query User{B91238EB-3E7F-4B23-89E1-AAC6CD70DC62}C:\program files (x86)\far cry 4\bin\farcry4.exe] => (Block) C:\program files (x86)\far cry 4\bin\farcry4.exe
FirewallRules: [{D8285882-E1A3-4495-84C9-14654CA118C4}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe
FirewallRules: [{383EC18D-E0A1-417A-B699-2C1B32D2FE1B}] => (Allow) C:\Program Files\RealVNC\VNC Server\vncserver.exe
FirewallRules: [TCP Query User{0E190639-006A-4CE6-AE05-ACE1C31A2FAC}C:\program files (x86)\ubisoft\far cry 4\bin\farcry4.exe] => (Block) C:\program files (x86)\ubisoft\far cry 4\bin\farcry4.exe
FirewallRules: [UDP Query User{C40A27EE-492F-47A4-9D50-179D27F5A148}C:\program files (x86)\ubisoft\far cry 4\bin\farcry4.exe] => (Block) C:\program files (x86)\ubisoft\far cry 4\bin\farcry4.exe
FirewallRules: [TCP Query User{0B26A9CB-90DB-47D5-B43D-4FB9F67CCA07}C:\users\zesh\desktop\perfect_dark_1.21\perfect dark.exe] => (Allow) C:\users\zesh\desktop\perfect_dark_1.21\perfect dark.exe
FirewallRules: [UDP Query User{1C301C46-5F9D-4276-AE02-C2C1CB5D64D1}C:\users\zesh\desktop\perfect_dark_1.21\perfect dark.exe] => (Allow) C:\users\zesh\desktop\perfect_dark_1.21\perfect dark.exe
FirewallRules: [TCP Query User{80D40604-E3B3-4EBF-9BB4-08511CEE1D96}C:\users\zesh\desktop\perfect_dark_1.21\perfect dark.update.exe] => (Allow) C:\users\zesh\desktop\perfect_dark_1.21\perfect dark.update.exe
FirewallRules: [UDP Query User{A7248D53-9CA2-4C1C-9F10-3B2A0A116B2C}C:\users\zesh\desktop\perfect_dark_1.21\perfect dark.update.exe] => (Allow) C:\users\zesh\desktop\perfect_dark_1.21\perfect dark.update.exe
FirewallRules: [TCP Query User{FB88F6EA-2DAC-478A-B299-C780DE176D4D}C:\program files (x86)\r.g. mechanics\dying light\dyinglightgame.exe] => (Allow) C:\program files (x86)\r.g. mechanics\dying light\dyinglightgame.exe
FirewallRules: [UDP Query User{5BB9CB99-785F-434E-9665-92A439935B83}C:\program files (x86)\r.g. mechanics\dying light\dyinglightgame.exe] => (Allow) C:\program files (x86)\r.g. mechanics\dying light\dyinglightgame.exe
FirewallRules: [TCP Query User{902BA798-D0DC-48DB-8CB4-DDA351740FE5}C:\program files\epic games\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe] => (Allow) C:\program files\epic games\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe
FirewallRules: [UDP Query User{AD4249F4-6D51-493A-8812-6FEE6C4A64AA}C:\program files\epic games\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe] => (Allow) C:\program files\epic games\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe
FirewallRules: [{9C399C17-3EF3-4E50-9E82-DD872A5CD886}] => (Allow) C:\Users\Zesh\AppData\Local\MyComGames\MyComGames.exe
FirewallRules: [{11479E53-CFD9-4B96-AC3A-479B1F552C62}] => (Allow) C:\Users\Zesh\AppData\Local\MyComGames\MyComGames.exe
FirewallRules: [TCP Query User{EB714125-ACE6-49E9-A259-FBE72582C020}C:\users\zesh\appdata\local\temp\i1426561225\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\zesh\appdata\local\temp\i1426561225\windows\resource\jre\bin\javaw.exe
FirewallRules: [UDP Query User{00A3D237-3FF3-4BA8-82CD-9EAF70420E58}C:\users\zesh\appdata\local\temp\i1426561225\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\zesh\appdata\local\temp\i1426561225\windows\resource\jre\bin\javaw.exe
FirewallRules: [{4BD0A348-E38B-40A6-A237-2A0766C5AB3D}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{3C5CF702-6896-415E-9DA1-7145F9C378F1}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{A1B02EF5-E5AA-48C9-BE41-48446D9E212D}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{BA68EF7B-FFEB-42C0-98EF-40122CEC6138}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{62822BE3-9DBF-4122-AF12-1AED0FA79028}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{8C589DC8-E587-4784-8587-E984CA45EF60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{F671A198-170B-43CC-B633-F495DD16D986}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{9A05BA48-58D6-48DC-8AF1-9A81B5BEC5A9}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{DFD11482-A7C5-412B-889C-012681CE931B}C:\games\the witcher 2 assassins of kings\bin\witcher2.exe] => (Block) C:\games\the witcher 2 assassins of kings\bin\witcher2.exe
FirewallRules: [UDP Query User{309A1442-7B2E-4B4C-A637-159AD0EAF0B0}C:\games\the witcher 2 assassins of kings\bin\witcher2.exe] => (Block) C:\games\the witcher 2 assassins of kings\bin\witcher2.exe
FirewallRules: [{2028C389-CB88-495B-BA0A-6F02A50E0EC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{CC09D1FA-C1BC-4E0E-9C51-860D7727BB6A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{108C8C08-B687-4191-98AC-9F941F0A270E}C:\users\zesh\appdata\local\temp\i1432940080\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\zesh\appdata\local\temp\i1432940080\windows\resource\jre\bin\javaw.exe
FirewallRules: [UDP Query User{A5501ED1-1BC5-406A-BDDD-CFD4A44A6EC3}C:\users\zesh\appdata\local\temp\i1432940080\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\zesh\appdata\local\temp\i1432940080\windows\resource\jre\bin\javaw.exe
FirewallRules: [{C008BE91-845C-464D-A229-C417AF82C170}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CA365E70-7B3C-45B8-B5E6-CE149A632691}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2631020C-4576-4D5E-A1F4-B2C5CBF551F2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D128434D-819C-4C96-9500-F2E2551CF4B0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{861D4BA9-F3B2-46E4-BBAC-64122D86CA5A}] => (Allow) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{5999F631-7DA7-4D7E-84F5-59A5C9729C15}] => (Allow) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{6DA86296-D701-4C60-8BF8-A2E4FF0011DE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/13/2015 04:51:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8065
 
Error: (07/13/2015 04:51:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8065
 
Error: (07/13/2015 04:51:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/13/2015 04:51:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7067
 
Error: (07/13/2015 04:51:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7067
 
Error: (07/13/2015 04:51:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/13/2015 04:51:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6069
 
Error: (07/13/2015 04:51:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6069
 
Error: (07/13/2015 04:51:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/13/2015 04:51:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5055
 
 
System errors:
=============
Error: (07/12/2015 05:31:54 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (07/12/2015 04:39:27 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (07/12/2015 04:16:34 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (07/11/2015 12:33:59 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer CATHERINE-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3A08D071-9D2F-4BCE-BDEC-9F5EA57877F3}.
The master browser is stopping or an election is being forced.
 
Error: (07/10/2015 06:58:38 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (07/10/2015 06:57:32 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 18:56:13 on ‎10/‎07/‎2015 was unexpected.
 
Error: (07/10/2015 06:55:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Panda Devices Agent service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
 
Error: (07/10/2015 05:41:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (07/10/2015 05:33:57 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (07/10/2015 05:19:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
 
Microsoft Office:
=========================
Error: (07/13/2015 04:51:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8065
 
Error: (07/13/2015 04:51:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8065
 
Error: (07/13/2015 04:51:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/13/2015 04:51:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7067
 
Error: (07/13/2015 04:51:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7067
 
Error: (07/13/2015 04:51:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/13/2015 04:51:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6069
 
Error: (07/13/2015 04:51:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6069
 
Error: (07/13/2015 04:51:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (07/13/2015 04:51:56 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5055
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 34%
Total physical RAM: 8147.51 MB
Available physical RAM: 5333.49 MB
Total Virtual: 16293.21 MB
Available Virtual: 11682.38 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:489.26 GB) (Free:258.22 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (LaCie A) (Fixed) (Total:900 GB) (Free:300.94 GB) NTFS
Drive e: (LaCie B) (Fixed) (Total:31.5 GB) (Free:31.37 GB) NTFS
Drive f: () (Fixed) (Total:106.91 GB) (Free:106.79 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A235A235)
Partition 2: (Active) - (Size=931.5 GB) - (Type=05)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: F98D6E74)
Partition 1: (Active) - (Size=489.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=106.9 GB) - (Type=07 NTFS)
 
==================== End of log ============================

 

Cordialy,



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:00 PM

Posted 14 July 2015 - 01:47 AM

Going over your logs I noticed that you have uTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

 

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:00 PM

Posted 04 August 2015 - 02:01 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users