Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

javaws.exe*32 - hundreds of instances in Taskmanager


  • This topic is locked This topic is locked
9 replies to this topic

#1 danielzink

danielzink

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 08 August 2015 - 04:13 PM

Have run:
 
Minitoolbox
TFC
RKill
MBAM
MBAR
NPE
 
and
 
GMER as per another thread.
 
 
Tried to run JavaRa but it stalled the computer.
 
It was suggested that javaws.exe:

a keylogger and bank account tracker

 
FRST logs are attached.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-08-2015
Ran by DAN (administrator) on DAN-PC (07-08-2015 15:20:19)
Running from C:\Users\DAN\Desktop
Loaded Profiles: DAN (Available Profiles: DAN & DefaultAppPool)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser path: C:\WINDOWS\system32\LaunchWinApp.exe "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\sihost.exe
(Microsoft Corporation) C:\Windows\System32\taskhostw.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Genie-soft) C:\Program Files\Genie9\Genie Backup Manager\GBMAgent.exe
(Microsoft Corporation) C:\Users\DAN\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\SystemSettingsBroker.exe
(Microsoft Corporation) C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
(Microsoft Corporation) C:\Windows\System32\ApplicationFrameHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6020.42011.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6020.42011.0_x64__8wekyb3d8bbwe\HxTsr.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.803.16240.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.12101.0_x64__8wekyb3d8bbwe\Video.UI.exe
Failed to access process -> SUPERAntiSpyware.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-01-28] (ESET)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-05-01] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7805120 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7805120 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-4082438563-1282739928-3318386497-1001\...\Run: [GBMHome9Agent] => C:\Program Files\Genie9\Genie Backup Manager\GBMAgent.exe [250456 2012-05-29] (Genie-soft)
HKU\S-1-5-21-4082438563-1282739928-3318386497-1001\...\Run: [GoogleChromeAutoLaunch_2464ECD5AF6DD5CE3203DA20C82E9B05] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-31] (Google Inc.)
HKU\S-1-5-21-4082438563-1282739928-3318386497-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7930136 2015-07-30] (SUPERAntiSpyware)
HKU\S-1-5-21-4082438563-1282739928-3318386497-1001\...\Run: [OneDrive] => C:\Users\DAN\AppData\Local\Microsoft\OneDrive\OneDrive.exe [402632 2015-08-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\DAN\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll [2015-08-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\DAN\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll [2015-08-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\DAN\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll [2015-08-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\DAN\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll [2015-08-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\DAN\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll [2015-08-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\DAN\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\FileSyncShell.dll [2015-08-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\DAN\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\FileSyncShell.dll [2015-08-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\DAN\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\FileSyncShell.dll [2015-08-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\DAN\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\FileSyncShell.dll [2015-08-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\DAN\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\FileSyncShell.dll [2015-08-06] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-21-4082438563-1282739928-3318386497-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
HKU\S-1-5-21-4082438563-1282739928-3318386497-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-4082438563-1282739928-3318386497-1001 -> DefaultScope {04C92BF0-CDEA-450E-AA04-BABD5EBC67AD} URL = https://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-4082438563-1282739928-3318386497-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4082438563-1282739928-3318386497-1001 -> {04C92BF0-CDEA-450E-AA04-BABD5EBC67AD} URL = https://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-06] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-06] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 64.233.217.2 64.233.217.3
Tcpip\..\Interfaces\{d12f8b4f-e9fa-4c42-9056-11fbb05cb80a}: [DhcpNameServer] 64.233.217.2 64.233.217.3

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-07-03]

Chrome:
=======
CHR Profile: C:\Users\DAN\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\DAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-30]
CHR Extension: (Google Docs) - C:\Users\DAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-30]
CHR Extension: (Google Drive) - C:\Users\DAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-30]
CHR Extension: (YouTube) - C:\Users\DAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-30]
CHR Extension: (Google Search) - C:\Users\DAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-30]
CHR Extension: (Tidy Sidebar) - C:\Users\DAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgmacifhhpefamjmolpipkijcofcmbgp [2015-07-10]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\DAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-07-03]
CHR Extension: (Google Sheets) - C:\Users\DAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-30]
CHR Extension: (Hangouts) - C:\Users\DAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-07-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\DAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\DAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-30]
CHR Extension: (Gmail) - C:\Users\DAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-30]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S3 AJRouter; C:\Windows\System32\AJRouter.dll [23040 2015-07-10] (Microsoft Corporation)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [326144 2015-07-10] (Microsoft Corporation)
S3 CDPSvc; C:\Windows\System32\CDPSvc.dll [134144 2015-07-10] (Microsoft Corporation)
R3 ClipSVC; C:\Windows\System32\ClipSVC.dll [658568 2015-08-06] (Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\Windows\system32\coremessaging.dll [808856 2015-08-06] (Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\Windows\SysWOW64\coremessaging.dll [510976 2015-08-06] (Microsoft Corporation)
S3 DcpSvc; C:\Windows\system32\dcpsvc.dll [196096 2015-07-10] (Microsoft Corporation)
S3 DevQueryBroker; C:\Windows\system32\DevQueryBroker.dll [33280 2015-07-10] (Microsoft Corporation)
S3 diagnosticshub.standardcollector.service; C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [27136 2015-07-10] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\Windows\system32\Windows.Internal.Management.dll [267776 2015-07-10] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\Windows\SysWOW64\Windows.Internal.Management.dll [193024 2015-07-10] (Microsoft Corporation)
S2 dmwappushservice; C:\Windows\system32\dmwappushsvc.dll [63488 2015-07-10] (Microsoft Corporation)
S2 DoSvc; C:\Windows\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
S2 DoSvc; C:\Windows\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
R3 DsSvc; C:\Windows\System32\DsSvc.dll [143872 2015-07-10] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576 2015-01-28] (ESET)
S3 embeddedmode; C:\Windows\System32\embeddedmodesvc.dll [87040 2015-07-10] (Microsoft Corporation)
S3 EntAppSvc; C:\Windows\system32\EnterpriseAppMgmtSvc.dll [275456 2015-07-10] (Microsoft Corporation)
S3 icssvc; C:\Windows\System32\tetheringservice.dll [148992 2015-08-06] (Microsoft Corporation)
R3 lfsvc; C:\Windows\System32\lfsvc.dll [27136 2015-07-10] (Microsoft Corporation)
R3 lfsvc; C:\Windows\SysWOW64\lfsvc.dll [22528 2015-07-10] (Microsoft Corporation)
R3 LicenseManager; C:\Windows\system32\LicenseManagerSvc.dll [21504 2015-07-10] (Microsoft Corporation)
S2 MapsBroker; C:\Windows\System32\moshost.dll [62464 2015-07-10] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-08-06] (Microsoft Corporation)
S3 NetSetupSvc; C:\Windows\System32\NetSetupSvc.dll [186368 2015-07-10] (Microsoft Corporation)
S3 NgcCtnrSvc; C:\Windows\System32\NgcCtnrSvc.dll [268800 2015-07-10] (Microsoft Corporation)
S3 NgcSvc; C:\Windows\system32\ngcsvc.dll [512000 2015-07-10] (Microsoft Corporation)
S2 OneSyncSvc; C:\Windows\System32\APHostService.dll [296960 2015-07-10] (Microsoft Corporation)
R2 OneSyncSvc_Session1; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R2 OneSyncSvc_Session1; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc; C:\Windows\System32\PimIndexMaintenance.dll [289280 2015-07-10] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_Session1; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_Session1; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 RetailDemo; C:\Windows\system32\RDXService.dll [988672 2015-07-29] (Microsoft Corporation)
S3 SensorDataService; C:\Windows\System32\SensorDataService.exe [1031680 2015-08-06] (Microsoft Corporation)
S3 SensorService; C:\Windows\system32\SensorService.dll [229376 2015-07-29] (Microsoft Corporation)
S3 SmsRouter; C:\Windows\system32\SmsRouterSvc.dll [583680 2015-07-10] (Microsoft Corporation)
R3 StateRepository; C:\Windows\system32\windows.staterepository.dll [2674176 2015-07-10] (Microsoft Corporation)
R3 StateRepository; C:\Windows\SysWOW64\windows.staterepository.dll [2049024 2015-07-10] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5613328 2015-07-29] (TeamViewer GmbH)
R2 tiledatamodelsvc; C:\Windows\system32\tileobjserver.dll [503808 2015-07-29] (Microsoft Corporation)
S3 UnistoreSvc; C:\Windows\System32\unistore.dll [1203200 2015-08-06] (Microsoft Corporation)
S3 UnistoreSvc; C:\Windows\SysWOW64\unistore.dll [925696 2015-08-06] (Microsoft Corporation)
R3 UnistoreSvc_Session1; C:\WINDOWS\System32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R3 UnistoreSvc_Session1; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 UserDataSvc; C:\Windows\System32\userdataservice.dll [1420288 2015-07-29] (Microsoft Corporation)
R3 UserDataSvc_Session1; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R3 UserDataSvc_Session1; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
R2 UserManager; C:\Windows\System32\usermgr.dll [717312 2015-07-10] (Microsoft Corporation)
S3 UsoSvc; C:\Windows\system32\usocore.dll [343040 2015-08-06] (Microsoft Corporation)
S3 vmicvmsession; C:\Windows\System32\ICSvc.dll [506880 2015-07-10] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-08-06] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-08-06] (Microsoft Corporation)
S3 WalletService; C:\Windows\system32\WalletService.dll [504320 2015-07-10] (Microsoft Corporation)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-05-01] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [306552 2015-05-01] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S3 WpnService; C:\Windows\system32\WpnService.dll [49152 2015-07-10] (Microsoft Corporation)
S3 XblAuthManager; C:\Windows\System32\XblAuthManager.dll [918016 2015-07-10] (Microsoft Corporation)
S3 XblGameSave; C:\Windows\System32\XblGameSave.dll [1149440 2015-07-10] (Microsoft Corporation)
S3 XboxNetApiSvc; C:\Windows\system32\XboxNetApiSvc.dll [1019392 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
S3 buttonconverter; C:\Windows\System32\drivers\buttonconverter.sys [32256 2015-07-10] (Microsoft Corporation)
S3 CapImg; C:\Windows\System32\drivers\capimg.sys [116736 2015-07-10] (Microsoft Corporation)
S4 cnghwassist; C:\Windows\System32\DRIVERS\cnghwassist.sys [39264 2015-07-10] (Microsoft Corporation)
R3 CompositeBus; C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys [39936 2015-07-10] (Microsoft Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [246000 2015-01-30] (ESET)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3436896 2015-07-10] (QLogic Corporation)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241880 2015-01-30] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169792 2015-01-30] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [222280 2015-01-30] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44632 2015-01-30] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [64208 2015-01-30] (ESET)
S3 fcvsc; C:\Windows\System32\drivers\fcvsc.sys [31232 2015-07-10] (Microsoft Corporation)
R1 FileCrypt; C:\Windows\System32\drivers\filecrypt.sys [83968 2015-07-10] (Microsoft Corporation)
S3 genericusbfn; C:\Windows\System32\drivers\genericusbfn.sys [20992 2015-07-10] (Microsoft Corporation)
R1 GpuEnergyDrv; C:\Windows\System32\drivers\gpuenergydrv.sys [8192 2015-07-10] (Microsoft Corporation)
S3 hidinterrupt; C:\Windows\System32\drivers\hidinterrupt.sys [50016 2015-07-10] (Microsoft Corporation)
S3 ibbus; C:\Windows\System32\drivers\ibbus.sys [424800 2015-07-10] (Mellanox)
S3 IoQos; C:\Windows\System32\drivers\ioqos.sys [26624 2015-07-10] (Microsoft Corporation)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
S0 LSI_SAS2i; C:\Windows\System32\drivers\lsi_sas2i.sys [104800 2015-07-10] (LSI Corporation)
S0 LSI_SAS3i; C:\Windows\System32\drivers\lsi_sas3i.sys [99168 2015-07-10] (Avago Technologies)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-03] (Malwarebytes Corporation)
S0 megasas; C:\Windows\System32\drivers\megasas.sys [59744 2015-07-10] (Avago Technologies)
S3 mlx4_bus; C:\Windows\System32\drivers\mlx4_bus.sys [705376 2015-07-10] (Mellanox)
R2 MMCSS; C:\Windows\system32\drivers\mmcss.sys [48128 2015-07-10] (Microsoft Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175104 2015-08-06] (Microsoft Corporation)
S3 ndfltr; C:\Windows\System32\drivers\ndfltr.sys [76128 2015-07-10] (Mellanox)
S3 netvsc; C:\Windows\System32\drivers\netvsc.sys [94720 2015-07-10] (Microsoft Corporation)
S0 percsas2i; C:\Windows\System32\drivers\percsas2i.sys [58208 2015-07-10] (LSI Corporation)
S0 percsas3i; C:\Windows\System32\drivers\percsas3i.sys [58720 2015-07-10] (Avago Technologies)
S3 ReFSv1; C:\Windows\System32\Drivers\ReFSv1.sys [934752 2015-08-06] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 storqosflt; C:\Windows\System32\drivers\storqosflt.sys [61952 2015-07-10] (Microsoft Corporation)
S0 storufs; C:\Windows\System32\drivers\storufs.sys [40288 2015-07-10] (Microsoft Corporation)
R3 swenum; C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys [17760 2015-07-10] (Microsoft Corporation)
S3 UcmCx0101; C:\Windows\System32\Drivers\UcmCx.sys [61952 2015-07-10] (Microsoft Corporation)
S3 UcmUcsi; C:\Windows\System32\drivers\UcmUcsi.sys [46080 2015-08-06] (Microsoft Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 Ufx01000; C:\Windows\System32\drivers\ufx01000.sys [245088 2015-07-10] (Microsoft Corporation)
S3 UfxChipidea; C:\Windows\System32\drivers\UfxChipidea.sys [94048 2015-07-10] (Microsoft Corporation)
S3 ufxsynopsys; C:\Windows\System32\drivers\ufxsynopsys.sys [127840 2015-07-10] (Microsoft Corporation)
S3 UrsChipidea; C:\Windows\System32\drivers\urschipidea.sys [28512 2015-07-10] (Microsoft Corporation)
S3 UrsCx01000; C:\Windows\System32\drivers\urscx01000.sys [57696 2015-07-10] (Microsoft Corporation)
S3 UrsSynopsys; C:\Windows\System32\drivers\urssynopsys.sys [27488 2015-07-10] (Microsoft Corporation)
S3 vhf; C:\Windows\System32\drivers\vhf.sys [31744 2015-07-10] (Microsoft Corporation)
S3 wdiwifi; C:\Windows\System32\DRIVERS\wdiwifi.sys [685056 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R0 WindowsTrustedRT; C:\Windows\System32\drivers\WindowsTrustedRT.sys [106520 2015-07-10] (Microsoft Corporation)
R0 WindowsTrustedRTProxy; C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys [17944 2015-07-10] (Microsoft Corporation)
S3 WinMad; C:\Windows\System32\drivers\winmad.sys [26976 2015-07-10] (Mellanox)
S3 WinVerbs; C:\Windows\System32\drivers\winverbs.sys [59232 2015-07-10] (Mellanox)
S3 xboxgip; C:\Windows\System32\drivers\xboxgip.sys [222720 2015-07-10] (Microsoft Corporation)
S3 xinputhid; C:\Windows\System32\drivers\xinputhid.sys [25600 2015-07-10] (Microsoft Corporation)
U3 idsvc; No ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: dosvc -> C:\Windows\system32\dosvc.dll (Microsoft Corporation)
NETSVC: DcpSvc -> C:\Windows\system32\dcpsvc.dll (Microsoft Corporation)
NETSVC: NetSetupSvc -> C:\Windows\System32\NetSetupSvc.dll (Microsoft Corporation)
NETSVC: dmwappushservice -> C:\Windows\system32\dmwappushsvc.dll (Microsoft Corporation)
NETSVC: XblGameSave -> C:\Windows\System32\XblGameSave.dll (Microsoft Corporation)
NETSVC: XboxNetApiSvc -> C:\Windows\system32\XboxNetApiSvc.dll (Microsoft Corporation)
NETSVC: UsoSvc -> C:\Windows\system32\usocore.dll (Microsoft Corporation)
NETSVC: UserManager -> C:\Windows\System32\usermgr.dll (Microsoft Corporation)
NETSVC: DmEnrollmentSvc -> C:\Windows\system32\Windows.Internal.Management.dll (Microsoft Corporation)
NETSVC: XblAuthManager -> C:\Windows\System32\XblAuthManager.dll (Microsoft Corporation)
NETSVC: RetailDemo -> C:\Windows\system32\RDXService.dll (Microsoft Corporation)
NETSVCx32: NetSetupSvc -> C:\Windows\SysWOW64\NetSetupSvc.dll ==> No File
NETSVCx32: UserManager -> C:\Windows\SysWOW64\usermgr.dll ==> No File

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-07 15:20 - 2015-08-07 15:20 - 00030988 _____ C:\Users\DAN\Desktop\FRST.txt
2015-08-07 15:20 - 2015-08-07 15:20 - 00000000 ____D C:\FRST
2015-08-07 15:19 - 2015-08-07 15:19 - 00016148 _____ C:\WINDOWS\system32\DAN-PC_DAN_HistoryPrediction.bin
2015-08-07 15:18 - 2015-08-07 15:18 - 02170368 _____ (Farbar) C:\Users\DAN\Desktop\FRST64.exe
2015-08-07 07:01 - 2015-08-07 07:01 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2015-08-07 07:01 - 2015-08-07 07:01 - 00000000 ____D C:\Users\DefaultAppPool
2015-08-07 07:01 - 2015-08-06 16:57 - 00000000 ___RD C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-07 07:01 - 2015-08-06 16:57 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Local\Microsoft Help
2015-08-07 07:01 - 2015-07-10 07:04 - 00000000 __RSD C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-08-07 07:01 - 2015-07-10 07:04 - 00000000 ___RD C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-07 07:01 - 2015-07-10 07:04 - 00000000 ___RD C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-07 07:01 - 2015-07-10 07:04 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-06 21:18 - 2015-08-07 09:57 - 00004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{34BA9D00-7223-4C83-92D1-F142BF70460B}
2015-08-06 21:16 - 2015-08-06 21:16 - 00563296 _____ (Oracle Corporation) C:\Users\DAN\Downloads\JavaSetup8u51.exe
2015-08-06 20:45 - 2015-08-06 17:08 - 00000000 ___DC C:\WINDOWS\Panther
2015-08-06 20:45 - 2015-08-06 16:51 - 00000000 __SHD C:\Recovery
2015-08-06 20:43 - 2015-08-06 20:43 - 00000000 ____D C:\Windows.old
2015-08-06 19:06 - 2015-08-06 19:50 - 00005188 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for DAN-PC-DAN DAN-PC
2015-08-06 18:34 - 2015-08-06 18:34 - 00001689 _____ C:\Users\DAN\Desktop\Camera.lnk
2015-08-06 18:01 - 2015-08-06 18:01 - 00000000 ____D C:\Users\DAN\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
2015-08-06 17:51 - 2015-08-06 17:51 - 00000000 ____D C:\Users\DAN\AppData\Local\PeerDistRepub
2015-08-06 17:35 - 2015-08-06 17:35 - 00000000 ____D C:\Users\DAN\AppData\Local\MicrosoftEdge
2015-08-06 17:18 - 2015-08-06 17:34 - 00000000 ____D C:\Users\DAN\AppData\Local\Comms
2015-08-06 17:14 - 2015-08-06 17:14 - 00002368 _____ C:\Users\DAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-08-06 17:14 - 2015-08-06 17:14 - 00000000 ___RD C:\Users\DAN\OneDrive
2015-08-06 17:12 - 2015-08-06 17:12 - 00000000 ____D C:\Users\DAN\AppData\Roaming\ATI
2015-08-06 17:12 - 2015-08-06 17:12 - 00000000 ____D C:\Users\DAN\AppData\Local\ATI
2015-08-06 17:12 - 2015-08-06 17:12 - 00000000 ____D C:\Users\DAN\AppData\Local\AMD
2015-08-06 17:12 - 2015-08-06 17:12 - 00000000 ____D C:\ProgramData\ATI
2015-08-06 17:11 - 2015-08-06 17:11 - 00001205 _____ C:\Users\DAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Smart Security.lnk
2015-08-06 17:11 - 2015-08-06 17:11 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-08-06 17:10 - 2015-08-06 17:10 - 00000000 ____D C:\Users\DAN\AppData\Local\Publishers
2015-08-06 17:09 - 2015-08-06 21:37 - 00000000 ____D C:\Users\DAN\AppData\Local\Packages
2015-08-06 17:09 - 2015-08-06 17:09 - 00000000 ____D C:\Users\DAN\AppData\Local\TileDataLayer
2015-08-06 17:08 - 2015-08-06 17:08 - 00000020 ___SH C:\Users\DAN\ntuser.ini
2015-08-06 17:05 - 2015-08-06 17:05 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-08-06 17:02 - 2015-07-10 06:59 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-08-06 16:57 - 2015-08-06 16:57 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-08-06 16:57 - 2015-08-06 16:57 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-08-06 16:57 - 2015-08-06 16:57 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2015-08-06 16:54 - 2015-08-06 16:54 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2015-08-06 16:52 - 2015-08-06 21:09 - 00000000 ____D C:\Users\DAN
2015-08-06 16:52 - 2015-08-06 17:09 - 00000000 ___RD C:\Users\DAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-06 16:52 - 2015-07-10 07:04 - 00000000 __RSD C:\Users\DAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-08-06 16:52 - 2015-07-10 07:04 - 00000000 ___RD C:\Users\DAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-06 16:52 - 2015-07-10 07:04 - 00000000 ___RD C:\Users\DAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-06 16:52 - 2015-07-10 07:04 - 00000000 ____D C:\Users\DAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-06 16:51 - 2015-08-06 21:14 - 01005642 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-06 16:51 - 2015-08-06 16:51 - 00961296 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-08-06 16:51 - 2015-08-06 16:51 - 00021209 _____ C:\WINDOWS\iis.log
2015-08-06 16:50 - 2015-08-06 16:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-08-06 16:50 - 2015-08-06 16:50 - 00000000 ____D C:\ProgramData\AMD
2015-08-06 16:50 - 2015-08-06 16:50 - 00000000 ____D C:\Program Files\ATI Technologies
2015-08-06 16:49 - 2015-08-06 16:50 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2015-08-06 16:49 - 2015-08-06 16:49 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-06 16:49 - 2015-08-06 16:49 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2015-08-06 16:49 - 2015-08-06 16:49 - 00000000 ____D C:\AMD
2015-08-06 16:49 - 2015-08-06 16:49 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2015-08-06 16:48 - 2015-08-06 16:49 - 00000000 ____D C:\Program Files\AMD
2015-08-06 16:48 - 2015-08-06 16:48 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-08-06 16:48 - 2015-08-06 16:48 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-08-06 16:48 - 2015-08-06 16:48 - 00000000 ____D C:\Program Files\Realtek
2015-08-06 16:46 - 2015-08-06 21:04 - 00008948 _____ C:\WINDOWS\PFRO.log
2015-08-06 16:46 - 2015-08-06 16:47 - 00021237 _____ C:\WINDOWS\system32\NetSetupMig.log
2015-08-06 16:17 - 2015-07-10 07:00 - 00000001 ___SH C:\BOOTNXT
2015-08-06 16:14 - 2015-08-06 17:05 - 00006484 _____ C:\WINDOWS\comsetup.log
2015-08-06 16:13 - 2015-08-06 17:06 - 00010453 _____ C:\WINDOWS\diagerr.xml
2015-08-06 16:13 - 2015-08-06 17:06 - 00009528 _____ C:\WINDOWS\diagwrn.xml
2015-08-04 18:35 - 2015-08-04 18:37 - 00000000 ____D C:\Users\DAN\AppData\Roaming\CoreFTP
2015-08-04 18:34 - 2015-08-06 16:58 - 00000000 ____D C:\Users\DAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Core FTP
2015-08-04 18:34 - 2015-08-04 18:34 - 00000000 ____D C:\Program Files (x86)\CoreFTP
2015-08-04 07:15 - 2015-08-04 07:15 - 93424513 _____ C:\Users\DAN\Downloads\A04.zip
2015-08-04 07:13 - 2015-08-04 07:14 - 113068472 _____ C:\Users\DAN\Downloads\A02.zip
2015-08-03 17:48 - 2015-08-03 19:04 - 00000000 ____D C:\NPE
2015-08-03 17:46 - 2015-08-03 19:08 - 00000000 ____D C:\Users\DAN\AppData\Local\NPE
2015-08-03 17:46 - 2015-08-03 17:47 - 00000000 ____D C:\ProgramData\Norton
2015-08-03 17:36 - 2015-08-03 19:01 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-08-03 17:20 - 2015-08-03 17:20 - 00000000 ____D C:\Users\DAN\AppData\Local\VirtualStore
2015-08-03 15:31 - 2015-08-03 15:14 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2015-08-03 15:15 - 2015-08-03 15:04 - 00000285 _____ C:\zoek-results2015-08-03-190414.log
2015-08-03 15:04 - 2015-08-03 17:20 - 00014958 _____ C:\zoek-results.log
2015-08-03 14:56 - 2015-08-03 15:28 - 00000000 ____D C:\zoek_backup
2015-08-03 13:12 - 2015-08-03 13:12 - 00000506 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 98a06a0d-b065-4934-af64-8b472ac26391.job
2015-08-03 13:12 - 2015-08-03 13:12 - 00000506 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 23ba0d3c-f57c-41f1-beb5-a405a8b20000.job
2015-08-03 13:12 - 2015-08-03 13:12 - 00000000 ____D C:\Users\DAN\AppData\Roaming\SUPERAntiSpyware.com
2015-08-03 13:11 - 2015-08-06 16:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-08-03 13:11 - 2015-08-03 13:12 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-08-03 13:11 - 2015-08-03 13:11 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2015-08-03 13:11 - 2015-08-03 13:11 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-08-03 07:18 - 2015-08-03 07:18 - 00000149 _____ C:\Users\DAN\Desktop\Google Calendar.url
2015-07-29 07:19 - 2015-07-29 07:20 - 00000000 ____D C:\Users\DAN\Desktop\Funnies
2015-07-24 17:46 - 2015-08-03 15:46 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-07-22 11:31 - 2015-07-22 11:31 - 00000017 _____ C:\Users\DAN\AppData\Local\resmon.resmoncfg
2015-07-21 19:49 - 2015-07-21 19:49 - 00000000 ____D C:\Temp
2015-07-18 14:03 - 2015-08-06 17:05 - 00003002 _____ C:\WINDOWS\System32\Tasks\GBM - New Backup Job-Full
2015-07-18 14:03 - 2015-07-20 08:36 - 00000408 _____ C:\WINDOWS\Tasks\GBM - New Backup Job-Full.job
2015-07-17 09:26 - 2015-08-06 16:10 - 00000000 ____D C:\Users\DAN\AppData\Local\CrashDumps
2015-07-16 02:12 - 2015-07-16 02:12 - 00458472 _____ C:\WINDOWS\system32\amdmiracast.dll
2015-07-16 02:00 - 2015-07-16 02:00 - 39714816 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll
2015-07-16 01:59 - 2015-07-16 01:59 - 00065024 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-07-16 01:59 - 2015-07-16 01:59 - 00059392 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-07-16 01:58 - 2015-07-16 01:58 - 27535872 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl12cl64.dll
2015-07-16 01:57 - 2015-07-16 01:57 - 22318592 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl12cl.dll
2015-07-16 01:35 - 2015-07-16 01:35 - 06477312 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmantle64.dll
2015-07-16 01:35 - 2015-07-16 01:35 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2015-07-16 01:35 - 2015-07-16 01:35 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2015-07-16 01:30 - 2015-07-16 01:30 - 05068288 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmantle32.dll
2015-07-16 01:29 - 2015-07-16 01:29 - 00134656 _____ C:\WINDOWS\system32\amdhdl64.dll
2015-07-16 01:29 - 2015-07-16 01:29 - 00123392 _____ C:\WINDOWS\SysWOW64\amdhdl32.dll
2015-07-16 01:28 - 2015-07-16 01:28 - 30752256 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll
2015-07-16 01:27 - 2015-07-16 01:27 - 00093184 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2015-07-16 01:26 - 2015-07-16 01:26 - 07500800 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2015-07-16 01:26 - 2015-07-16 01:26 - 00086528 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2015-07-16 01:25 - 2015-07-16 01:25 - 00050688 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll
2015-07-16 01:25 - 2015-07-16 01:25 - 00039424 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmmcl.dll
2015-07-16 01:24 - 2015-07-16 01:24 - 09102336 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2015-07-16 01:23 - 2015-07-16 01:23 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2015-07-16 01:22 - 2015-07-16 01:22 - 25299968 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll
2015-07-16 01:22 - 2015-07-16 01:22 - 00204952 _____ C:\WINDOWS\SysWOW64\ativvsvl.dat
2015-07-16 01:22 - 2015-07-16 01:22 - 00204952 _____ C:\WINDOWS\system32\ativvsvl.dat
2015-07-16 01:22 - 2015-07-16 01:22 - 00157144 _____ C:\WINDOWS\SysWOW64\ativvsva.dat
2015-07-16 01:22 - 2015-07-16 01:22 - 00157144 _____ C:\WINDOWS\system32\ativvsva.dat
2015-07-16 01:21 - 2015-07-16 01:21 - 15716864 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll
2015-07-16 01:21 - 2015-07-16 01:21 - 00660912 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2015-07-16 01:21 - 2015-07-16 01:21 - 00660912 _____ C:\WINDOWS\system32\atiapfxx.blb
2015-07-16 01:21 - 2015-07-16 01:21 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2015-07-16 01:21 - 2015-07-16 01:21 - 00062464 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll
2015-07-16 01:21 - 2015-07-16 01:21 - 00055808 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll
2015-07-16 01:21 - 2015-07-16 01:21 - 00052224 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll
2015-07-16 01:21 - 2015-07-16 01:21 - 00049152 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll
2015-07-16 01:20 - 2015-07-16 01:20 - 14302208 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll
2015-07-16 01:18 - 2015-07-16 01:18 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2015-07-16 01:17 - 2015-07-16 01:17 - 00672768 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2015-07-16 01:17 - 2015-07-16 01:17 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2015-07-16 01:17 - 2015-07-16 01:17 - 00246784 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
2015-07-16 01:17 - 2015-07-16 01:17 - 00204800 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2015-07-16 01:17 - 2015-07-16 01:17 - 00190976 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll
2015-07-16 01:17 - 2015-07-16 01:17 - 00189952 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2015-07-16 01:17 - 2015-07-16 01:17 - 00160256 _____ C:\WINDOWS\system32\atieah64.exe
2015-07-16 01:17 - 2015-07-16 01:17 - 00143872 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2015-07-16 01:17 - 2015-07-16 01:17 - 00029696 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2015-07-16 01:14 - 2015-07-16 01:14 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll
2015-07-16 01:13 - 2015-07-16 01:13 - 01247744 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2015-07-16 01:13 - 2015-07-16 01:13 - 00926720 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2015-07-16 01:13 - 2015-07-16 01:13 - 00926720 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2015-07-16 01:13 - 2015-07-16 01:13 - 00665088 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys
2015-07-16 01:13 - 2015-07-16 01:13 - 00156672 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2015-07-16 01:13 - 2015-07-16 01:13 - 00141824 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2015-07-16 01:13 - 2015-07-16 01:13 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll
2015-07-16 01:13 - 2015-07-16 01:13 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll
2015-07-16 01:13 - 2015-07-16 01:13 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll
2015-07-16 01:12 - 2015-07-16 01:12 - 00865792 _____ (AMD) C:\WINDOWS\system32\coinst_15.20.dll
2015-07-16 01:12 - 2015-07-16 01:12 - 00102912 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2015-07-16 01:12 - 2015-07-16 01:12 - 00102400 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2015-07-14 19:01 - 2015-07-09 13:58 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-07-14 19:01 - 2015-06-09 14:03 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpGroupPolicyExtension.dll
2015-07-14 19:00 - 2015-06-20 15:25 - 00968704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.exe
2015-07-14 19:00 - 2015-06-20 14:46 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmlmedia.dll
2015-07-14 19:00 - 2015-06-19 13:39 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmlmedia.dll
2015-07-14 17:54 - 2015-08-06 16:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-14 17:54 - 2015-07-14 17:54 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-14 17:54 - 2015-07-14 17:54 - 00000000 ____D C:\Program Files\iTunes
2015-07-14 17:54 - 2015-07-14 17:54 - 00000000 ____D C:\Program Files\iPod
2015-07-14 17:54 - 2015-07-14 17:54 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-13 15:19 - 2015-07-13 15:19 - 00169152 _____ C:\WINDOWS\system32\ativce03.dat
2015-07-13 15:19 - 2015-07-13 15:19 - 00167456 _____ C:\WINDOWS\system32\amde31a.dat
2015-07-13 11:04 - 2015-07-13 11:17 - 00000000 ____D C:\Users\DAN\Desktop\Nona Phone Pics
2015-07-12 00:34 - 2015-08-06 16:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genie9
2015-07-12 00:34 - 2015-07-12 00:34 - 00000000 ____D C:\Users\DAN\AppData\Roaming\Genie-Soft
2015-07-12 00:33 - 2015-07-12 00:33 - 00000000 ____D C:\Program Files\Genie9
2015-07-11 14:30 - 2015-08-06 16:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-11 14:30 - 2015-08-03 18:53 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-07-11 14:30 - 2015-08-03 18:43 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-11 14:30 - 2015-07-11 14:30 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-11 14:30 - 2015-07-11 14:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-11 14:30 - 2015-07-11 14:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-11 14:30 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-07-11 14:30 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-07-10 09:39 - 2015-08-06 16:13 - 00000000 ___HD C:\$Windows.~BT
2015-07-10 09:20 - 2015-07-10 09:20 - 00016384 ___SH C:\WINDOWS\system32\config\BCD-Template.LOG
2015-07-10 09:19 - 2015-07-10 09:19 - 00000000 ____D C:\WINDOWS\DigitalLocker
2015-07-10 09:15 - 2015-07-10 07:00 - 00032200 _____ C:\WINDOWS\Professional.xml
2015-07-10 09:14 - 2015-08-06 16:58 - 00000000 ____D C:\WINDOWS\ShellNew
2015-07-10 09:14 - 2015-07-10 09:14 - 00000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2015-07-10 09:14 - 2015-07-10 09:14 - 00000000 __RHD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
2015-07-10 09:14 - 2015-07-10 09:14 - 00000000 ____D C:\Program Files\Windows Journal
2015-07-10 09:12 - 2015-07-10 09:12 - 00000000 ____D C:\WINDOWS\SKB
2015-07-10 09:12 - 2015-07-10 09:12 - 00000000 ____D C:\WINDOWS\OCR
2015-07-10 09:11 - 2015-07-10 09:11 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2015-07-10 09:11 - 2015-07-10 09:11 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2015-07-10 09:11 - 2015-07-10 09:11 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2015-07-10 09:11 - 2015-07-10 09:11 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2015-07-10 09:11 - 2015-07-10 09:11 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2015-07-10 09:11 - 2015-07-10 09:11 - 00000000 ____D C:\WINDOWS\SysWOW64\0409
2015-07-10 09:11 - 2015-07-10 09:11 - 00000000 ____D C:\WINDOWS\system32\winrm
2015-07-10 09:11 - 2015-07-10 09:11 - 00000000 ____D C:\WINDOWS\system32\WCN
2015-07-10 09:11 - 2015-07-10 09:11 - 00000000 ____D C:\WINDOWS\system32\slmgr
2015-07-10 09:11 - 2015-07-10 09:11 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2015-07-10 09:11 - 2015-07-10 09:11 - 00000000 ____D C:\WINDOWS\system32\0409
2015-07-10 08:22 - 2015-08-06 23:35 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-10 08:22 - 2015-07-10 08:22 - 00016148 _____ C:\WINDOWS\system32\DESKTOP-M7P1NB6_Administrator_HistoryPrediction.bin
2015-07-10 08:22 - 2015-07-10 08:22 - 00000000 ____D C:\ProgramData\USOShared
2015-07-10 08:21 - 2015-08-06 21:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-10 08:20 - 2015-08-06 21:04 - 00505376 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-10 08:20 - 2015-08-06 19:15 - 00015470 _____ C:\WINDOWS\setupact.log
2015-07-10 08:20 - 2015-07-10 08:20 - 00001340 _____ C:\WINDOWS\lsasetup.log
2015-07-10 08:20 - 2015-07-10 08:20 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-07-10 07:40 - 2015-07-10 07:40 - 00833798 _____ C:\WINDOWS\system32\amdicdxx.dat
2015-07-09 20:31 - 2015-08-06 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SourceTec

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-07 14:42 - 2015-06-30 22:24 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-07 01:42 - 2015-06-30 22:24 - 00000894 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-06 21:18 - 2015-07-02 16:46 - 00000000 ____D C:\ProgramData\Oracle
2015-08-06 21:18 - 2015-07-02 16:46 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-06 21:17 - 2015-07-02 16:47 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-08-06 21:09 - 2015-07-03 09:48 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2015-08-06 18:36 - 2015-06-30 23:33 - 00002332 ____H C:\Users\DAN\Documents\Default.rdp
2015-08-06 18:05 - 2015-07-03 07:31 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-08-06 18:05 - 2015-07-03 07:26 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-06 17:05 - 2015-06-30 22:24 - 00004004 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-06 17:05 - 2015-06-30 22:24 - 00003752 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-06 16:58 - 2015-07-03 01:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
2015-08-06 16:58 - 2015-07-02 16:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arachnophilia
2015-08-06 16:58 - 2015-07-02 16:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-06 16:58 - 2015-06-30 23:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-08-06 16:58 - 2015-06-30 22:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-06 16:58 - 2009-07-13 23:20 - 00000000 ____D C:\WINDOWS\system32\catroot2.bak
2015-08-06 16:57 - 2009-07-13 23:20 - 00000000 ____D C:\Users\Default.migrated
2015-08-06 16:55 - 2015-06-30 22:53 - 00000000 ____D C:\WINDOWS\system32\SPReview
2015-08-06 16:55 - 2015-06-30 22:53 - 00000000 ____D C:\WINDOWS\system32\EventProviders
2015-08-06 16:54 - 2015-07-03 18:33 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2015-08-06 16:54 - 2015-07-03 00:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2015-08-06 16:54 - 2015-07-02 06:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-08-06 16:54 - 2015-06-30 21:46 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-08-06 16:54 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\DVD Maker
2015-08-06 16:23 - 2015-07-01 00:09 - 01659244 _____ C:\WINDOWS\WindowsUpdate (1).log
2015-08-06 16:23 - 2009-07-14 00:45 - 00023344 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-06 16:23 - 2009-07-14 00:45 - 00023344 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-06 16:17 - 2015-06-30 21:18 - 00008192 __RSH C:\BOOTSECT.BAK
2015-08-05 14:02 - 2015-06-30 22:29 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-08-04 18:32 - 2015-07-02 10:59 - 00000000 ____D C:\Users\DAN\AppData\Roaming\FileZilla
2015-08-04 18:28 - 2015-07-02 07:18 - 00001188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2015-08-04 18:28 - 2015-07-02 07:18 - 00001176 _____ C:\Users\Public\Desktop\paint.net.lnk
2015-08-04 18:28 - 2015-07-02 07:17 - 00000000 ____D C:\Program Files\paint.net
2015-08-04 01:35 - 2015-06-30 22:29 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-08-03 15:28 - 2009-07-13 23:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-08-03 12:24 - 2015-06-30 23:55 - 00000000 ____D C:\Users\DAN\AppData\Roaming\TeamViewer
2015-07-21 18:56 - 2015-07-02 07:16 - 00000000 ____D C:\Users\DAN\AppData\Local\paint.net
2015-07-19 21:24 - 2015-06-30 22:23 - 00190584 _____ C:\Users\DAN\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-18 08:16 - 2015-06-30 21:43 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-15 13:15 - 2015-07-03 00:29 - 00000000 ____D C:\Users\DAN\AppData\Local\Adobe
2015-07-15 03:05 - 2009-07-13 22:34 - 00000478 _____ C:\WINDOWS\win.ini
2015-07-14 17:54 - 2015-06-30 23:25 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-10 22:09 - 2015-07-02 06:46 - 00000000 ____D C:\Users\DAN\AppData\Roaming\Adobe
2015-07-10 06:30 - 2015-06-30 21:18 - 00395268 __RSH C:\bootmgr

==================== Files in the root of some directories =======

2015-07-22 11:31 - 2015-07-22 11:31 - 0000017 _____ () C:\Users\DAN\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-06 17:51

==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:06-08-2015
Ran by DAN (2015-08-07 15:23:57)
Running from C:\Users\DAN\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4082438563-1282739928-3318386497-500 - Administrator - Disabled)
DAN (S-1-5-21-4082438563-1282739928-3318386497-1001 - Administrator - Enabled) => C:\Users\DAN
DefaultAccount (S-1-5-21-4082438563-1282739928-3318386497-503 - Limited - Disabled)
Guest (S-1-5-21-4082438563-1282739928-3318386497-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4082438563-1282739928-3318386497-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arachnophilia (remove only) (HKLM-x32\...\Arachnophilia) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Core FTP LE (HKLM-x32\...\CoreFTP) (Version: - )
ESET Smart Security (HKLM\...\{293ADC3B-DCF3-44C2-9CE8-19DD2B4F7646}) (Version: 8.0.312.0 - ESET, spol s r. o.)
Genie Backup Manager (HKLM\...\Genie Backup Manager) (Version: 9.0 - Genie9)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1204 - SUPERAntiSpyware.com)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.45471 - TeamViewer)
UltraISO Premium V9.53 (HKLM-x32\...\UltraISO_is1) (Version: - )
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3054946) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5280698D-EE40-4A94-9E69-ED2E2B1E12A2}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3054946) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5280698D-EE40-4A94-9E69-ED2E2B1E12A2}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3054946) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.VISPROR_{5280698D-EE40-4A94-9E69-ED2E2B1E12A2}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3054946) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{5280698D-EE40-4A94-9E69-ED2E2B1E12A2}) (Version: - Microsoft)
WD Quick View (HKLM-x32\...\{B74717F4-9E4D-4FEF-B234-97EC2ADACFD8}) (Version: 2.4.11.4 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{E0223E66-5682-4F65-9F5D-A2AB7C593323}) (Version: 2.4.11.4 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{f8b1c3bb-688a-4421-a45e-a22dd15f22ee}) (Version: 2.4.11.4 - Western Digital Technologies, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4082438563-1282739928-3318386497-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4082438563-1282739928-3318386497-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\DAN\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4082438563-1282739928-3318386497-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\DAN\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4082438563-1282739928-3318386497-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\DAN\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4082438563-1282739928-3318386497-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\DAN\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4082438563-1282739928-3318386497-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\DAN\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4082438563-1282739928-3318386497-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\DAN\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4082438563-1282739928-3318386497-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\DAN\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4082438563-1282739928-3318386497-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\DAN\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4082438563-1282739928-3318386497-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\DAN\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4082438563-1282739928-3318386497-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\DAN\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

06-08-2015 18:03:00 PROPLUS

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00410D6F-DA4C-417D-A6CA-7721096FA180} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd No Task File <==== ATTENTION
Task: {00EEBA9C-F9EF-4272-B793-C830FBADD359} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation)
Task: {04D595BD-8BA0-4221-BFA3-F4C940400043} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {05D5027C-E287-4C0C-8A32-7228DA19D0FF} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {07FCC332-25B7-46E7-BF2A-409B4BEB27DF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {0CCA7916-2916-4F12-BD32-1E3BE31E1269} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation)
Task: {13A31235-ABBF-4F31-8115-9D988B1D5C9C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent No Task File <==== ATTENTION
Task: {1641F54C-1E57-4902-AB65-EE2B65E5629D} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan => C:\Windows\system32\usoclient.exe [2015-07-10] (Microsoft Corporation)
Task: {19034179-6D99-438A-812F-F9D347E85C61} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-30] (Google Inc.)
Task: {19865544-CE08-40BE-8B8C-87C47681433D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {19ACD6D8-036A-4F4A-B7DB-657ADE2EA451} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {1AF14FDA-FC67-4B44-8DF1-23ABF228614D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1C244262-D0D8-4DF0-89B4-9563F8C139E0} - System32\Tasks\GBM - New Backup Job-Full => C:\Program Files\Genie9\Genie Backup Manager\GBM.EXE [2012-06-04] (Genie9)
Task: {1D3D099E-EE1E-4907-8BA2-BA8F12D11AA6} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\Windows\System32\LocationNotificationWindows.exe [2015-07-10] (Microsoft Corporation)
Task: {1D64AFBF-A4E5-442F-8E9F-21C7775BA666} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {23F63943-995F-41F4-B1C8-6705EE275387} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {2C97A00A-1C5C-4318-B5CC-8A1A126B77F9} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\KeyPreGenTask
Task: {2F716ED6-4A4B-4388-B89F-308C8CF227B5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d No Task File <==== ATTENTION
Task: {38B7B4F3-CC97-4396-868F-BF39CC7573B7} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {39809A51-859D-4949-9A9D-E8B86DD1C3ED} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {3E98383B-85AD-4489-A1BB-771680CE3529} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW
Task: {41160EA0-208B-4C3E-B4DB-805BBABC6B93} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-07-10] (Microsoft Corporation)
Task: {4454A8D0-2E4E-4A02-BF67-48DF6A7BFAB4} - System32\Tasks\Microsoft\Windows\Maps\MapsUpdateTask
Task: {4C0ABAA9-0CA2-4E50-BCBB-4DB2C3013FE1} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {5B234265-48A8-479A-ACF2-38F29FB1C25A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d No Task File <==== ATTENTION
Task: {5CB6F049-2752-4188-9610-8F4CEA56D2AE} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {5D2EA101-29CD-4C25-9D05-28DEED14D34A} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\WINDOWS\SYSTEM32\OOBE\SETUPSQM.EXE [2015-07-10] (Microsoft Corporation)
Task: {5E5515C1-7D87-4904-B9CE-FD29EB2ADB72} - System32\Tasks\Microsoft\Windows\Sysmain\ResPriStaticDbSync
Task: {600685A5-AD03-4398-BA59-3805AF3148C4} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {611C823C-437B-46E7-9683-5312DFFCFD7B} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install => C:\Windows\system32\usoclient.exe [2015-07-10] (Microsoft Corporation)
Task: {6876F48B-033D-4E8C-9511-13E443471C7F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess No Task File <==== ATTENTION
Task: {6D4E80EC-1C00-441A-8957-DD2FF3652399} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {711EE2F9-A611-4773-AF8E-D4B278A6718D} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\AikCertEnrollTask
Task: {73551810-E5F4-433E-9494-0D00B55C855E} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask
Task: {744C9FEA-08B7-43E1-A729-0F94647D655C} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot => C:\Windows\system32\usoclient.exe [2015-07-10] (Microsoft Corporation)
Task: {77EFEDBD-A5DA-4E8F-BFF4-FE924872BB68} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d No Task File <==== ATTENTION
Task: {78B77FA3-9D97-441D-97B6-68CEA40B4F74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance
Task: {7A003965-A297-4DC6-B15B-852D798391E0} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => C:\WINDOWS\system32\MusNotification.exe [2015-08-06] (Microsoft Corporation)
Task: {7C363BA2-971D-4411-95EA-E0E8C8AEBB38} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {7D9DB609-860C-4EAF-862B-D97974E489DC} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {80A28FAE-0CB7-48B7-8F2B-4BFF15B4E626} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {848DCC36-520C-4946-BF68-C7EFFEFA2F84} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot => C:\windows\system32\MusNotification.exe [2015-08-06] (Microsoft Corporation)
Task: {87FEFA77-2CD0-4E46-A5B8-74CD3267AAAF} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {898DAC06-FBFA-48FD-A4B1-B8ECE04C585F} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {8DF84CB3-D8E0-4307-A35B-CA74E21786DB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-08-06] (Microsoft Corporation)
Task: {8F4C3A2F-D807-437E-BAA4-10DF9721ED47} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync No Task File <==== ATTENTION
Task: {92F4B6A1-DB8B-4409-8C5A-4C0CD5E8F2A1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent No Task File <==== ATTENTION
Task: {A364E297-00AD-490D-900E-22AC34598C71} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install => C:\Windows\system32\usoclient.exe [2015-07-10] (Microsoft Corporation)
Task: {A4A72A21-C7EF-4DF3-B095-A02F86FE8931} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {A5B6CD85-1B57-49B9-BA80-5D5D65F02826} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
Task: {A9F8A74A-9D7D-4354-9B8A-5FA6D6A51342} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {AC29E64E-3271-47BA-B8F1-914523CF379B} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Automatic App Update
Task: {B0ACB5F2-FD05-4F77-B1A0-EA9F63D127C8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {B1BF3E66-31CF-4A8D-B6B2-7176A86D732B} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {B234DFC2-8814-4609-A55F-2FCD284C203E} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DAN-PC-DAN DAN-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-04-14] (Microsoft Corporation)
Task: {B9B36D41-C776-424E-9A13-5387E17A2CEB} - System32\Tasks\Microsoft\Windows\WCM\WiFiTask => C:\Windows\System32\WiFiTask.exe [2015-07-10] (Microsoft Corporation)
Task: {BB20B5E3-8385-4EA9-92C4-8F6CF06ABF2F} - System32\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent
Task: {BE447FF6-4BA9-4408-B0BC-792148CA21F6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d No Task File <==== ATTENTION
Task: {C06DBE78-C8A4-4C58-87E8-95F094BA6B6C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d No Task File <==== ATTENTION
Task: {C2162702-FFEB-48C0-AA5F-2DA3A8887D61} - System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Installation
Task: {C4226DA7-DC7A-4845-AC5F-CF3D92FC9617} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B No Task File <==== ATTENTION
Task: {C56AFFD3-06B8-4A16-AF7E-F7A6EB3FAE9E} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {C7A236B2-12E1-46DC-9501-3B1B0209CC09} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation)
Task: {CB119A4D-0F72-441C-9E65-040046AEBD0E} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {CDEBBE90-E3E7-4D63-947C-81BA3E53FF54} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-30] (Google Inc.)
Task: {D2401052-A382-42DE-9C79-D1CF3563F654} - System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Uninstallation
Task: {D8ACC6C0-8493-4C3C-B08B-BC954B3B02ED} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {DAF2BAE3-1C5B-4CB5-9F62-0911C031A15A} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics => C:\Windows\system32\disksnapshot.exe [2015-07-10] (Microsoft Corporation)
Task: {EA3F661E-B31C-44A9-B40C-E3D5D56149D4} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display => C:\windows\system32\MusNotification.exe [2015-08-06] (Microsoft Corporation)
Task: {F90F296D-9300-4D2E-A1CA-FDFD72978A35} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {FA775421-5625-4805-B6B4-219A5B4D1175} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig No Task File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GBM - New Backup Job-Full.job => C:\Program Files\Genie9\Genie Backup Manager\GBM.EXE
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 23ba0d3c-f57c-41f1-beb5-a405a8b20000.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 98a06a0d-b065-4934-af64-8b472ac26391.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (Whitelisted) ==============

2015-08-06 20:42 - 2015-08-06 20:42 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-06-30 21:18 - 2012-12-06 13:52 - 00136704 _____ () C:\WINDOWS\System32\zlhp2600.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-06 20:42 - 2015-08-06 20:42 - 00403968 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-08-06 19:23 - 2015-07-30 02:05 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-06 19:23 - 2015-07-30 02:05 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-05-13 18:30 - 2015-05-13 18:30 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-08-06 19:24 - 2015-08-01 21:37 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 07:00 - 2015-07-10 09:14 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-06 19:23 - 2015-08-01 21:34 - 01806848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-06 19:23 - 2015-08-01 21:35 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 07:00 - 2015-07-10 09:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2012-05-21 03:17 - 2012-05-21 03:17 - 00261632 _____ () C:\Program Files\Genie9\Genie Backup Manager\GSLogging.dll
2012-05-21 03:19 - 2012-05-21 03:19 - 00250368 _____ () C:\Program Files\Genie9\Genie Backup Manager\gs_encryption.dll
2015-07-15 21:38 - 2015-07-15 21:38 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-07-10 06:59 - 2015-07-10 06:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 06:59 - 2015-07-10 06:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-08-06 20:42 - 2015-08-06 20:42 - 00642048 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2015-07-10 07:00 - 2015-07-10 07:00 - 00293376 _____ () C:\WINDOWS\SYSTEM32\textinputframework.dll
2015-08-06 21:35 - 2015-08-06 21:35 - 00007168 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.803.16240.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-08-06 21:35 - 2015-08-06 21:35 - 11284480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.803.16240.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-07-10 09:17 - 2015-07-10 09:17 - 07897088 _____ () C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.0_1.0.22929.0_x64__8wekyb3d8bbwe\SharedLibrary.dll
2015-08-04 16:44 - 2015-07-31 02:19 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libglesv2.dll
2015-08-04 16:44 - 2015-07-31 02:19 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4082438563-1282739928-3318386497-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 64.233.217.2 - 64.233.217.3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{01A09B4D-E010-4A1B-A12F-935C0F00BBAA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4B66E8D3-5B6D-46C2-B225-9FA720EB2F86}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C66C904B-9FF7-4E5C-B817-F3379E435921}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4FEDB937-EAE0-407F-9499-DD7FD8A49362}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7E91C083-FB51-46B5-87C5-688DFD687199}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{35902EF5-B109-4519-9196-1FD9DDF7D0F8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{D0EBE4AB-2F12-484A-B0BD-2B033EA4E04C}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{078F4BCC-03B6-431C-818F-349E631B8A00}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{525B0A17-5AB1-45AB-B111-4F92C3CDC536}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{23DE9B7E-7F5E-48FE-82D1-7DE8EC8C5999}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{7769AC28-FCBD-4093-9569-FBB753EC8520}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D2EA5B9D-3B95-4300-926D-D0C118EEE616}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{B225EA7C-98C3-4036-86FF-8E1FF5FE7B4D}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{5C27A541-9570-490A-8663-C0FF56000EA1}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{2FB9F8A9-C190-41F0-96ED-48523CFBCC37}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BB9922D8-187A-4D9A-A6BA-C2498EBE7EB2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A2C89B53-0C7F-4170-BA98-46274EB82515}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{12AF0AD1-EB66-4C58-9FCB-0C89A6DACE70}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/07/2015 02:47:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SUPERAntiSpyware.exe, version: 6.0.0.1204, time stamp: 0x55ba8304
Faulting module name: ntdll.dll, version: 10.0.10240.16392, time stamp: 0x55a864a2
Exception code: 0xc0000374
Fault offset: 0x00000000000ea28c
Faulting process id: 0x61c
Faulting application start time: 0xSUPERAntiSpyware.exe0
Faulting application path: SUPERAntiSpyware.exe1
Faulting module path: SUPERAntiSpyware.exe2
Report Id: SUPERAntiSpyware.exe3
Faulting package full name: SUPERAntiSpyware.exe4
Faulting package-relative application ID: SUPERAntiSpyware.exe5

Error: (08/06/2015 10:58:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Microsoft.Photos.exe, version: 15.803.16240.0, time stamp: 0x55bffda5
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10240.16412, time stamp: 0x55b9a054
Exception code: 0xc000027b
Fault offset: 0x0000000000494ab9
Faulting process id: 0xcb8
Faulting application start time: 0xMicrosoft.Photos.exe0
Faulting application path: Microsoft.Photos.exe1
Faulting module path: Microsoft.Photos.exe2
Report Id: Microsoft.Photos.exe3
Faulting package full name: Microsoft.Photos.exe4
Faulting package-relative application ID: Microsoft.Photos.exe5

Error: (08/06/2015 09:12:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10240.16401, time stamp: 0x55b1a820
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10240.16412, time stamp: 0x55b9a054
Exception code: 0xc000027b
Fault offset: 0x00000000004aaf9d
Faulting process id: 0x105c
Faulting application start time: 0xShellExperienceHost.exe0
Faulting application path: ShellExperienceHost.exe1
Faulting module path: ShellExperienceHost.exe2
Report Id: ShellExperienceHost.exe3
Faulting package full name: ShellExperienceHost.exe4
Faulting package-relative application ID: ShellExperienceHost.exe5

Error: (08/06/2015 09:05:53 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (08/06/2015 08:48:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DAN-PC)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/06/2015 08:47:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DAN-PC)
Description: Package Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.

Error: (08/06/2015 08:33:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program JavaRa.exe version 2.6.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 12528

Start Time: 01d0d0a874bd19fa

Termination Time: 214

Application Path: C:\Users\DAN\Desktop\JavaRa-2.6.1\JavaRa-2.6\JavaRa.exe

Report Id: d9b5fce3-3c9b-11e5-9bc3-6cf0499edbd8

Faulting package full name:

Faulting package-relative application ID:

Error: (08/06/2015 06:03:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (08/06/2015 05:29:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LogonUI.exe, version: 10.0.10240.16384, time stamp: 0x559f398c
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10240.16397, time stamp: 0x55af16e7
Exception code: 0xc000027b
Fault offset: 0x000000000052788e
Faulting process id: 0x19378
Faulting application start time: 0xLogonUI.exe0
Faulting application path: LogonUI.exe1
Faulting module path: LogonUI.exe2
Report Id: LogonUI.exe3
Faulting package full name: LogonUI.exe4
Faulting package-relative application ID: LogonUI.exe5

Error: (08/06/2015 05:05:38 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
The content index catalog is corrupt. 0xc0041801 (0xc0041801)


System errors:
=============
Error: (08/06/2015 09:30:58 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: Mail and Calendar.

Error: (08/06/2015 09:28:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Microsoft Visual C++ 2015 Runtime Package.

Error: (08/06/2015 09:08:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1058

Error: (08/06/2015 09:05:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1058

Error: (08/06/2015 09:05:00 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:00:47 PM on ‎8/‎6/‎2015 was unexpected.

Error: (08/06/2015 08:48:03 PM) (Source: DCOM) (EventID: 10010) (User: DAN-PC)
Description: App.AppX9s1cz53zc86xn39kwrb02jyft9ecn62r.mca

Error: (08/06/2015 06:03:32 PM) (Source: DCOM) (EventID: 10016) (User: DAN-PC)
Description: application-specificLocalActivation{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}DAN-PCDANS-1-5-21-4082438563-1282739928-3318386497-1001LocalHost (Using LRPC)Microsoft.MicrosoftEdge_20.10240.16384.0_neutral__8wekyb3d8bbweS-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194

Error: (08/06/2015 06:03:29 PM) (Source: DCOM) (EventID: 10016) (User: DAN-PC)
Description: application-specificLocalActivation{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}DAN-PCDANS-1-5-21-4082438563-1282739928-3318386497-1001LocalHost (Using LRPC)Microsoft.MicrosoftEdge_20.10240.16384.0_neutral__8wekyb3d8bbweS-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194

Error: (08/06/2015 06:03:27 PM) (Source: DCOM) (EventID: 10016) (User: DAN-PC)
Description: application-specificLocalActivation{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}DAN-PCDANS-1-5-21-4082438563-1282739928-3318386497-1001LocalHost (Using LRPC)Microsoft.MicrosoftEdge_20.10240.16384.0_neutral__8wekyb3d8bbweS-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194

Error: (08/06/2015 06:03:25 PM) (Source: DCOM) (EventID: 10016) (User: DAN-PC)
Description: application-specificLocalActivation{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}DAN-PCDANS-1-5-21-4082438563-1282739928-3318386497-1001LocalHost (Using LRPC)Microsoft.MicrosoftEdge_20.10240.16384.0_neutral__8wekyb3d8bbweS-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194


Microsoft Office:
=========================
Error: (08/07/2015 02:47:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SUPERAntiSpyware.exe6.0.0.120455ba8304ntdll.dll10.0.10240.1639255a864a2c000037400000000000ea28c61c01d0d0adfdb9f4f1C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\WINDOWS\SYSTEM32\ntdll.dllce714d84-0fc9-488f-90a7-0d6237a9e86c

Error: (08/06/2015 10:58:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Microsoft.Photos.exe15.803.16240.055bffda5Windows.UI.Xaml.dll10.0.10240.1641255b9a054c000027b0000000000494ab9cb801d0d0b1dfa35c00C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.803.16240.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exeC:\Windows\System32\Windows.UI.Xaml.dll4a55f299-0ffb-41b4-8f93-6b0147396406Microsoft.Windows.Photos_15.803.16240.0_x64__8wekyb3d8bbweApp

Error: (08/06/2015 09:12:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ShellExperienceHost.exe10.0.10240.1640155b1a820Windows.UI.Xaml.dll10.0.10240.1641255b9a054c000027b00000000004aaf9d105c01d0d0adef72a191C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exeC:\Windows\System32\Windows.UI.Xaml.dllfef8f8fa-3fde-4df9-8ab5-391c0df854ccMicrosoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewyApp

Error: (08/06/2015 09:05:53 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (08/06/2015 08:48:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DAN-PC)
Description: Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App-2144927141

Error: (08/06/2015 08:47:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DAN-PC)
Description: Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy+App

Error: (08/06/2015 08:33:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: JavaRa.exe2.6.0.01252801d0d0a874bd19fa214C:\Users\DAN\Desktop\JavaRa-2.6.1\JavaRa-2.6\JavaRa.exed9b5fce3-3c9b-11e5-9bc3-6cf0499edbd8

Error: (08/06/2015 06:03:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (08/06/2015 05:29:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LogonUI.exe10.0.10240.16384559f398cWindows.UI.Xaml.dll10.0.10240.1639755af16e7c000027b000000000052788e1937801d0d08ec937e863C:\WINDOWS\system32\LogonUI.exeC:\Windows\System32\Windows.UI.Xaml.dll64df8178-94fc-45c0-8a91-1ef7fd80e0c6

Error: (08/06/2015 05:05:38 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
The content index catalog is corrupt. 0xc0041801 (0xc0041801)
The catalog is corrupt


==================== Memory info ===========================

Processor: AMD Athlon™ II X2 250 Processor
Percentage of memory in use: 57%
Total physical RAM: 4094.49 MB
Available physical RAM: 1744.24 MB
Total Virtual: 8190.49 MB
Available Virtual: 5938.39 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.92 GB) (Free:1787.53 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive i: (My Book) (Fixed) (Total:3725.99 GB) (Free:3175.81 GB) NTFS
Drive j: (Backup) (Fixed) (Total:931.51 GB) (Free:739.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 2369D907)
Partition 1: (Active) - (Size=1862.9 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 1.

========================================================
Disk: 6 (Size: 931.5 GB) (Disk ID: E8900690)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of log ============================

Attached Files


Edited by Oh My!, 12 August 2015 - 10:36 AM.
Modified and posted logs


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,394 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:11 PM

Posted 12 August 2015 - 10:55 AM

Greetings danielzink and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Can you tell me if you recognize this?

2015-08-07 15:19 - 2015-08-07 15:19 - 00016148 _____ C:\WINDOWS\system32\DAN-PC_DAN_HistoryPrediction.bin


Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
U3 idsvc; No ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; No ImagePath
NETSVCx32: NetSetupSvc -> C:\Windows\SysWOW64\NetSetupSvc.dll ==> No File
NETSVCx32: UserManager -> C:\Windows\SysWOW64\usermgr.dll ==> No File
Task: {00410D6F-DA4C-417D-A6CA-7721096FA180} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd No Task File <==== ATTENTION
Task: {13A31235-ABBF-4F31-8115-9D988B1D5C9C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent No Task File <==== ATTENTION
Task: {2F716ED6-4A4B-4388-B89F-308C8CF227B5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d No Task File <==== ATTENTION
Task: {2F716ED6-4A4B-4388-B89F-308C8CF227B5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d No Task File <==== ATTENTION
Task: {5B234265-48A8-479A-ACF2-38F29FB1C25A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d No Task File <==== ATTENTION
Task: {6876F48B-033D-4E8C-9511-13E443471C7F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess No Task File <==== ATTENTION
Task: {77EFEDBD-A5DA-4E8F-BFF4-FE924872BB68} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d No Task File <==== ATTENTION
Task: {8F4C3A2F-D807-437E-BAA4-10DF9721ED47} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync No Task File <==== ATTENTION
Task: {92F4B6A1-DB8B-4409-8C5A-4C0CD5E8F2A1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent No Task File <==== ATTENTION
Task: {BE447FF6-4BA9-4408-B0BC-792148CA21F6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d No Task File <==== ATTENTION
Task: {C06DBE78-C8A4-4C58-87E8-95F094BA6B6C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d No Task File <==== ATTENTION
Task: {C4226DA7-DC7A-4845-AC5F-CF3D92FC9617} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B No Task File <==== ATTENTION
Task: {FA775421-5625-4805-B6B4-219A5B4D1175} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig No Task File <==== ATTENTION
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Zoek by Smeenk

--------------------
  • Download Zoek and save it to your Desktop
  • Right click the icon, select Run as Admistrator, and wait for the Program to appear on your Desktop (may take 15 seconds or so)
  • Copy and paste the following into the main box

createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns

  • Verify Scan All Users is selected then click Run Script
  • Do not use your computer while the scan is running
  • When completed a zoek-results.txt report will appear on your desktop. Copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • zoek log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#3 danielzink

danielzink
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 12 August 2015 - 01:55 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:11-08-2015 02
Ran by DAN (2015-08-12 14:20:00) Run:1
Running from C:\Users\DAN\Desktop
Loaded Profiles: DAN (Available Profiles: DAN & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
U3 idsvc; No ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; No ImagePath
NETSVCx32: NetSetupSvc -> C:\Windows\SysWOW64\NetSetupSvc.dll ==> No File
NETSVCx32: UserManager -> C:\Windows\SysWOW64\usermgr.dll ==> No File
Task: {00410D6F-DA4C-417D-A6CA-7721096FA180} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd No Task File <==== ATTENTION
Task: {13A31235-ABBF-4F31-8115-9D988B1D5C9C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent No Task File <==== ATTENTION
Task: {2F716ED6-4A4B-4388-B89F-308C8CF227B5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d No Task File <==== ATTENTION
Task: {2F716ED6-4A4B-4388-B89F-308C8CF227B5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d No Task File <==== ATTENTION
Task: {5B234265-48A8-479A-ACF2-38F29FB1C25A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d No Task File <==== ATTENTION
Task: {6876F48B-033D-4E8C-9511-13E443471C7F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess No Task File <==== ATTENTION
Task: {77EFEDBD-A5DA-4E8F-BFF4-FE924872BB68} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d No Task File <==== ATTENTION
Task: {8F4C3A2F-D807-437E-BAA4-10DF9721ED47} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync No Task File <==== ATTENTION
Task: {92F4B6A1-DB8B-4409-8C5A-4C0CD5E8F2A1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent No Task File <==== ATTENTION
Task: {BE447FF6-4BA9-4408-B0BC-792148CA21F6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d No Task File <==== ATTENTION
Task: {C06DBE78-C8A4-4C58-87E8-95F094BA6B6C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d No Task File <==== ATTENTION
Task: {C4226DA7-DC7A-4845-AC5F-CF3D92FC9617} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B No Task File <==== ATTENTION
Task: {FA775421-5625-4805-B6B4-219A5B4D1175} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig No Task File <==== ATTENTION
*****************
 
idsvc => service removed successfully
wfpcapture => service removed successfully
wpcsvc => service removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs NetSetupSvc => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs UserManager => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00410D6F-DA4C-417D-A6CA-7721096FA180}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00410D6F-DA4C-417D-A6CA-7721096FA180}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{13A31235-ABBF-4F31-8115-9D988B1D5C9C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13A31235-ABBF-4F31-8115-9D988B1D5C9C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F716ED6-4A4B-4388-B89F-308C8CF227B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F716ED6-4A4B-4388-B89F-308C8CF227B5}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F716ED6-4A4B-4388-B89F-308C8CF227B5} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5B234265-48A8-479A-ACF2-38F29FB1C25A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B234265-48A8-479A-ACF2-38F29FB1C25A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6876F48B-033D-4E8C-9511-13E443471C7F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6876F48B-033D-4E8C-9511-13E443471C7F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{77EFEDBD-A5DA-4E8F-BFF4-FE924872BB68}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77EFEDBD-A5DA-4E8F-BFF4-FE924872BB68}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F4C3A2F-D807-437E-BAA4-10DF9721ED47}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F4C3A2F-D807-437E-BAA4-10DF9721ED47}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92F4B6A1-DB8B-4409-8C5A-4C0CD5E8F2A1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92F4B6A1-DB8B-4409-8C5A-4C0CD5E8F2A1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE447FF6-4BA9-4408-B0BC-792148CA21F6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE447FF6-4BA9-4408-B0BC-792148CA21F6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C06DBE78-C8A4-4C58-87E8-95F094BA6B6C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C06DBE78-C8A4-4C58-87E8-95F094BA6B6C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4226DA7-DC7A-4845-AC5F-CF3D92FC9617}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4226DA7-DC7A-4845-AC5F-CF3D92FC9617}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA775421-5625-4805-B6B4-219A5B4D1175}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA775421-5625-4805-B6B4-219A5B4D1175}" => key removed successfully
 
==== End of Fixlog 14:20:02 ====
 
 
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by DAN on Wed 08/12/2015 at 14:21:21.66.
Microsoft Windows 10 Pro 10.0.10240  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\DAN\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== Older Logs ======================
 
C:\zoek-results2015-08-03-190414.log 285 bytes
C:\zoek-results2015-08-03-212017.log 14958 bytes
 
==== System Restore Info ======================
 
8/12/2015 2:23:17 PM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\DefaultAppPool\AppData\LocalLow deleted successfully
C:\Users\DAN\AppData\Local\PeerDistRepub deleted successfully
C:\Users\DAN\AppData\Local\VirtualStore deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"web2pdfextension@web2pdf.adobedotcom"="C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn" [07/03/2015 12:27 AM]
 
==== Chromium Look ======================
 
Google Chrome Version: 44.0.2403.130
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx[09/23/2012 08:43 PM]
 
Tidy Sidebar - DAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgmacifhhpefamjmolpipkijcofcmbgp
Chrome Hotword Shared Module - DAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
 
==== Chromium Startpages ======================
 
C:\Users\DAN\AppData\Local\Google\Chrome\User Data\Default\Preferences
native_service":[{"port":80,"probability":0.0,"protocol_str":"quic"}]},"yt3.ggpht.com:443":{"alternative_service":[{"port":443,"probability":1.0,"protocol_str":"quic"}],"network_stats":{"srtt":79504},"supports_spdy":true},"z-n.ak.fbcdn.net:443":{"supports_spdy":true}},"supports_quic":{"address":"74.199.43.208","used_quic":true},"version":3}},"ntp":{"app_page_names":["Apps"],"collapsed_foreign_sessions":{}},"partition":{"per_host_zoom_levels":{"3155232537":{},"3401979396":{},"888834877":{}}},"password_bubble":{"nopes":0},"plugins":{"migrated_to_pepper_flash":true,"plugins_list":[],"removed_old_component_pepper_flash_settings":true},"printing":{"print_preview_sticky_settings":{"appState":"{\"version\":2,\"isGcpPromoDismissed\":false,\"selectedDestinationId\":\"HP Color LaserJet 2600n\",\"selectedDestinationOrigin\":\"local\",\"selectedDestinationAccount\":\"\",\"selectedDestinationCapabilities\":{\"printer\":{\"collate\":{\"default\":false},\"color\":{\"option\":[{\"is_default\":true,\"type\":\"STANDARD_COLOR\",\"vendor_id\":\"2\"},{\"type\":\"STANDARD_MONOCHROME\",\"vendor_id\":\"1\"}]},\"copies\":{},\"dpi\":{\"option\":[{\"horizontal_dpi\":600,\"is_default\":true,\"vertical_dpi\":600}]},\"duplex\":{\"option\":[{\"is_default\":true,\"type\":\"NO_DUPLEX\"},{\"type\":\"LONG_EDGE\"},{\"type\":\"SHORT_EDGE\"}]},\"media_size\":{\"option\":[{\"custom_display_name\":\"Letter\",\"height_microns\":279400,\"is_default\":true,\"name\":\"NA_LETTER\",\"vendor_id\":\"1\",\"width_microns\":215900},{\"custom_display_name\":\"Legal\",\"height_microns\":355600,\"name\":\"NA_LEGAL\",\"vendor_id\":\"5\",\"width_microns\":215900},{\"custom_display_name\":\"Executive\",\"height_microns\":266700,\"name\":\"NA_EXECUTIVE\",\"vendor_id\":\"7\",\"width_microns\":184200},{\"custom_display_name\":\"8.5x13\",\"height_microns\":330200,\"name\":\"JIS_EXEC\",\"vendor_id\":\"258\",\"width_microns\":215900},{\"custom_display_name\":\"A4\",\"height_microns\":297000,\"name\":\"ISO_A4\",\"vendor_id\":\"9\",\"width_microns\":210000},{\"custom_display_name\":\"A5\",\"height_microns\":210000,\"name\":\"ISO_A5\",\"vendor_id\":\"11\",\"width_microns\":148000},{\"custom_display_name\":\"B5 (ISO)\",\"height_microns\":250000,\"name\":\"ISO_B5\",\"vendor_id\":\"259\",\"width_microns\":176000},{\"custom_display_name\":\"B5 (JIS)\",\"height_microns\":257000,\"name\":\"JIS_B5\",\"vendor_id\":\"13\",\"width_microns\":182000},{\"custom_display_name\":\"Executive (JIS)\",\"height_microns\":330000,\"name\":\"JIS_EXEC\",\"vendor_id\":\"262\",\"width_microns\":216000},{\"custom_display_name\":\"Post Card JIS\",\"height_microns\":148000,\"name\":\"JPN_HAGAKI\",\"vendor_id\":\"260\",\"width_microns\":100000},{\"custom_display_name\":\"Double Post Card (JIS)\",\"height_microns\":200000,\"name\":\"JPN_OUFUKU\",\"vendor_id\":\"261\",\"width_microns\":148000},{\"custom_display_name\":\"16K\",\"height_microns\":273100,\"name\":\"ROC_16K\",\"vendor_id\":\"257\",\"width_microns\":196900},{\"custom_display_name\":\"Envelope #10\",\"height_microns\":241300,\"name\":\"NA_NUMBER_10\",\"vendor_id\":\"20\",\"width_microns\":104600},{\"custom_display_name\":\"Envelope Monarch\",\"height_microns\":190500,\"name\":\"NA_MONARCH\",\"vendor_id\":\"37\",\"width_microns\":98300},{\"custom_display_name\":\"Envelope C5\",\"height_microns\":229000,\"name\":\"ISO_C5\",\"vendor_id\":\"28\",\"width_microns\":162000},{\"custom_display_name\":\"Envelope DL\",\"height_microns\":220000,\"name\":\"ISO_DL\",\"vendor_id\":\"27\",\"width_microns\":110000}]},\"page_orientation\":{\"option\":[{\"is_default\":true,\"type\":\"PORTRAIT\"},{\"type\":\"LANDSCAPE\"},{\"type\":\"AUTO\"}]},\"supported_content_type\":[{\"content_type\":\"application/pdf\"}]},\"version\":\"1.0\"},\"selectedDestinationName\":\"HP Color LaserJet 2600n\",\"selectedDestinationExtensionId\":\"\",\"selectedDestinationExtensionName\":\"\",\"mediaSize\":{\"custom_display_name\":\"Letter\",\"height_microns\":279400,\"is_default\":true,\"name\":\"NA_LETTER\",\"vendor_id\":\"1\",\"width_microns\":215900}}"}},"profile":{"avatar_bubble_tutorial_shown":2,"avatar_index":0,"content_settings":{"exceptions":{"app_banner":{},"auto_select_certificate":{},"automatic_downloads":{},"cookies":{},"fullscreen":{"https://www.youtube.com:443,https://www.youtube.com:443":{"setting":1}},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{"[*.]rudeinternet.com,*":{"setting":1},"[*.]spaceflight.nasa.gov,*":{"setting":1}},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{",http://www.cnn.com:80":{"last_used":{"geolocation":1430601857.7775}},"[*.]rudeinternet.com,*":{"plugins":1},"[*.]spaceflight.nasa.gov,*":{"plugins":1},"http://www.cnn.com:80,http://www.cnn.com:80":{"geolocation":1,"last_used":{"geolocation":1430601857.5785}},"https://www.youtube.com:443,https://www.youtube.com:443":{"fullscreen":1}},"pref_version":1},"created_by_version":"43.0.2357.130","exit_type":"Crashed","exited_cleanly":true,"gaia_info_picture_url":"https://lh5.googleusercontent.com/-WZy-w9pbx1c/AAAAAAAAAAI/AAAAAAAAAHU/TYxqJwhaNu8/s256-c/photo.jpg","gaia_info_update_time":"13083850983842681","icon_version":3,"managed_user_id":"","managed_users":{},"migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"First user","per_host_zoom_levels":{}},"protection":{"macs":{}},"reverse_autologin":{"enabled":false},"savefile":{"default_directory":"J:\\Temp\\E\\VW\\VW Docs"},"selectfile":{"last_directory":"C:\\Users\\DAN\\Desktop"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13080191168579800"},"signin":{"signedin_time":"13081054109683500"},"sync":{"encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAeYd3XwXDCUW28HVh9LbyaAAAAAACAAAAAAAQZgAAAAEAACAAAABETpwU8clDzAF4BL22DGUmTUKALpmTuNS4BPpNxcTTXAAAAAAOgAAAAAIAACAAAABkKlEJv++TLJ0ALyxXOYS34a4kpmmU9nPtDWz95alc9kAAAAAMxLUJNOR3C820L+ngVtDlxAgtKSDfdYt/W/qt7BH5AJvnNrLBJGuzr9VXEiPIwP9BiSu65+WnPUIFWdbRMgxZQAAAACUzmSJkPyE2xiylJp2FUBYiunaCso6zZLeTNcbbiSHrU+WVHAfdfomNsgZzpxy2dHF+h6tswgfCvi9hZqkg55w=","first_sync_time":"13081054109851500","has_setup_completed":true,"keystore_encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAeYd3XwXDCUW28HVh9LbyaAAAAAACAAAAAAAQZgAAAAEAACAAAAAnLpXPgnt8A0Hx5xDHJq8eWRfS0aPzJvpkMteWnYWFBwAAAAAOgAAAAAIAACAAAAAEVxgyaEaepbazWAZ3Winno7kn4wSsCthU0N0msVkEF1AAAACxrLzZpBqHEkLQ/XGZXb+DKx0mY4AIhdXJDJfwcdUa4N/4w3C64EeVh1JbpEUZb1vwdMvsriFdjaJ08U6uhqXXzlK0z7tOk1bkKCaZJVugEEAAAAB3oE60sxYyOBmOoHqU++5yp7sRJC167d7vFdBR6lGUUdA80f5X7d9J4VE0iXpTHGd1Yq1flrUGUoOZPDmlIsXR","last_synced_time":"13083877150194677","memory_warning_count":0,"session_sync_guid":"session_syncN6Gkzdc58NZ3xqIQHEduMA==","shutdown_cleanly":false,"suppress_start":false},"sync_promo":{"startup_count":1},"translate_accepted_count":{"de":0,"fr":0,"it":0,"ja":0,"sv":0},"translate_blocked_languages":["en"],"translate_denied_count":{"de":1,"fr":1,"ja":1},"translate_denied_count_for_language":{"fr":1,"it":2,"sv":1},"translate_last_denied_time_for_language":{"fr":1439245629998.612,"it":1439245926235.694,"sv":1438686513475.0},"translate_whitelists":{}}
pjpf":"83C1A6A26E3601E4D2384A0043657439C634095C2D835F6C410E9D64F1DF3917","dgmacifhhpefamjmolpipkijcofcmbgp":"CF7F62D10BCFF9095588E8BDE4C9FDEB605A7782E6091511D83819993EFFD4A5","eemcgdkfndhakfknompkggombfjjjeno":"7F7ABA5DD8C53E3FDD153C305FDBCD3A2E9ED4C25F4EA124C1497ECB6CB699FD","efaidnbmnnnibpcajpcglclefindmkaj":"E92D3334CF87AEF7C3847C9D5FF18438EC1C6A19A677D9532937E88DD4D2F70A","ennkphjdgehloodpbhlhldgbnhmacadg":"9B81A334F77A319D4E9FA3F4C030C4EC7BC94B31B464C174B20A65C2AA6E54DB","felcaaldnbdncclmgdcncolpebgiejap":"DD627205E19C0F78D0CDBCEE0E25FF7EF3B9C58712CEC2D9338494494AD327FA","gfdkimpbcpahaombhbimeihdjnejgicl":"D3511AA800B8D280DE1E32FEDF5C684230FFAF910D149B74743DFA271B93750E","kmendfapggjehodndflmmgagdbamhnfd":"EBB9F7E69475455BA16F62267D35C6335DF697B40F1DFEB10FFFB8BC9BB63F1A","knipolnnllmklapflnccelgolnpehhpl":"BE05EF10FE81D25FD60051C073C3328DB245CE03362D4EE3E0A0A6659AFC7B98","lccekmodgklaepjeofjdjpbminllajkg":"19FA7F591CF4B699A0DEB1101B3AA226C7C589465E00EAD3F2D31848258A9BC8","lfmhcpmkbdkbgbmkjoiopeeegenkdikp":"754207B4822BADE8F65641EABCB33583C1DA499512E9F94B3E2578362089DD5D","mfehgcgbbipciphmccgaenjidiccnmng":"7B505979580A291BBA149196D32A5482D9F1D72329801D59C0A4FA154E080374","mfffpogegjflfpflabcdkioaeobkgjik":"426B7442D3680F82DE3C120B3B4CD398C41FB7FEFD26B1AC901FEA002655A772","mgndgikekgjfcpckkfioiadnlibdjbkf":"7D9A72B25FDB329724BC7403370BB4AEF734163D364AC6D03B102FBF97184840","mhjfbmdgcfjbbpaeojofohoefgiehjai":"B2E99439E40761FA2CDE70C8421A4441615D53E7AA5E0EA27BD276D44EECC2BE","nbpagnldghgfoolbancepceaanlmhfmd":"767D9387D8133CF241C919DD90AA130D635550D2BDF406951BEF293A014FBAC6","neajdppkdcdipfabeoofebfddakdcjhd":"0E93B80D90261B793B62C328B664E04BD56E798C46686540B4F6A6A2D114C51E","nkeimhogjdpnpccoofpliimaahmaaome":"47850A64FD6714B41F4606A32E59D476F292F2E7B9485411CE70977C6635902F","nmmhkkegccagdldgiimedpiccmgmieda":"EC32D34B7C4E14FEB8862C57801C032EC96583A90DF3222F4ADE602EEA856C51","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"8E540F3D795FC5CC330F4D3837C02E5F55DCA822DD8E81C2E22DA9B3155AE5C2","pjkljhegncpnkpknbcohdijeoejaedia":"611AC8DCC70124D55CBF902DF99E3F587F81849D47411FA3FECA17E029819568"}},"google":{"services":{"account_id":"3AEBC3F3DAFBC37049E9DB36E2B87F9BEEEC0DDCF656D00CE5511F9AB4C0F62D","last_username":"226FB1362E9754764BCF59512C48155D89B65C5E0FD0808D75F332663F2F1B4E","username":"A73B1D726069B3E6FA05538CFF5A30AD3A2434E1A28256C2720D9A74AE9FC5EA"}},"homepage":"43A5D67D8269F2DCB48F67DB35592BDFA2D1B4440F52234FA8C80BA5BD28EE4F","homepage_is_newtabpage":"D5CB1CD1D43CA1B38C09D55FA6073B2BD5C9B426E544A470753DA451DD9E0A7F","pinned_tabs":"9F87EEDA32BBAA920662A4FFF657F6AD122203A26A245BD93BF6AE9F390A44BA","prefs":{"preference_reset_time":"445F94AAC3EE389A2FEE8030C82FBA9BE6B065230BE64586F7705E3B1AE69C16"},"profile":{"reset_prompt_memento":"D4F686AF76173E4382AE13D46D21FD12704EEDDAFE3F994EBA0A52D4762C98B7"},"safebrowsing":{"incidents_sent":"EB51E2759A023C54902B5B960C0AE1ECD031DFD4883E9CADC842E81F3C137562"},"search_provider_overrides":"F56D263D3BE25CBDA7518B87FC1E92732257867810BF686109BFCB5501271077","session":{"restore_on_startup":"15E7632E0B886E4B59337314A09198732E4E5CC876366135C07658487BF3D330","startup_urls":"91594A9260B1183A8F1249B79EE562E757A0AAA6F54C0EA41440AEDDCBFFA707"},"software_reporter":{"prompt_reason":"683DA0FA3CEE00839EC879974FDAC114B75848D09CCDC2E5352591FBD8C59C38","prompt_seed":"595A331058331138D4730811717BD6E34138CF200FB66F157726F5CE737B8F9D","prompt_version":"5704AC01363ABB25498956F46164DA94C0DF27B61373984BAEB507EB543704C5"},"sync":{"remaining_rollback_tries":"532568AEA4422BFA5033E42D16D28D3775386A605D86DC002B19B3C1C5F48EB1"}},"super_mac":"90B055F7F8DBF877D9B6FDFEB40E43C831E9A5172054495F7AF4B47DB1BB3912"},"session":{"restore_on_startup":4,"startup_urls":["http://www.cnn.com/"]},"sync":{"remaining_rollback_tries":0}}
 
 
==== Chromium Fix ======================
 
C:\Users\DAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.saveur.com_0.localstorage deleted successfully
C:\Users\DAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.saveur.com_0.localstorage-journal deleted successfully
C:\Users\DAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\DAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Users\DAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adservices.picadmedia.com_0.localstorage deleted successfully
C:\Users\DAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adservices.picadmedia.com_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.cnn.com/"
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.cnn.com/"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{04C92BF0-CDEA-450E-AA04-BABD5EBC67AD}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
 
==== Empty IE Cache ======================
 
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\DAN\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\DAN\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\DAN\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\DAN\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\DAN\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
No Flash Cache Found
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=25 folders=15 40764646 bytes)
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp successfully emptied
C:\Users\DAN\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Wed 08/12/2015 at 14:39:44.79 ======================
 
 


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,394 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:11 PM

Posted 12 August 2015 - 02:35 PM

Thank you, can you update me on your computer behavior?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,394 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:11 PM

Posted 15 August 2015 - 01:48 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#6 danielzink

danielzink
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 15 August 2015 - 03:04 PM

I wanted to give it a couple days for the computer to settle in.

 

Seems to be running well.

 

Thanks again !



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,394 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:11 PM

Posted 15 August 2015 - 03:09 PM

Great, although I would like to do a couple more things if you don't mind.

===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Smart Scan (recommended)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Copy and paste the contents of the report in your reply
  • Note: If you receive an error report saying there are too many emoticons simply attach the file instead
  • Close the program then click Close
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double click the icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message attempt to run the program in Safe Mode
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Emsisoft report (if applicable)
  • Security Check log
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#8 danielzink

danielzink
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:11 PM

Posted 16 August 2015 - 08:26 AM

Emsisoft Emergency Kit - Version 10.0
Last update: 8/16/2015 9:14:03 AM
User account: DAN-PC\DAN
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 8/16/2015 9:16:10 AM
 
Scanned 80113
Found 0
 
Scan end: 8/16/2015 9:22:02 AM
Scan time: 0:05:52
 
 
 

 Results of screen317's Security Check version 1.007  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
ESET Smart Security 8.0   
Windows Defender          
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 51  
 Google Chrome (44.0.2403.130) 
 Google Chrome (44.0.2403.155) 
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,394 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:11 PM

Posted 16 August 2015 - 08:57 AM

That looks perfect. I think we are all done now.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and you may delete any programs or logs on your computer as a result of our efforts. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder. For everything else you simply delete the log files or desktop icons.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:I will leave this topic open for just a brief period of time in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,394 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:11 PM

Posted 17 August 2015 - 09:03 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users