Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Homepage and search engine keep getting changed to SafeFinder


  • This topic is locked This topic is locked
12 replies to this topic

#1 herairness

herairness

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:33 PM

Posted 30 August 2015 - 03:28 AM

Hello, 

I think I have what Google calls the safefinder malware, which unfortunately I must have caught from some torrent file. On every Chrome start up the search engine in the omnibox is changed to safe finder, the homepage goes here: http://search.safefinder.com/?st=dn&q= and no matter how many times I change the settings of Google Chrome, this happens. I checked for unusual extensions, but there were none, I also ran Malwarebytes AntiMalware, which claimed it found some such infections and cleaned them, I even reset the Chrome to its default on install settings and the problem went away for a few days just to return today. I have not done anything differently, but both the Windows Defender and AntiMalware again popped up with notifications for found infections. I am attaching the Fastbar files below Attached File  FRST.txt   82.88KB   3 downloads. Attached File  Addition.txt   51.88KB   3 downloadsThanks in advance

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-08-2015
Ran by Adelina (administrator) on ADELINA-PC (30-08-2015 11:25:04)
Running from D:\downloads
Loaded Profiles: Adelina (Available Profiles: Adelina & Classic .NET AppPool & .NET v4.5 & DefaultAppPool & .NET v2.0 & .NET v4.5 Classic & .NET v2.0 Classic)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\Users\Adelina\AppData\Local\Hexjoyway.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nalserv.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe
() C:\ProgramData\VIVACOM 3G USB Modem\OnlineUpdate\ouc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\ProgramData\Saophase\Saophase.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Users\Adelina\AppData\Local\Viber\Viber.exe
() C:\Program Files (x86)\charismathics\smart security interface 4.7\CSPregtool.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MsmqIntCert] => "C:\Windows\System32\regsvr32.exe" /s "C:\Windows\System32\mqrt.dll"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-26] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [ACPW08EN] => C:\Program Files\ACD Systems\ACDSee Pro\8.0\acdIDInTouch2.exe [1813776 2014-12-23] (ACD Systems)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3350760 2015-08-03] (ELAN Microelectronics Corp.)
HKLM\...\Run: [gpuminer] => C:\Users\Adelina\AppData\Roaming\cpuminer\sgminer\sgminer.cmd
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478752 2012-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7805120 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7805120 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-2451370901-3886492748-2073544077-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-2451370901-3886492748-2073544077-1001\...\Run: [OneDrive] => C:\Users\Adelina\AppData\Local\Microsoft\OneDrive\OneDrive.exe [404064 2015-08-19] (Microsoft Corporation)
HKU\S-1-5-21-2451370901-3886492748-2073544077-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
HKU\S-1-5-21-2451370901-3886492748-2073544077-1001\...\Run: [Viber] => C:\Users\Adelina\AppData\Local\Viber\Viber.exe [72389840 2015-08-12] ()
HKU\S-1-5-21-2451370901-3886492748-2073544077-1001\...\RunOnce: [Uninstall C:\Users\Adelina\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Adelina\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-2451370901-3886492748-2073544077-1001\...\RunOnce: [Uninstall C:\Users\Adelina\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Adelina\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
AppInit_DLLs: C:\ProgramData\Saophase\VoyaQuotrax.dll => C:\ProgramData\Saophase\VoyaQuotrax.dll [212992 2015-08-30] ()
AppInit_DLLs-x32: C:\ProgramData\Saophase\TipWarm.dll => C:\ProgramData\Saophase\TipWarm.dll [194560 2015-08-30] ()
Startup: C:\Users\Adelina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-06-19]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\smart security registration status.lnk [2015-06-26]
ShortcutTarget: smart security registration status.lnk -> C:\Program Files (x86)\charismathics\smart security interface 4.7\CSPregtool.exe ()
GroupPolicyScripts: Group Policy detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-21-2451370901-3886492748-2073544077-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJkwtp-q9K2X2toPGKwXv-PhaEEtcaCBl80T55Ef8NfSWPNKsxDBJDKGga3OBa6HEIsebrrclcahedRUexOkUKUlmNDgBE3PCdSaNEuqeogyrpovD2C6r7Ur5zsh0AAcqwMvKXZoEvy32Rchrpds5jPQZdLd&q={searchTerms}
HKU\S-1-5-21-2451370901-3886492748-2073544077-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJkwtp-q9K2X2toPGKwXv-PhaEEtcaCBl80T55Ef8NfSWPNKsxDBJDKGga3OBa6HEIsebrrclcahedhFXOV756w1FNeRkCU_ETmYeoiYi1bvRYblSUNeZCWB1nueqHL5YS7Z6igoZkUq49EqxpVFARjKD5En
HKU\S-1-5-21-2451370901-3886492748-2073544077-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2451370901-3886492748-2073544077-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJkwtp-q9K2X2toPGKwXv-PhaEEtcaCBl80T55Ef8NfSWPNKsxDBJDKGga3OBa6HEIsebrrclcahedRUexOkUKUlmNDgBE3PCdSaNEuqeogyrpovD2C6r7Ur5zsh0AAcqwMvKXZoEvy32Rchrpds5jPQZdLd&q={searchTerms}
HKU\S-1-5-21-2451370901-3886492748-2073544077-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJkwtp-q9K2X2toPGKwXv-PhaEEtcaCBl80T55Ef8NfSWPNKsxDBJDKGga3OBa6HEIsebrrclcahedRUexOkUKUlmNDgBE3PCdSaNEuqeogyrpovD2C6r7Ur5zsh0AAcqwMvKXZoEvy32Rchrpds5jPQZdLd&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = 
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJkwtp-q9K2X2toPGKwXv-PhaEEtcaCBl80T55Ef8NfSWPNKsxDBJDKGga3OBa6HEIsebrrclcahedRUexOkUKUlmNDgBE3PCdSaNEuqeogyrpovD2C6r7Ur5zsh0AAcqwMvKXZoEvy32Rchrpds5jPQZdLd&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2451370901-3886492748-2073544077-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJkwtp-q9K2X2toPGKwXv-PhaEEtcaCBl80T55Ef8NfSWPNKsxDBJDKGga3OBa6HEIsebrrclcahedRUexOkUKUlmNDgBE3PCdSaNEuqeogyrpovD2C6r7Ur5zsh0AAcqwMvKXZoEvy32Rchrpds5jPQZdLd&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2451370901-3886492748-2073544077-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzJkwtp-q9K2X2toPGKwXv-PhaEEtcaCBl80T55Ef8NfSWPNKsxDBJDKGga3OBa6HEIsebrrclcahedRUexOkUKUlmNDgBE3PCdSaNEuqeogyrpovD2C6r7Ur5zsh0AAcqwMvKXZoEvy32Rchrpds5jPQZdLd&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-12] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-12] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
DPF: HKLM-x32 {167248DA-0F88-4DE1-B4B1-45176751026D} hxxps://aixbs.b-trust.org/wl-dl/bs/client_test2/js/renew/CertManX.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{01095125-0f95-479b-b34d-fa1d4a7013e7}: [NameServer] 192.168.1.1
Tcpip\..\Interfaces\{01095125-0f95-479b-b34d-fa1d4a7013e7}: [DhcpNameServer] 192.168.15.1
Tcpip\..\Interfaces\{c19dd269-7b12-42fe-9158-7176ce20ffc7}: [NameServer]  
Tcpip\..\Interfaces\{fe0df479-8690-4fed-9eec-24b06c6e6b1b}: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\Adelina\AppData\Roaming\Mozilla\Firefox\Profiles\8e1s8bzy.default
FF Homepage: C:\ProgramData\Saophases\ff.HP
FF NewTab: C:\ProgramData\Saophases\ff.NT
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1218158.dll [2015-05-07] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-27] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-27] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)
FF SearchPlugin: C:\Users\Adelina\AppData\Roaming\Mozilla\Firefox\Profiles\8e1s8bzy.default\searchplugins\findit.xml [2015-08-30]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-06-19]
FF Extension: No Name - C:\Users\Adelina\AppData\Roaming\Mozilla\Firefox\Profiles\8e1s8bzy.default\extensions\defsearchp@gmail.com [not found]
FF Extension: No Name - C:\Users\Adelina\AppData\Roaming\Mozilla\Firefox\Profiles\8e1s8bzy.default\extensions\deskCutv2@gmail.com [not found]
FF Extension: No Name - C:\Users\Adelina\AppData\Roaming\Mozilla\Firefox\Profiles\8e1s8bzy.default\extensions\389579c4-efa9-4d96-a1dd-3c86f7bd1a51@gmail.com [not found]
FF Extension: No Name - C:\Users\Adelina\AppData\Roaming\Mozilla\Firefox\Profiles\8e1s8bzy.default\extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com [not found]
 
Chrome: 
=======
CHR Profile: C:\Users\Adelina\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Gismeteo) - C:\Users\Adelina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfegaehidkkcfaikpaijcdahnpikhobf [2015-08-22]
CHR Extension: (X-notifier (for Gmail™,Hotmail,Yahoo,AOL...)) - C:\Users\Adelina\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfjbkbddpfnoplfhceolpopfoepleco [2015-08-23]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Adelina\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2015-08-22]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Adelina\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-06-20]
CHR Extension: (AdBlock) - C:\Users\Adelina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-08-22]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Adelina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-08-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Adelina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-20]
CHR Extension: (#ДАНСwithme) - C:\Users\Adelina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmcpmmnecclemnhobkplkgpjjddgnkej [2015-08-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Adelina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-20]
CHR Extension: (Manchester United Theme) - C:\Users\Adelina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogoeecgobgdjamgilalnpacolbpaeabe [2015-08-24]
CHR HKLM-x32\...\Chrome\Extension: [dnligehkhogpcngalffdoomehjcbecna] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM-x32\...\Chrome\Extension: [gehmndecgbcffhmfjkenpamdgechcgpe] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [326144 2015-07-10] (Microsoft Corporation)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2015-07-30] (Microsoft Corporation)
S3 CDPSvc; C:\Windows\System32\CDPSvc.dll [134144 2015-07-10] (Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\Windows\system32\coremessaging.dll [808856 2015-07-30] (Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\Windows\SysWOW64\coremessaging.dll [510976 2015-07-30] (Microsoft Corporation)
S3 diagnosticshub.standardcollector.service; C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [27136 2015-07-10] (Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
S3 DmEnrollmentSvc; C:\Windows\system32\Windows.Internal.Management.dll [267776 2015-07-10] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\Windows\SysWOW64\Windows.Internal.Management.dll [193024 2015-07-10] (Microsoft Corporation)
R2 dnwnloadupdate; C:\Users\Adelina\AppData\Local\Hexjoyway.exe [47616 2015-08-22] () [File not signed]
S3 DsRoleSvc; C:\Windows\system32\dsrolesrv.dll [288256 2015-07-30] (Microsoft Corporation)
S3 embeddedmode; C:\Windows\System32\embeddedmodesvc.dll [87040 2015-07-10] (Microsoft Corporation)
S3 EntAppSvc; C:\Windows\system32\EnterpriseAppMgmtSvc.dll [275456 2015-07-10] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [147688 2015-08-03] (ELAN Microelectronics Corp.)
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [394752 2015-07-30] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-26] (NVIDIA Corporation)
R2 HvHost; C:\Windows\System32\hvhostsvc.dll [57344 2015-07-30] (Microsoft Corporation)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [131312 2015-03-19] (Intel Corporation)
S3 icssvc; C:\Windows\System32\tetheringservice.dll [148992 2015-08-11] (Microsoft Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-18] (Intel Corporation)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [16896 2015-07-30] (Microsoft Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 iprip; C:\Windows\System32\iprip.dll [35328 2015-07-30] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-27] (Intel Corporation)
R3 lfsvc; C:\Windows\SysWOW64\lfsvc.dll [22528 2015-07-10] (Microsoft Corporation)
R3 LicenseManager; C:\Windows\system32\LicenseManagerSvc.dll [21504 2015-07-10] (Microsoft Corporation)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [48640 2015-07-30] (Microsoft Corporation)
S2 MapsBroker; C:\Windows\System32\moshost.dll [62464 2015-07-10] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-07-30] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [164864 2015-07-30] (Microsoft Corporation)
R2 NalServ; C:\Windows\SysWOW64\nalserv.exe [147056 2014-11-07] (Nalpeiron Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1868432 2015-06-26] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5541008 2015-06-26] (NVIDIA Corporation)
S2 OneSyncSvc; C:\Windows\System32\APHostService.dll [296960 2015-07-10] (Microsoft Corporation)
R2 OneSyncSvc_Session6; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R2 OneSyncSvc_Session6; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc; C:\Windows\System32\PimIndexMaintenance.dll [289280 2015-07-10] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc_Session6; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc_Session6; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 RetailDemo; C:\Windows\system32\RDXService.dll [996352 2015-08-11] (Microsoft Corporation)
R2 Saophase; C:\ProgramData\Saophase\Saophase.exe [33792 2015-08-27] () [File not signed]
S3 SensorDataService; C:\Windows\System32\SensorDataService.exe [1031680 2015-07-30] (Microsoft Corporation)
R2 simptcp; C:\Windows\SysWOW64\tcpsvcs.exe [10752 2015-07-10] (Microsoft Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [51712 2015-07-30] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [46080 2015-07-30] (Microsoft Corporation)
R3 StateRepository; C:\Windows\system32\windows.staterepository.dll [2674176 2015-07-10] (Microsoft Corporation)
R3 StateRepository; C:\Windows\SysWOW64\windows.staterepository.dll [2049024 2015-07-10] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH)
S3 UnistoreSvc; C:\Windows\System32\unistore.dll [1203200 2015-07-30] (Microsoft Corporation)
S3 UnistoreSvc; C:\Windows\SysWOW64\unistore.dll [925696 2015-07-30] (Microsoft Corporation)
R3 UnistoreSvc_Session6; C:\WINDOWS\System32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R3 UnistoreSvc_Session6; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 UserDataSvc; C:\Windows\System32\userdataservice.dll [1420288 2015-07-30] (Microsoft Corporation)
S3 UserDataSvc_Session6; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
S3 UserDataSvc_Session6; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S2 VIVACOM 3G USB Modem. RunOuc; C:\Program Files (x86)\VIVACOM 3G USB Modem\UpdateDog\ouc.exe [655712 2015-06-24] ()
S3 vmicvmsession; C:\Windows\System32\ICSvc.dll [506880 2015-07-10] (Microsoft Corporation)
R2 vmms; C:\Windows\system32\vmms.exe [12911104 2015-08-11] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-07-30] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-07-30] (Microsoft Corporation)
S3 WalletService; C:\Windows\system32\WalletService.dll [504320 2015-07-10] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [12288 2015-07-30] (Microsoft Corporation)
S3 XblAuthManager; C:\Windows\System32\XblAuthManager.dll [918016 2015-07-10] (Microsoft Corporation)
S3 XblGameSave; C:\Windows\System32\XblGameSave.dll [1149440 2015-07-10] (Microsoft Corporation)
S3 XboxNetApiSvc; C:\Windows\system32\XboxNetApiSvc.dll [1019392 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 A38CCID; C:\Windows\system32\DRIVERS\a38ccid.sys [72208 2015-07-10] (Advanced Card Systems Ltd.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [100776 2015-07-14] (ASUS Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
R3 CompositeBus; C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys [39936 2015-07-10] (Microsoft Corporation)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-06-19] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3436896 2015-07-10] (QLogic Corporation)
R1 FileCrypt; C:\Windows\System32\drivers\filecrypt.sys [83968 2015-07-10] (Microsoft Corporation)
S3 genericusbfn; C:\Windows\System32\drivers\genericusbfn.sys [20992 2015-07-10] (Microsoft Corporation)
R1 GpuEnergyDrv; C:\Windows\System32\drivers\gpuenergydrv.sys [8192 2015-07-10] (Microsoft Corporation)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-08-22] ()
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [39248 2012-11-22] (Paragon Software Group)
R1 hvservice; C:\Windows\System32\drivers\hvservice.sys [70496 2015-07-30] (Microsoft Corporation)
S3 ibbus; C:\Windows\System32\drivers\ibbus.sys [424800 2015-07-10] (Mellanox)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [253680 2015-03-20] (Intel Corporation)
S3 IoQos; C:\Windows\System32\drivers\ioqos.sys [26624 2015-07-10] (Microsoft Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
S0 LSI_SAS3i; C:\Windows\System32\drivers\lsi_sas3i.sys [99168 2015-07-10] (Avago Technologies)
S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [20992 2015-07-30] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-27] (Intel Corporation)
S3 mlx4_bus; C:\Windows\System32\drivers\mlx4_bus.sys [705376 2015-07-10] (Mellanox)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175104 2015-07-30] (Microsoft Corporation)
S3 ndfltr; C:\Windows\System32\drivers\ndfltr.sys [76128 2015-07-10] (Mellanox)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3497240 2015-03-23] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-26] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46768 2015-05-19] (NVIDIA Corporation)
S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [22528 2015-07-30] (Microsoft Corporation)
S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [49152 2015-07-30] (Microsoft Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-07-07] (Realtek                                            )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
R2 storqosflt; C:\Windows\System32\drivers\storqosflt.sys [61952 2015-07-10] (Microsoft Corporation)
R3 swenum; C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys [17760 2015-07-10] (Microsoft Corporation)
R3 Synth3dVsp; C:\Windows\System32\drivers\synth3dvsp.sys [101888 2015-07-30] (Microsoft Corporation)
S3 UcmCx0101; C:\Windows\System32\Drivers\UcmCx.sys [61952 2015-07-10] (Microsoft Corporation)
S3 UcmUcsi; C:\Windows\System32\drivers\UcmUcsi.sys [46080 2015-07-30] (Microsoft Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R1 UimBus; C:\Windows\System32\drivers\uimx64.sys [90960 2012-11-22] (Windows ® 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2012-11-22] (Paragon)
S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [26112 2015-07-30] (Microsoft Corporation)
R2 VMSP; C:\Windows\System32\drivers\vmswitch.sys [882688 2015-07-30] (Microsoft Corporation)
S3 VMSVSF; C:\Windows\System32\drivers\vmswitch.sys [882688 2015-07-30] (Microsoft Corporation)
S3 VMSVSP; C:\Windows\System32\drivers\vmswitch.sys [882688 2015-07-30] (Microsoft Corporation)
R0 WindowsTrustedRT; C:\Windows\System32\drivers\WindowsTrustedRT.sys [106520 2015-07-10] (Microsoft Corporation)
R0 WindowsTrustedRTProxy; C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys [17944 2015-07-10] (Microsoft Corporation)
S3 WinMad; C:\Windows\System32\drivers\winmad.sys [26976 2015-07-10] (Mellanox)
S3 WinNat; C:\Windows\System32\drivers\winnat.sys [347648 2015-07-30] (Microsoft Corporation)
S3 WinVerbs; C:\Windows\System32\drivers\winverbs.sys [59232 2015-07-10] (Mellanox)
S3 xboxgip; C:\Windows\System32\drivers\xboxgip.sys [222720 2015-07-10] (Microsoft Corporation)
S3 xinputhid; C:\Windows\System32\drivers\xinputhid.sys [25600 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-30 11:13 - 2015-08-30 11:25 - 00000000 ____D C:\FRST
2015-08-30 11:03 - 2015-08-30 11:03 - 00016148 _____ C:\WINDOWS\system32\ADELINA-PC_Adelina_HistoryPrediction.bin
2015-08-30 10:31 - 2015-08-30 11:04 - 00000000 ____D C:\Users\Adelina\AppData\Roaming\ViberPC
2015-08-30 10:31 - 2015-08-30 10:57 - 00001119 _____ C:\Users\Adelina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk
2015-08-30 10:31 - 2015-08-30 10:57 - 00001111 _____ C:\Users\Adelina\Desktop\Viber.lnk
2015-08-30 10:31 - 2015-08-30 10:57 - 00000000 ____D C:\Users\Adelina\AppData\Local\Viber
2015-08-30 00:54 - 2015-08-30 00:54 - 00002377 _____ C:\WINDOWS\SysWOW64\findit.xml
2015-08-30 00:54 - 2015-08-30 00:54 - 00000000 ____D C:\ProgramData\Saophases
2015-08-30 00:54 - 2015-08-30 00:54 - 00000000 ____D C:\ProgramData\Saophase
2015-08-30 00:53 - 2015-08-30 00:53 - 04241742 _____ (Bycatch) C:\Program Files\Common Files\gtygijx1.exe
2015-08-30 00:38 - 2015-08-30 00:38 - 00003208 _____ C:\WINDOWS\System32\Tasks\kvxef4nc
2015-08-30 00:38 - 2015-08-30 00:38 - 00000000 ____D C:\Program Files\Common Files\yxqf1xvg
2015-08-29 11:13 - 2015-08-20 09:07 - 08019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-29 11:13 - 2015-08-20 09:06 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-08-29 11:13 - 2015-08-20 09:02 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-08-29 11:13 - 2015-08-20 08:57 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-08-29 11:13 - 2015-08-20 08:26 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-08-29 11:13 - 2015-08-20 08:21 - 21875200 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-08-29 11:13 - 2015-08-20 08:21 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-08-29 11:13 - 2015-08-20 08:16 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-08-29 11:13 - 2015-08-20 08:13 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-29 11:13 - 2015-08-20 08:09 - 00929280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-08-29 11:13 - 2015-08-20 07:31 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-08-29 11:13 - 2015-08-18 10:56 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-29 11:13 - 2015-08-18 10:55 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-08-29 11:13 - 2015-08-18 10:54 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-08-29 11:13 - 2015-08-18 10:27 - 01771592 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-08-29 11:13 - 2015-08-18 10:24 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-08-29 11:13 - 2015-08-18 10:13 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-08-29 11:13 - 2015-08-18 10:13 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-08-29 11:13 - 2015-08-18 10:12 - 02225664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-08-29 11:13 - 2015-08-18 10:07 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-08-29 11:13 - 2015-08-18 10:04 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-08-29 11:13 - 2015-08-18 10:04 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-08-29 11:13 - 2015-08-18 09:59 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-08-29 11:13 - 2015-08-18 09:59 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-08-29 11:13 - 2015-08-18 09:58 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-08-29 11:13 - 2015-08-18 09:58 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-08-29 11:13 - 2015-08-18 09:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-08-29 11:13 - 2015-08-18 09:58 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-08-29 11:13 - 2015-08-18 09:57 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-08-29 11:13 - 2015-08-18 09:56 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-08-29 11:13 - 2015-08-18 09:55 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-08-29 11:13 - 2015-08-18 09:54 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-08-29 11:13 - 2015-08-18 09:54 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-08-29 11:13 - 2015-08-18 09:52 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-08-29 11:13 - 2015-08-18 09:50 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-08-29 11:13 - 2015-08-18 09:49 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-08-29 11:13 - 2015-08-18 09:49 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2015-08-29 11:13 - 2015-08-18 09:49 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-08-29 11:13 - 2015-08-18 09:36 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2015-08-29 11:13 - 2015-08-18 09:35 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2015-08-29 11:13 - 2015-08-18 09:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2015-08-29 11:13 - 2015-08-18 09:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2015-08-29 11:13 - 2015-08-18 09:29 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-08-29 11:13 - 2015-08-18 09:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2015-08-29 11:13 - 2015-08-18 07:44 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList
2015-08-27 20:49 - 2015-08-29 23:15 - 00002643 _____ C:\WINDOWS\setupact.log
2015-08-27 20:49 - 2015-08-27 20:49 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-08-27 18:56 - 2015-08-27 18:56 - 00000000 ____D C:\Users\Adelina\AppData\Local\Globalscape
2015-08-27 18:56 - 2015-08-27 18:56 - 00000000 ____D C:\ProgramData\Globalscape
2015-08-27 18:55 - 2015-08-27 18:55 - 00002060 _____ C:\Users\Public\Desktop\CuteFTP 9.lnk
2015-08-27 18:55 - 2015-08-27 18:55 - 00000000 ____D C:\Users\Adelina\AppData\Roaming\Globalscape
2015-08-27 18:55 - 2015-08-27 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Globalscape
2015-08-27 18:55 - 2015-08-27 18:55 - 00000000 ____D C:\Program Files (x86)\Globalscape
2015-08-24 12:42 - 2015-08-24 12:42 - 00003208 _____ C:\WINDOWS\System32\Tasks\vpotswtp
2015-08-24 12:42 - 2015-08-24 12:42 - 00000000 ____D C:\Program Files\Common Files\ddhzic1r
2015-08-24 11:52 - 2015-08-24 11:52 - 03702878 _____ (E-Tech) C:\Program Files\Common Files\u0dtloe1.exe
2015-08-24 11:37 - 2015-08-24 11:37 - 00003208 _____ C:\WINDOWS\System32\Tasks\t1xd0lqc
2015-08-24 11:37 - 2015-08-24 11:37 - 00000000 ____D C:\Program Files\Common Files\x3iia4ma
2015-08-23 13:15 - 2015-08-23 13:15 - 00003320 _____ C:\WINDOWS\System32\Tasks\doynload
2015-08-22 22:57 - 2015-08-22 22:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2015-08-22 22:56 - 2015-08-22 22:56 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2015-08-22 22:48 - 2015-08-22 22:48 - 00011390 _____ C:\WINDOWS\system32\.crusader
2015-08-22 22:44 - 2015-08-22 22:49 - 00043664 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-08-22 22:43 - 2015-08-22 22:48 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-22 22:30 - 2015-08-22 22:30 - 00001180 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-22 22:05 - 2015-08-30 11:03 - 00001026 _____ C:\WINDOWS\Tasks\tHuOnHcusr9M.job
2015-08-22 22:05 - 2015-08-30 11:03 - 00001016 _____ C:\WINDOWS\Tasks\dVHsU88.job
2015-08-22 22:05 - 2015-08-29 16:30 - 00047780 _____ C:\WINDOWS\PFRO.log
2015-08-22 22:05 - 2015-08-22 22:05 - 00004156 _____ C:\WINDOWS\System32\Tasks\tHuOnHcusr9M
2015-08-22 22:05 - 2015-08-22 22:05 - 00004136 _____ C:\WINDOWS\System32\Tasks\dVHsU88
2015-08-22 22:04 - 2015-08-22 22:12 - 00000000 ____D C:\Users\Adelina\AppData\Roaming\Opera Software
2015-08-22 22:04 - 2015-08-22 22:12 - 00000000 ____D C:\Users\Adelina\AppData\Local\Opera Software
2015-08-22 22:04 - 2015-08-22 22:04 - 00000000 _____ C:\WINDOWS\prleth.sys
2015-08-22 22:04 - 2015-08-22 22:04 - 00000000 _____ C:\WINDOWS\hgfs.sys
2015-08-22 22:04 - 2013-08-22 16:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-08-22 22:03 - 2015-08-22 22:36 - 00000000 ____D C:\Program Files\igfx32
2015-08-22 22:03 - 2015-08-22 22:12 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-22 22:03 - 2015-08-22 22:06 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-22 22:03 - 2015-08-22 22:03 - 00047616 _____ C:\Users\Adelina\AppData\Local\Hexjoyway.exe
2015-08-22 16:52 - 2015-08-26 21:57 - 00000000 ____D C:\Users\Adelina\AppData\Roaming\CDisplayEx
2015-08-22 16:46 - 2015-08-22 16:46 - 00000882 _____ C:\Users\Adelina\Desktop\CDisplayEx.lnk
2015-08-22 16:46 - 2015-08-22 16:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplayEx
2015-08-22 16:46 - 2015-08-22 16:46 - 00000000 ____D C:\Program Files\CDisplayEx
2015-08-19 23:23 - 2015-08-13 07:33 - 24593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-19 23:23 - 2015-08-13 07:22 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-08-19 23:23 - 2015-08-13 07:20 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-08-19 23:23 - 2015-08-13 07:07 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-19 23:23 - 2015-08-13 06:53 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-08-19 23:23 - 2015-08-11 13:04 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-08-19 23:23 - 2015-08-11 13:04 - 02462648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-08-19 23:23 - 2015-08-11 13:04 - 01087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-08-19 23:23 - 2015-08-11 13:03 - 00442208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2015-08-19 23:23 - 2015-08-11 13:02 - 00554744 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-08-19 23:23 - 2015-08-11 13:02 - 00292856 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2015-08-19 23:23 - 2015-08-11 13:02 - 00080720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2015-08-19 23:23 - 2015-08-11 12:57 - 03622256 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-19 23:23 - 2015-08-11 12:52 - 00993104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2015-08-19 23:23 - 2015-08-11 12:50 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-08-19 23:23 - 2015-08-11 12:40 - 04048808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-08-19 23:23 - 2015-08-11 12:40 - 02151208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-08-19 23:23 - 2015-08-11 12:40 - 00918320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-08-19 23:23 - 2015-08-11 12:38 - 00454000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-08-19 23:23 - 2015-08-11 12:37 - 00243800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2015-08-19 23:23 - 2015-08-11 12:31 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-19 23:23 - 2015-08-11 12:27 - 12911104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmms.exe
2015-08-19 23:23 - 2015-08-11 12:26 - 00845664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2015-08-19 23:23 - 2015-08-11 12:23 - 16706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-19 23:23 - 2015-08-11 12:21 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-08-19 23:23 - 2015-08-11 12:21 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-08-19 23:23 - 2015-08-11 12:20 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-08-19 23:23 - 2015-08-11 12:19 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2015-08-19 23:23 - 2015-08-11 12:18 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-08-19 23:23 - 2015-08-11 12:16 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-08-19 23:23 - 2015-08-11 12:14 - 00404480 _____ C:\WINDOWS\system32\diagtrack_wininternal.dll
2015-08-19 23:23 - 2015-08-11 12:13 - 00413184 _____ C:\WINDOWS\system32\diagtrack_win.dll
2015-08-19 23:23 - 2015-08-11 12:11 - 02446336 _____ C:\WINDOWS\system32\InputService.dll
2015-08-19 23:23 - 2015-08-11 12:11 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2015-08-19 23:23 - 2015-08-11 12:10 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-08-19 23:23 - 2015-08-11 12:10 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-19 23:23 - 2015-08-11 12:10 - 00293376 _____ C:\WINDOWS\system32\TextInputFramework.dll
2015-08-19 23:23 - 2015-08-11 12:09 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2015-08-19 23:23 - 2015-08-11 12:08 - 00893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2015-08-19 23:23 - 2015-08-11 12:08 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-08-19 23:23 - 2015-08-11 12:07 - 01178112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-08-19 23:23 - 2015-08-11 12:07 - 00593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-08-19 23:23 - 2015-08-11 12:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2015-08-19 23:23 - 2015-08-11 12:06 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-08-19 23:23 - 2015-08-11 12:06 - 02662400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-08-19 23:23 - 2015-08-11 12:05 - 03527168 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-08-19 23:23 - 2015-08-11 12:05 - 00996352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-08-19 23:23 - 2015-08-11 12:05 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-08-19 23:23 - 2015-08-11 12:05 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-08-19 23:23 - 2015-08-11 12:05 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPermissions.dll
2015-08-19 23:23 - 2015-08-11 12:05 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2015-08-19 23:23 - 2015-08-11 12:03 - 02558976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-08-19 23:23 - 2015-08-11 12:02 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-08-19 23:23 - 2015-08-11 12:02 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-08-19 23:23 - 2015-08-11 12:02 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-08-19 23:23 - 2015-08-11 12:01 - 01334784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-08-19 23:23 - 2015-08-11 12:00 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-08-19 23:23 - 2015-08-11 12:00 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-08-19 23:23 - 2015-08-11 11:59 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-19 23:23 - 2015-08-11 11:59 - 00642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2015-08-19 23:23 - 2015-08-11 11:59 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2015-08-19 23:23 - 2015-08-11 11:59 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2015-08-19 23:23 - 2015-08-11 11:58 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-08-19 23:23 - 2015-08-11 11:57 - 13024768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-19 23:23 - 2015-08-11 11:57 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-08-19 23:23 - 2015-08-11 11:51 - 01916928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-08-19 23:23 - 2015-08-11 11:51 - 01823232 _____ C:\WINDOWS\SysWOW64\InputService.dll
2015-08-19 23:23 - 2015-08-11 11:50 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2015-08-19 23:23 - 2015-08-11 11:50 - 00200704 _____ C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-08-19 23:23 - 2015-08-11 11:50 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-08-19 23:23 - 2015-08-11 11:49 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-08-19 23:23 - 2015-08-11 11:49 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-19 23:23 - 2015-08-11 11:48 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2015-08-19 23:23 - 2015-08-11 11:47 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-08-19 23:23 - 2015-08-11 11:45 - 01820672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-08-19 23:23 - 2015-08-11 11:43 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-08-19 23:23 - 2015-08-11 11:42 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-08-19 23:23 - 2015-08-11 11:40 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-08-19 23:23 - 2015-08-11 11:40 - 01112064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-08-19 23:23 - 2015-08-11 11:39 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-08-19 23:23 - 2015-08-11 11:38 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
2015-08-16 10:12 - 2015-08-16 10:12 - 00000000 ____D C:\Users\Adelina\AppData\Local\speech
2015-08-14 22:09 - 2015-08-30 11:13 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-14 11:25 - 2015-08-28 22:36 - 00000000 ____D C:\Program Files\CCleaner
2015-08-14 11:25 - 2015-08-14 11:25 - 00002864 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-08-14 11:25 - 2015-08-14 11:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-08-14 10:41 - 2015-08-14 10:41 - 00001109 _____ C:\Users\Adelina\Desktop\WinDirStat.lnk
2015-08-14 10:41 - 2015-08-14 10:41 - 00000000 ____D C:\Users\Adelina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2015-08-14 10:41 - 2015-08-14 10:41 - 00000000 ____D C:\Program Files (x86)\WinDirStat
2015-08-14 00:49 - 2015-08-07 14:07 - 42840184 _____ C:\WINDOWS\system32\nvcompiler.dll
2015-08-14 00:49 - 2015-08-07 14:07 - 37819184 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-08-14 00:49 - 2015-08-07 14:07 - 22551672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-08-14 00:49 - 2015-08-07 14:07 - 18564728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-08-14 00:49 - 2015-08-07 14:07 - 17926480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-08-14 00:49 - 2015-08-07 14:07 - 16638896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-08-14 00:49 - 2015-08-07 14:07 - 15627520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-08-14 00:49 - 2015-08-07 14:07 - 15328296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-08-14 00:49 - 2015-08-07 14:07 - 14935968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-08-14 00:49 - 2015-08-07 14:07 - 13663424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-08-14 00:49 - 2015-08-07 14:07 - 12609072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-08-14 00:49 - 2015-08-07 14:07 - 12186176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-08-14 00:49 - 2015-08-07 14:07 - 02352248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-08-14 00:49 - 2015-08-07 14:07 - 02104440 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-08-14 00:49 - 2015-08-07 14:07 - 01898288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6435560.dll
2015-08-14 00:49 - 2015-08-07 14:07 - 01558832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6435560.dll
2015-08-14 00:49 - 2015-08-07 14:07 - 01063032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-08-14 00:49 - 2015-08-07 14:07 - 01061168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-08-14 00:49 - 2015-08-07 14:07 - 00985392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-08-14 00:49 - 2015-08-07 14:07 - 00931960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-08-14 00:49 - 2015-08-07 14:07 - 00787200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2015-08-14 00:49 - 2015-08-07 14:07 - 00632848 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2015-08-14 00:49 - 2015-08-07 14:07 - 00408184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-08-14 00:49 - 2015-08-07 14:07 - 00387536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-08-14 00:49 - 2015-08-07 14:07 - 00364152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-08-14 00:49 - 2015-08-07 14:07 - 00316120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-08-14 00:49 - 2015-08-07 14:07 - 00176904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-08-14 00:49 - 2015-08-07 14:07 - 00155792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-08-12 11:12 - 2015-08-12 11:12 - 00000000 ____D C:\WINDOWS\PCHEALTH
2015-08-12 10:56 - 2015-08-12 10:56 - 00000000 _____ C:\WINDOWS\system32\REN37F.tmp
2015-08-12 10:15 - 2015-08-08 10:29 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-12 10:15 - 2015-08-08 10:19 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-08-12 10:15 - 2015-08-08 10:01 - 01533496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-12 10:15 - 2015-08-08 09:48 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-08-12 10:15 - 2015-08-08 09:40 - 00365056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-12 10:15 - 2015-08-08 09:24 - 02415104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-12 10:15 - 2015-08-08 09:24 - 01679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-12 10:15 - 2015-08-08 09:15 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-12 10:15 - 2015-08-08 09:00 - 01985024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-12 10:15 - 2015-08-06 06:17 - 00237392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2015-08-12 10:15 - 2015-08-06 06:17 - 00200528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2015-08-12 10:15 - 2015-08-06 05:22 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2015-08-12 10:15 - 2015-08-05 07:49 - 00783112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-08-12 10:15 - 2015-08-05 07:29 - 00644128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-08-12 10:15 - 2015-08-05 07:00 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2015-08-12 10:15 - 2015-08-05 06:54 - 01274880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-08-12 10:15 - 2015-08-05 06:47 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-08-12 10:15 - 2015-08-05 06:39 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
2015-08-12 10:15 - 2015-08-04 07:07 - 00102752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-12 10:15 - 2015-08-04 07:06 - 00583128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-08-12 10:15 - 2015-08-04 07:06 - 00243248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-08-12 10:15 - 2015-08-04 06:23 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2015-08-12 10:15 - 2015-08-04 05:59 - 01212416 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-08-12 10:15 - 2015-08-04 05:47 - 00898560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-08-12 10:15 - 2015-08-03 05:32 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2015-08-12 10:15 - 2015-08-03 05:28 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2015-08-12 10:15 - 2015-08-03 05:19 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-08-12 10:15 - 2015-08-03 05:19 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-08-12 10:15 - 2015-08-03 05:18 - 08613200 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2015-08-12 10:15 - 2015-08-03 05:18 - 01983840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-08-12 10:15 - 2015-08-03 05:18 - 00594472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2015-08-12 10:15 - 2015-08-03 05:18 - 00046432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpiowin32.sys
2015-08-12 10:15 - 2015-08-03 05:17 - 00516960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-08-12 10:15 - 2015-08-03 05:17 - 00052264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2015-08-12 10:15 - 2015-08-03 05:12 - 00801632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-08-12 10:15 - 2015-08-03 04:56 - 06878256 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2015-08-12 10:15 - 2015-08-03 04:49 - 00700256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-08-12 10:15 - 2015-08-03 04:31 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-08-12 10:15 - 2015-08-03 04:30 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_UserAccount.dll
2015-08-12 10:15 - 2015-08-03 04:24 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-08-12 10:15 - 2015-08-03 04:24 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-08-12 10:15 - 2015-08-03 04:24 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModelShim.dll
2015-08-12 10:15 - 2015-08-03 04:23 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2015-08-12 10:15 - 2015-08-03 04:22 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-08-12 10:15 - 2015-08-03 04:22 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-08-12 10:15 - 2015-08-03 04:22 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-08-12 10:15 - 2015-08-03 04:21 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2015-08-12 10:15 - 2015-08-03 04:19 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-12 10:15 - 2015-08-03 04:19 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-12 10:15 - 2015-08-03 04:18 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-12 10:15 - 2015-08-03 04:18 - 03780096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-08-12 10:15 - 2015-08-03 04:18 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-08-12 10:15 - 2015-08-03 04:18 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkStatus.dll
2015-08-12 10:15 - 2015-08-03 04:15 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-08-12 10:15 - 2015-08-03 04:15 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-08-12 10:15 - 2015-08-03 04:15 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2015-08-12 10:15 - 2015-08-03 04:15 - 00384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-08-12 10:15 - 2015-08-03 04:15 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2015-08-12 10:15 - 2015-08-03 04:14 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-08-12 10:15 - 2015-08-03 04:12 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-08-12 10:15 - 2015-08-03 04:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2015-08-12 10:15 - 2015-08-03 04:11 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2015-08-12 10:15 - 2015-08-03 04:10 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-08-12 10:15 - 2015-08-03 04:06 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-12 10:15 - 2015-08-03 04:03 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-08-12 10:15 - 2015-08-03 04:02 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2015-08-12 10:15 - 2015-08-03 04:02 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-08-12 10:15 - 2015-08-03 04:01 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-12 10:15 - 2015-08-03 03:59 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2015-08-10 10:10 - 2015-08-30 11:03 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2015-08-10 09:59 - 2015-08-10 09:59 - 00065456 _____ C:\WINDOWS\system32\ASGCoInstaller_x64.dll
2015-08-10 09:59 - 2015-08-10 09:59 - 00003628 _____ C:\WINDOWS\System32\Tasks\ASUS Smart Gesture Launcher
2015-08-05 20:59 - 2015-07-30 09:24 - 01561872 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-08-05 20:59 - 2015-07-30 09:23 - 00527952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-08-05 20:59 - 2015-07-30 09:21 - 00816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-08-05 20:59 - 2015-07-30 09:17 - 01200400 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-08-05 20:59 - 2015-07-30 09:17 - 01025840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-08-05 20:59 - 2015-07-30 09:16 - 02147080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2015-08-05 20:59 - 2015-07-30 09:15 - 00632168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2015-08-05 20:59 - 2015-07-30 09:14 - 00333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-08-05 20:59 - 2015-07-30 09:09 - 01562968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-08-05 20:59 - 2015-07-30 09:06 - 01043872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-08-05 20:59 - 2015-07-30 09:05 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-08-05 20:59 - 2015-07-30 09:03 - 02116448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-08-05 20:59 - 2015-07-30 08:24 - 00252768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-08-05 20:59 - 2015-07-30 07:29 - 00705520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-08-05 20:59 - 2015-07-30 07:26 - 01867160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2015-08-05 20:59 - 2015-07-30 07:26 - 00877016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-08-05 20:59 - 2015-07-30 07:25 - 01356368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-08-05 20:59 - 2015-07-30 07:25 - 00713312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-08-05 20:59 - 2015-07-30 07:24 - 00445240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-08-05 20:59 - 2015-07-30 07:24 - 00407616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-08-05 20:59 - 2015-07-30 07:24 - 00285632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-08-05 20:59 - 2015-07-30 07:22 - 00896144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-08-05 20:59 - 2015-07-30 07:22 - 00507696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2015-08-05 20:59 - 2015-07-30 07:12 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-08-05 20:59 - 2015-07-30 07:12 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-08-05 20:59 - 2015-07-30 07:09 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-08-05 20:59 - 2015-07-30 07:08 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-08-05 20:59 - 2015-07-30 07:08 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2015-08-05 20:59 - 2015-07-30 06:59 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-08-05 20:59 - 2015-07-30 06:52 - 00521216 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-08-05 20:59 - 2015-07-30 06:52 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2015-08-05 20:59 - 2015-07-30 06:49 - 11557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-08-05 20:59 - 2015-07-30 06:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-08-05 20:59 - 2015-07-30 06:46 - 00487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-08-05 20:59 - 2015-07-30 06:46 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-08-05 20:59 - 2015-07-30 06:45 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2015-08-05 20:59 - 2015-07-30 06:45 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-08-05 20:59 - 2015-07-30 06:44 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-08-05 20:59 - 2015-07-30 06:44 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-08-05 20:59 - 2015-07-30 06:44 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-08-05 20:59 - 2015-07-30 06:44 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-08-05 20:59 - 2015-07-30 06:44 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\VoiceActivationManager.dll
2015-08-05 20:59 - 2015-07-30 06:42 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-08-05 20:59 - 2015-07-30 06:41 - 00407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-08-05 20:59 - 2015-07-30 06:41 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2015-08-05 20:59 - 2015-07-30 06:40 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-08-05 20:59 - 2015-07-30 06:38 - 01420288 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-08-05 20:59 - 2015-07-30 06:38 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2015-08-05 20:59 - 2015-07-30 06:34 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-08-05 20:59 - 2015-07-30 06:29 - 00654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-08-05 20:59 - 2015-07-30 06:15 - 09889792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-08-05 20:59 - 2015-07-30 06:07 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2015-08-05 20:59 - 2015-07-30 06:06 - 00373248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-08-05 20:59 - 2015-07-30 06:06 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2015-08-05 20:59 - 2015-07-30 06:06 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VoiceActivationManager.dll
2015-08-05 20:59 - 2015-07-30 06:04 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-08-05 20:59 - 2015-07-30 06:04 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2015-08-05 20:59 - 2015-07-30 05:59 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2015-08-05 20:59 - 2015-07-30 05:58 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-08-03 11:40 - 2015-08-03 11:40 - 01731816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01009.dll
2015-08-03 11:40 - 2015-08-03 11:40 - 00477784 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\system32\Drivers\ETD.sys
2015-08-03 11:40 - 2015-08-03 11:40 - 00081640 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\system32\ETDCoInstaller.dll
2015-08-03 11:40 - 2015-08-03 11:40 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ETD_01009.Wdf
2015-08-03 11:40 - 2015-08-03 11:40 - 00000000 ____D C:\Program Files\Elantech
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-30 11:24 - 2015-06-20 13:03 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-30 11:03 - 2015-07-29 17:44 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-08-30 11:03 - 2015-06-20 13:03 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-30 10:40 - 2015-07-10 14:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-30 10:31 - 2015-06-19 10:45 - 00000000 ____D C:\Users\Adelina\AppData\Roaming\Skype
2015-08-30 10:28 - 2015-07-10 14:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-30 10:23 - 2015-06-20 00:46 - 00000000 ____D C:\Users\Adelina\AppData\Local\Packages
2015-08-30 00:54 - 2015-07-03 11:19 - 00001243 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-29 19:57 - 2015-07-10 14:04 - 00000000 ____D C:\WINDOWS\rescache
2015-08-29 16:37 - 2015-07-29 17:45 - 01069082 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-29 16:33 - 2015-07-10 14:04 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-08-29 16:31 - 2015-07-10 15:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-29 16:30 - 2015-07-10 14:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-08-29 16:30 - 2015-07-10 14:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-29 16:30 - 2015-07-10 12:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-08-29 12:00 - 2015-06-19 10:04 - 00003544 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2015-08-29 12:00 - 2015-06-19 10:04 - 00003534 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2015-08-29 11:17 - 2015-07-10 13:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-28 09:19 - 2015-06-20 13:03 - 00003986 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-28 09:19 - 2015-06-20 13:03 - 00003754 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-27 19:01 - 2015-06-19 13:17 - 00000000 ____D C:\Users\Adelina\AppData\Roaming\qBittorrent
2015-08-27 18:55 - 2015-06-19 09:58 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-25 21:33 - 2015-07-10 14:04 - 00000000 ____D C:\WINDOWS\tracing
2015-08-25 21:33 - 2015-07-10 14:04 - 00000000 ____D C:\WINDOWS\security
2015-08-25 21:32 - 2015-06-20 16:25 - 00000000 ___DO C:\Users\Adelina\OneDrive
2015-08-24 13:09 - 2015-06-19 13:16 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-22 22:57 - 2015-06-19 13:11 - 00000000 ____D C:\Program Files (x86)\qBittorrent
2015-08-22 22:56 - 2015-07-29 17:46 - 00000000 ____D C:\Users\DefaultAppPool
2015-08-22 22:36 - 2015-07-10 14:04 - 00000000 ____D C:\WINDOWS\Web
2015-08-22 22:30 - 2015-06-19 13:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-22 22:30 - 2015-06-19 13:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-22 22:11 - 2015-06-19 13:05 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-08-22 22:05 - 2015-07-29 17:46 - 00000000 ___RD C:\Users\Adelina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-22 22:05 - 2015-06-20 19:14 - 00000000 ____D C:\Users\Adelina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-22 22:05 - 2015-06-20 13:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-22 22:05 - 2015-06-19 11:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Hard Disk Manager™ 12 Professional
2015-08-21 13:10 - 2015-07-10 14:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-08-20 23:47 - 2015-07-29 17:46 - 00000000 ____D C:\Users\Adelina
2015-08-20 21:05 - 2015-06-21 16:51 - 00000000 ____D C:\Users\Adelina\Documents\The Witcher 3
2015-08-19 23:23 - 2015-07-29 17:57 - 00002388 _____ C:\Users\Adelina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-08-18 20:03 - 2015-06-19 10:45 - 00000000 ____D C:\ProgramData\Skype
2015-08-15 01:23 - 2015-07-10 15:20 - 00349632 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-14 11:49 - 2015-07-29 17:55 - 00000000 ____D C:\Users\Adelina\AppData\Local\Comms
2015-08-14 11:35 - 2015-07-09 23:24 - 00000000 ____D C:\Users\Adelina\AppData\Roaming\TeamViewer
2015-08-14 11:35 - 2015-06-20 21:46 - 00000000 ____D C:\Users\Adelina\AppData\Roaming\Notepad++
2015-08-14 11:35 - 2015-06-19 13:14 - 00000000 ____D C:\Users\Adelina\AppData\Roaming\DAEMON Tools Lite
2015-08-14 00:50 - 2015-07-29 17:44 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-08-14 00:50 - 2015-07-29 17:44 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-12 13:41 - 2015-07-03 11:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-12 13:41 - 2015-06-19 10:37 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 13:41 - 2015-06-19 10:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-12 13:40 - 2015-07-10 14:04 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-12 13:40 - 2015-07-10 14:04 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-12 11:18 - 2015-06-19 13:17 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-08-12 11:17 - 2015-06-19 13:16 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-12 11:17 - 2015-06-19 10:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 11:16 - 2015-06-19 10:39 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-12 11:12 - 2015-06-19 10:39 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-12 11:12 - 2013-08-22 16:25 - 00000167 _____ C:\WINDOWS\win.ini
2015-08-12 11:07 - 2015-06-19 14:02 - 00005228 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for Adelina-PC-Adelina Adelina-PC
2015-08-12 10:57 - 2015-06-19 13:10 - 00000000 ____D C:\ProgramData\Oracle
2015-08-12 10:56 - 2015-06-26 19:09 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-08-12 10:56 - 2015-06-26 19:08 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-12 10:50 - 2015-06-19 13:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-11 22:52 - 2015-07-13 20:45 - 11174544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-08-10 10:09 - 2015-07-10 14:04 - 00000000 ____D C:\WINDOWS\Provisioning
2015-08-10 09:59 - 2015-07-29 17:43 - 00000000 ____D C:\ProgramData\SetupTPDriver
2015-08-10 09:59 - 2015-07-29 17:43 - 00000000 ____D C:\Program Files (x86)\ASUS
2015-08-10 09:59 - 2015-06-19 10:01 - 00000000 ____D C:\Program Files\DIFX
2015-08-08 18:38 - 2015-07-10 14:06 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-08 18:38 - 2015-07-10 14:06 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-07 20:51 - 2015-07-10 14:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-07 14:07 - 2015-07-29 20:03 - 03059856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-08-07 14:07 - 2015-07-13 20:45 - 03462776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-08-07 14:07 - 2015-07-13 20:45 - 00034100 _____ C:\WINDOWS\system32\nvinfo.pb
2015-08-07 07:27 - 2015-07-29 17:44 - 06883632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-08-07 07:27 - 2015-07-29 17:44 - 03491960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-08-07 07:27 - 2015-07-29 17:44 - 02558768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-08-07 07:27 - 2015-07-29 17:44 - 01060984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-08-07 07:27 - 2015-07-29 17:44 - 00937776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-08-07 07:27 - 2015-07-29 17:44 - 00385144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-08-07 07:27 - 2015-07-29 17:44 - 00074872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-08-07 07:27 - 2015-07-29 17:44 - 00062584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-08-04 03:29 - 2015-07-10 14:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-08-03 17:10 - 2015-06-20 21:13 - 00000000 ____D C:\Users\Adelina\AppData\Local\Battle.net
2015-08-03 12:22 - 2015-07-29 17:44 - 05133709 _____ C:\WINDOWS\system32\nvcoproc.bin
 
==================== Files in the root of some directories =======
 
2015-08-30 00:53 - 2015-08-30 00:53 - 4241742 _____ (Bycatch) C:\Program Files\Common Files\gtygijx1.exe
2015-08-24 11:52 - 2015-08-24 11:52 - 3702878 _____ (E-Tech) C:\Program Files\Common Files\u0dtloe1.exe
2015-04-19 15:20 - 2015-04-19 15:20 - 0005872 _____ () C:\Users\Adelina\AppData\Roaming\dVHsU88
2015-04-14 19:28 - 2015-04-14 19:28 - 0004387 _____ () C:\Users\Adelina\AppData\Roaming\tHuOnHcusr9M
2015-06-26 18:05 - 2015-06-26 18:05 - 0001456 _____ () C:\Users\Adelina\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-08-22 22:03 - 2015-08-22 22:03 - 0047616 _____ () C:\Users\Adelina\AppData\Local\Hexjoyway.exe
2015-08-22 22:03 - 2015-08-22 22:03 - 0000187 _____ () C:\Users\Adelina\AppData\Local\Hexjoyway.exe.config
2015-07-29 17:43 - 2015-07-29 17:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Adelina\AppData\Local\Temp\amisetup7198__13312.exe
C:\Users\Adelina\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-28 18:33
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:29-08-2015
Ran by Adelina (2015-08-30 11:14:52)
Running from D:\downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Adelina (S-1-5-21-2451370901-3886492748-2073544077-1001 - Administrator - Enabled) => C:\Users\Adelina
Administrator (S-1-5-21-2451370901-3886492748-2073544077-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2451370901-3886492748-2073544077-503 - Limited - Disabled)
Guest (S-1-5-21-2451370901-3886492748-2073544077-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2451370901-3886492748-2073544077-1004 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ACDSee Pro 8 (64-bit) (HKLM\...\{F84CE839-8CDD-4DC1-9A05-FA93BEA8B63D}) (Version: 8.1.0.270 - ACD Systems International Inc.)
ACS Unified PC/SC Driver 4.0.0.3 (HKLM\...\{6AEC7919-9E41-4075-95C2-E6FEAD8BDEA3}) (Version: 4.0.3 - Advanced Card Systems Ltd.)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.01 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014.2.2 (HKLM-x32\...\Adobe Photoshop CC 2014.2.2) (Version:  - )
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.8.158 - Adobe Systems, Inc.)
Aegisub 3.2.2 (HKLM\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.2.2 - Aegisub Team)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.5 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0036 - ASUS)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
B-Trust Digital Signature (HKLM-x32\...\B-Trust Digital Signature_is1) (Version: 6.7 - BORICA - BANKSERVICE)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version:  - Progdigy Software S.A.R.L.)
CSSI 4.7 - user edition (HKLM-x32\...\{AC989F5D-3A3D-4B12-ADBE-4587A7B52B3D}) (Version: 4.6 - Charismathics GmbH)
CuteFTP 9 (HKLM-x32\...\{89B9E358-75C6-4C6B-BD38-803FF156CC4B}) (Version: 9.0.0 - Globalscape)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
ELAN Touchpad 15.8.4.3_X64_WHQL (HKLM\...\Elantech) (Version: 15.8.4.3 - ELAN Microelectronic Corp.)
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
HSTE (HKU\S-1-5-21-2451370901-3886492748-2073544077-1001\...\c98d6af01024d48f) (Version: 1.19.5627.52184 - HSTE)
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{5AE8ACA2-420B-4196-A8E0-20E8EB274E0F}) (Version: 17.1.1512.0771 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{6535d76a-59fb-4935-b2c5-cd61917c4a4b}) (Version: 17.16.0 - Intel Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Language Pack 2013  - Bulgarian/български (HKLM\...\Office15.OMUI.bg-bg) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 2.0 SP3 Runtime (HKLM-x32\...\{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}) (Version: 2.0.5050.0 - Microsoft Corp.)
Mozilla Firefox 40.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0 (x86 en-US)) (Version: 40.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.9.2 - Notepad++ Team)
NVIDIA GeForce Experience 2.4.5.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.60 - NVIDIA Corporation)
NVIDIA Graphics Driver 355.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.60 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Open XML SDK 2.0 for Microsoft Office (HKLM-x32\...\{171D8D76-3F05-455A-A8AF-C561C2679905}) (Version: 2.0.5022 - Microsoft Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Paragon Hard Disk Manager™ 12 Professional (HKLM-x32\...\{1E104AF0-EA49-11DE-AC07-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Poedit (HKLM-x32\...\{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1) (Version: 1.8.1 - Vaclav Slavik)
POLYGLOT 7 (HKLM-x32\...\POLYGLOT 7_is1) (Version: 7.00 - Перфект Софтуер)
Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version:  - Daum Kakao Corp.)
qBittorrent 3.2.3 (HKLM-x32\...\qBittorrent) (Version: 3.2.3 - The qBittorrent project)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.21243 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.33.529.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Russian Phonetic YaWert - WinRus.com (HKLM\...\{3A414249-4B92-422C-904C-5FA6FF525AB1}) (Version: 1.0.3.40 - personal)
SDL Passolo Essential 2011 SP6 (HKLM-x32\...\{627163CD-8116-4982-9AC1-8C6DE4A499A0}) (Version: 11.6.0.0 - SDL)
SDL Trados 2011 SP2 - Remove suite of products (HKLM-x32\...\TranslationStudio2011) (Version: 2.2.3001 - SDL)
SDL Trados 2014 - Remove suite of products (HKLM-x32\...\TranslationStudio2014) (Version: 3.0.3636 - SDL)
SDL Trados Legacy Compatibility Module for Studio 2014 (HKLM-x32\...\{7F8F4AF6-0CE2-46E9-BA14-C55F19968926}) (Version: 2.1.128 - SDL)
SDL Trados Studio 2011 SP2 (HKLM-x32\...\{7205B6D1-2975-4DDC-85D4-30AECFBFC138}) (Version: 2.2.3001 - SDL)
SDL Trados Studio 2014 (HKLM-x32\...\{44167752-7D08-4A49-8800-B2AE31A91A2D}) (Version: 3.0.3636 - SDL)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0100-0402-1000-0000000FF1CE}_Office15.OMUI.bg-bg_{E6AC9F53-3FB8-4F43-B4F7-DE7074BBAEBE}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.60 - NVIDIA Corporation) Hidden
Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43174 - TeamViewer)
The Witcher 3 - Wild Hunt (HKLM-x32\...\The Witcher 3 - Wild Hunt_is1) (Version:  - )
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0402-1000-0000000FF1CE}_Office15.OMUI.bg-bg_{2EBC8C86-1EEE-43C1-BA61-1A7C1C66158C}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
Viber (HKU\S-1-5-21-2451370901-3886492748-2073544077-1001\...\Viber) (Version: 5.2.0.2546 - Viber Media Inc)
VIVACOM 3G USB Modem (HKLM-x32\...\VIVACOM 3G USB Modem) (Version: 21.005.22.07.738 - Huawei Technologies Co.,Ltd)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinDirStat 1.1.2 (HKU\S-1-5-21-2451370901-3886492748-2073544077-1001\...\WinDirStat) (Version:  - )
Windows Driver Package - Advanced Card Systems Ltd. Unified PC/SC Driver (04/28/2014 4.0.0.3) (HKLM\...\93940FA97C72E37603FB86A9848274A67D3D8E2A) (Version: 04/28/2014 4.0.0.3 - Advanced Card Systems Ltd.)
Windows Driver Package - ASUS (ATP) Mouse  (06/17/2015 1.0.0.262) (HKLM\...\14588A15B66655338DBCC021FFA81E31DC281859) (Version: 06/17/2015 1.0.0.262 - ASUS)
Windows Driver Package - ASUS (ATP) Mouse  (07/02/2014 1.0.0.228) (HKLM\...\7504488B89E0121B0737D63957491C9CD2633065) (Version: 07/02/2014 1.0.0.228 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Декларация Обр.1 и 6 (HKLM-x32\...\{65CE3464-B22F-4B0F-A160-AEF937E0D8D4}) (Version: 7.05 - НАП)
Средства проверки правописания Microsoft Office 2013 — русский (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2451370901-3886492748-2073544077-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2451370901-3886492748-2073544077-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Adelina\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2451370901-3886492748-2073544077-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Adelina\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2451370901-3886492748-2073544077-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Adelina\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2451370901-3886492748-2073544077-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Adelina\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2451370901-3886492748-2073544077-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Adelina\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2451370901-3886492748-2073544077-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Adelina\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2451370901-3886492748-2073544077-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Adelina\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2451370901-3886492748-2073544077-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Adelina\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2451370901-3886492748-2073544077-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Adelina\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2451370901-3886492748-2073544077-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Adelina\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 16:25 - 2013-08-22 16:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00EEBA9C-F9EF-4272-B793-C830FBADD359} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation)
Task: {0CCA7916-2916-4F12-BD32-1E3BE31E1269} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation)
Task: {158BBB68-7054-47E4-B853-7B4DE79E3E1E} - \Microsoft\Windows\Setup\GWXTriggers\Time-3xd -> No File <==== ATTENTION
Task: {19865544-CE08-40BE-8B8C-87C47681433D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {1B05AC6A-034B-4A0D-AB6A-E1A6734162E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-20] (Google Inc.)
Task: {1ED9535C-717A-4BED-989A-53254347CFF1} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()
Task: {225F3975-8682-4362-8B77-A14EEA683227} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {245852CD-8F08-4C75-BAF3-D364E00E1222} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Adelina-PC-Adelina Adelina-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-06-26] (Microsoft Corporation)
Task: {27E2B589-7274-4C60-BE31-2A17AC430425} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.)
Task: {29AC1E27-F3F6-4D20-800D-BBDF27106BF7} - System32\Tasks\t1xd0lqc => C:\Program Files\Common Files\x3iia4ma\900f5jp02fbv4.exe [2015-08-18] ()
Task: {305FEE4F-4870-4CDA-91DE-433408050D72} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {360CDECD-2FF2-49FA-9863-9D41DE6AD7A2} - System32\Tasks\tHuOnHcusr9M => C:\Users\Adelina\AppData\Roaming\tHuOnHcusr9M.exe <==== ATTENTION
Task: {3AE42BF2-CC7A-42BB-AB5D-D763EFBB704B} - System32\Tasks\vpotswtp => C:\Program Files\Common Files\ddhzic1r\32d00zuyqqley.exe [2015-08-18] ()
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW
Task: {41160EA0-208B-4C3E-B4DB-805BBABC6B93} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-07-10] (Microsoft Corporation)
Task: {430E7DAF-8669-4893-AD1E-79142AF1F245} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {538C9BDE-14A4-4533-9457-4CCEF43BFFFC} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-06-24] (Realtek Semiconductor)
Task: {5E06D9CD-EF3A-4960-A794-77810B068588} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {66B90142-1789-48C2-92FA-57F190F66B0C} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-06-24] (Realtek Semiconductor)
Task: {6A8C3354-8BD6-4CFA-B011-425F7A09AF6A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {73551810-E5F4-433E-9494-0D00B55C855E} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask
Task: {78B77FA3-9D97-441D-97B6-68CEA40B4F74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance
Task: {7C4DDA78-2CFE-4941-9191-B32D50952485} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {811DA080-A6E3-403B-981C-A9234F3EA8D1} - System32\Tasks\doynload => C:\WINDOWS\system32\config\systemprofile\AppData\Local\Zath
Task: {84A695FA-632C-42B6-BE68-9B9809BAC8F8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {86ECED9B-6441-49A1-9A05-EDA75ED084C4} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-07-28] (AsusTek)
Task: {8DF84CB3-D8E0-4307-A35B-CA74E21786DB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-07-30] (Microsoft Corporation)
Task: {9AF83631-E1CB-453F-92E2-0DB43C38DB1F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {A5B6CD85-1B57-49B9-BA80-5D5D65F02826} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
Task: {A996D7FA-6BAC-439A-A1F5-EB9A64FEF136} - System32\Tasks\kvxef4nc => C:\Program Files\Common Files\yxqf1xvg\d40b2jdlapnkv.exe [2015-08-18] ()
Task: {ACE0348C-0D70-4AFB-A6A1-BA1413F7F2F9} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-27] (ASUSTek Computer Inc.)
Task: {C40579ED-02FE-4A95-90B7-BD96EFB6450C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C56AFFD3-06B8-4A16-AF7E-F7A6EB3FAE9E} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {C7A236B2-12E1-46DC-9501-3B1B0209CC09} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation)
Task: {CD06073C-979D-42EB-AF44-D8264EFB82FD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {D146A084-78FE-43DD-9049-E91082103E3E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D46E6AF3-536D-473C-989C-A9FA7B35B46B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-12] (Microsoft Corporation)
Task: {DC09F79C-5E8F-4974-B300-7FFBD0897E57} - System32\Tasks\dVHsU88 => C:\Users\Adelina\AppData\Roaming\dVHsU88.exe <==== ATTENTION
Task: {F0578821-728A-4F45-B722-D87CDDA4CBED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-20] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\dVHsU88.job => C:\Users\Adelina\AppData\Roaming\dVHsU88.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\tHuOnHcusr9M.job => C:\Users\Adelina\AppData\Roaming\tHuOnHcusr9M.exe <==== ATTENTION
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-30 04:39 - 2015-07-30 04:39 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-19 23:23 - 2015-08-11 12:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2011-03-14 18:27 - 2011-03-14 18:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2015-08-22 22:03 - 2015-08-22 22:03 - 00047616 _____ () C:\Users\Adelina\AppData\Local\Hexjoyway.exe
2015-06-24 16:46 - 2015-06-24 16:45 - 00655712 _____ () C:\ProgramData\VIVACOM 3G USB Modem\OnlineUpdate\ouc.exe
2015-08-27 11:20 - 2015-08-27 11:20 - 00033792 _____ () C:\ProgramData\Saophase\Saophase.exe
2015-07-29 17:44 - 2015-08-07 07:27 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-08-29 11:13 - 2015-08-18 10:56 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-29 11:13 - 2015-08-18 10:56 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-05-13 18:30 - 2015-05-13 18:30 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-08-12 10:15 - 2015-08-03 04:09 - 02028544 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll
2015-07-10 14:00 - 2015-07-10 16:14 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-07-30 04:40 - 2015-07-30 04:40 - 00619008 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SignalsManager.dll
2015-07-10 13:59 - 2015-07-10 13:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-08-12 10:15 - 2015-08-03 04:11 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-08-12 10:15 - 2015-08-03 04:14 - 00882688 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2015-08-19 23:23 - 2015-08-11 11:58 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-12 10:15 - 2015-08-03 04:09 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-08-14 11:26 - 2015-08-14 11:26 - 00055576 _____ () C:\Program Files\CCleaner\branding.dll
2015-08-30 10:31 - 2015-08-12 06:48 - 72389840 _____ () C:\Users\Adelina\AppData\Local\Viber\Viber.exe
2014-08-22 11:32 - 2014-08-22 11:32 - 05025792 _____ () C:\Program Files (x86)\charismathics\smart security interface 4.7\CSPregtool.exe
2015-06-24 16:46 - 2015-06-24 16:45 - 00011362 _____ () C:\ProgramData\VIVACOM 3G USB Modem\OnlineUpdate\mingwm10.dll
2015-06-24 16:46 - 2015-06-24 16:45 - 00043008 _____ () C:\ProgramData\VIVACOM 3G USB Modem\OnlineUpdate\libgcc_s_dw2-1.dll
2015-06-24 16:46 - 2015-06-24 16:45 - 02415104 _____ () C:\ProgramData\VIVACOM 3G USB Modem\OnlineUpdate\QtCore4.dll
2015-06-24 16:46 - 2015-06-24 16:45 - 01148416 _____ () C:\ProgramData\VIVACOM 3G USB Modem\OnlineUpdate\QtNetwork4.dll
2015-06-24 16:46 - 2015-06-24 16:45 - 00843264 _____ () C:\ProgramData\VIVACOM 3G USB Modem\OnlineUpdate\QueryStrategy.dll
2015-06-24 16:46 - 2015-06-24 16:45 - 00398336 _____ () C:\ProgramData\VIVACOM 3G USB Modem\OnlineUpdate\QtXml4.dll
2015-06-19 10:00 - 2013-08-27 11:01 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-06-19 10:05 - 2015-06-26 00:17 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-08-30 10:31 - 2015-08-12 06:42 - 00089088 _____ () C:\Users\Adelina\AppData\Local\Viber\qfacebook.dll
2015-08-30 10:31 - 2015-08-12 06:42 - 00168960 _____ () C:\Users\Adelina\AppData\Local\Viber\exif.dll
2015-08-30 10:57 - 2015-07-29 08:38 - 00012288 _____ () C:\Users\Adelina\AppData\Local\Viber\QtQuick.2\qtquick2plugin.dll
2015-08-30 10:57 - 2015-07-29 08:39 - 00690176 _____ () C:\Users\Adelina\AppData\Local\Viber\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-08-30 10:57 - 2015-07-29 08:39 - 00057856 _____ () C:\Users\Adelina\AppData\Local\Viber\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-08-30 10:57 - 2015-07-29 08:38 - 00012288 _____ () C:\Users\Adelina\AppData\Local\Viber\QtQuick\Window.2\windowplugin.dll
2015-08-30 10:57 - 2015-07-29 08:41 - 00184320 _____ () C:\Users\Adelina\AppData\Local\Viber\QtMultimedia\declarative_multimedia.dll
2015-08-30 00:54 - 2015-08-30 00:54 - 00194560 _____ () C:\ProgramData\Saophase\TipWarm.dll
2015-05-13 18:31 - 2015-05-13 18:31 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-08-22 08:19 - 2015-08-18 08:23 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libglesv2.dll
2015-08-22 08:19 - 2015-08-18 08:23 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Adelina\OneDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2451370901-3886492748-2073544077-1001\...\b-trust.org -> hxxps://aixbs.b-trust.org
IE trusted site: HKU\S-1-5-21-2451370901-3886492748-2073544077-1001\...\ubb.bg -> hxxps://ebb.ubb.bg
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2451370901-3886492748-2073544077-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Adelina\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "ACPW08EN"
HKLM\...\StartupApproved\Run: => "gpuminer"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-2451370901-3886492748-2073544077-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2451370901-3886492748-2073544077-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2451370901-3886492748-2073544077-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-2451370901-3886492748-2073544077-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [ScanManagement-RCWS-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [ScanManagement-WSD-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [{FBBA7E9E-0D66-4E20-BB3F-D64FAF23A025}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{CB1DE5EE-73F2-4D43-8AC7-B34CB9FE289A}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{3DD08A07-8EBA-4A36-9F90-9CB854D02B96}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{22C3185B-F85F-4F46-8A68-669C625CD038}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{19182989-738E-4FF5-A3C8-A200D4846DA8}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{B1247311-7CE3-4FB4-99D6-E0C87C4D5E76}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{A314EF0B-3147-48B3-9614-098CC13775C5}D:\games\diablo iii\diablo iii.exe] => (Allow) D:\games\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{18E76EBD-8C48-4012-ADE3-EBB0896D7683}D:\games\diablo iii\diablo iii.exe] => (Allow) D:\games\diablo iii\diablo iii.exe
FirewallRules: [{95BF9301-FE6C-4672-9071-BB8FB37A5484}] => (Allow) D:\games\Battle.net\Battle.net.exe
FirewallRules: [{FDC1703F-D865-4052-993B-CD430505AA7A}] => (Allow) D:\games\Battle.net\Battle.net.exe
FirewallRules: [UDP Query User{96F02C4D-FFD8-40BC-94B6-9C4EC1C2481A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{693017C4-727B-4D72-B6DF-15434B9B4AFA}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{70E3C998-AB94-4B2C-AE21-EC94BE5FE294}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{CD89B167-778B-46E2-9CBB-20F2EDB83D5C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{748F9553-0662-4A0E-8F27-E61A29048FC4}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{B4E580B1-61F9-4D93-8044-016D7AE65BBA}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{7AF37271-7B73-459E-9830-9AD39C6AA93A}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{F0339C1E-E0E2-4870-BB93-9EDF6944B21D}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{3A979AAF-79D3-4CDE-B524-BBD8FB355117}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{86E1F4C6-DAA9-408C-9486-3AF8D225F20A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8A539DE4-F3D5-4CB6-BCC9-CE7EAB64574E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5405B753-3D34-4C8F-81A6-4656E1AA86A1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{AEEEA4A1-8398-49F5-A6FE-D84EE10A7ED7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{85135F9A-13BF-4B53-ADD4-D153574E6F2D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F2C2C1CA-7C38-4E3C-8919-5060DA6DCE5E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{FA9DA0B2-8F0D-4A20-8712-06337085B541}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{EC7C1D86-CC40-4809-8001-4E7D0CAD8275}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{30D61969-5C8E-4B80-9AAE-852A01EB40E7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{63FE247B-CC1D-4231-8F07-3689C5D20F3C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{4CBC5F9A-E65B-4880-B17D-2DBF3EAC06C3}D:\games\diablo iii\diablo iii.exe] => (Allow) D:\games\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{165DD7F1-A205-44B7-BFAF-B16F0CF8450A}D:\games\diablo iii\diablo iii.exe] => (Allow) D:\games\diablo iii\diablo iii.exe
FirewallRules: [{1C722C96-C10B-441C-B43B-6F49028FB885}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{84848F49-FF93-4A17-961D-38CD24FFA644}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{3192543A-A992-4658-932E-75FAB229F84A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{EB16B86A-FF92-419C-BC82-E2168B58166A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{DB216847-6732-4C21-8212-4F3E5B871EF8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5EF0BADC-9790-4803-A2D0-0F29FF925210}] => (Allow) C:\ProgramData\GuluxMecch\ogaatoi.exe
FirewallRules: [{658D3A5C-D7D8-4566-819D-7B28F5A299AE}] => (Allow) C:\ProgramData\GuluxMecch\ogaatoi.exe
FirewallRules: [{1AB1E029-77C9-49E5-B10D-C07143066255}] => (Allow) C:\ProgramData\GuluxMecch\ogaatoi.exe
FirewallRules: [{4979FB1A-3793-416E-B8D9-5B3651845C7C}] => (Allow) C:\ProgramData\GuluxMecch\ogaatoi.exe
FirewallRules: [{D11D9F8D-3751-499C-8748-2FDCC1685089}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{0638FC23-C261-43B6-8F20-8887BA4C51FF}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/30/2015 11:03:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10240.16384, time stamp: 0x559f38c5
Faulting module name: combase.dll, version: 10.0.10240.16384, time stamp: 0x559f3aac
Exception code: 0xc0000602
Fault offset: 0x0000000000118915
Faulting process id: 0x7f0
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5
 
Error: (08/30/2015 10:58:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10240.16425, time stamp: 0x55bec5f5
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10240.16431, time stamp: 0x55c9bf27
Exception code: 0xc000027b
Fault offset: 0x0000000000464bd7
Faulting process id: 0xbcc
Faulting application start time: 0xShellExperienceHost.exe0
Faulting application path: ShellExperienceHost.exe1
Faulting module path: ShellExperienceHost.exe2
Report Id: ShellExperienceHost.exe3
Faulting package full name: ShellExperienceHost.exe4
Faulting package-relative application ID: ShellExperienceHost.exe5
 
Error: (08/30/2015 10:56:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.10240.16384, time stamp: 0x559f39ae
Faulting module name: ntdll.dll, version: 10.0.10240.16430, time stamp: 0x55c59f92
Exception code: 0xc0000409
Fault offset: 0x0000000000083837
Faulting process id: 0x338
Faulting application start time: 0xSystemSettings.exe0
Faulting application path: SystemSettings.exe1
Faulting module path: SystemSettings.exe2
Report Id: SystemSettings.exe3
Faulting package full name: SystemSettings.exe4
Faulting package-relative application ID: SystemSettings.exe5
 
Error: (08/30/2015 10:37:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10240.16384, time stamp: 0x559f38c5
Faulting module name: combase.dll, version: 10.0.10240.16384, time stamp: 0x559f3aac
Exception code: 0xc0000602
Fault offset: 0x0000000000118915
Faulting process id: 0x850
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5
 
Error: (08/30/2015 10:35:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10240.16384, time stamp: 0x559f38c5
Faulting module name: combase.dll, version: 10.0.10240.16384, time stamp: 0x559f3aac
Exception code: 0xc0000602
Fault offset: 0x0000000000118915
Faulting process id: 0x2888
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5
 
Error: (08/30/2015 10:30:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10240.16425, time stamp: 0x55bec5f5
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10240.16431, time stamp: 0x55c9bf27
Exception code: 0xc000027b
Fault offset: 0x0000000000464bd7
Faulting process id: 0x18e0
Faulting application start time: 0xShellExperienceHost.exe0
Faulting application path: ShellExperienceHost.exe1
Faulting module path: ShellExperienceHost.exe2
Report Id: ShellExperienceHost.exe3
Faulting package full name: ShellExperienceHost.exe4
Faulting package-relative application ID: ShellExperienceHost.exe5
 
Error: (08/30/2015 07:00:06 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (8632) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (08/30/2015 07:00:06 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (8632) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (08/30/2015 06:59:55 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (8632) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (08/30/2015 06:59:55 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (8632) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
 
System errors:
=============
Error: (08/30/2015 11:08:39 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The User Data Access_Session6 service terminated with the following error: 
%%2160591934
 
Error: (08/30/2015 11:05:55 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The User Data Access_Session6 service terminated with the following error: 
%%2160591934
 
Error: (08/30/2015 11:05:55 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The User Data Access_Session6 service terminated with the following error: 
%%2160591934
 
Error: (08/30/2015 11:05:55 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The User Data Access_Session6 service terminated with the following error: 
%%2160591934
 
Error: (08/30/2015 11:05:55 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The User Data Access_Session6 service terminated with the following error: 
%%2160591934
 
Error: (08/30/2015 11:05:55 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The User Data Access_Session6 service terminated with the following error: 
%%2160591934
 
Error: (08/30/2015 11:05:55 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The User Data Access_Session6 service terminated with the following error: 
%%2160591934
 
Error: (08/30/2015 11:05:55 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The User Data Access_Session6 service terminated with the following error: 
%%2147746132
 
Error: (08/30/2015 11:03:46 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session5 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/30/2015 11:03:09 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The User Data Access_Session5 service terminated with the following error: 
%%2147746132
 
 
Microsoft Office:
=========================
Error: (08/30/2015 11:03:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe10.0.10240.16384559f38c5combase.dll10.0.10240.16384559f3aacc000060200000000001189157f001d0e2fa6a886946C:\WINDOWS\system32\backgroundTaskHost.exeC:\WINDOWS\system32\combase.dll54da0de3-b363-4e25-8d7d-bc80fad9f874Microsoft.WindowsAlarms_10.1508.17010.0_x64__8wekyb3d8bbweApp
 
Error: (08/30/2015 10:58:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ShellExperienceHost.exe10.0.10240.1642555bec5f5Windows.UI.Xaml.dll10.0.10240.1643155c9bf27c000027b0000000000464bd7bcc01d0e2f6cb4c272aC:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exeC:\Windows\System32\Windows.UI.Xaml.dllafdd4a03-4fa2-4a01-b343-4c56edfc9689Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewyApp
 
Error: (08/30/2015 10:56:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SystemSettings.exe10.0.10240.16384559f39aentdll.dll10.0.10240.1643055c59f92c0000409000000000008383733801d0e2f966c90422C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exeC:\WINDOWS\SYSTEM32\ntdll.dlld281142b-21bb-4e56-97c9-6e87db314d61windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewymicrosoft.windows.immersivecontrolpanel
 
Error: (08/30/2015 10:37:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe10.0.10240.16384559f38c5combase.dll10.0.10240.16384559f3aacc0000602000000000011891585001d0e2f6cb1aac1dC:\WINDOWS\system32\backgroundTaskHost.exeC:\WINDOWS\system32\combase.dllfe46b3b2-24a9-462b-b4ce-c84b30982013Microsoft.WindowsAlarms_10.1508.17010.0_x64__8wekyb3d8bbweApp
 
Error: (08/30/2015 10:35:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: backgroundTaskHost.exe10.0.10240.16384559f38c5combase.dll10.0.10240.16384559f3aacc00006020000000000118915288801d0e2f67d3d833eC:\WINDOWS\system32\backgroundTaskHost.exeC:\WINDOWS\system32\combase.dll821ba270-fb28-4eba-8f70-54de6547e8d8Microsoft.WindowsAlarms_10.1508.17010.0_x64__8wekyb3d8bbweApp
 
Error: (08/30/2015 10:30:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ShellExperienceHost.exe10.0.10240.1642555bec5f5Windows.UI.Xaml.dll10.0.10240.1643155c9bf27c000027b0000000000464bd718e001d0e28da38e3cd6C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exeC:\Windows\System32\Windows.UI.Xaml.dlldf1faf1a-7a7a-467e-895b-9fe735f8f6c2Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewyApp
 
Error: (08/30/2015 07:00:06 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost8632-1032
 
Error: (08/30/2015 07:00:06 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost8632C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
Error: (08/30/2015 06:59:55 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost8632-1032
 
Error: (08/30/2015 06:59:55 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost8632C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
 
CodeIntegrity:
===================================
  Date: 2015-08-29 19:52:10.762
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-29 19:52:10.743
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-29 16:31:00.034
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\kbdru_y.dll that did not meet the Windows signing level requirements.
 
  Date: 2015-08-27 19:13:23.719
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-27 19:13:23.653
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-27 19:13:23.443
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-27 19:13:23.373
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-27 19:11:46.563
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-27 19:11:46.485
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-27 19:11:46.389
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 34%
Total physical RAM: 12171 MB
Available physical RAM: 7942.23 MB
Total Virtual: 14027 MB
Available Virtual: 9766.07 MB
 
==================== Drives ================================
 
Drive c: (Prase) (Fixed) (Total:118.45 GB) (Free:78.19 GB) NTFS
Drive d: (Pile) (Fixed) (Total:931.51 GB) (Free:655.84 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: F3697AC5)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 5B752DF9)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=118.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=464 MB) - (Type=27)
 
==================== End of Addition.txt ============================

Edited by xXToffeeXx, 30 August 2015 - 06:00 AM.
Posted logs~


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:33 PM

Posted 30 August 2015 - 10:48 AM




Hello herairness

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

.

.

Clean Out Temp Files
  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.
.

: Malwarebytes' Anti-Malware :

.

I see that you have Malwarebytes Anti-Malware installed and that is great news and I would like to make sure we run a fresh scan after it is updated

Now lets run a scan

1. Open malwarebytes Anti-Malware
2. On the Dashboard, click the 'Update Now >>' link
3. .After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
4. If an update is available, click the Update Now button.
5. A Threat Scan will begin.
6. When the scan is complete, if there have been any detections,verify that everything has been selected (All the boxes on the left has a check mark)
**Note** If they are to many for to check, then put a check mark in the very top box and this will select them all for you.
7. click on "Remove Selected" to allow MBAM to clean what was detected.
8. In most cases, a restart will be required.
9. Wait for the prompt to restart the computer to appear, then click on Yes.

Get the report

1.After the restart once you are back at your desktop, open MBAM once more.
2.Click on the History tab at the top
3. Click on the Application Logs at the left
4.Double click on the scan log which shows the Date and time of the scan just performed.
5.Click 'Export'.
6.Click 'Text file (*.txt)'
7.In the Save File dialog box which appears, click on Desktop.
8.In the File name: box type a name for your scan log.
9.A message box named 'File Saved' should appear stating "Your file has been successfully exported".
10.Click Ok
11. Attach that saved log to your next reply.

.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 herairness

herairness
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:33 PM

Posted 30 August 2015 - 11:37 AM

Hello, Gringo!

Thanks again for the prompt reply. I did as you asked and run CCleaner, which I also have installed and use regularly btw, and then MBAM, which found quite some stuff for my amazement. Here is the log attached Attached File  MBAM log.txt   13.64KB   3 downloads, as you requested. Thanks again for helping!



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:33 PM

Posted 30 August 2015 - 01:32 PM



Hello herairness

.

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

.

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Please attach the two reports for me

JRT.txt
AdwCleaner[S0].txt


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 herairness

herairness
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:33 PM

Posted 30 August 2015 - 04:05 PM

Hello again, Gringo.

I did as you instructed and I am attaching both reports here Attached File  AdwCleanerC1.txt   1.18KB   2 downloads Attached File  JRT.txt   1.53KB   3 downloads. Thanks!



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:33 PM

Posted 30 August 2015 - 04:21 PM



Hello herairness

.
At this point I would like you to check out the computer and give me an update to how it is doing.

This feedback will let me know if we need to keep digging deeper and will also let me know if we need to go into a different direction.

I also need you to rerun FRST for me and I would also like to have the Addition.txt with it so please run it this way
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • When the tool opens click "Yes" for the disclaimer in order to continue using "FRST".
  • Under the section called "Whitelist" make sure all boxes are checked
  • Under the section called "Optional Scan" I would like you to have a check mark next to "Addition.txt"
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Note** If you cannot find where you saved "FRST" the first time then here are the links again for you.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Please attach both reports to your Next reply

.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 herairness

herairness
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:33 PM

Posted 30 August 2015 - 04:36 PM

Hi again, Gringo.

I think it is doing OK for now. No redirecting search engines and home pages so far, neither on opening new tabs or restarting the browser/computer. However, last time I thought I was rid of it it took 3-4 days for the redirecting issue to come back. That is all I can tell you, hope it helps. Also, here are the two requested reports from the tool Attached File  FRST.txt   76.68KB   1 downloads Attached File  Addition.txt   46.95KB   1 downloads



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:33 PM

Posted 30 August 2015 - 04:52 PM

Hello herairness



Now I need you to download this script that I have made for you --> Attached File  fixlist.txt   2.31KB   3 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please attach the contents of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 herairness

herairness
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:33 PM

Posted 31 August 2015 - 01:26 AM

Hello, Gringo!

I am happy to report that still no redirections in sight and after running the script the browser got quite faster, too! Here is the report from the fix Attached File  Fixlog.txt   9.44KB   2 downloads, as you requested.



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:33 PM

Posted 31 August 2015 - 07:11 AM



Hello herairness

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.

:Why we need to remove some of our tools:
  • Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
    They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

    The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
.

Please download DelFix and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click DelFix.exe.
  • select all options avalible
  • Click the Run button.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.
  • Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

    CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

    Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security awareness:

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
Strong passwords: How to create and use them Then consider a password keeper to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

As Java seems to get exploited on a daily basis I advise to disable java in your web browsers - How to disable java in your web browsers - Disable Java

Always have an Anti-virus installed - whats-the-best-antivirus-and-how-do-i-choose-one
Also use an Antimalware program - Malwarebytes Antimalware is a good choice :)
I also use an Anti-exploit program - Malwarebytes Anti-Exploit (I would at least use the free version)

.

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internetHere is some more reading for you from some of my collegesquoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 herairness

herairness
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:33 PM

Posted 31 August 2015 - 08:45 AM

Hi again, Gringo!

So far everythings is going great, so I'm really thankful for your help and quick replies on this matter. If for another 2-3 days nothing happens, then you've definately solved my problem! Also, thanks for the good reads, really useful, unfortunately I can't fully disable the Java, because a lot of online governmental services here use it, but I will try to be more cautious. 

Best regards,

herairness



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:33 PM

Posted 31 August 2015 - 09:03 AM

Thank you and you are more than welcome


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:33 PM

Posted 04 September 2015 - 05:47 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users