Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CinemaPlus-3.2cV08.9 exe and globalupdat adware cannot be uninstalled or removed


  • This topic is locked This topic is locked
17 replies to this topic

#1 nvb3r

nvb3r

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 08 September 2015 - 08:12 AM

Hi! Newbie here, I just recently encountered multiple adware viruses on my computer and I can't seem to get them removed. I'm using Windows 8.1 and only have Microsoft Defender as my anti virus. I tried to isolate and uninstall the programs that has affected my computer through the add/remove programs from the control panel as it is my first instinct to do so since its my first time being infected by this type of virus.

 

Though the random closing of my browser(Google Chrome) has stopped momentarilly, I'm afraid it might happen again.

 

The adware that affected my computer are:

mystartsearch

wajam

infigo

anyprotect

anysend

Games Desktop

 

 

Please Help

Yours truly,

Joe

 

 



BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:58 AM

Posted 08 September 2015 - 08:20 AM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Let's get going now :thumbup2:

==========================
 
Hi nvb3r,
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • FRST.txt
  • Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 nvb3r

nvb3r
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 08 September 2015 - 08:57 AM

Hi Toffee!

 

Thanks for replying, I've done what you've instructed me and here's the result. 

 

Joe

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-09-2015
Ran by JoloH (administrator) on JOLOHERMO (08-09-2015 21:34:44)
Running from C:\Users\JoloH\Downloads
Loaded Profiles: JoloH (Available Profiles: JoloH)
Platform: Windows 8.1 Single Language (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
() C:\Program Files (x86)\8834464F-1441704541-6042-B814-54A050B219AF\knsiC661.tmpfs
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\8834464F-1441704541-6042-B814-54A050B219AF\jnsoFAD5.tmp
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
() C:\Program Files (x86)\8834464F-1441704541-6042-B814-54A050B219AF\hnsa1823.tmp
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Cinema PlusV08.09) C:\Program Files (x86)\CinemaPlus-3.2cV08.09\92b053c4-4d92-4812-98cd-c85537402b1e-1-6.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Cinema PlusV08.09) C:\Program Files (x86)\CinemaPlus-3.2cV08.09\92b053c4-4d92-4812-98cd-c85537402b1e-6.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSPanel.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Cinema PlusV08.09) C:\Program Files (x86)\CinemaPlus-3.2cV08.09\92b053c4-4d92-4812-98cd-c85537402b1e-10.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2350880 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [915160 2014-05-13] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [114048 2013-10-18] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [1080992 2014-05-24] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe [63296 2014-02-25] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [gmsd_ra_005010083] => [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-02-26] (Qualcomm®Atheros®)
HKU\S-1-5-21-2180038718-1885541534-3631937290-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5B0D3F03-5D08-44DF-9BA8-473723072499}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A2AB254D-1B23-475B-985E-8BD108E2D1CD}: [DhcpNameServer] 10.106.1.253 10.106.1.254
 
Internet Explorer:
==================
HKU\S-1-5-21-2180038718-1885541534-3631937290-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130861833910654237&GUID=CB309EBC-E47E-43C9-B78A-F5BA5EC91D4E
HKU\S-1-5-21-2180038718-1885541534-3631937290-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\S-1-5-21-2180038718-1885541534-3631937290-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2180038718-1885541534-3631937290-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-09-07] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-28] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-07] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-28] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2015-09-07] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-26] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-07] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-26] (Oracle Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-09-02] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-02] (McAfee, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-09-07] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2015-09-07] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-09-02] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-02] (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1441704469&z=d270105d660601d0cf51516g7z1z5g7m8e6z5z3w0g&from=amt&uid=TOSHIBAXMQ01ABD100_646OP8WETXX646OP8WET
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-28] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-09-07] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-09-07] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2015-09-07] (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-09-08] (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-09-08] (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-08] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-06-28]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
 
Chrome: 
=======
CHR Profile: C:\Users\JoloH\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\JoloH\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-08]
CHR Extension: (Google Docs) - C:\Users\JoloH\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-08]
CHR Extension: (Google Drive) - C:\Users\JoloH\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-08]
CHR Extension: (Please enter your password) - C:\Users\JoloH\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2015-09-08]
CHR Extension: (YouTube) - C:\Users\JoloH\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-08]
CHR Extension: (Google Search) - C:\Users\JoloH\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-08]
CHR Extension: (Google Sheets) - C:\Users\JoloH\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-08]
CHR Extension: (SiteAdvisor) - C:\Users\JoloH\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-09-08]
CHR Extension: (Google Docs Offline) - C:\Users\JoloH\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-08]
CHR Extension: (AdBlock) - C:\Users\JoloH\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-09-08]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\JoloH\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\JoloH\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-08]
CHR Extension: (Gmail) - C:\Users\JoloH\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-08]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-04]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-04]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-25] (ASUS Cloud Corporation) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-02-26] (Windows ® Win 7 DDK provider) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-10-18] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116680 2013-10-18] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [126952 2013-10-18] (Intel Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-28] (WildTangent)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-09-08] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-09-08] (globalUpdate) [File not signed] <==== ATTENTION
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282072 2014-03-18] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-28] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-28] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 jimocoso; C:\Program Files (x86)\8834464F-1441704541-6042-B814-54A050B219AF\jnsoFAD5.tmp [227328 2015-09-08] () [File not signed]
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [157928 2015-09-02] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 totyseku; C:\Program Files (x86)\8834464F-1441704541-6042-B814-54A050B219AF\hnsa1823.tmp [137728 2015-09-08] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-02-26] (Atheros) [File not signed]
R2 gucucoje; C:\Program Files (x86)\8834464F-1441704541-6042-B814-54A050B219AF\knsiC661.tmpfs [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-07] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [69904 2014-04-01] (ASUS Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-26] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [289744 2013-10-18] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494296 2013-10-18] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-09-02] (McAfee, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-15] (Research In Motion Limited)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
U0 msahci; system32\drivers\msahci.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-08 21:34 - 2015-09-08 21:39 - 00023407 _____ C:\Users\JoloH\Downloads\FRST.txt
2015-09-08 21:34 - 2015-09-08 21:35 - 00000000 ____D C:\FRST
2015-09-08 21:33 - 2015-09-08 21:33 - 02190336 _____ (Farbar) C:\Users\JoloH\Downloads\FRST64.exe
2015-09-08 19:48 - 2015-09-08 19:48 - 00003242 _____ C:\Windows\System32\Tasks\runTask
2015-09-08 19:48 - 2015-09-08 19:48 - 00003146 _____ C:\Windows\System32\Tasks\updateTask
2015-09-08 19:48 - 2015-09-08 19:48 - 00000000 ____D C:\Users\JoloH\AppData\Roaming\NVIDIA
2015-09-08 18:54 - 2015-07-05 18:08 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-09-08 18:43 - 2015-09-08 19:41 - 00002581 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-08 18:43 - 2015-09-08 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-08 18:40 - 2015-09-08 20:45 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-08 18:40 - 2015-09-08 19:12 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-08 18:40 - 2015-09-08 18:40 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-08 18:40 - 2015-09-08 18:40 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-08 18:39 - 2015-09-08 18:40 - 00000000 ____D C:\Users\JoloH\AppData\Local\Deployment
2015-09-08 18:39 - 2015-09-08 18:39 - 00000000 ____D C:\Users\JoloH\AppData\Local\Apps\2.0
2015-09-08 18:38 - 2015-09-08 18:38 - 00000000 ____D C:\Program Files (x86)\predm
2015-09-08 18:34 - 2015-09-08 18:34 - 00000869 _____ C:\Users\JoloH\Desktop\Play Battlefield 3 Multi-player.lnk
2015-09-08 18:34 - 2015-09-08 18:34 - 00000829 _____ C:\Users\JoloH\Desktop\Play Battlefield 3 Single-Player.lnk
2015-09-08 18:24 - 2015-09-08 18:24 - 00003148 _____ C:\Windows\System32\Tasks\{4F2388F2-524E-4F76-B5B5-DEB0307B5DBE}
2015-09-08 18:18 - 2015-09-08 19:09 - 00000376 _____ C:\Windows\Tasks\APSnotifierPP3.job
2015-09-08 18:18 - 2015-09-08 19:09 - 00000376 _____ C:\Windows\Tasks\APSnotifierPP2.job
2015-09-08 18:18 - 2015-09-08 18:18 - 00002806 _____ C:\Windows\System32\Tasks\APSnotifierPP3
2015-09-08 18:18 - 2015-09-08 18:18 - 00002806 _____ C:\Windows\System32\Tasks\APSnotifierPP2
2015-09-08 18:17 - 2015-09-08 18:38 - 00000378 _____ C:\Windows\Tasks\APSnotifierPP1.job
2015-09-08 18:17 - 2015-09-08 18:18 - 00002808 _____ C:\Windows\System32\Tasks\APSnotifierPP1
2015-09-08 18:14 - 2015-09-08 18:14 - 00613255 _____ (CMI Limited) C:\Users\JoloH\AppData\Local\nsm837C.tmp
2015-09-08 18:14 - 2015-09-08 18:14 - 00000000 __SHD C:\Users\JoloH\AppData\Roaming\AnyProtectEx
2015-09-08 18:13 - 2015-09-08 19:11 - 00002466 _____ C:\Windows\Tasks\92b053c4-4d92-4812-98cd-c85537402b1e-5_user.job
2015-09-08 18:13 - 2015-09-08 19:11 - 00002466 _____ C:\Windows\Tasks\92b053c4-4d92-4812-98cd-c85537402b1e-5.job
2015-09-08 18:13 - 2015-09-08 19:11 - 00001046 _____ C:\Windows\Tasks\GdyuDEqUwYzIe6Tcm7vG8YUnCLZ.job
2015-09-08 18:13 - 2015-09-08 18:13 - 00005470 _____ C:\Windows\System32\Tasks\92b053c4-4d92-4812-98cd-c85537402b1e-5
2015-09-08 18:13 - 2015-09-08 18:13 - 00004056 _____ C:\Windows\System32\Tasks\GdyuDEqUwYzIe6Tcm7vG8YUnCLZ
2015-09-08 18:12 - 2015-09-08 21:12 - 00005882 _____ C:\Windows\Tasks\92b053c4-4d92-4812-98cd-c85537402b1e-6.job
2015-09-08 18:12 - 2015-09-08 21:12 - 00003158 _____ C:\Windows\Tasks\92b053c4-4d92-4812-98cd-c85537402b1e-1-6.job
2015-09-08 18:12 - 2015-09-08 19:11 - 00003494 _____ C:\Windows\Tasks\92b053c4-4d92-4812-98cd-c85537402b1e-1-7.job
2015-09-08 18:12 - 2015-09-08 18:12 - 00008886 _____ C:\Windows\System32\Tasks\92b053c4-4d92-4812-98cd-c85537402b1e-6
2015-09-08 18:12 - 2015-09-08 18:12 - 00006498 _____ C:\Windows\System32\Tasks\92b053c4-4d92-4812-98cd-c85537402b1e-1-7
2015-09-08 18:12 - 2015-09-08 18:12 - 00006162 _____ C:\Windows\System32\Tasks\92b053c4-4d92-4812-98cd-c85537402b1e-1-6
2015-09-08 18:12 - 2015-09-08 18:12 - 00003930 _____ C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-09-08 18:11 - 2015-09-08 21:11 - 00002132 _____ C:\Windows\Tasks\92b053c4-4d92-4812-98cd-c85537402b1e-10_user.job
2015-09-08 18:11 - 2015-09-08 21:11 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-09-08 18:11 - 2015-09-08 19:11 - 00005538 _____ C:\Windows\Tasks\92b053c4-4d92-4812-98cd-c85537402b1e-7.job
2015-09-08 18:11 - 2015-09-08 19:11 - 00004514 _____ C:\Windows\Tasks\92b053c4-4d92-4812-98cd-c85537402b1e-3.job
2015-09-08 18:11 - 2015-09-08 19:11 - 00000954 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-09-08 18:11 - 2015-09-08 18:17 - 00000958 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-09-08 18:11 - 2015-09-08 18:13 - 00000000 ____D C:\Program Files (x86)\CinemaPlus-3.2cV08.09
2015-09-08 18:11 - 2015-09-08 18:12 - 00008542 _____ C:\Windows\System32\Tasks\92b053c4-4d92-4812-98cd-c85537402b1e-7
2015-09-08 18:11 - 2015-09-08 18:12 - 00003694 _____ C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-09-08 18:11 - 2015-09-08 18:12 - 00000000 ____D C:\Program Files (x86)\a3a438ad-99a4-4934-9bd9-29e8bd17409e
2015-09-08 18:11 - 2015-09-08 18:11 - 00007518 _____ C:\Windows\System32\Tasks\92b053c4-4d92-4812-98cd-c85537402b1e-3
2015-09-08 18:11 - 2015-09-08 18:11 - 00000000 ____D C:\Users\JoloH\AppData\Local\globalUpdate
2015-09-08 18:11 - 2015-09-08 18:11 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-09-08 18:09 - 2015-09-08 18:09 - 00003304 _____ C:\Windows\System32\Tasks\ASP
2015-09-08 18:09 - 2015-09-08 18:09 - 00000000 ____D C:\Users\JoloH\AppData\Local\Systweak
2015-09-08 18:08 - 2015-09-08 18:17 - 00000000 ____D C:\Users\JoloH\AppData\Roaming\systweak
2015-09-08 18:08 - 2015-07-02 14:14 - 00020248 _____ () C:\Windows\system32\roboot64.exe
2015-09-08 18:06 - 2015-09-08 18:06 - 00000000 ____D C:\Users\JoloH\AppData\Local\MyBrowser
2015-09-08 18:05 - 2015-09-08 18:05 - 00000000 ____D C:\ProgramData\cWdsManProc
2015-09-08 18:01 - 2015-09-08 18:01 - 00000000 ____D C:\ProgramData\ZWdsManProZ
2015-09-08 17:48 - 2015-09-08 17:48 - 07194312 _____ (Microsoft Corporation) C:\Users\JoloH\Downloads\vcredist_x64.exe
2015-09-08 17:48 - 2015-09-08 17:48 - 06503984 _____ (Microsoft Corporation) C:\Users\JoloH\Downloads\vcredist_x86.exe
2015-09-08 17:47 - 2015-09-08 17:48 - 01420840 _____ (Microsoft Corporation) C:\Users\JoloH\Downloads\vcredist_arm.exe
2015-09-08 17:29 - 2015-09-08 20:18 - 00000000 ____D C:\Program Files (x86)\8834464F-1441704541-6042-B814-54A050B219AF
2015-09-08 17:29 - 2013-08-22 21:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-09-08 17:28 - 2015-09-08 18:58 - 00000000 ____D C:\ProgramData\tWdsManProt
2015-09-08 17:28 - 2015-09-08 18:05 - 00000102 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-09-08 17:24 - 2015-09-08 17:27 - 08337212 _____ C:\Users\JoloH\Downloads\Unconfirmed 531476.crdownload
2015-09-07 17:23 - 2015-09-07 17:23 - 00059158 _____ C:\Users\JoloH\AppData\Local\recently-used.xbel
2015-09-07 12:21 - 2015-09-07 12:22 - 00123695 _____ C:\Users\JoloH\Downloads\RocketsAndPumpkins-master.zip
2015-09-07 12:20 - 2015-09-07 12:20 - 00015587 _____ C:\Users\JoloH\Downloads\twisted-colors-master.zip
2015-09-07 12:16 - 2015-09-07 12:16 - 00112120 _____ C:\Users\JoloH\Downloads\DroidRunJump-master.zip
2015-09-07 08:26 - 2015-09-07 08:26 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2015-09-07 07:52 - 2015-09-07 07:52 - 00000000 ____D C:\Program Files\Microsoft Office
2015-09-07 07:52 - 2015-09-07 07:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-09-07 07:44 - 2015-09-07 07:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-09-07 07:40 - 2015-09-07 07:40 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-07 07:39 - 2015-09-07 07:39 - 01524408 _____ (Microsoft Corporation) C:\Users\JoloH\Downloads\Setup.X64.en-us_O365ProPlusRetail_f2c1d46e-75e9-4bd5-988e-c50faf5fdcf8_TX_PR_.exe
2015-09-07 07:28 - 2015-09-07 07:28 - 00997927 _____ C:\Users\JoloH\Downloads\O15CTRRemove.diagcab
2015-09-07 06:03 - 2015-09-07 06:04 - 05599643 _____ C:\Users\JoloH\Downloads\Target-Practice-master.zip
2015-09-03 18:16 - 2015-09-03 18:16 - 00000871 _____ C:\Users\JoloH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\workspace.lnk
2015-09-03 18:16 - 2015-09-03 18:16 - 00000000 ____D C:\Users\JoloH\Trinidad Tecson
2015-09-03 16:37 - 2015-09-03 16:38 - 00233472 _____ C:\Users\JoloH\Downloads\sad_07 drawing DFD supp.ppt
2015-09-03 16:10 - 2015-09-03 16:10 - 01518592 _____ C:\Users\JoloH\Downloads\Chapter 05.ppt
2015-09-03 16:09 - 2015-09-03 16:09 - 01004544 _____ C:\Users\JoloH\Downloads\Chapter 03.ppt
2015-09-03 16:08 - 2015-09-03 16:08 - 01216512 _____ C:\Users\JoloH\Downloads\Chapter 04 (1).ppt
2015-09-03 07:21 - 2015-09-03 07:21 - 00434176 _____ C:\Users\JoloH\Downloads\QUAMET2_Lesson_10.1.ppt
2015-09-03 07:10 - 2015-09-03 07:10 - 00531968 _____ C:\Users\JoloH\Downloads\QUAMET2_Lesson_8.1.ppt
2015-09-01 10:34 - 2015-09-01 10:38 - 66691251 _____ C:\Users\JoloH\Downloads\MobProg Rea.zip
2015-09-01 10:34 - 2015-09-01 10:34 - 03706396 _____ C:\Users\JoloH\Downloads\Shooting Game.zip
2015-09-01 10:34 - 2015-09-01 10:34 - 00202658 _____ C:\Users\JoloH\Downloads\MobProg.zip
2015-09-01 06:31 - 2015-09-01 06:32 - 05839913 _____ C:\Users\JoloH\Downloads\TFR Final Defense.zip
2015-08-31 18:23 - 2015-08-31 18:23 - 00054117 _____ C:\Users\JoloH\Downloads\webDFD.jpeg
2015-08-30 06:02 - 2015-08-30 07:34 - 00000000 ____D C:\Users\JoloH\.dia
2015-08-30 05:59 - 2015-08-30 07:34 - 00005045 _____ C:\Users\JoloH\Downloads\dfdPROJECTTFR.dia
2015-08-30 05:59 - 2015-08-30 07:04 - 00005045 _____ C:\Users\JoloH\Downloads\dfdPROJECTTFR.dia~
2015-08-30 05:01 - 2015-08-30 05:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dia
2015-08-30 05:01 - 2015-08-30 05:01 - 00000000 ____D C:\Program Files (x86)\Dia
2015-08-30 04:56 - 2015-08-30 04:57 - 19620143 _____ (The Dia Developers) C:\Users\JoloH\Downloads\dia-setup-0.97.2-2-unsigned.exe
2015-08-28 05:09 - 2015-08-28 02:36 - 00090828 ____N C:\Users\JoloH\Desktop\dfdPROJECTTFR.jpeg
2015-08-27 05:41 - 2015-08-27 05:41 - 594657666 _____ C:\Windows\MEMORY.DMP
2015-08-27 05:41 - 2015-08-27 05:41 - 00303560 _____ C:\Windows\Minidump\082615-36203-01.dmp
2015-08-27 05:41 - 2015-08-27 05:41 - 00000000 ____D C:\Windows\Minidump
2015-08-27 04:47 - 2015-08-27 05:25 - 00018434 ____H C:\Users\JoloH\Downloads\~WRL2796.tmp
2015-08-27 03:44 - 2015-08-27 03:44 - 00027305 ____H C:\Users\JoloH\Downloads\~WRL2367.tmp
2015-08-27 03:27 - 2015-08-27 03:39 - 00013742 ____H C:\Users\JoloH\Downloads\~WRL4087.tmp
2015-08-26 01:45 - 2015-08-26 01:45 - 00000170 _____ C:\Users\JoloH\Desktop\TFR PROBLEMS.txt
2015-08-26 00:38 - 2015-08-26 00:39 - 00000000 ____D C:\Users\JoloH\AppData\Roaming\vlc
2015-08-25 21:15 - 2015-08-25 21:15 - 00001088 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-08-25 21:15 - 2015-08-25 21:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-08-25 21:15 - 2015-08-25 21:15 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2015-08-25 20:56 - 2015-08-25 21:12 - 28849904 _____ C:\Users\JoloH\Downloads\vlc-2.2.1-win32.exe
2015-08-25 20:18 - 2015-08-25 20:23 - 69225926 _____ C:\Users\JoloH\Downloads\END.mp4
2015-08-25 12:32 - 2015-08-25 12:33 - 19760828 _____ C:\Users\JoloH\Downloads\TFR.zip
2015-08-25 06:07 - 2015-09-01 07:24 - 03323858 _____ C:\Users\JoloH\Desktop\Project TFR.pptx
2015-08-25 02:57 - 2015-08-25 02:57 - 00000000 ____D C:\Users\JoloH\Desktop\ProjectSample
2015-08-25 02:57 - 2015-08-24 10:44 - 50567815 _____ C:\Users\JoloH\Desktop\Integrated.zip
2015-08-24 17:32 - 2015-08-25 23:25 - 00004976 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for JoloHermo-JoloH JoloHermo
2015-08-24 08:59 - 2015-08-24 09:00 - 02459798 _____ C:\Users\JoloH\Downloads\Quiz2.zip
2015-08-24 08:50 - 2015-08-24 08:50 - 00001776 _____ C:\Users\JoloH\Downloads\quizCode.txt
2015-08-24 08:21 - 2015-08-24 08:21 - 00008493 _____ C:\Users\JoloH\Downloads\Java-file.txt
2015-08-20 16:03 - 2015-08-20 16:03 - 01128510 _____ C:\Users\JoloH\Downloads\Quiz.zip
2015-08-20 15:23 - 2015-08-24 06:39 - 00000000 ____D C:\Users\JoloH\Desktop\Img
2015-08-20 05:56 - 2015-08-11 09:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-20 05:56 - 2015-08-11 08:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-20 05:03 - 2015-08-24 20:07 - 02271538 _____ C:\Users\JoloH\Downloads\Project TFR.pptx
2015-08-19 02:41 - 2015-08-19 02:42 - 00000000 ____D C:\Users\JoloH\Desktop\COUNTER STRIKE
2015-08-13 20:11 - 2015-08-13 20:11 - 00154917 _____ C:\Users\JoloH\Downloads\CameraTest.zip
2015-08-13 17:50 - 2015-07-29 07:24 - 00025776 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-13 17:50 - 2015-07-28 22:24 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-13 17:50 - 2015-07-28 22:24 - 01116160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-13 17:50 - 2015-07-28 22:24 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-13 17:50 - 2015-07-28 22:24 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-13 17:50 - 2015-07-28 22:24 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-13 17:50 - 2015-07-28 22:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-13 17:50 - 2015-07-07 17:40 - 00270168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-08-13 17:50 - 2015-07-07 17:40 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-08-13 17:50 - 2015-07-07 17:40 - 00044560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-08-13 17:50 - 2015-06-13 01:03 - 18823680 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-08-13 17:50 - 2015-06-13 00:36 - 15159296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-08-13 17:50 - 2015-06-10 02:27 - 00411133 _____ C:\Windows\system32\ApnDatabase.xml
2015-08-13 17:49 - 2015-07-15 05:59 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-08-13 17:49 - 2015-07-15 05:59 - 00487256 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2015-08-13 17:49 - 2015-07-15 05:59 - 00393560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2015-08-13 17:49 - 2015-06-12 04:12 - 02476376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-08-13 17:49 - 2015-06-12 04:12 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-08-13 09:37 - 2015-07-30 22:04 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 09:37 - 2015-07-30 21:48 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 09:15 - 2015-07-19 09:58 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-13 09:15 - 2015-07-19 02:51 - 03704320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-13 09:15 - 2015-07-19 02:31 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-13 09:15 - 2015-07-19 02:31 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-13 09:15 - 2015-07-19 02:31 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-13 09:15 - 2015-07-19 02:29 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-08-13 09:15 - 2015-07-19 02:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-13 09:15 - 2015-07-19 02:29 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-13 09:15 - 2015-07-19 02:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-13 09:15 - 2015-07-19 02:12 - 02228736 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-13 09:15 - 2015-07-19 02:10 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-13 09:15 - 2015-07-19 02:09 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-13 09:15 - 2015-07-10 01:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-13 09:15 - 2015-07-10 01:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-13 09:15 - 2015-07-10 00:30 - 00212992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-13 09:12 - 2015-07-17 04:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-13 09:12 - 2015-07-17 04:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-13 09:12 - 2015-07-17 03:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-13 09:12 - 2015-07-17 03:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-13 09:12 - 2015-07-17 03:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-13 09:12 - 2015-07-17 03:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-13 09:12 - 2015-07-17 03:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-13 09:12 - 2015-07-17 02:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-13 09:11 - 2015-07-17 04:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-13 09:11 - 2015-07-17 04:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-13 09:11 - 2015-07-17 04:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-13 09:11 - 2015-07-17 04:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-13 09:11 - 2015-07-17 03:53 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-08-13 09:11 - 2015-07-17 03:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-13 09:11 - 2015-07-17 03:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-13 09:11 - 2015-07-17 03:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-13 09:11 - 2015-07-17 03:45 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-08-13 09:11 - 2015-07-17 03:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-13 09:11 - 2015-07-17 03:38 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-08-13 09:11 - 2015-07-17 03:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-13 09:11 - 2015-07-17 03:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-13 09:11 - 2015-07-17 03:14 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-08-13 09:11 - 2015-07-17 03:13 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-08-13 09:11 - 2015-07-17 03:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-13 09:11 - 2015-07-17 03:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-13 09:11 - 2015-07-17 02:52 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-08-13 09:11 - 2015-07-17 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-13 09:11 - 2015-07-17 02:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-13 09:11 - 2015-07-17 02:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-13 09:10 - 2015-07-16 08:29 - 07458648 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-13 09:10 - 2015-07-16 08:29 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-13 09:10 - 2015-07-16 08:29 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-13 09:10 - 2015-07-16 08:28 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-13 09:10 - 2015-07-11 01:54 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-13 09:09 - 2015-07-02 06:19 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-13 09:09 - 2015-07-02 06:16 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-13 09:09 - 2015-07-02 05:37 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-13 09:09 - 2015-07-02 05:35 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-13 09:08 - 2015-07-14 03:46 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-13 09:08 - 2015-07-14 03:45 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-13 09:07 - 2015-07-14 11:22 - 02529880 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-13 09:07 - 2015-07-14 11:21 - 01901776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-13 09:07 - 2015-07-11 02:19 - 01101824 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-13 09:07 - 2015-07-11 01:42 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-13 09:07 - 2015-07-11 01:14 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-08-13 09:07 - 2015-07-11 01:13 - 07032320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-13 09:07 - 2015-07-11 00:47 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-13 09:07 - 2015-07-11 00:31 - 06213120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-13 09:07 - 2015-05-12 08:24 - 00536920 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-13 09:06 - 2015-07-29 22:37 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-13 09:06 - 2015-07-29 22:30 - 01381888 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-13 09:06 - 2015-07-29 22:23 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-13 09:06 - 2015-07-25 02:57 - 04177408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-13 09:06 - 2015-07-25 02:57 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-13 09:06 - 2015-07-25 02:52 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-13 09:06 - 2015-07-25 01:27 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-13 09:06 - 2015-07-25 01:23 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-13 06:43 - 2015-09-05 14:58 - 00000000 ____D C:\Users\JoloH\Desktop\TFR
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-08 21:33 - 2014-08-22 20:15 - 01381232 _____ C:\Windows\WindowsUpdate.log
2015-09-08 21:29 - 2014-08-22 21:03 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2180038718-1885541534-3631937290-1001
2015-09-08 21:24 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\AppReadiness
2015-09-08 21:00 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\sru
2015-09-08 19:12 - 2014-08-22 21:00 - 00000093 _____ C:\Users\JoloH\AppData\Roaming\sp_data.sys
2015-09-08 19:09 - 2014-08-22 20:41 - 00000000 ____D C:\ProgramData\McAfee
2015-09-08 19:09 - 2014-08-22 20:41 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-09-08 19:09 - 2014-03-18 17:44 - 00024298 _____ C:\Windows\PFRO.log
2015-09-08 19:09 - 2013-08-22 22:46 - 00040693 _____ C:\Windows\setupact.log
2015-09-08 19:09 - 2013-08-22 22:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-08 19:09 - 2013-08-22 21:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-09-08 19:08 - 2014-08-22 20:38 - 02009336 _____ C:\Users\Public\CAFADEBUG.log
2015-09-08 18:55 - 2013-08-22 21:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-09-08 18:47 - 2015-07-06 08:41 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2015-09-08 18:47 - 2013-08-22 23:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-09-08 18:43 - 2015-06-28 06:18 - 00000000 ____D C:\Users\JoloH\AppData\Local\Google
2015-09-08 18:42 - 2015-06-28 06:18 - 00000000 ____D C:\Program Files (x86)\Google
2015-09-08 18:28 - 2015-07-03 09:14 - 00000000 ____D C:\Users\JoloH\AppData\Local\CrashDumps
2015-09-08 18:25 - 2014-08-22 20:58 - 00001460 _____ C:\Users\JoloH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-09-08 18:08 - 2014-08-22 23:56 - 00000000 __SHD C:\Users\JoloH\AppData\Local\EmieUserList
2015-09-08 18:08 - 2014-08-22 23:56 - 00000000 __SHD C:\Users\JoloH\AppData\Local\EmieSiteList
2015-09-08 17:58 - 2015-07-05 02:08 - 00000000 ____D C:\Users\JoloH\Desktop\Savezips
2015-09-08 17:57 - 2015-06-28 09:47 - 00000000 ____D C:\Users\JoloH\AppData\Local\Eclipse
2015-09-08 17:57 - 2015-06-28 09:47 - 00000000 ____D C:\Users\JoloH\.p2
2015-09-08 17:49 - 2014-08-22 20:40 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-08 17:20 - 2014-03-18 17:53 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-08 17:17 - 2014-08-22 23:56 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9E6C448B-FDE1-4B67-AAB1-C4C914BBE4A4}
2015-09-08 12:19 - 2015-07-01 09:29 - 00003474 _____ C:\Windows\System32\Tasks\ASUS Live Update1
2015-09-08 12:19 - 2015-06-28 06:18 - 00003464 _____ C:\Windows\System32\Tasks\ASUS Live Update2
2015-09-07 19:43 - 2013-08-22 22:44 - 00474320 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-07 19:40 - 2015-07-27 17:38 - 00000000 ____D C:\Users\JoloH\.gimp-2.8
2015-09-07 18:03 - 2015-06-28 09:46 - 00000000 ____D C:\Users\JoloH\workspace
2015-09-07 17:11 - 2015-06-29 02:25 - 00000000 ____D C:\Users\JoloH\Desktop\MOBPROG
2015-09-07 16:06 - 2015-07-27 17:42 - 00000000 ____D C:\Users\JoloH\AppData\Local\gtk-2.0
2015-09-07 12:41 - 2014-08-22 20:57 - 00000000 ____D C:\Users\JoloH
2015-09-07 08:26 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-09-04 06:54 - 2015-06-29 07:01 - 00000000 ____D C:\Users\JoloH\Desktop\DocHW
2015-09-03 16:44 - 2014-08-22 20:57 - 00000000 ____D C:\Users\JoloH\AppData\Local\Packages
2015-09-02 10:35 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\NDF
2015-08-30 08:19 - 2015-07-12 05:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM Rational
2015-08-24 12:10 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\rescache
2015-08-20 09:13 - 2013-08-22 23:20 - 00000000 ____D C:\Windows\CbsTemp
2015-08-20 08:28 - 2015-07-10 21:30 - 00000000 ___HD C:\$Windows.~BT
2015-08-20 07:16 - 2014-05-24 11:15 - 00000000 ____D C:\Windows\Panther
2015-08-20 04:56 - 2013-08-22 23:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-20 04:56 - 2013-08-22 23:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-20 04:56 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-20 04:56 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-19 01:28 - 2015-06-28 10:08 - 00000000 ____D C:\Users\JoloH\.android
2015-08-16 03:07 - 2015-06-30 10:00 - 00000000 ____D C:\Windows\system32\MRT
2015-08-16 03:02 - 2015-06-30 10:00 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-16 03:00 - 2015-07-02 10:53 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-16 03:00 - 2015-07-02 10:53 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-13 09:35 - 2013-08-22 23:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-13 09:35 - 2013-08-22 23:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
 
==================== Files in the root of some directories =======
 
2015-04-19 20:20 - 2015-04-19 20:20 - 0005872 _____ () C:\Users\JoloH\AppData\Roaming\GdyuDEqUwYzIe6Tcm7vG8YUnCLZ
2015-04-20 22:05 - 2015-04-20 22:05 - 1579520 _____ () C:\Users\JoloH\AppData\Roaming\GdyuDEqUwYzIe6Tcm7vG8YUnCLZ.exe
2014-08-22 21:00 - 2015-09-08 19:12 - 0000093 _____ () C:\Users\JoloH\AppData\Roaming\sp_data.sys
2015-09-08 18:14 - 2015-09-08 18:14 - 0613255 _____ (CMI Limited) C:\Users\JoloH\AppData\Local\nsm837C.tmp
2015-07-12 05:10 - 2015-07-12 05:10 - 0064115 _____ () C:\Users\JoloH\AppData\Local\rational_state.log
2015-09-07 17:23 - 2015-09-07 17:23 - 0059158 _____ () C:\Users\JoloH\AppData\Local\recently-used.xbel
2015-07-16 20:48 - 2015-07-16 20:48 - 0007605 _____ () C:\Users\JoloH\AppData\Local\Resmon.ResmonCfg
2014-05-24 10:27 - 2012-09-07 19:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2014-05-24 10:27 - 2009-07-22 18:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-05-24 10:27 - 2012-09-07 19:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
2015-09-08 17:28 - 2015-09-08 18:05 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
 
Files to move or delete:
====================
C:\ProgramData\SetStretch.VBS
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
 
 
Some files in TEMP:
====================
C:\Users\JoloH\AppData\Local\Temp\0074871441709131mcinst.exe
C:\Users\JoloH\AppData\Local\Temp\1392.exe
C:\Users\JoloH\AppData\Local\Temp\2518.exe
C:\Users\JoloH\AppData\Local\Temp\3079.exe
C:\Users\JoloH\AppData\Local\Temp\6104.exe
C:\Users\JoloH\AppData\Local\Temp\6159.exe
C:\Users\JoloH\AppData\Local\Temp\6212.exe
C:\Users\JoloH\AppData\Local\Temp\C%2B%2Bpack.exe__15047_i1634097024_il856922.exe
C:\Users\JoloH\AppData\Local\Temp\fsd8ACB.exe
C:\Users\JoloH\AppData\Local\Temp\fsdF153.exe
C:\Users\JoloH\AppData\Local\Temp\McCSPInstall.dll
C:\Users\JoloH\AppData\Local\Temp\mccspuninstall.exe
C:\Users\JoloH\AppData\Local\Temp\Opera_NI_stable.exe
C:\Users\JoloH\AppData\Local\Temp\Updater.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-03 18:30
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-09-2015
Ran by JoloH (2015-09-08 21:42:47)
Running from C:\Users\JoloH\Downloads
Windows 8.1 Single Language (X64) (2014-08-22 12:57:00)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2180038718-1885541534-3631937290-500 - Administrator - Disabled)
Guest (S-1-5-21-2180038718-1885541534-3631937290-501 - Limited - Disabled)
JoloH (S-1-5-21-2180038718-1885541534-3631937290-1001 - Administrator - Enabled) => C:\Users\JoloH
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\InstallShield_{5CA55DFC-2008-460F-B7A7-FB92100C4494}) (Version: 20.4.10117.43857 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.4.10117.43857 - Alcor Micro Corp.) Hidden
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 2.0.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.01.0003 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0034 - ASUS)
CinemaPlus-3.2cV08.09 (HKLM-x32\...\CinemaPlus-3.2cV08.09) (Version: 1.36.01.22 - Cinema PlusV08.09) <==== ATTENTION
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.35.62 - Conexant)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
Dia (remove only) (HKLM-x32\...\Dia) (Version:  - )
Game Explorer Categories - casual (HKLM-x32\...\WildTangentGameProvider-asus-casual) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - enthusiast (HKLM-x32\...\WildTangentGameProvider-asus-enthusiast) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - family (HKLM-x32\...\WildTangentGameProvider-asus-family) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - kids (HKLM-x32\...\WildTangentGameProvider-asus-kids) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - touch (HKLM-x32\...\WildTangentGameProvider-asus-touch) (Version: 3.2.0.6 - WildTangent, Inc.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
IBM Rational Rose Enterprise Edition (HKLM-x32\...\{22D66ACE-E0A1-482E-B797-0A6A377D3E91}) (Version: 2.0.0 - Rational Software)
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2105 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Java 7 Update 79 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417079FF}) (Version: 7.0.790 - Oracle)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.152 - McAfee, Inc.)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4745.1002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
NVIDIA Graphics Driver 333.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 333.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.33.529.2014 - Realtek)
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - )
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VirtualDJ 8 (HKLM-x32\...\{87E2E947-4432-479C-89C5-43B1A7D374FA}) (Version: 8.0.2348.0 - Atomix Productions)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.2.301 - ASUS Cloud Corporation)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.2 - WildTangent)
Windows Driver Package - ASUS (ATP) Mouse  (03/18/2014 6.0.0.35) (HKLM\...\DAA6E0EEB715139C1CEA332C78AB4609FB3C211B) (Version: 03/18/2014 6.0.0.35 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2180038718-1885541534-3631937290-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
 
==================== Restore Points =========================
 
19-08-2015 13:10:12 Windows Update
28-08-2015 07:45:56 Scheduled Checkpoint
07-09-2015 07:48:59 Scheduled Checkpoint
08-09-2015 17:49:07 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 21:25 - 2013-08-22 21:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04E92937-7647-44BE-BBC0-F2D38A354B20} - System32\Tasks\92b053c4-4d92-4812-98cd-c85537402b1e-10_user => C:\Program Files (x86)\CinemaPlus-3.2cV08.09\92b053c4-4d92-4812-98cd-c85537402b1e-10.exe [2015-09-08] (Cinema PlusV08.09) <==== ATTENTION
Task: {0A1A2894-18C7-4455-A46D-B1C552F589E2} - System32\Tasks\92b053c4-4d92-4812-98cd-c85537402b1e-1-7 => C:\Program Files (x86)\CinemaPlus-3.2cV08.09\92b053c4-4d92-4812-98cd-c85537402b1e-1-7.exe [2015-09-08] (Cinema PlusV08.09) <==== ATTENTION
Task: {0B8A54EE-FF80-4AE3-8402-4291E6FF0806} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-08] (Google Inc.)
Task: {0C43636A-7AD5-40F8-9162-C4C29A16499C} - System32\Tasks\92b053c4-4d92-4812-98cd-c85537402b1e-1-6 => C:\Program Files (x86)\CinemaPlus-3.2cV08.09\92b053c4-4d92-4812-98cd-c85537402b1e-1-6.exe [2015-09-08] (Cinema PlusV08.09) <==== ATTENTION
Task: {0C7A77A9-B05A-4D5C-AED2-047BA69E19DB} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-15] (ASUSTek Computer Inc.)
Task: {1579E595-89B4-46DC-BE27-D30AD01F994D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {184F3E66-85B9-4AE4-B39C-49DD604117AF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-09-07] (Microsoft Corporation)
Task: {2F9ED0BB-B95C-4D18-A096-89A414F38243} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-09-07] (Microsoft Corporation)
Task: {3AF6E1EE-A390-4243-A29E-7ADF149423C7} - System32\Tasks\runTask => %TEMP%/Updater.exe
Task: {6B13B78A-4268-4C0E-BD72-CBBACB0628CB} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-09-08] (globalUpdate) <==== ATTENTION
Task: {7228A082-081F-4ABE-852C-9CF28D79E0CF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {7B1969B5-18C9-4532-9CE5-F1DC08C2C033} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {8F1B3E26-1B4C-4068-A7A8-581D5406B4F5} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-24] (ASUSTeK Computer Inc.)
Task: {92B3EE51-BED0-4EB0-9260-6FF58F2A6026} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-04-01] (AsusTek)
Task: {92D8206E-BB9A-47C5-8286-969365A0958A} - System32\Tasks\Microsoft Office 15 Sync Maintenance for JoloHermo-JoloH JoloHermo => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-09-07] (Microsoft Corporation)
Task: {952651B9-5C89-4AB0-884E-155654A02BCA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-09-07] (Microsoft Corporation)
Task: {A15AFC3E-59E0-469B-B568-22154F1C152F} - System32\Tasks\92b053c4-4d92-4812-98cd-c85537402b1e-6 => C:\Program Files (x86)\CinemaPlus-3.2cV08.09\92b053c4-4d92-4812-98cd-c85537402b1e-6.exe [2015-09-08] (Cinema PlusV08.09) <==== ATTENTION
Task: {A8DE46DE-0AAC-40F2-9661-03A88BF5C4C5} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {B4F068F7-DCD7-4002-8C77-AE1269FF8E6B} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-04-03] (ASUS)
Task: {B78CC3DD-C25B-481A-93B0-73E0FFC38EAF} - System32\Tasks\92b053c4-4d92-4812-98cd-c85537402b1e-5_user => C:\Program Files (x86)\CinemaPlus-3.2cV08.09\92b053c4-4d92-4812-98cd-c85537402b1e-5.exe [2015-09-08] (Cinema PlusV08.09) <==== ATTENTION
Task: {B8CE99EA-1484-4A74-A873-3A6B61BB2960} - System32\Tasks\92b053c4-4d92-4812-98cd-c85537402b1e-5 => C:\Program Files (x86)\CinemaPlus-3.2cV08.09\92b053c4-4d92-4812-98cd-c85537402b1e-5.exe [2015-09-08] (Cinema PlusV08.09) <==== ATTENTION
Task: {BB336B91-228E-4E5A-9C28-7D7C6E2C6B2E} - System32\Tasks\92b053c4-4d92-4812-98cd-c85537402b1e-7 => C:\Program Files (x86)\CinemaPlus-3.2cV08.09\92b053c4-4d92-4812-98cd-c85537402b1e-7.exe [2015-09-08] (Cinema PlusV08.09) <==== ATTENTION
Task: {BCA2AF4F-446D-40AF-80D7-8CBE4F9F97AB} - System32\Tasks\92b053c4-4d92-4812-98cd-c85537402b1e-3 => C:\Program Files (x86)\CinemaPlus-3.2cV08.09\92b053c4-4d92-4812-98cd-c85537402b1e-3.exe [2015-09-08] (Cinema PlusV08.09) <==== ATTENTION
Task: {BD019939-640F-436F-8EA0-C62680E7D8B7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {C2FBA146-B74C-49C0-9A98-DA49014681C4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-08] (Google Inc.)
Task: {CCEF32A3-43CE-4A57-9D60-3F231F543949} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-28] (ASUSTek Computer Inc.)
Task: {D1906213-C0E4-4556-865A-A4833AEECE79} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-16] (Microsoft Corporation)
Task: {DB706BFC-4BDD-4F8D-8D71-16B26A61913B} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-13] ()
Task: {DFE42BD3-A7C7-44F8-A769-4A7961831039} - System32\Tasks\{4F2388F2-524E-4F76-B5B5-DEB0307B5DBE} => pcalua.exe -a C:\Users\JoloH\AppData\Roaming\istartsurf\UninstallManager.exe -c  -ptid=ima
Task: {E0DA1A8C-65E7-4814-894C-E68311DD703F} - System32\Tasks\updateTask => c:\task.vbs
Task: {E18FC82D-3311-4621-8E7C-A1742A9C73A7} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-09-08] (globalUpdate) <==== ATTENTION
Task: {E363C094-475C-4EDE-8BAB-3D5DCD010992} - System32\Tasks\ASP => C:\Program Files (x86)\RCP\systweakasp.exe
Task: {EC2B0FC3-806A-4E5D-80DA-B6F3543158E2} - System32\Tasks\GdyuDEqUwYzIe6Tcm7vG8YUnCLZ => C:\Users\JoloH\AppData\Roaming\GdyuDEqUwYzIe6Tcm7vG8YUnCLZ.exe [2015-04-20] () <==== ATTENTION
Task: {F3DE6623-D83A-4BB7-82C2-CA4C396E1441} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {FFAFC7D6-BFA8-45A3-B01A-CDE917CF2069} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-24] (ASUSTeK Computer Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\92b053c4-4d92-4812-98cd-c85537402b1e-1-6.job => C:\Program Files (x86)\CinemaPlus-3.2cV08.09\92b053c4-4d92-4812-98cd-c85537402b1e-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\92b053c4-4d92-4812-98cd-c85537402b1e-1-7.job => C:\Program Files (x86)\CinemaPlus-3.2cV08.09\92b053c4-4d92-4812-98cd-c85537402b1e-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\92b053c4-4d92-4812-98cd-c85537402b1e-10_user.job => C:\Program Files (x86)\CinemaPlus-3.2cV08.09\92b053c4-4d92-4812-98cd-c85537402b1e-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\92b053c4-4d92-4812-98cd-c85537402b1e-3.job => C:\Program Files (x86)\CinemaPlus-3.2cV08.09\92b053c4-4d92-4812-98cd-c85537402b1e-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\92b053c4-4d92-4812-98cd-c85537402b1e-5.job => C:\Program Files (x86)\CinemaPlus-3.2cV08.09\92b053c4-4d92-4812-98cd-c85537402b1e-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\92b053c4-4d92-4812-98cd-c85537402b1e-5_user.job => C:\Program Files (x86)\CinemaPlus-3.2cV08.09\92b053c4-4d92-4812-98cd-c85537402b1e-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\92b053c4-4d92-4812-98cd-c85537402b1e-6.job => C:\Program Files (x86)\CinemaPlus-3.2cV08.09\92b053c4-4d92-4812-98cd-c85537402b1e-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\92b053c4-4d92-4812-98cd-c85537402b1e-7.job => C:\Program Files (x86)\CinemaPlus-3.2cV08.09\92b053c4-4d92-4812-98cd-c85537402b1e-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\GdyuDEqUwYzIe6Tcm7vG8YUnCLZ.job => C:\Users\JoloH\AppData\Roaming\GdyuDEqUwYzIe6Tcm7vG8YUnCLZ.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-08-22 20:25 - 2014-05-14 06:17 - 00118728 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-07 07:40 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-09-08 16:32 - 2015-09-08 16:32 - 01321472 _____ () C:\Program Files (x86)\8834464F-1441704541-6042-B814-54A050B219AF\knsiC661.tmpfs
2015-09-08 17:29 - 2015-09-08 17:29 - 00227328 _____ () C:\Program Files (x86)\8834464F-1441704541-6042-B814-54A050B219AF\jnsoFAD5.tmp
2015-09-08 17:29 - 2015-09-08 17:29 - 00137728 _____ () C:\Program Files (x86)\8834464F-1441704541-6042-B814-54A050B219AF\hnsa1823.tmp
2015-09-07 07:59 - 2015-09-07 07:59 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2014-02-26 13:14 - 2014-02-26 13:14 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-02-26 13:11 - 2014-02-26 13:11 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2014-02-26 13:17 - 2014-02-26 13:17 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-02-24 18:59 - 2014-02-24 18:59 - 00109056 _____ () C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSHomeCloudAPI.dll
2012-03-08 10:27 - 2012-03-08 10:27 - 00016384 _____ () C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ACVsWin.dll
2014-04-03 05:46 - 2014-04-03 05:46 - 00117248 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2014-04-03 05:46 - 2014-04-03 05:46 - 00037936 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2014-04-03 05:46 - 2014-04-03 05:46 - 00018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll
2014-04-03 05:46 - 2014-04-03 05:46 - 00020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll
2014-08-22 20:20 - 2013-12-10 06:26 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-09-08 18:12 - 2015-09-08 18:12 - 00197200 _____ () C:\Program Files (x86)\CinemaPlus-3.2cV08.09\e650a9f3-450c-493d-b998-a3c0afa3cd60.dll
2015-09-08 18:43 - 2015-08-28 08:17 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libglesv2.dll
2015-09-08 18:43 - 2015-08-28 08:17 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libegl.dll
2015-09-08 18:43 - 2015-08-28 08:17 - 16393032 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2180038718-1885541534-3631937290-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\JoloH\Downloads\owl-5923-6090-hd-wallpapers.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{6E94FE4E-8BCE-4393-96DD-EFAAEC75CC20}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9FFC559D-CF1D-4C0A-9E89-EC41D0D4A829}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{EF9570FD-B45A-4DE7-BDB5-E2180F973508}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [TCP Query User{DEEB12E5-6F05-43FC-93EE-AD57035C68D8}C:\users\joloh\desktop\counter strike\cstrike.exe] => (Allow) C:\users\joloh\desktop\counter strike\cstrike.exe
FirewallRules: [UDP Query User{CD55F2F7-4E26-4B80-BC27-8A392169FE02}C:\users\joloh\desktop\counter strike\cstrike.exe] => (Allow) C:\users\joloh\desktop\counter strike\cstrike.exe
FirewallRules: [{6F1161DF-54EE-4112-97BC-AC78C0203F02}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{85DAE799-891C-4169-9F4B-039F246912EB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{B305B760-3531-42C2-924B-F1B63DD054F9}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{83BC034F-32E2-4338-A6E7-51598E50C677}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{EAD978F2-E1AC-4CB2-9E1E-342F7293CC0A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{B38FAC2A-9BEC-4919-AEA9-5CD8A5B0A988}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/08/2015 09:07:05 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (09/08/2015 06:56:35 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (7652) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.
 
Error: (09/08/2015 06:46:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 5.0.4062.0, time stamp: 0x55aee26a
Faulting module name: McPrtMgrPlugin.dll, version: 14.0.4113.0, time stamp: 0x55aee7ef
Exception code: 0xc0000409
Fault offset: 0x00000000000674c0
Faulting process id: 0x8cc
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3
Faulting package full name: McSvHost.exe4
Faulting package-relative application ID: McSvHost.exe5
 
Error: (09/08/2015 06:45:28 PM) (Source: AVLogEvent) (EventID: 5003) (User: NT AUTHORITY)
Description: a7f40610
 
Error: (09/08/2015 06:35:20 PM) (Source: MsiInstaller) (EventID: 10005) (User: JoloHermo)
Description: Product: Windows Defender -- You do not need to install this software because Windows Defender is included in Windows Vista. You can access Windows Defender from the Security section of the Windows Control Panel.
 
Error: (09/08/2015 06:33:09 PM) (Source: MsiInstaller) (EventID: 10005) (User: JoloHermo)
Description: Producto: Windows Defender -- No tiene que instalar este software porque Windows Defender está incluido en Windows Vista. Puede obtener acceso a Windows Defender desde la sección Seguridad del Panel de control de Windows.
 
Error: (09/08/2015 06:32:11 PM) (Source: MsiInstaller) (EventID: 10005) (User: JoloHermo)
Description: Producto: Windows Defender -- No tiene que instalar este software porque Windows Defender está incluido en Windows Vista. Puede obtener acceso a Windows Defender desde la sección Seguridad del Panel de control de Windows.
 
Error: (09/08/2015 06:31:59 PM) (Source: MsiInstaller) (EventID: 10005) (User: JoloHermo)
Description: Producto: Windows Defender -- No tiene que instalar este software porque Windows Defender está incluido en Windows Vista. Puede obtener acceso a Windows Defender desde la sección Seguridad del Panel de control de Windows.
 
Error: (09/08/2015 06:27:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17840, time stamp: 0x555fe1bb
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0x00000000
Faulting process id: 0x88c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
Error: (09/08/2015 06:05:31 PM) (Source: WdsManPro) (EventID: 102) (User: )
Description: WdsManPro
 
 
System errors:
=============
Error: (09/08/2015 07:27:35 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home Single Language.
 
Error: (09/08/2015 07:08:46 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (09/08/2015 07:08:46 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (09/08/2015 06:57:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WdsManPro Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/08/2015 06:57:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SSFK service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/08/2015 06:47:49 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {20966775-18A4-4299-B8E3-772C336B52A7}
 
Error: (09/08/2015 06:47:00 PM) (Source: DCOM) (EventID: 10010) (User: JoloHermo)
Description: {209500FC-6B45-4693-8871-6296C4843751}
 
Error: (09/08/2015 06:46:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The McAfee Proxy Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (09/08/2015 06:46:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The McAfee Platform Services service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (09/08/2015 06:46:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The McAfee Boot Delay Start Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
Microsoft Office:
=========================
Error: (09/08/2015 09:07:05 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (09/08/2015 06:56:35 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail7652WindowsMail0:
 
Error: (09/08/2015 06:46:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: McSvHost.exe5.0.4062.055aee26aMcPrtMgrPlugin.dll14.0.4113.055aee7efc000040900000000000674c08cc01d0e96270c274b2C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exeC:\Program Files\McAfee\MSC\McPrtMgrPlugin.dllccf5dbd2-5616-11e5-8276-18cf5eff37db
 
Error: (09/08/2015 06:45:28 PM) (Source: AVLogEvent) (EventID: 5003) (User: NT AUTHORITY)
Description: a7f40610
 
Error: (09/08/2015 06:35:20 PM) (Source: MsiInstaller) (EventID: 10005) (User: JoloHermo)
Description: Product: Windows Defender -- You do not need to install this software because Windows Defender is included in Windows Vista. You can access Windows Defender from the Security section of the Windows Control Panel.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (09/08/2015 06:33:09 PM) (Source: MsiInstaller) (EventID: 10005) (User: JoloHermo)
Description: Producto: Windows Defender -- No tiene que instalar este software porque Windows Defender está incluido en Windows Vista. Puede obtener acceso a Windows Defender desde la sección Seguridad del Panel de control de Windows.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (09/08/2015 06:32:11 PM) (Source: MsiInstaller) (EventID: 10005) (User: JoloHermo)
Description: Producto: Windows Defender -- No tiene que instalar este software porque Windows Defender está incluido en Windows Vista. Puede obtener acceso a Windows Defender desde la sección Seguridad del Panel de control de Windows.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (09/08/2015 06:31:59 PM) (Source: MsiInstaller) (EventID: 10005) (User: JoloHermo)
Description: Producto: Windows Defender -- No tiene que instalar este software porque Windows Defender está incluido en Windows Vista. Puede obtener acceso a Windows Defender desde la sección Seguridad del Panel de control de Windows.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (09/08/2015 06:27:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17840555fe1bbunknown0.0.0.000000000c00004090000000088c01d0ea20f21649e3C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown465aa389-5614-11e5-8276-18cf5eff37db
 
Error: (09/08/2015 06:05:31 PM) (Source: WdsManPro) (EventID: 102) (User: )
Description: WdsManPro
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 59%
Total physical RAM: 3979.05 MB
Available physical RAM: 1606.11 MB
Total Virtual: 8075.05 MB
Available Virtual: 5305.92 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:372.6 GB) (Free:312.41 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:537.8 GB) (Free:434.3 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A0046D36)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:58 AM

Posted 08 September 2015 - 01:02 PM

Hi nvb3r,
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------
 
We need to remove programs using "Programs and Features"

Open Computer and click on the "Computer" tab, then click on Uninstall or Change a Program.

A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking the below entries and selecting "Remove":

CinemaPlus-3.2cV08.09
globalupdate Helper
Setup

Additional instructions can be found here if needed.
 
--------------
 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 nvb3r

nvb3r
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 08 September 2015 - 01:56 PM

Hi Toffee!

Thank you so much for helping me! Here's the following txt files you've requested.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:07-09-2015
Ran by JoloH (2015-09-09 02:37:48) Run:1
Running from C:\Users\JoloH\Downloads
Loaded Profiles: JoloH (Available Profiles: JoloH)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
*****************
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}\\SystemComponent => value removed successfully
 
==== End of Fixlog 02:37:49 ====
 
 
 
# AdwCleaner v5.006 - Logfile created 09/09/2015 at 02:42:25
# Updated 06/09/2015 by Xplode
# Database : 2015-09-07.1 [Server]
# Operating system : Windows 8.1 Single Language  (x64)
# Username : JoloH - JOLOHERMO
# Running from : C:\Users\JoloH\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : globalUpdate
Service Found : globalUpdatem
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\predm
Folder Found : C:\Users\JoloH\AppData\Local\globalUpdate
Folder Found : C:\Users\JoloH\AppData\Local\Systweak
Folder Found : C:\Users\JoloH\AppData\Local\MyBrowser
Folder Found : C:\Users\JoloH\AppData\Roaming\AnyProtectEx
Folder Found : C:\Users\JoloH\AppData\Roaming\Systweak
 
***** [ Files ] *****
 
File Found : C:\Users\JoloH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
File Found : C:\Users\JoloH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
File Found : C:\Users\JoloH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
File Found : C:\Users\JoloH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
File Found : C:\Windows\Sysnative\roboot64.exe
 
***** [ Shortcuts ] *****
 
Shortcut Infected : C:\Users\Public\Desktop\Google Chrome.lnk ( hxxp://www.mystartsearch.com/?type=sc&ts=1441712489&z=8ba97adf10d424360dcd131g1zaz3g4m4g2o7c7o0q&from=cmi&uid=TOSHIBAXMQ01ABD100_646OP8WETXX646OP8WET )
Shortcut Infected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk ( hxxp://www.mystartsearch.com/?type=sc&ts=1441712489&z=8ba97adf10d424360dcd131g1zaz3g4m4g2o7c7o0q&from=cmi&uid=TOSHIBAXMQ01ABD100_646OP8WETXX646OP8WET --disable-quic )
 
***** [ Scheduled tasks ] *****
 
Task Found : APSnotifierPP1
Task Found : APSnotifierPP2
Task Found : APSnotifierPP3
Task Found : ASP
Task Found : globalUpdateUpdateTaskMachineCore
Task Found : globalUpdateUpdateTaskMachineUA
Task Found : amiupdaterExd
Task Found : amiupdaterExi
Task Found : runTask
Task Found : updateTask
Task Found : globalUpdateUpdateTaskMachineCore
Task Found : globalUpdateUpdateTaskMachineUA
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Found : HKLM\SOFTWARE\Classes\AppID\globalupdate.exe
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gmsd_ra_005010083]
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
Key Found : HKCU\Software\AnyProtect
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\TutoTag
Key Found : HKCU\Software\Crossbrowse
Key Found : HKCU\Software\YorkNewCin
Key Found : HKCU\Software\HighDefAction
Key Found : HKCU\Software\ArenaHD
Key Found : HKCU\Software\DAILYPCCLEAN
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
Key Found : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\istartsurfSoftware
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SOFTWARE\Tutorials
Key Found : HKLM\SOFTWARE\mystartsearchSoftware
Key Found : HKLM\SOFTWARE\Crossbrowse
Key Found : HKLM\SOFTWARE\YorkNewCin
Key Found : HKLM\SOFTWARE\HighDefAction
Key Found : HKLM\SOFTWARE\oursurfingSoftware
Key Found : HKLM\SOFTWARE\ArenaHD
Key Found : HKLM\SOFTWARE\MyBrowser
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
Key Found : [x64] HKCU\Software\AnyProtect
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\systweak
Key Found : [x64] HKCU\Software\TutoTag
Key Found : [x64] HKCU\Software\Crossbrowse
Key Found : [x64] HKCU\Software\YorkNewCin
Key Found : [x64] HKCU\Software\HighDefAction
Key Found : [x64] HKCU\Software\ArenaHD
Key Found : [x64] HKCU\Software\DAILYPCCLEAN
Key Found : [x64] HKLM\SOFTWARE\YorkNewCin
Key Found : [x64] HKLM\SOFTWARE\HighDefAction
Key Found : [x64] HKLM\SOFTWARE\ArenaHD
Key Found : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
Key Found : HKU\S-1-5-21-2180038718-1885541534-3631937290-1001\Software\AppDataLow\Software\Crossrider
Key Found : HKU\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GLOBALUPDATE.EXE
Data Found : HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1441704469&z=d270105d660601d0cf51516g7z1z5g7m8e6z5z3w0g&from=amt&uid=TOSHIBAXMQ01ABD100_646OP8WETXX646OP8WET
Data Found : HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [] - "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.mystartsearch.com/?type=sc&ts=1441712489&z=8ba97adf10d424360dcd131g1zaz3g4m4g2o7c7o0q&from=cmi&uid=TOSHIBAXMQ01ABD100_646OP8WETXX646OP8WET
 
***** [ Web browsers ] *****
 
[C:\Users\JoloH\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Found : hxxp://www.mystartsearch.com/webfavicon.ico
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [10071 bytes] ##########
 


#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:58 AM

Posted 08 September 2015 - 02:12 PM

Hi nvb3r,
 
Double click on AdwCleaner.exe to run the tool again.

  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished.
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

--------------
 
Please re-run FRST from the desktop (like you did before), put a check into the box next to Addition.txt and press the scan button. It will produce FRST.txt and Addition.txt logs located on the desktop. Please copy and paste the logs into your next reply.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 nvb3r

nvb3r
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 08 September 2015 - 02:25 PM

Hi Toffee!

 

# AdwCleaner v5.006 - Logfile created 09/09/2015 at 02:44:19
# Updated 06/09/2015 by Xplode
# Database : 2015-09-07.1 [Server]
# Operating system : Windows 8.1 Single Language  (x64)
# Username : JoloH - JOLOHERMO
# Running from : C:\Users\JoloH\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[-] Service Deleted : globalUpdate
[-] Service Deleted : globalUpdatem
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\globalUpdate
[-] Folder Deleted : C:\Program Files (x86)\predm
[-] Folder Deleted : C:\Users\JoloH\AppData\Local\globalUpdate
[-] Folder Deleted : C:\Users\JoloH\AppData\Local\Systweak
[-] Folder Deleted : C:\Users\JoloH\AppData\Local\MyBrowser
[-] Folder Deleted : C:\Users\JoloH\AppData\Roaming\AnyProtectEx
[-] Folder Deleted : C:\Users\JoloH\AppData\Roaming\Systweak
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\JoloH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\JoloH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\JoloH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\JoloH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Windows\Sysnative\roboot64.exe
 
***** [ Shortcuts ] *****
 
[-] Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : APSnotifierPP1
[-] Task Deleted : APSnotifierPP2
[-] Task Deleted : APSnotifierPP3
[-] Task Deleted : ASP
[-] Task Deleted : globalUpdateUpdateTaskMachineCore
[-] Task Deleted : globalUpdateUpdateTaskMachineUA
[-] Task Deleted : amiupdaterExd
[-] Task Deleted : amiupdaterExi
[-] Task Deleted : runTask
[-] Task Deleted : updateTask
[-] Task Deleted : globalUpdateUpdateTaskMachineCore
[-] Task Deleted : globalUpdateUpdateTaskMachineUA
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\globalupdate.exe
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gmsd_ra_005010083]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKCU\Software\AnyProtect
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\systweak
[-] Key Deleted : HKCU\Software\TutoTag
[-] Key Deleted : HKCU\Software\Crossbrowse
[-] Key Deleted : HKCU\Software\YorkNewCin
[-] Key Deleted : HKCU\Software\HighDefAction
[-] Key Deleted : HKCU\Software\ArenaHD
[-] Key Deleted : HKCU\Software\DAILYPCCLEAN
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\istartsurfSoftware
[-] Key Deleted : HKLM\SOFTWARE\systweak
[-] Key Deleted : HKLM\SOFTWARE\Tutorials
[-] Key Deleted : HKLM\SOFTWARE\mystartsearchSoftware
[-] Key Deleted : HKLM\SOFTWARE\Crossbrowse
[-] Key Deleted : HKLM\SOFTWARE\YorkNewCin
[-] Key Deleted : HKLM\SOFTWARE\HighDefAction
[-] Key Deleted : HKLM\SOFTWARE\oursurfingSoftware
[-] Key Deleted : HKLM\SOFTWARE\ArenaHD
[-] Key Deleted : HKLM\SOFTWARE\MyBrowser
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
[!] Key Not Deleted : [x64] HKCU\Software\AnyProtect
[!] Key Not Deleted : [x64] HKCU\Software\GlobalUpdate
[!] Key Not Deleted : [x64] HKCU\Software\systweak
[!] Key Not Deleted : [x64] HKCU\Software\TutoTag
[!] Key Not Deleted : [x64] HKCU\Software\Crossbrowse
[!] Key Not Deleted : [x64] HKCU\Software\YorkNewCin
[!] Key Not Deleted : [x64] HKCU\Software\HighDefAction
[!] Key Not Deleted : [x64] HKCU\Software\ArenaHD
[!] Key Not Deleted : [x64] HKCU\Software\DAILYPCCLEAN
[-] Key Deleted : [x64] HKLM\SOFTWARE\YorkNewCin
[-] Key Deleted : [x64] HKLM\SOFTWARE\HighDefAction
[-] Key Deleted : [x64] HKLM\SOFTWARE\ArenaHD
[!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[!] Key Not Deleted : HKU\S-1-5-21-2180038718-1885541534-3631937290-1001\Software\AppDataLow\Software\Crossrider
[!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GLOBALUPDATE.EXE
[-] Data Restored : HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command []
[-] Data Restored : HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command []
 
***** [ Web browsers ] *****
 
[-] [C:\Users\JoloH\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Deleted : hxxp://www.mystartsearch.com/webfavicon.ico
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [10239 bytes] ##########
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-09-2015
Ran by JoloH (administrator) on JOLOHERMO (09-09-2015 03:22:35)
Running from C:\Users\JoloH\Downloads
Loaded Profiles: JoloH (Available Profiles: JoloH)
Platform: Windows 8.1 Single Language (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Users\JoloH\Desktop\AdwCleaner.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSPanel.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2350880 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [915160 2014-05-13] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [114048 2013-10-18] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [1080992 2014-05-24] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe [63296 2014-02-25] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-02-26] (Qualcomm®Atheros®)
HKU\S-1-5-21-2180038718-1885541534-3631937290-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5B0D3F03-5D08-44DF-9BA8-473723072499}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A2AB254D-1B23-475B-985E-8BD108E2D1CD}: [DhcpNameServer] 10.106.1.253 10.106.1.254
 
Internet Explorer:
==================
HKU\S-1-5-21-2180038718-1885541534-3631937290-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130861833910654237&GUID=CB309EBC-E47E-43C9-B78A-F5BA5EC91D4E
HKU\S-1-5-21-2180038718-1885541534-3631937290-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\S-1-5-21-2180038718-1885541534-3631937290-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2180038718-1885541534-3631937290-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-09-07] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-28] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-07] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-28] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2015-09-07] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-26] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-07] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-26] (Oracle Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-09-02] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-02] (McAfee, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-09-07] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2015-09-07] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-09-02] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-02] (McAfee, Inc.)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-28] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-09-07] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-09-07] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2015-09-07] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-08] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-06-28]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
 
Chrome: 
=======
CHR Profile: C:\Users\JoloH\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\JoloH\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-08]
CHR Extension: (Google Docs) - C:\Users\JoloH\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-08]
CHR Extension: (Google Drive) - C:\Users\JoloH\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-08]
CHR Extension: (Please enter your password) - C:\Users\JoloH\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2015-09-08]
CHR Extension: (YouTube) - C:\Users\JoloH\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-08]
CHR Extension: (Google Search) - C:\Users\JoloH\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-08]
CHR Extension: (Google Sheets) - C:\Users\JoloH\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-08]
CHR Extension: (SiteAdvisor) - C:\Users\JoloH\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-09-08]
CHR Extension: (Google Docs Offline) - C:\Users\JoloH\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-08]
CHR Extension: (AdBlock) - C:\Users\JoloH\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-09-08]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\JoloH\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\JoloH\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-08]
CHR Extension: (Gmail) - C:\Users\JoloH\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-08]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-04]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-04]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-25] (ASUS Cloud Corporation) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-02-26] (Windows ® Win 7 DDK provider) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-10-18] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116680 2013-10-18] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [126952 2013-10-18] (Intel Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-28] (WildTangent)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282072 2014-03-18] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-28] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-28] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [157928 2015-09-02] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-02-26] (Atheros) [File not signed]
S2 gucucoje; C:\Program Files (x86)\8834464F-1441704541-6042-B814-54A050B219AF\knsiC661.tmpfs [X]
S2 jimocoso; C:\Program Files (x86)\8834464F-1441704541-6042-B814-54A050B219AF\jnsoFAD5.tmp [X]
S2 totyseku; C:\Program Files (x86)\8834464F-1441704541-6042-B814-54A050B219AF\hnsa1823.tmp [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-07] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [69904 2014-04-01] (ASUS Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-26] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [289744 2013-10-18] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494296 2013-10-18] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-09-02] (McAfee, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-15] (Research In Motion Limited)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
U0 msahci; system32\drivers\msahci.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-09 02:42 - 2015-09-09 02:49 - 00000000 ____D C:\AdwCleaner
2015-09-09 02:41 - 2015-09-09 02:41 - 01654784 _____ C:\Users\JoloH\Desktop\AdwCleaner.exe
2015-09-08 21:42 - 2015-09-08 21:47 - 00032612 _____ C:\Users\JoloH\Downloads\Addition.txt
2015-09-08 21:34 - 2015-09-09 03:23 - 00020900 _____ C:\Users\JoloH\Downloads\FRST.txt
2015-09-08 21:34 - 2015-09-09 03:22 - 00000000 ____D C:\FRST
2015-09-08 21:33 - 2015-09-08 21:33 - 02190336 _____ (Farbar) C:\Users\JoloH\Downloads\FRST64.exe
2015-09-08 19:48 - 2015-09-08 19:48 - 00000000 ____D C:\Users\JoloH\AppData\Roaming\NVIDIA
2015-09-08 18:54 - 2015-07-05 18:08 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-09-08 18:43 - 2015-09-09 02:44 - 00001312 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-08 18:43 - 2015-09-09 02:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-08 18:40 - 2015-09-09 02:46 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-08 18:40 - 2015-09-08 23:45 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-08 18:40 - 2015-09-08 18:40 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-08 18:40 - 2015-09-08 18:40 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-08 18:39 - 2015-09-08 18:40 - 00000000 ____D C:\Users\JoloH\AppData\Local\Deployment
2015-09-08 18:39 - 2015-09-08 18:39 - 00000000 ____D C:\Users\JoloH\AppData\Local\Apps\2.0
2015-09-08 18:34 - 2015-09-08 18:34 - 00000869 _____ C:\Users\JoloH\Desktop\Play Battlefield 3 Multi-player.lnk
2015-09-08 18:34 - 2015-09-08 18:34 - 00000829 _____ C:\Users\JoloH\Desktop\Play Battlefield 3 Single-Player.lnk
2015-09-08 18:24 - 2015-09-08 18:24 - 00003148 _____ C:\Windows\System32\Tasks\{4F2388F2-524E-4F76-B5B5-DEB0307B5DBE}
2015-09-08 18:14 - 2015-09-08 18:14 - 00613255 _____ (CMI Limited) C:\Users\JoloH\AppData\Local\nsm837C.tmp
2015-09-08 18:13 - 2015-09-09 02:46 - 00001046 _____ C:\Windows\Tasks\GdyuDEqUwYzIe6Tcm7vG8YUnCLZ.job
2015-09-08 18:13 - 2015-09-08 18:13 - 00004056 _____ C:\Windows\System32\Tasks\GdyuDEqUwYzIe6Tcm7vG8YUnCLZ
2015-09-08 18:11 - 2015-09-09 02:33 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-09-08 18:05 - 2015-09-08 18:05 - 00000000 ____D C:\ProgramData\cWdsManProc
2015-09-08 18:01 - 2015-09-09 03:15 - 00000000 ____D C:\ProgramData\ZWdsManProZ
2015-09-08 17:48 - 2015-09-08 17:48 - 07194312 _____ (Microsoft Corporation) C:\Users\JoloH\Downloads\vcredist_x64.exe
2015-09-08 17:48 - 2015-09-08 17:48 - 06503984 _____ (Microsoft Corporation) C:\Users\JoloH\Downloads\vcredist_x86.exe
2015-09-08 17:47 - 2015-09-08 17:48 - 01420840 _____ (Microsoft Corporation) C:\Users\JoloH\Downloads\vcredist_arm.exe
2015-09-08 17:29 - 2013-08-22 21:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-09-08 17:28 - 2015-09-08 18:58 - 00000000 ____D C:\ProgramData\tWdsManProt
2015-09-08 17:28 - 2015-09-08 18:05 - 00000102 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-09-08 17:24 - 2015-09-08 17:27 - 08337212 _____ C:\Users\JoloH\Downloads\Unconfirmed 531476.crdownload
2015-09-07 17:23 - 2015-09-07 17:23 - 00059158 _____ C:\Users\JoloH\AppData\Local\recently-used.xbel
2015-09-07 12:21 - 2015-09-07 12:22 - 00123695 _____ C:\Users\JoloH\Downloads\RocketsAndPumpkins-master.zip
2015-09-07 12:20 - 2015-09-07 12:20 - 00015587 _____ C:\Users\JoloH\Downloads\twisted-colors-master.zip
2015-09-07 12:16 - 2015-09-07 12:16 - 00112120 _____ C:\Users\JoloH\Downloads\DroidRunJump-master.zip
2015-09-07 08:26 - 2015-09-07 08:26 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2015-09-07 07:52 - 2015-09-07 07:52 - 00000000 ____D C:\Program Files\Microsoft Office
2015-09-07 07:52 - 2015-09-07 07:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-09-07 07:44 - 2015-09-07 07:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-09-07 07:40 - 2015-09-07 07:40 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-07 07:39 - 2015-09-07 07:39 - 01524408 _____ (Microsoft Corporation) C:\Users\JoloH\Downloads\Setup.X64.en-us_O365ProPlusRetail_f2c1d46e-75e9-4bd5-988e-c50faf5fdcf8_TX_PR_.exe
2015-09-07 07:28 - 2015-09-07 07:28 - 00997927 _____ C:\Users\JoloH\Downloads\O15CTRRemove.diagcab
2015-09-07 06:03 - 2015-09-07 06:04 - 05599643 _____ C:\Users\JoloH\Downloads\Target-Practice-master.zip
2015-09-03 18:16 - 2015-09-03 18:16 - 00000871 _____ C:\Users\JoloH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\workspace.lnk
2015-09-03 18:16 - 2015-09-03 18:16 - 00000000 ____D C:\Users\JoloH\Trinidad Tecson
2015-09-03 16:37 - 2015-09-03 16:38 - 00233472 _____ C:\Users\JoloH\Downloads\sad_07 drawing DFD supp.ppt
2015-09-03 16:10 - 2015-09-03 16:10 - 01518592 _____ C:\Users\JoloH\Downloads\Chapter 05.ppt
2015-09-03 16:09 - 2015-09-03 16:09 - 01004544 _____ C:\Users\JoloH\Downloads\Chapter 03.ppt
2015-09-03 16:08 - 2015-09-03 16:08 - 01216512 _____ C:\Users\JoloH\Downloads\Chapter 04 (1).ppt
2015-09-03 07:21 - 2015-09-03 07:21 - 00434176 _____ C:\Users\JoloH\Downloads\QUAMET2_Lesson_10.1.ppt
2015-09-03 07:10 - 2015-09-03 07:10 - 00531968 _____ C:\Users\JoloH\Downloads\QUAMET2_Lesson_8.1.ppt
2015-09-01 10:34 - 2015-09-01 10:38 - 66691251 _____ C:\Users\JoloH\Downloads\MobProg Rea.zip
2015-09-01 10:34 - 2015-09-01 10:34 - 03706396 _____ C:\Users\JoloH\Downloads\Shooting Game.zip
2015-09-01 10:34 - 2015-09-01 10:34 - 00202658 _____ C:\Users\JoloH\Downloads\MobProg.zip
2015-09-01 06:31 - 2015-09-01 06:32 - 05839913 _____ C:\Users\JoloH\Downloads\TFR Final Defense.zip
2015-08-31 18:23 - 2015-08-31 18:23 - 00054117 _____ C:\Users\JoloH\Downloads\webDFD.jpeg
2015-08-30 06:02 - 2015-08-30 07:34 - 00000000 ____D C:\Users\JoloH\.dia
2015-08-30 05:59 - 2015-08-30 07:34 - 00005045 _____ C:\Users\JoloH\Downloads\dfdPROJECTTFR.dia
2015-08-30 05:59 - 2015-08-30 07:04 - 00005045 _____ C:\Users\JoloH\Downloads\dfdPROJECTTFR.dia~
2015-08-30 05:01 - 2015-08-30 05:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dia
2015-08-30 05:01 - 2015-08-30 05:01 - 00000000 ____D C:\Program Files (x86)\Dia
2015-08-30 04:56 - 2015-08-30 04:57 - 19620143 _____ (The Dia Developers) C:\Users\JoloH\Downloads\dia-setup-0.97.2-2-unsigned.exe
2015-08-28 05:09 - 2015-08-28 02:36 - 00090828 ____N C:\Users\JoloH\Desktop\dfdPROJECTTFR.jpeg
2015-08-27 05:41 - 2015-08-27 05:41 - 594657666 _____ C:\Windows\MEMORY.DMP
2015-08-27 05:41 - 2015-08-27 05:41 - 00303560 _____ C:\Windows\Minidump\082615-36203-01.dmp
2015-08-27 05:41 - 2015-08-27 05:41 - 00000000 ____D C:\Windows\Minidump
2015-08-27 04:47 - 2015-08-27 05:25 - 00018434 ____H C:\Users\JoloH\Downloads\~WRL2796.tmp
2015-08-27 03:44 - 2015-08-27 03:44 - 00027305 ____H C:\Users\JoloH\Downloads\~WRL2367.tmp
2015-08-27 03:27 - 2015-08-27 03:39 - 00013742 ____H C:\Users\JoloH\Downloads\~WRL4087.tmp
2015-08-26 01:45 - 2015-08-26 01:45 - 00000170 _____ C:\Users\JoloH\Desktop\TFR PROBLEMS.txt
2015-08-26 00:38 - 2015-08-26 00:39 - 00000000 ____D C:\Users\JoloH\AppData\Roaming\vlc
2015-08-25 21:15 - 2015-08-25 21:15 - 00001088 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-08-25 21:15 - 2015-08-25 21:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-08-25 21:15 - 2015-08-25 21:15 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2015-08-25 20:56 - 2015-08-25 21:12 - 28849904 _____ C:\Users\JoloH\Downloads\vlc-2.2.1-win32.exe
2015-08-25 20:18 - 2015-08-25 20:23 - 69225926 _____ C:\Users\JoloH\Downloads\END.mp4
2015-08-25 12:32 - 2015-08-25 12:33 - 19760828 _____ C:\Users\JoloH\Downloads\TFR.zip
2015-08-25 06:07 - 2015-09-01 07:24 - 03323858 _____ C:\Users\JoloH\Desktop\Project TFR.pptx
2015-08-25 02:57 - 2015-08-25 02:57 - 00000000 ____D C:\Users\JoloH\Desktop\ProjectSample
2015-08-25 02:57 - 2015-08-24 10:44 - 50567815 _____ C:\Users\JoloH\Desktop\Integrated.zip
2015-08-24 17:32 - 2015-08-25 23:25 - 00004976 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for JoloHermo-JoloH JoloHermo
2015-08-24 08:59 - 2015-08-24 09:00 - 02459798 _____ C:\Users\JoloH\Downloads\Quiz2.zip
2015-08-24 08:50 - 2015-08-24 08:50 - 00001776 _____ C:\Users\JoloH\Downloads\quizCode.txt
2015-08-24 08:21 - 2015-08-24 08:21 - 00008493 _____ C:\Users\JoloH\Downloads\Java-file.txt
2015-08-20 16:03 - 2015-08-20 16:03 - 01128510 _____ C:\Users\JoloH\Downloads\Quiz.zip
2015-08-20 15:23 - 2015-08-24 06:39 - 00000000 ____D C:\Users\JoloH\Desktop\Img
2015-08-20 05:56 - 2015-08-11 09:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-20 05:56 - 2015-08-11 08:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-20 05:03 - 2015-08-24 20:07 - 02271538 _____ C:\Users\JoloH\Downloads\Project TFR.pptx
2015-08-19 02:41 - 2015-08-19 02:42 - 00000000 ____D C:\Users\JoloH\Desktop\COUNTER STRIKE
2015-08-13 20:11 - 2015-08-13 20:11 - 00154917 _____ C:\Users\JoloH\Downloads\CameraTest.zip
2015-08-13 17:50 - 2015-07-29 07:24 - 00025776 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-13 17:50 - 2015-07-28 22:24 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-13 17:50 - 2015-07-28 22:24 - 01116160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-13 17:50 - 2015-07-28 22:24 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-13 17:50 - 2015-07-28 22:24 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-13 17:50 - 2015-07-28 22:24 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-13 17:50 - 2015-07-28 22:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-13 17:50 - 2015-07-07 17:40 - 00270168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-08-13 17:50 - 2015-07-07 17:40 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-08-13 17:50 - 2015-07-07 17:40 - 00044560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-08-13 17:50 - 2015-06-13 01:03 - 18823680 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-08-13 17:50 - 2015-06-13 00:36 - 15159296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-08-13 17:50 - 2015-06-10 02:27 - 00411133 _____ C:\Windows\system32\ApnDatabase.xml
2015-08-13 17:49 - 2015-07-15 05:59 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-08-13 17:49 - 2015-07-15 05:59 - 00487256 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2015-08-13 17:49 - 2015-07-15 05:59 - 00393560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2015-08-13 17:49 - 2015-06-12 04:12 - 02476376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-08-13 17:49 - 2015-06-12 04:12 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-08-13 09:37 - 2015-07-30 22:04 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 09:37 - 2015-07-30 21:48 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 09:15 - 2015-07-19 09:58 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-13 09:15 - 2015-07-19 02:51 - 03704320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-13 09:15 - 2015-07-19 02:31 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-13 09:15 - 2015-07-19 02:31 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-13 09:15 - 2015-07-19 02:31 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-13 09:15 - 2015-07-19 02:29 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-08-13 09:15 - 2015-07-19 02:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-13 09:15 - 2015-07-19 02:29 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-13 09:15 - 2015-07-19 02:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-13 09:15 - 2015-07-19 02:12 - 02228736 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-13 09:15 - 2015-07-19 02:10 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-13 09:15 - 2015-07-19 02:09 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-13 09:15 - 2015-07-10 01:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-13 09:15 - 2015-07-10 01:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-13 09:15 - 2015-07-10 00:30 - 00212992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-13 09:12 - 2015-07-17 04:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-13 09:12 - 2015-07-17 04:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-13 09:12 - 2015-07-17 03:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-13 09:12 - 2015-07-17 03:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-13 09:12 - 2015-07-17 03:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-13 09:12 - 2015-07-17 03:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-13 09:12 - 2015-07-17 03:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-13 09:12 - 2015-07-17 02:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-13 09:11 - 2015-07-17 04:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-13 09:11 - 2015-07-17 04:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-13 09:11 - 2015-07-17 04:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-13 09:11 - 2015-07-17 04:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-13 09:11 - 2015-07-17 03:53 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-08-13 09:11 - 2015-07-17 03:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-13 09:11 - 2015-07-17 03:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-13 09:11 - 2015-07-17 03:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-13 09:11 - 2015-07-17 03:45 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-08-13 09:11 - 2015-07-17 03:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-13 09:11 - 2015-07-17 03:38 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-08-13 09:11 - 2015-07-17 03:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-13 09:11 - 2015-07-17 03:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-13 09:11 - 2015-07-17 03:14 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-08-13 09:11 - 2015-07-17 03:13 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-08-13 09:11 - 2015-07-17 03:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-13 09:11 - 2015-07-17 03:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-13 09:11 - 2015-07-17 02:52 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-08-13 09:11 - 2015-07-17 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-13 09:11 - 2015-07-17 02:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-13 09:11 - 2015-07-17 02:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-13 09:10 - 2015-07-16 08:29 - 07458648 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-13 09:10 - 2015-07-16 08:29 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-13 09:10 - 2015-07-16 08:29 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-13 09:10 - 2015-07-16 08:28 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-13 09:10 - 2015-07-11 01:54 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-13 09:09 - 2015-07-02 06:19 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-13 09:09 - 2015-07-02 06:16 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-13 09:09 - 2015-07-02 05:37 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-13 09:09 - 2015-07-02 05:35 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-13 09:08 - 2015-07-14 03:46 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-13 09:08 - 2015-07-14 03:45 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-13 09:07 - 2015-07-14 11:22 - 02529880 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-13 09:07 - 2015-07-14 11:21 - 01901776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-13 09:07 - 2015-07-11 02:19 - 01101824 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-13 09:07 - 2015-07-11 01:42 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-13 09:07 - 2015-07-11 01:14 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-08-13 09:07 - 2015-07-11 01:13 - 07032320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-13 09:07 - 2015-07-11 00:47 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-13 09:07 - 2015-07-11 00:31 - 06213120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-13 09:07 - 2015-05-12 08:24 - 00536920 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-13 09:06 - 2015-07-29 22:37 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-13 09:06 - 2015-07-29 22:30 - 01381888 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-13 09:06 - 2015-07-29 22:23 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-13 09:06 - 2015-07-25 02:57 - 04177408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-13 09:06 - 2015-07-25 02:57 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-13 09:06 - 2015-07-25 02:52 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-13 09:06 - 2015-07-25 01:27 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-13 09:06 - 2015-07-25 01:23 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-13 06:43 - 2015-09-05 14:58 - 00000000 ____D C:\Users\JoloH\Desktop\TFR
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-09 03:07 - 2014-08-22 20:15 - 02062722 _____ C:\Windows\WindowsUpdate.log
2015-09-09 03:03 - 2014-08-22 21:03 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2180038718-1885541534-3631937290-1001
2015-09-09 03:00 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\sru
2015-09-09 02:46 - 2014-08-22 21:00 - 00000093 _____ C:\Users\JoloH\AppData\Roaming\sp_data.sys
2015-09-09 02:45 - 2014-03-18 17:44 - 00028840 _____ C:\Windows\PFRO.log
2015-09-09 02:45 - 2013-08-22 22:46 - 00040809 _____ C:\Windows\setupact.log
2015-09-09 02:45 - 2013-08-22 22:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-09 02:45 - 2013-08-22 21:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-09-09 02:44 - 2014-08-22 20:38 - 02045656 _____ C:\Users\Public\CAFADEBUG.log
2015-09-08 23:36 - 2014-08-22 23:56 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9E6C448B-FDE1-4B67-AAB1-C4C914BBE4A4}
2015-09-08 21:24 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\AppReadiness
2015-09-08 19:09 - 2014-08-22 20:41 - 00000000 ____D C:\ProgramData\McAfee
2015-09-08 19:09 - 2014-08-22 20:41 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-09-08 18:55 - 2013-08-22 21:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-09-08 18:47 - 2015-07-06 08:41 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2015-09-08 18:47 - 2013-08-22 23:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-09-08 18:43 - 2015-06-28 06:18 - 00000000 ____D C:\Users\JoloH\AppData\Local\Google
2015-09-08 18:42 - 2015-06-28 06:18 - 00000000 ____D C:\Program Files (x86)\Google
2015-09-08 18:28 - 2015-07-03 09:14 - 00000000 ____D C:\Users\JoloH\AppData\Local\CrashDumps
2015-09-08 18:25 - 2014-08-22 20:58 - 00001460 _____ C:\Users\JoloH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-09-08 18:08 - 2014-08-22 23:56 - 00000000 __SHD C:\Users\JoloH\AppData\Local\EmieUserList
2015-09-08 18:08 - 2014-08-22 23:56 - 00000000 __SHD C:\Users\JoloH\AppData\Local\EmieSiteList
2015-09-08 17:58 - 2015-07-05 02:08 - 00000000 ____D C:\Users\JoloH\Desktop\Savezips
2015-09-08 17:57 - 2015-06-28 09:47 - 00000000 ____D C:\Users\JoloH\AppData\Local\Eclipse
2015-09-08 17:57 - 2015-06-28 09:47 - 00000000 ____D C:\Users\JoloH\.p2
2015-09-08 17:49 - 2014-08-22 20:40 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-08 17:20 - 2014-03-18 17:53 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-08 12:19 - 2015-07-01 09:29 - 00003474 _____ C:\Windows\System32\Tasks\ASUS Live Update1
2015-09-08 12:19 - 2015-06-28 06:18 - 00003464 _____ C:\Windows\System32\Tasks\ASUS Live Update2
2015-09-07 19:43 - 2013-08-22 22:44 - 00474320 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-07 19:40 - 2015-07-27 17:38 - 00000000 ____D C:\Users\JoloH\.gimp-2.8
2015-09-07 18:03 - 2015-06-28 09:46 - 00000000 ____D C:\Users\JoloH\workspace
2015-09-07 17:11 - 2015-06-29 02:25 - 00000000 ____D C:\Users\JoloH\Desktop\MOBPROG
2015-09-07 16:06 - 2015-07-27 17:42 - 00000000 ____D C:\Users\JoloH\AppData\Local\gtk-2.0
2015-09-07 12:41 - 2014-08-22 20:57 - 00000000 ____D C:\Users\JoloH
2015-09-07 08:26 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-09-04 06:54 - 2015-06-29 07:01 - 00000000 ____D C:\Users\JoloH\Desktop\DocHW
2015-09-03 16:44 - 2014-08-22 20:57 - 00000000 ____D C:\Users\JoloH\AppData\Local\Packages
2015-09-02 10:35 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\NDF
2015-08-30 08:19 - 2015-07-12 05:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM Rational
2015-08-24 12:10 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\rescache
2015-08-20 09:13 - 2013-08-22 23:20 - 00000000 ____D C:\Windows\CbsTemp
2015-08-20 08:28 - 2015-07-10 21:30 - 00000000 ___HD C:\$Windows.~BT
2015-08-20 07:16 - 2014-05-24 11:15 - 00000000 ____D C:\Windows\Panther
2015-08-20 04:56 - 2013-08-22 23:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-20 04:56 - 2013-08-22 23:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-20 04:56 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-20 04:56 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-19 01:28 - 2015-06-28 10:08 - 00000000 ____D C:\Users\JoloH\.android
2015-08-16 03:07 - 2015-06-30 10:00 - 00000000 ____D C:\Windows\system32\MRT
2015-08-16 03:02 - 2015-06-30 10:00 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-16 03:00 - 2015-07-02 10:53 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-16 03:00 - 2015-07-02 10:53 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-13 09:35 - 2013-08-22 23:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-13 09:35 - 2013-08-22 23:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
 
==================== Files in the root of some directories =======
 
2015-04-19 20:20 - 2015-04-19 20:20 - 0005872 _____ () C:\Users\JoloH\AppData\Roaming\GdyuDEqUwYzIe6Tcm7vG8YUnCLZ
2015-04-20 22:05 - 2015-04-20 22:05 - 1579520 _____ () C:\Users\JoloH\AppData\Roaming\GdyuDEqUwYzIe6Tcm7vG8YUnCLZ.exe
2014-08-22 21:00 - 2015-09-09 02:46 - 0000093 _____ () C:\Users\JoloH\AppData\Roaming\sp_data.sys
2015-09-08 18:14 - 2015-09-08 18:14 - 0613255 _____ (CMI Limited) C:\Users\JoloH\AppData\Local\nsm837C.tmp
2015-07-12 05:10 - 2015-07-12 05:10 - 0064115 _____ () C:\Users\JoloH\AppData\Local\rational_state.log
2015-09-07 17:23 - 2015-09-07 17:23 - 0059158 _____ () C:\Users\JoloH\AppData\Local\recently-used.xbel
2015-07-16 20:48 - 2015-07-16 20:48 - 0007605 _____ () C:\Users\JoloH\AppData\Local\Resmon.ResmonCfg
2014-05-24 10:27 - 2012-09-07 19:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2014-05-24 10:27 - 2009-07-22 18:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-05-24 10:27 - 2012-09-07 19:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
2015-09-08 17:28 - 2015-09-08 18:05 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
 
Files to move or delete:
====================
C:\ProgramData\SetStretch.VBS
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
 
 
Some files in TEMP:
====================
C:\Users\JoloH\AppData\Local\Temp\1392.exe
C:\Users\JoloH\AppData\Local\Temp\2518.exe
C:\Users\JoloH\AppData\Local\Temp\3079.exe
C:\Users\JoloH\AppData\Local\Temp\6104.exe
C:\Users\JoloH\AppData\Local\Temp\6159.exe
C:\Users\JoloH\AppData\Local\Temp\6212.exe
C:\Users\JoloH\AppData\Local\Temp\C%2B%2Bpack.exe__15047_i1634097024_il856922.exe
C:\Users\JoloH\AppData\Local\Temp\fsd8ACB.exe
C:\Users\JoloH\AppData\Local\Temp\fsdF153.exe
C:\Users\JoloH\AppData\Local\Temp\McCSPInstall.dll
C:\Users\JoloH\AppData\Local\Temp\mccspuninstall.exe
C:\Users\JoloH\AppData\Local\Temp\Opera_NI_stable.exe
C:\Users\JoloH\AppData\Local\Temp\sqlite3.dll
C:\Users\JoloH\AppData\Local\Temp\Updater.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-09 03:03
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-09-2015
Ran by JoloH (2015-09-09 03:23:31)
Running from C:\Users\JoloH\Downloads
Windows 8.1 Single Language (X64) (2014-08-22 12:57:00)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2180038718-1885541534-3631937290-500 - Administrator - Disabled)
Guest (S-1-5-21-2180038718-1885541534-3631937290-501 - Limited - Disabled)
JoloH (S-1-5-21-2180038718-1885541534-3631937290-1001 - Administrator - Enabled) => C:\Users\JoloH
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\InstallShield_{5CA55DFC-2008-460F-B7A7-FB92100C4494}) (Version: 20.4.10117.43857 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.4.10117.43857 - Alcor Micro Corp.) Hidden
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 2.0.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.01.0003 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0034 - ASUS)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.35.62 - Conexant)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
Dia (remove only) (HKLM-x32\...\Dia) (Version:  - )
Game Explorer Categories - casual (HKLM-x32\...\WildTangentGameProvider-asus-casual) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - enthusiast (HKLM-x32\...\WildTangentGameProvider-asus-enthusiast) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - family (HKLM-x32\...\WildTangentGameProvider-asus-family) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - kids (HKLM-x32\...\WildTangentGameProvider-asus-kids) (Version: 3.2.0.6 - WildTangent, Inc.)
Game Explorer Categories - touch (HKLM-x32\...\WildTangentGameProvider-asus-touch) (Version: 3.2.0.6 - WildTangent, Inc.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
IBM Rational Rose Enterprise Edition (HKLM-x32\...\{22D66ACE-E0A1-482E-B797-0A6A377D3E91}) (Version: 2.0.0 - Rational Software)
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2105 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Java 7 Update 79 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417079FF}) (Version: 7.0.790 - Oracle)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.152 - McAfee, Inc.)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4745.1002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
NVIDIA Graphics Driver 333.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 333.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.33.529.2014 - Realtek)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VirtualDJ 8 (HKLM-x32\...\{87E2E947-4432-479C-89C5-43B1A7D374FA}) (Version: 8.0.2348.0 - Atomix Productions)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.2.301 - ASUS Cloud Corporation)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.2 - WildTangent)
Windows Driver Package - ASUS (ATP) Mouse  (03/18/2014 6.0.0.35) (HKLM\...\DAA6E0EEB715139C1CEA332C78AB4609FB3C211B) (Version: 03/18/2014 6.0.0.35 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2180038718-1885541534-3631937290-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
 
==================== Restore Points =========================
 
19-08-2015 13:10:12 Windows Update
28-08-2015 07:45:56 Scheduled Checkpoint
07-09-2015 07:48:59 Scheduled Checkpoint
08-09-2015 17:49:07 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 21:25 - 2013-08-22 21:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0B8A54EE-FF80-4AE3-8402-4291E6FF0806} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-08] (Google Inc.)
Task: {0C7A77A9-B05A-4D5C-AED2-047BA69E19DB} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-15] (ASUSTek Computer Inc.)
Task: {1579E595-89B4-46DC-BE27-D30AD01F994D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {184F3E66-85B9-4AE4-B39C-49DD604117AF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-09-07] (Microsoft Corporation)
Task: {2F9ED0BB-B95C-4D18-A096-89A414F38243} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-09-07] (Microsoft Corporation)
Task: {7228A082-081F-4ABE-852C-9CF28D79E0CF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {8F1B3E26-1B4C-4068-A7A8-581D5406B4F5} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-24] (ASUSTeK Computer Inc.)
Task: {92B3EE51-BED0-4EB0-9260-6FF58F2A6026} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-04-01] (AsusTek)
Task: {92D8206E-BB9A-47C5-8286-969365A0958A} - System32\Tasks\Microsoft Office 15 Sync Maintenance for JoloHermo-JoloH JoloHermo => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-09-07] (Microsoft Corporation)
Task: {952651B9-5C89-4AB0-884E-155654A02BCA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-09-07] (Microsoft Corporation)
Task: {B2B998C7-51D7-476F-B088-77AC350ED83C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-16] (Microsoft Corporation)
Task: {B4F068F7-DCD7-4002-8C77-AE1269FF8E6B} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-04-03] (ASUS)
Task: {BD019939-640F-436F-8EA0-C62680E7D8B7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {C2FBA146-B74C-49C0-9A98-DA49014681C4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-08] (Google Inc.)
Task: {CCEF32A3-43CE-4A57-9D60-3F231F543949} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-28] (ASUSTek Computer Inc.)
Task: {DB706BFC-4BDD-4F8D-8D71-16B26A61913B} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-13] ()
Task: {DFE42BD3-A7C7-44F8-A769-4A7961831039} - System32\Tasks\{4F2388F2-524E-4F76-B5B5-DEB0307B5DBE} => pcalua.exe -a C:\Users\JoloH\AppData\Roaming\istartsurf\UninstallManager.exe -c  -ptid=ima
Task: {EC2B0FC3-806A-4E5D-80DA-B6F3543158E2} - System32\Tasks\GdyuDEqUwYzIe6Tcm7vG8YUnCLZ => C:\Users\JoloH\AppData\Roaming\GdyuDEqUwYzIe6Tcm7vG8YUnCLZ.exe [2015-04-20] () <==== ATTENTION
Task: {FFAFC7D6-BFA8-45A3-B01A-CDE917CF2069} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-24] (ASUSTeK Computer Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GdyuDEqUwYzIe6Tcm7vG8YUnCLZ.job => C:\Users\JoloH\AppData\Roaming\GdyuDEqUwYzIe6Tcm7vG8YUnCLZ.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-08-22 20:25 - 2014-05-14 06:17 - 00118728 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-07 07:40 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-09-07 07:59 - 2015-09-07 07:59 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2014-02-26 13:14 - 2014-02-26 13:14 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-02-26 13:11 - 2014-02-26 13:11 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2014-02-26 13:17 - 2014-02-26 13:17 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2015-09-09 02:41 - 2015-09-09 02:41 - 01654784 _____ () C:\Users\JoloH\Desktop\AdwCleaner.exe
2014-02-24 18:59 - 2014-02-24 18:59 - 00109056 _____ () C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSHomeCloudAPI.dll
2014-04-03 05:46 - 2014-04-03 05:46 - 00117248 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2014-04-03 05:46 - 2014-04-03 05:46 - 00037936 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2014-04-03 05:46 - 2014-04-03 05:46 - 00018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll
2014-04-03 05:46 - 2014-04-03 05:46 - 00020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll
2014-08-22 20:20 - 2013-12-10 06:26 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-09-08 18:43 - 2015-08-28 08:17 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libglesv2.dll
2015-09-08 18:43 - 2015-08-28 08:17 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2180038718-1885541534-3631937290-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\JoloH\Downloads\owl-5923-6090-hd-wallpapers.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{6E94FE4E-8BCE-4393-96DD-EFAAEC75CC20}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9FFC559D-CF1D-4C0A-9E89-EC41D0D4A829}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{EF9570FD-B45A-4DE7-BDB5-E2180F973508}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [TCP Query User{DEEB12E5-6F05-43FC-93EE-AD57035C68D8}C:\users\joloh\desktop\counter strike\cstrike.exe] => (Allow) C:\users\joloh\desktop\counter strike\cstrike.exe
FirewallRules: [UDP Query User{CD55F2F7-4E26-4B80-BC27-8A392169FE02}C:\users\joloh\desktop\counter strike\cstrike.exe] => (Allow) C:\users\joloh\desktop\counter strike\cstrike.exe
FirewallRules: [{6F1161DF-54EE-4112-97BC-AC78C0203F02}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{85DAE799-891C-4169-9F4B-039F246912EB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{B305B760-3531-42C2-924B-F1B63DD054F9}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{83BC034F-32E2-4338-A6E7-51598E50C677}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{EAD978F2-E1AC-4CB2-9E1E-342F7293CC0A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{B38FAC2A-9BEC-4919-AEA9-5CD8A5B0A988}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/09/2015 02:37:17 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/08/2015 09:07:05 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (09/08/2015 06:56:35 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (7652) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.
 
Error: (09/08/2015 06:46:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 5.0.4062.0, time stamp: 0x55aee26a
Faulting module name: McPrtMgrPlugin.dll, version: 14.0.4113.0, time stamp: 0x55aee7ef
Exception code: 0xc0000409
Fault offset: 0x00000000000674c0
Faulting process id: 0x8cc
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3
Faulting package full name: McSvHost.exe4
Faulting package-relative application ID: McSvHost.exe5
 
Error: (09/08/2015 06:45:28 PM) (Source: AVLogEvent) (EventID: 5003) (User: NT AUTHORITY)
Description: a7f40610
 
Error: (09/08/2015 06:35:20 PM) (Source: MsiInstaller) (EventID: 10005) (User: JoloHermo)
Description: Product: Windows Defender -- You do not need to install this software because Windows Defender is included in Windows Vista. You can access Windows Defender from the Security section of the Windows Control Panel.
 
Error: (09/08/2015 06:33:09 PM) (Source: MsiInstaller) (EventID: 10005) (User: JoloHermo)
Description: Producto: Windows Defender -- No tiene que instalar este software porque Windows Defender está incluido en Windows Vista. Puede obtener acceso a Windows Defender desde la sección Seguridad del Panel de control de Windows.
 
Error: (09/08/2015 06:32:11 PM) (Source: MsiInstaller) (EventID: 10005) (User: JoloHermo)
Description: Producto: Windows Defender -- No tiene que instalar este software porque Windows Defender está incluido en Windows Vista. Puede obtener acceso a Windows Defender desde la sección Seguridad del Panel de control de Windows.
 
Error: (09/08/2015 06:31:59 PM) (Source: MsiInstaller) (EventID: 10005) (User: JoloHermo)
Description: Producto: Windows Defender -- No tiene que instalar este software porque Windows Defender está incluido en Windows Vista. Puede obtener acceso a Windows Defender desde la sección Seguridad del Panel de control de Windows.
 
Error: (09/08/2015 06:27:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17840, time stamp: 0x555fe1bb
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0x00000000
Faulting process id: 0x88c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5
 
 
System errors:
=============
Error: (09/09/2015 03:12:45 AM) (Source: DCOM) (EventID: 10010) (User: JoloHermo)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (09/09/2015 03:12:15 AM) (Source: DCOM) (EventID: 10010) (User: JoloHermo)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (09/09/2015 03:04:03 AM) (Source: DCOM) (EventID: 10010) (User: JoloHermo)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (09/09/2015 03:03:33 AM) (Source: DCOM) (EventID: 10010) (User: JoloHermo)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (09/09/2015 02:57:25 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home Single Language.
 
Error: (09/09/2015 02:45:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Delete Exit service failed to start due to the following error: 
%%2
 
Error: (09/09/2015 02:45:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Cool Barcode service failed to start due to the following error: 
%%2
 
Error: (09/09/2015 02:45:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Data Input Thumbnail service failed to start due to the following error: 
%%2
 
Error: (09/09/2015 02:44:49 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (09/09/2015 02:44:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office:
=========================
Error: (09/09/2015 02:37:17 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Users\JoloH\Downloads\vcredist_arm.exe
 
Error: (09/08/2015 09:07:05 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (09/08/2015 06:56:35 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail7652WindowsMail0:
 
Error: (09/08/2015 06:46:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: McSvHost.exe5.0.4062.055aee26aMcPrtMgrPlugin.dll14.0.4113.055aee7efc000040900000000000674c08cc01d0e96270c274b2C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exeC:\Program Files\McAfee\MSC\McPrtMgrPlugin.dllccf5dbd2-5616-11e5-8276-18cf5eff37db
 
Error: (09/08/2015 06:45:28 PM) (Source: AVLogEvent) (EventID: 5003) (User: NT AUTHORITY)
Description: a7f40610
 
Error: (09/08/2015 06:35:20 PM) (Source: MsiInstaller) (EventID: 10005) (User: JoloHermo)
Description: Product: Windows Defender -- You do not need to install this software because Windows Defender is included in Windows Vista. You can access Windows Defender from the Security section of the Windows Control Panel.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (09/08/2015 06:33:09 PM) (Source: MsiInstaller) (EventID: 10005) (User: JoloHermo)
Description: Producto: Windows Defender -- No tiene que instalar este software porque Windows Defender está incluido en Windows Vista. Puede obtener acceso a Windows Defender desde la sección Seguridad del Panel de control de Windows.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (09/08/2015 06:32:11 PM) (Source: MsiInstaller) (EventID: 10005) (User: JoloHermo)
Description: Producto: Windows Defender -- No tiene que instalar este software porque Windows Defender está incluido en Windows Vista. Puede obtener acceso a Windows Defender desde la sección Seguridad del Panel de control de Windows.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (09/08/2015 06:31:59 PM) (Source: MsiInstaller) (EventID: 10005) (User: JoloHermo)
Description: Producto: Windows Defender -- No tiene que instalar este software porque Windows Defender está incluido en Windows Vista. Puede obtener acceso a Windows Defender desde la sección Seguridad del Panel de control de Windows.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (09/08/2015 06:27:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17840555fe1bbunknown0.0.0.000000000c00004090000000088c01d0ea20f21649e3C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown465aa389-5614-11e5-8276-18cf5eff37db
 
 
CodeIntegrity:
===================================
  Date: 2015-09-09 03:05:24.139
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 40%
Total physical RAM: 3979.05 MB
Available physical RAM: 2372.51 MB
Total Virtual: 8075.05 MB
Available Virtual: 5836.73 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:372.6 GB) (Free:311.73 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:537.8 GB) (Free:434.3 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A0046D36)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:58 AM

Posted 09 September 2015 - 11:35 AM

Hi nvb3r,
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
S2 gucucoje; C:\Program Files (x86)\8834464F-1441704541-6042-B814-54A050B219AF\knsiC661.tmpfs [X]
S2 jimocoso; C:\Program Files (x86)\8834464F-1441704541-6042-B814-54A050B219AF\jnsoFAD5.tmp [X]
S2 totyseku; C:\Program Files (x86)\8834464F-1441704541-6042-B814-54A050B219AF\hnsa1823.tmp [X]
2015-09-08 18:14 - 2015-09-08 18:14 - 00613255 _____ (CMI Limited) C:\Users\JoloH\AppData\Local\nsm837C.tmp
C:\Program Files (x86)\8834464F-1441704541-6042-B814-54A050B219AF
2015-09-08 18:11 - 2015-09-09 02:33 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-09-08 18:05 - 2015-09-08 18:05 - 00000000 ____D C:\ProgramData\cWdsManProc
2015-09-08 18:01 - 2015-09-09 03:15 - 00000000 ____D C:\ProgramData\ZWdsManProZ
2015-09-08 17:28 - 2015-09-08 18:58 - 00000000 ____D C:\ProgramData\tWdsManProt
2015-09-08 17:28 - 2015-09-08 18:05 - 00000102 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-04-19 20:20 - 2015-04-19 20:20 - 0005872 _____ () C:\Users\JoloH\AppData\Roaming\GdyuDEqUwYzIe6Tcm7vG8YUnCLZ
2015-04-20 22:05 - 2015-04-20 22:05 - 1579520 _____ () C:\Users\JoloH\AppData\Roaming\GdyuDEqUwYzIe6Tcm7vG8YUnCLZ.exe
Task: {EC2B0FC3-806A-4E5D-80DA-B6F3543158E2} - System32\Tasks\GdyuDEqUwYzIe6Tcm7vG8YUnCLZ => C:\Users\JoloH\AppData\Roaming\GdyuDEqUwYzIe6Tcm7vG8YUnCLZ.exe [2015-04-20] () <==== ATTENTION
Task: C:\Windows\Tasks\GdyuDEqUwYzIe6Tcm7vG8YUnCLZ.job => C:\Users\JoloH\AppData\Roaming\GdyuDEqUwYzIe6Tcm7vG8YUnCLZ.exe <==== ATTENTION
EmptyTemp:
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------
 
How is the system running now?
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:58 AM

Posted 12 September 2015 - 04:55 AM

Hi nvb3r,
 
This is a 3 day bump:
 
It has been more than 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#10 nvb3r

nvb3r
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 12 September 2015 - 07:37 PM

Hi Toffee!

 

Sorry I wasn't able to reply these past few days because I was a bit busy with school work. Anyways, my computer seems to run much better than before. 
Here's the recent fixlog you've requested.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:12-09-2015
Ran by JoloH (2015-09-13 08:28:57) Run:2
Running from C:\Users\JoloH\Downloads
Loaded Profiles: JoloH (Available Profiles: JoloH)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
S2 gucucoje; C:\Program Files (x86)\8834464F-1441704541-6042-B814-54A050B219AF\knsiC661.tmpfs [X]
S2 jimocoso; C:\Program Files (x86)\8834464F-1441704541-6042-B814-54A050B219AF\jnsoFAD5.tmp [X]
S2 totyseku; C:\Program Files (x86)\8834464F-1441704541-6042-B814-54A050B219AF\hnsa1823.tmp [X]
2015-09-08 18:14 - 2015-09-08 18:14 - 00613255 _____ (CMI Limited) C:\Users\JoloH\AppData\Local\nsm837C.tmp
C:\Program Files (x86)\8834464F-1441704541-6042-B814-54A050B219AF
2015-09-08 18:11 - 2015-09-09 02:33 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-09-08 18:05 - 2015-09-08 18:05 - 00000000 ____D C:\ProgramData\cWdsManProc
2015-09-08 18:01 - 2015-09-09 03:15 - 00000000 ____D C:\ProgramData\ZWdsManProZ
2015-09-08 17:28 - 2015-09-08 18:58 - 00000000 ____D C:\ProgramData\tWdsManProt
2015-09-08 17:28 - 2015-09-08 18:05 - 00000102 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-04-19 20:20 - 2015-04-19 20:20 - 0005872 _____ () C:\Users\JoloH\AppData\Roaming\GdyuDEqUwYzIe6Tcm7vG8YUnCLZ
2015-04-20 22:05 - 2015-04-20 22:05 - 1579520 _____ () C:\Users\JoloH\AppData\Roaming\GdyuDEqUwYzIe6Tcm7vG8YUnCLZ.exe
Task: {EC2B0FC3-806A-4E5D-80DA-B6F3543158E2} - System32\Tasks\GdyuDEqUwYzIe6Tcm7vG8YUnCLZ => C:\Users\JoloH\AppData\Roaming\GdyuDEqUwYzIe6Tcm7vG8YUnCLZ.exe [2015-04-20] () <==== ATTENTION
Task: C:\Windows\Tasks\GdyuDEqUwYzIe6Tcm7vG8YUnCLZ.job => C:\Users\JoloH\AppData\Roaming\GdyuDEqUwYzIe6Tcm7vG8YUnCLZ.exe <==== ATTENTION
EmptyTemp:
*****************
 
gucucoje => service removed successfully
jimocoso => service removed successfully
totyseku => service removed successfully
C:\Users\JoloH\AppData\Local\nsm837C.tmp => moved successfully
"C:\Program Files (x86)\8834464F-1441704541-6042-B814-54A050B219AF" => File/Folder not found.
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => moved successfully
C:\ProgramData\cWdsManProc => moved successfully
C:\ProgramData\ZWdsManProZ => moved successfully
C:\ProgramData\tWdsManProt => moved successfully
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat => moved successfully
"C:\Users\JoloH\AppData\Roaming\GdyuDEqUwYzIe6Tcm7vG8YUnCLZ" => File/Folder not found.
"C:\Users\JoloH\AppData\Roaming\GdyuDEqUwYzIe6Tcm7vG8YUnCLZ.exe" => File/Folder not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC2B0FC3-806A-4E5D-80DA-B6F3543158E2} => key not found. 
C:\Windows\System32\Tasks\GdyuDEqUwYzIe6Tcm7vG8YUnCLZ => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GdyuDEqUwYzIe6Tcm7vG8YUnCLZ => key not found. 
C:\Windows\Tasks\GdyuDEqUwYzIe6Tcm7vG8YUnCLZ.job => not found.
EmptyTemp: => 1.3 GB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 08:29:26 ====


#11 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:58 AM

Posted 13 September 2015 - 05:11 AM

Hi nvb3r,
 
No worries, just making sure you have not left completely :)
 
I am glad to hear it is running better now.
 
Download Emsisoft Emergency Kit and save it to your desktop. Double click on EmsisoftEmergencyKit.exe to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click  Accept & Extract. A folder named EEK will be created in the root of the drive (usually c:\). .

  • After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.
  • When asked to run an online update, click Yes.
  • When the update is finished, click the Back to Security Status link in the left corner. On the main screen click the Scan Now button.
  • Select the Full Scan option and click the SCAN button.
  • When the scan is finished click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • Click the View Report button and in the Reports window double-click on the most recent log. Note, logs are named as follows: a2scan_<date>-<time>.txt.
  • Copy/paste the report contents in your next reply.

--------------
 
This scan can take a long time, so it is best done overnight or when you do not need the computer
 
I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Emsisoft log
  • ESET log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#12 nvb3r

nvb3r
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 13 September 2015 - 04:15 PM

Hi Toffee!

 

Here's the report logs that you've requested. :)

 

Emsisoft Emergency Kit - Version 10.0
Last update: 9/14/2015 12:14:55 AM
User account: JoloHermo\JoloH
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 9/14/2015 12:15:48 AM
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SU detected: Application.Toolbar (A)
 
Scanned 75836
Found 1
 
Scan end: 9/14/2015 12:21:08 AM
Scan time: 0:05:20
 
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SU Quarantined Application.Toolbar (A)
 
ESET 
 
Quarantined 1
 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\globalupdate.exe.vir Win32/AlteredSoftware.F potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\globalupdate.exe.vir Win32/AlteredSoftware.F potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\globalupdateBroker.exe.vir Win32/AlteredSoftware.H potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\globalupdateCrashHandler.exe.vir Win32/AlteredSoftware.F potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\globalupdateOnDemand.exe.vir Win32/AlteredSoftware.H potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll.vir a variant of Win32/AlteredSoftware.E potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll.vir a variant of Win32/AlteredSoftware.G potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\psuser.dll.vir a variant of Win32/AlteredSoftware.G potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Windows\Sysnative\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\JoloH\AppData\Local\nsm837C.tmp.xBAD Win32/AnyProtect.G potentially unwanted application deleted - quarantined
 


#13 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:58 AM

Posted 14 September 2015 - 11:22 AM

Hi nvb3r,
 
Your version of Java is out of date. Older versions of programs have vulnerabilities that malicious sites can use to exploit and infect your system.

You may want to read these before you update, as most users do not use Java and have no need for it to be on their computer:
You don't need Java
W3Techs usage statistics and market share data of Java on the web
 
If you want to use Java, then please follow these steps to remove older version Java components and update:

  • Download the latest version of Java and save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Control Panel, and double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7/8.
  • Check (highlight) any item with Java in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the Java installer to install the newest version.
  • If using Windows 7/8 or Vista and the installer refuses to launch due to insufficient user permissions, then Run as Administrator.
  • When the Java Setup - Welcome window opens, click the Install button.
  • If offered any unwanted software or toolbars during installation (such as the Ask Toolbar); just uncheck the box before continuing unless you want it.
  • Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature, and you will not have to remember to update when Java releases a new version.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#14 nvb3r

nvb3r
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:58 AM

Posted 14 September 2015 - 07:37 PM

Hi Toffee!

 

Before I uninstall my older version of my java programs and update it to the newest one, do I also include my Java SE Development Kit in this process? I use the Dev kit (Java SE Development Kit 8 Update 45) for my school works.

 

Thanks!



#15 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:01:58 AM

Posted 18 September 2015 - 11:53 AM

Hi nvb3r,

 

Sorry about the delay.

 

You should see if there is a newer version of the development kit, if not then you don't need to include it.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users