Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with my hijack list pls


  • This topic is locked This topic is locked
23 replies to this topic

#1 Azzybone

Azzybone

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 27 October 2015 - 03:33 PM

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 3:33:03 PM, on 10/27/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10240.16412)
 
 
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\AirDroid\AirDroid.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\azzybone69\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\azzybone69\Desktop\HijackThis (1).exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkID=617912&ResetID=130899901244223324&GUID=B2C6326D-F6FA-4A06-83BE-DB3CAD968BB0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=
O2 - BHO: unaisales - {03b08c4b-9a94-4847-a899-6b7fa8c03764} - (no file)
O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: PCGizmosBHO - {A817C286-3D6B-4ECD-A99C-E44E50DBC523} - C:\Users\azzybone69\AppData\Roaming\PC-Gizmos\PCGizmosBHO.dll
O2 - BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [RazerCortex] C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe -autorun
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [uTorrent] "C:\Users\azzybone69\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [EasyTether] "C:\Program Files\Mobile Stream\EasyTether\easytthr.exe"
O4 - HKCU\..\Run: [AirDroid 3] C:\Program Files (x86)\AirDroid\AirDroid.exe /start
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_5D6BF9657FB7A90DF8D0CFF76B7BF340] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [OneDrive] "C:\Users\azzybone69\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\azzybone69\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\azzybone69\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Norton Identity Safe (NCO) - Symantec Corporation - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\ngcsvc.dll,-100 (NgcSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: Razer Game Scanner (Razer Game Scanner Service) - Unknown owner - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: RzKLService - Razer Inc. - C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 11360 bytes

Edited by Queen-Evie, 27 October 2015 - 04:09 PM.
moved from Windows Startup Programs Database to Malware Removal Logs. HJT logs are allowed only MRL


BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,429 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:20 AM

Posted 30 October 2015 - 12:13 PM

:welcome:

Hello Azzybone,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.



***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 Jo*

Jo*

  • Malware Response Team
  • 3,429 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:20 AM

Posted 01 November 2015 - 01:19 PM

Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Threads will be closed if no response after 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#4 Jo*

Jo*

  • Malware Response Team
  • 3,429 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:20 AM

Posted 03 November 2015 - 03:59 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 Jo*

Jo*

  • Malware Response Team
  • 3,429 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:20 AM

Posted 07 November 2015 - 03:27 PM

re-opened topic

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#6 Azzybone

Azzybone
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 07 November 2015 - 03:34 PM

 Results of screen317's Security Check version 1.009  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 65  
 Java version 32-bit out of Date! 
 Adobe Flash Player 19.0.0.226  
 Google Chrome 36.0.1985.125 Google Chrome out of date!  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast afwServ.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by azzybone69 (administrator) on AZZYBONE (07-11-2015 14:15:05)
Running from C:\Users\azzybone69\Desktop
Loaded Profiles: azzybone69 (Available Profiles: azzybone69)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\azzybone69\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2014-10-08] (Power Software Ltd)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe [98256 2015-08-31] (Razer Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-11-19] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6133520 2015-11-06] (AVAST Software)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-10-26] (LogMeIn Inc.)
HKLM\...\Policies\Explorer: [NofolderOptions] 0
HKU\S-1-5-21-875877713-2579404753-1874690935-1001\...\Run: [uTorrent] => C:\Users\azzybone69\AppData\Roaming\uTorrent\uTorrent.exe [1822048 2015-10-22] (BitTorrent Inc.)
HKU\S-1-5-21-875877713-2579404753-1874690935-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2901584 2015-10-14] (Valve Corporation)
HKU\S-1-5-21-875877713-2579404753-1874690935-1001\...\Run: [EasyTether] => C:\Program Files\Mobile Stream\EasyTether\easytthr.exe [73728 2014-09-02] (Mobile Stream)
HKU\S-1-5-21-875877713-2579404753-1874690935-1001\...\Run: [GoogleChromeAutoLaunch_5D6BF9657FB7A90DF8D0CFF76B7BF340] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-10-20] (Google Inc.)
HKU\S-1-5-21-875877713-2579404753-1874690935-1001\...\RunOnce: [Uninstall C:\Users\azzybone69\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\azzybone69\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-875877713-2579404753-1874690935-1001\...\RunOnce: [Uninstall C:\Users\azzybone69\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\azzybone69\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-875877713-2579404753-1874690935-1001\...\Policies\system: [EnableLUA] 1
HKU\S-1-5-21-875877713-2579404753-1874690935-1001\...\Policies\Explorer: [NofolderOptions] 0
HKU\S-1-5-21-875877713-2579404753-1874690935-1001\...\MountPoints2: {5af21226-7a7c-11e5-bf13-00262d1910eb} - "E:\DPFMate.exe" 
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-24] (AVAST Software)
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{07F9F952-8B84-42A4-8432-8AF35F1561B4}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{15cb7cad-6667-4a2b-89e4-912d1f7c4e61}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{dfe9ffb8-2fec-4d7a-8a2d-93683570dcae}: [DhcpNameServer] 75.75.76.76 75.75.75.75
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=130899901244174030&GUID=B2C6326D-F6FA-4A06-83BE-DB3CAD968BB0
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.v9.com/web/?type=ds&ts=1406483250&from=epom1&uid=WDCXWD6400AAKS-00A7B2_WD-WCASY837958179581&i=psd&t=346544ff7&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com/?type=hp&ts=1406483250&from=epom1&uid=WDCXWD6400AAKS-00A7B2_WD-WCASY837958179581&i=psd&t=346544ff7
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.v9.com/web/?type=ds&ts=1406483250&from=epom1&uid=WDCXWD6400AAKS-00A7B2_WD-WCASY837958179581&i=psd&t=346544ff7&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=130899901244238906&GUID=B2C6326D-F6FA-4A06-83BE-DB3CAD968BB0
HKU\S-1-5-21-875877713-2579404753-1874690935-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.msn.com/
HKU\S-1-5-21-875877713-2579404753-1874690935-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=130899901244223324&GUID=B2C6326D-F6FA-4A06-83BE-DB3CAD968BB0
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_ir_14_30_ch&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzy0Czy0Ezy0AtAtA0D0EzytN0D0Tzu0SzytAyDtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCtBtDzyyB0EzzzztG0E0FyCtBtGyBtCtBtBtG0CtDtDyBtGyBtCyBtAyB0Fzz0DyC0A0FyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtDtDtCtD0C0AtCtG0CyBtAzytGtAzzyCzztGyDyDtCyEtGyDtDyCyEzz0DtDyBtB0D0EyC2Q&cr=962624587&ir=
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_ir_14_30_ch&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzy0Czy0Ezy0AtAtA0D0EzytN0D0Tzu0SzytAyDtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyCtDtCyB0A0CyCtG0DyBtCtBtGyE0FyDtCtGtByEyBtDtGyCyBtCtB0BtB0E0ByEyCtDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtDtDtCtD0C0AtCtG0CyBtAzytGtAzzyCzztGyDyDtCyEtGyDtDyCyEzz0DtDyBtB0D0EyC2Q&cr=1152135771&ir=
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.v9.com/web/?type=ds&ts=1406483250&from=epom1&uid=WDCXWD6400AAKS-00A7B2_WD-WCASY837958179581&i=psd&t=346544ff7&q={searchTerms}
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.thesearchpage.info/?l=1&q={searchTerms}&pid=3458&r=2015/01/15&hid=10597584699776177031&lg=EN&cc=US&unqvl=74
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-875877713-2579404753-1874690935-1001 -> DefaultScope {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-875877713-2579404753-1874690935-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-875877713-2579404753-1874690935-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={1101EB34-8A79-4C73-AF9B-10429F7E30AC}&mid=89e2a8e298e747cd9d16d16f6bfdf918-58f37fdd8bd9147791b1eb669e2450905ba4d8b3&lang=en&ds=px011&coid=&cmpid=&pr=sa&d=2015-01-28 05:02:42&v=18.3.0.885&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-875877713-2579404753-1874690935-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.look-for-it.info/?l=1&q={searchTerms}&pid=22580&r=2015/02/12&hid=16843244799333283979&lg=EN&cc=US&unqvl=82
BHO: unisaleeS -> {005c774c-09c6-4425-bad3-804697fac1a5} -> No File
BHO: unaisales -> {03b08c4b-9a94-4847-a899-6b7fa8c03764} -> No File
BHO: PCCpnApp -> {19c16f6a-3bc6-4df1-b953-77e179344a4b} -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-10-24] (AVAST Software)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll [2014-09-20] (Symantec Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-24] (Oracle Corporation)
BHO-x32: unaisales -> {03b08c4b-9a94-4847-a899-6b7fa8c03764} -> No File
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-23] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-10-24] (AVAST Software)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Block YouTube Ads -> {A817C286-3D6B-4ECD-A99C-E44E50DBC523} -> C:\Users\azzybone69\AppData\Roaming\PC-Gizmos\PCGizmosBHO.dll [2014-07-30] (PC Gizmos)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-23] (Oracle Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.8.23\coIEPlg.dll [2014-09-20] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-875877713-2579404753-1874690935-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
 
FireFox:
========
FF ProfilePath: C:\Users\azzybone69\AppData\Roaming\Mozilla\Firefox\Profiles\9fdlz0uj.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: WebSearch
FF Homepage: hxxp://websearch.look-for-it.info/?pid=22580&r=2015/02/12&hid=16843244799333283979&lg=EN&cc=US&unqvl=82
FF Keyword.URL: hxxp://websearch.look-for-it.info/?pid=22580&r=2015/02/12&hid=16843244799333283979&lg=EN&cc=US&unqvl=82&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF DefaultSearchEngine,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.look-for-it.info/?pid=22580&r=2015/02/12&hid=16843244799333283979&lg=EN&cc=US&unqvl=82&l=1&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-22] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll [2014-07-24] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-22] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-23] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-07-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-07-07] (Google Inc.)
FF SearchPlugin: C:\Users\azzybone69\AppData\Roaming\Mozilla\Firefox\Profiles\9fdlz0uj.default\searchplugins\WebSearch.xml [2015-02-12]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn => not found
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-10-24] [not signed]
FF HKU\S-1-5-21-875877713-2579404753-1874690935-1001\...\Firefox\Extensions: [{30AFFE5E-F242-DCFF-E37A-9D6EDD7CE0DD}] - C:\Program Files (x86)\di1Re-Markable\175.xpi
FF Extension: Re-Markable - C:\Program Files (x86)\di1Re-Markable\175.xpi [2014-07-18] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://www.google.com/"
CHR Profile: C:\Users\azzybone69\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\azzybone69\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-22]
CHR Extension: (Google Drive) - C:\Users\azzybone69\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\azzybone69\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-22]
CHR Extension: (Google Cast) - C:\Users\azzybone69\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-10-23]
CHR Extension: (Google Search) - C:\Users\azzybone69\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (SAO Theme 1920x1080) - C:\Users\azzybone69\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgikfepnnphbmgngmpiflajcbmoomnll [2015-11-07]
CHR Extension: (Tampermonkey) - C:\Users\azzybone69\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-11-07]
CHR Extension: (Avast SafePrice) - C:\Users\azzybone69\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-11-07]
CHR Extension: (Pandora) - C:\Users\azzybone69\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2015-11-07]
CHR Extension: (Google Docs Offline) - C:\Users\azzybone69\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-22]
CHR Extension: (Avast Online Security) - C:\Users\azzybone69\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\azzybone69\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-22]
CHR Extension: (XFINITY® TV Go Stream Live TV Online) - C:\Users\azzybone69\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbefpbidnpmpfbkledpohpejdcgfnfif [2015-11-07]
CHR Extension: (Gmail) - C:\Users\azzybone69\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-22]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-10-24]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-10-24]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-24] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109008 2015-10-24] (AVAST Software)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393728 2014-11-21] (BlueStack Systems, Inc.) [File not signed]
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-11-19] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [786136 2014-11-19] (BlueStack Systems, Inc.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-10-26] (LogMeIn, Inc.)
S2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\NST.exe [130104 2014-09-20] (Symantec Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910128 2015-02-25] (Electronic Arts)
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-08-14] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [129168 2015-08-31] (Razer Inc.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2015-01-17] (Tunngle.net GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-09] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-09] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-24] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-10-24] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-24] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [454528 2015-10-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-24] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-24] (AVAST Software)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-11-19] (BlueStack Systems)
S3 ghsdiagMDM; C:\Windows\system32\DRIVERS\ghsdiagMDM.sys [122496 2015-10-28] (HS Incorporated)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-10-26] (LogMeIn Inc.)
S3 libusb0; C:\Windows\system32\DRIVERS\libusb0.sys [52832 2014-08-01] (hxxp://libusb-win32.sourceforge.net)
R3 RTL8187B; C:\Windows\System32\drivers\rtl8187B.sys [459336 2015-06-17] (Realtek Semiconductor Corporation                           )
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
S3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-10-24] (Symantec Corporation)
R3 tap0901t; C:\Windows\System32\drivers\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-09] ()
S3 usbbus; C:\Windows\System32\drivers\lgx64bus.sys [17920 2014-05-27] (LG Electronics Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-09] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-09] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-09] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-07 14:15 - 2015-11-07 14:15 - 00022972 _____ C:\Users\azzybone69\Desktop\FRST.txt
2015-11-07 14:14 - 2015-11-07 14:15 - 00000000 ____D C:\FRST
2015-11-07 14:14 - 2015-11-07 14:13 - 02198528 _____ (Farbar) C:\Users\azzybone69\Desktop\FRST64.exe
2015-11-07 14:13 - 2015-11-07 14:13 - 02198528 _____ (Farbar) C:\Users\azzybone69\Downloads\FRST64.exe
2015-11-07 14:12 - 2015-11-07 14:11 - 00852720 _____ C:\Users\azzybone69\Desktop\SecurityCheck.exe
2015-11-07 14:11 - 2015-11-07 14:11 - 00852720 _____ C:\Users\azzybone69\Downloads\SecurityCheck.exe
2015-11-07 13:58 - 2015-11-07 13:58 - 00016148 _____ C:\WINDOWS\system32\AZZYBONE_azzybone69_HistoryPrediction.bin
2015-11-06 17:30 - 2015-11-06 17:31 - 00282608 _____ C:\WINDOWS\Minidump\110615-34406-01.dmp
2015-11-06 17:30 - 2015-11-06 17:30 - 589482666 _____ C:\WINDOWS\MEMORY.DMP
2015-11-06 17:30 - 2015-11-06 17:30 - 00000000 ____D C:\WINDOWS\Minidump
2015-10-29 21:23 - 2015-10-29 21:22 - 33631037 _____ C:\Users\azzybone69\Desktop\com.miniclip.eightballpool-3.3.3-APK4Fun.com.apk
2015-10-29 21:21 - 2015-10-29 21:22 - 33631037 _____ C:\Users\azzybone69\Downloads\com.miniclip.eightballpool-3.3.3-APK4Fun.com.apk
2015-10-29 19:21 - 2015-10-29 19:20 - 524553498 _____ C:\Users\azzybone69\Desktop\stormer_stock_B05.zip
2015-10-29 19:19 - 2015-10-29 19:16 - 554059993 ____N C:\Users\azzybone69\Desktop\Boost_Max_SD_Card_Upgrade_Package_ZIP_-_528MB_.zip
2015-10-29 19:02 - 2015-10-29 19:20 - 524553498 _____ C:\Users\azzybone69\Downloads\stormer_stock_B05.zip
2015-10-29 18:49 - 2015-10-27 17:38 - 21871616 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-10-29 18:49 - 2015-10-27 17:16 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-10-29 18:49 - 2015-10-21 06:45 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-10-29 18:49 - 2015-10-21 06:44 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-10-29 18:49 - 2015-10-21 06:43 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-10-29 18:49 - 2015-10-21 06:39 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-10-29 18:49 - 2015-10-21 06:00 - 24595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-29 18:49 - 2015-10-21 06:00 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-10-29 18:49 - 2015-10-21 05:57 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-10-29 18:49 - 2015-10-21 05:52 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-10-29 18:49 - 2015-10-21 05:50 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-10-29 18:49 - 2015-10-21 05:48 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-10-29 18:49 - 2015-10-21 05:46 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-10-29 18:49 - 2015-10-21 05:46 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-10-29 18:49 - 2015-10-21 05:44 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-10-29 18:49 - 2015-10-21 05:44 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-10-29 18:49 - 2015-10-21 05:43 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-10-29 18:49 - 2015-10-21 05:42 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-10-29 18:49 - 2015-10-21 05:41 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-10-29 18:49 - 2015-10-21 05:40 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-10-29 18:49 - 2015-10-21 05:38 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-10-29 18:49 - 2015-10-20 23:53 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-10-29 18:49 - 2015-10-20 23:49 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-10-29 18:49 - 2015-10-20 23:13 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-29 18:49 - 2015-10-20 23:11 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-10-29 18:49 - 2015-10-20 23:08 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-10-29 18:49 - 2015-10-20 23:05 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-10-29 18:49 - 2015-10-20 23:03 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-10-29 18:49 - 2015-10-20 22:58 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-10-29 18:49 - 2015-10-20 22:58 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-10-29 18:48 - 2015-10-21 05:59 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-10-29 18:48 - 2015-10-21 05:47 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-10-29 18:48 - 2015-10-20 23:03 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-10-29 18:48 - 2015-10-20 22:55 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-10-29 17:35 - 2015-10-29 17:35 - 472897593 _____ C:\Users\azzybone69\Desktop\stormer_stock_B06.zip
2015-10-29 17:27 - 2015-10-29 17:35 - 472897593 _____ C:\Users\azzybone69\Downloads\stormer_stock_B06.zip
2015-10-29 14:37 - 2015-10-29 14:37 - 393856579 _____ C:\Users\azzybone69\Desktop\stormer_stock_B06_deodexed_1c.zip
2015-10-29 14:32 - 2015-10-29 14:37 - 393856579 _____ C:\Users\azzybone69\Downloads\stormer_stock_B06_deodexed_1c.zip
2015-10-29 13:53 - 2015-10-29 13:53 - 00863144 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\azzybone69\Downloads\rufus-2.5.exe
2015-10-29 13:31 - 2013-12-31 06:31 - 00000000 ____D C:\Users\azzybone69\Desktop\New folder (4)
2015-10-29 13:20 - 2015-10-29 13:20 - 47185920 _____ C:\Users\azzybone69\Downloads\stormer_test_unbrick (2).iso
2015-10-29 13:20 - 2015-10-29 13:10 - 04831744 _____ (Geza Kovacs) C:\Users\azzybone69\Desktop\unetbootin-windows-613.exe
2015-10-29 13:09 - 2015-10-29 13:10 - 04831744 _____ (Geza Kovacs) C:\Users\azzybone69\Downloads\unetbootin-windows-613.exe
2015-10-28 19:41 - 2015-10-28 19:41 - 00122496 _____ (HS Incorporated) C:\WINDOWS\system32\Drivers\ghsdiagMDM.sys
2015-10-28 19:28 - 2015-10-28 20:04 - 00000000 ____D C:\Users\azzybone69\Desktop\P752D04_DEV_US_20131212_firefox_v1.2
2015-10-28 19:28 - 2015-10-28 19:28 - 109994457 _____ C:\Users\azzybone69\Desktop\P752D04_DEV_US_20131212_v1.2.7z
2015-10-28 19:26 - 2015-10-28 19:28 - 109994457 _____ C:\Users\azzybone69\Downloads\P752D04_DEV_US_20131212_v1.2.7z
2015-10-28 19:25 - 2015-10-28 19:25 - 00239291 _____ C:\Users\azzybone69\Downloads\upgrade_tool.zip
2015-10-28 19:19 - 2015-10-28 19:20 - 47185920 _____ C:\Users\azzybone69\Downloads\stormer_test_unbrick (1).iso
2015-10-28 18:57 - 2015-10-28 18:58 - 47185920 _____ C:\Users\azzybone69\Downloads\stormer_test_unbrick.iso
2015-10-28 17:15 - 2015-10-28 17:15 - 00000000 ___RD C:\Users\azzybone69\3D Objects
2015-10-28 17:14 - 2015-10-28 17:14 - 00001327 _____ C:\Users\azzybone69\Desktop\Continue Java Runtime Environment Installation.lnk
2015-10-28 17:01 - 2015-10-28 17:07 - 00001332 _____ C:\Users\Public\Desktop\Razer Cortex.lnk
2015-10-28 16:42 - 2015-10-28 17:14 - 00950720 _____ (Application ) C:\Users\azzybone69\Downloads\java_runtime_enviroment_setup.exe
2015-10-28 16:42 - 2015-10-28 17:13 - 00001719 _____ C:\Users\azzybone69\Desktop\Play Deadpool.lnk
2015-10-28 16:42 - 2015-10-28 16:42 - 00950720 _____ (Application ) C:\Users\azzybone69\Downloads\java_runtime_enviroment_setup (1).exe
2015-10-28 16:42 - 2015-10-28 16:42 - 00000000 ____D C:\Users\azzybone69\AppData\Local\SKIDROW
2015-10-28 16:35 - 2015-10-28 16:35 - 00000000 ____D C:\Games
2015-10-27 16:45 - 2015-10-27 17:08 - 00000000 ____D C:\Users\azzybone69\Downloads\DeadPool PC full game EN-RU ^^nosTEAM^^
2015-10-27 16:43 - 2015-10-27 16:43 - 00032800 _____ C:\Users\azzybone69\Downloads\DeadPool.PC.full.game.EN-RU.-font.color=#ccc-^^nosTEAM^^--font-.torrent
2015-10-27 16:36 - 2015-10-27 16:37 - 07779754 _____ C:\Users\azzybone69\Downloads\DEADPOOL.V1.0.ALL.FAIRLIGHT.NODVD.ZIP
2015-10-27 16:04 - 2015-10-27 16:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-10-27 16:04 - 2015-10-27 16:04 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2015-10-27 15:59 - 2015-10-27 16:00 - 15494730 _____ (LG Electronics) C:\Users\azzybone69\Downloads\Unconfirmed 347555.crdownload
2015-10-27 15:15 - 2015-10-27 15:15 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-10-27 14:41 - 2015-10-27 14:41 - 00000000 ____D C:\Users\azzybone69\Desktop\backups
2015-10-27 14:17 - 2015-10-27 14:33 - 00011362 _____ C:\Users\azzybone69\Desktop\hijackthis.log
2015-10-27 14:16 - 2015-10-27 14:16 - 00011441 _____ C:\Users\azzybone69\Documents\hijackthis.log
2015-10-27 14:14 - 2015-10-27 14:06 - 00388608 _____ (Trend Micro Inc.) C:\Users\azzybone69\Desktop\HijackThis (1).exe
2015-10-27 14:09 - 2015-10-27 14:09 - 00010947 _____ C:\Users\azzybone69\Downloads\hijackthis.log
2015-10-27 14:06 - 2015-10-27 14:06 - 00388608 _____ (Trend Micro Inc.) C:\Users\azzybone69\Downloads\HijackThis (1).exe
2015-10-27 14:05 - 2015-10-27 14:05 - 00388608 _____ (Trend Micro Inc.) C:\Users\azzybone69\Downloads\HijackThis.exe
2015-10-27 13:57 - 2015-10-28 14:35 - 00000000 ____D C:\Users\azzybone69\AppData\LocalLow\uTorrent
2015-10-26 10:11 - 2015-10-26 10:11 - 00045680 _____ (LogMeIn Inc.) C:\WINDOWS\system32\Drivers\Hamdrv.sys
2015-10-24 15:07 - 2015-10-24 15:07 - 00000000 ____D C:\Users\Public\Documents\AirDroid
2015-10-24 14:44 - 2015-10-27 16:04 - 00001002 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2015-10-24 13:48 - 2015-10-24 13:48 - 01180529 _____ C:\WINDOWS\unins000.exe
2015-10-24 13:43 - 2015-10-24 13:48 - 00001758 _____ C:\WINDOWS\unins000.dat
2015-10-24 13:41 - 2015-10-24 13:41 - 00000000 ____D C:\Users\azzybone69\AppData\Roaming\AVAST Software
2015-10-24 13:40 - 2015-10-24 13:40 - 00002034 _____ C:\Users\Public\Desktop\Avast SafeZone.lnk
2015-10-24 13:40 - 2015-10-24 13:40 - 00001974 _____ C:\Users\Public\Desktop\Avast Premier.lnk
2015-10-24 13:40 - 2015-10-24 13:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-10-24 13:39 - 2015-11-07 13:20 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-10-24 13:39 - 2015-11-06 16:44 - 01059656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-10-24 13:39 - 2015-11-06 16:44 - 00449992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-10-24 13:39 - 2015-10-24 13:39 - 01853762 _____ C:\Users\azzybone69\Downloads\AA By Onhax (1).rar
2015-10-24 13:39 - 2015-10-24 13:39 - 00454528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys
2015-10-24 13:39 - 2015-10-24 13:39 - 00378880 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-10-24 13:39 - 2015-10-24 13:39 - 00274808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-10-24 13:39 - 2015-10-24 13:39 - 00153744 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-10-24 13:39 - 2015-10-24 13:39 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-10-24 13:39 - 2015-10-24 13:39 - 00090968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-10-24 13:39 - 2015-10-24 13:39 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-10-24 13:39 - 2015-10-24 13:39 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-10-24 13:39 - 2015-10-24 13:39 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-10-24 13:39 - 2015-10-24 13:39 - 00028144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2015-10-24 13:38 - 2015-10-24 13:39 - 01853762 _____ C:\Users\azzybone69\Downloads\AA By Onhax.rar
2015-10-24 13:38 - 2015-10-24 13:38 - 00000000 ____D C:\Program Files\AVAST Software
2015-10-24 13:37 - 2015-10-24 13:38 - 00000000 ____D C:\ProgramData\AVAST Software
2015-10-24 13:28 - 2015-10-24 13:37 - 210952456 _____ (AVAST Software) C:\Users\azzybone69\Downloads\Aivast_premier_antiviirus_setup.exe
2015-10-24 13:10 - 2015-10-24 13:10 - 01917416 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01005.dll
2015-10-24 13:10 - 2015-10-24 13:10 - 01917416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfCoInstaller01005.dll
2015-10-24 13:10 - 2015-10-24 13:10 - 00036328 _____ (Google Inc) C:\WINDOWS\system32\Drivers\ssadadb.sys
2015-10-24 13:09 - 2015-10-24 13:09 - 00177640 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\ssadmdm.sys
2015-10-24 13:09 - 2015-10-24 13:09 - 00157672 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\ssadbus.sys
2015-10-24 13:09 - 2015-10-24 13:09 - 00146920 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\ssadserd.sys
2015-10-24 13:09 - 2015-10-24 13:09 - 00016872 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\ssadmdfl.sys
2015-10-24 13:09 - 2015-10-24 13:09 - 00013800 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\ssadwhnt.sys
2015-10-24 13:09 - 2015-10-24 13:09 - 00013800 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\ssadwh.sys
2015-10-24 13:09 - 2015-10-24 13:09 - 00013288 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\ssadcmnt.sys
2015-10-24 13:09 - 2015-10-24 13:09 - 00013288 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\ssadcm.sys
2015-10-24 12:13 - 2015-10-24 12:13 - 09989712 _____ (MEGA Limited) C:\Users\azzybone69\Desktop\MEGAsyncSetup.exe
2015-10-24 11:55 - 2015-10-24 11:50 - 134091312 _____ C:\Users\azzybone69\Desktop\Norton_Security_2015_Setup+Trial_Resetter.rar
2015-10-24 11:31 - 2015-10-24 11:31 - 00000000 ____D C:\Users\azzybone69\AppData\Local\NetworkTiles
2015-10-24 11:17 - 2015-10-24 11:17 - 00000000 ____D C:\Users\azzybone69\Desktop\New folder (3)
2015-10-24 11:16 - 2015-10-24 11:16 - 02605576 _____ (Hewlett-Packard Development Company, LP) C:\WINDOWS\system32\hpinkins7212.exe
2015-10-24 11:16 - 2015-10-24 11:16 - 00336904 _____ (Hewlett-Packard Development Company, LP) C:\WINDOWS\system32\hpinksts7212LM.dll
2015-10-24 11:16 - 2015-10-24 11:16 - 00272392 _____ (Hewlett-Packard Development Company, LP) C:\WINDOWS\system32\hpinkcoi7212.dll
2015-10-24 11:08 - 2015-10-24 12:18 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2015-10-24 10:42 - 2015-10-24 11:58 - 00001373 _____ C:\Users\azzybone69\Desktop\Norton Installation Files.lnk
2015-10-23 17:35 - 2015-07-05 04:08 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-10-23 17:33 - 2015-10-10 01:12 - 00078528 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-23 17:33 - 2015-10-05 21:03 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-23 17:33 - 2015-10-05 20:46 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-10-23 17:33 - 2015-09-30 22:01 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-23 17:33 - 2015-09-30 22:01 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-23 17:33 - 2015-09-30 22:01 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-23 17:33 - 2015-09-30 22:01 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-23 17:33 - 2015-09-30 22:00 - 08020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-23 17:33 - 2015-09-30 21:03 - 00757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-23 17:33 - 2015-09-24 22:01 - 02573768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-10-23 17:33 - 2015-09-24 22:01 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-10-23 17:33 - 2015-09-24 21:56 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-23 17:33 - 2015-09-24 21:52 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-10-23 17:33 - 2015-09-24 21:33 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-10-23 17:33 - 2015-09-24 21:26 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-10-23 17:33 - 2015-09-24 21:11 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-23 17:33 - 2015-09-24 21:11 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-23 17:33 - 2015-09-24 21:09 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-23 17:33 - 2015-09-24 21:07 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-23 17:33 - 2015-09-24 21:04 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-23 17:33 - 2015-09-24 21:04 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-10-23 17:33 - 2015-09-24 21:03 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2015-10-23 17:33 - 2015-09-24 21:03 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-23 17:33 - 2015-09-24 21:02 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-10-23 17:33 - 2015-09-24 21:02 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-10-23 17:33 - 2015-09-24 21:02 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-23 17:33 - 2015-09-24 21:01 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-23 17:33 - 2015-09-24 21:01 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-10-23 17:33 - 2015-09-24 21:00 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-10-23 17:33 - 2015-09-24 21:00 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-10-23 17:33 - 2015-09-24 21:00 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-10-23 17:33 - 2015-09-24 21:00 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2015-10-23 17:33 - 2015-09-24 20:59 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-10-23 17:33 - 2015-09-24 20:59 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2015-10-23 17:33 - 2015-09-24 20:59 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2015-10-23 17:33 - 2015-09-24 20:59 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-23 17:33 - 2015-09-24 20:59 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-23 17:33 - 2015-09-24 20:59 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2015-10-23 17:33 - 2015-09-24 20:58 - 01871360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-10-23 17:33 - 2015-09-24 20:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2015-10-23 17:33 - 2015-09-24 20:47 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2015-10-23 17:33 - 2015-09-24 20:38 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-23 17:33 - 2015-09-24 20:38 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-10-23 17:33 - 2015-09-24 20:38 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2015-10-23 17:33 - 2015-09-24 20:38 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-23 17:33 - 2015-09-24 20:37 - 00766976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-10-23 17:33 - 2015-09-24 20:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2015-10-23 17:33 - 2015-09-24 20:37 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2015-10-23 17:33 - 2015-09-24 20:36 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-10-23 17:33 - 2015-09-24 20:36 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-10-23 17:33 - 2015-09-24 20:34 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-10-23 17:33 - 2015-09-24 20:34 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-10-23 17:33 - 2015-09-24 20:34 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2015-10-23 17:33 - 2015-09-24 20:34 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2015-10-23 17:33 - 2015-09-24 20:34 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2015-10-23 17:33 - 2015-09-24 20:33 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2015-10-23 17:33 - 2015-09-24 20:32 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-10-23 17:33 - 2015-09-24 20:32 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-10-23 17:33 - 2015-09-18 23:14 - 00102304 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2015-10-23 17:33 - 2015-09-17 00:50 - 02464216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-10-23 17:33 - 2015-09-17 00:50 - 01563392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-10-23 17:33 - 2015-09-17 00:50 - 00099664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-10-23 17:33 - 2015-09-17 00:50 - 00088384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-10-23 17:33 - 2015-09-17 00:49 - 06487248 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2015-10-23 17:33 - 2015-09-17 00:49 - 01563472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-10-23 17:33 - 2015-09-17 00:49 - 00894256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
2015-10-23 17:33 - 2015-09-17 00:49 - 00553808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2015-10-23 17:33 - 2015-09-17 00:49 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-10-23 17:33 - 2015-09-17 00:48 - 02824248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2015-10-23 17:33 - 2015-09-17 00:48 - 02494712 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-23 17:33 - 2015-09-17 00:48 - 02432336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-10-23 17:33 - 2015-09-17 00:48 - 02156400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2015-10-23 17:33 - 2015-09-17 00:48 - 01983824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-10-23 17:33 - 2015-09-17 00:48 - 00809352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2015-10-23 17:33 - 2015-09-17 00:48 - 00784136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-10-23 17:33 - 2015-09-17 00:48 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-10-23 17:33 - 2015-09-17 00:48 - 00555768 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-10-23 17:33 - 2015-09-17 00:48 - 00537080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-10-23 17:33 - 2015-09-17 00:48 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-10-23 17:33 - 2015-09-17 00:48 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-10-23 17:33 - 2015-09-17 00:48 - 00476760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-10-23 17:33 - 2015-09-17 00:48 - 00406864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-10-23 17:33 - 2015-09-17 00:48 - 00395088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-10-23 17:33 - 2015-09-17 00:48 - 00332624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2015-10-23 17:33 - 2015-09-17 00:48 - 00278352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-10-23 17:33 - 2015-09-17 00:48 - 00243760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-10-23 17:33 - 2015-09-17 00:44 - 00781976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-10-23 17:33 - 2015-09-17 00:43 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-10-23 17:33 - 2015-09-17 00:37 - 01295712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2015-10-23 17:33 - 2015-09-17 00:37 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-10-23 17:33 - 2015-09-17 00:28 - 05120056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2015-10-23 17:33 - 2015-09-17 00:28 - 02154808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-10-23 17:33 - 2015-09-17 00:28 - 01357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-10-23 17:33 - 2015-09-17 00:28 - 00441168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2015-10-23 17:33 - 2015-09-17 00:28 - 00407608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-10-23 17:33 - 2015-09-17 00:28 - 00074880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-10-23 17:33 - 2015-09-17 00:27 - 01766952 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-10-23 17:33 - 2015-09-17 00:27 - 00454512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-10-23 17:33 - 2015-09-17 00:26 - 02446648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2015-10-23 17:33 - 2015-09-17 00:26 - 01895568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2015-10-23 17:33 - 2015-09-17 00:26 - 00646672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-10-23 17:33 - 2015-09-17 00:26 - 00508248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-10-23 17:33 - 2015-09-17 00:26 - 00434376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-10-23 17:33 - 2015-09-17 00:26 - 00428128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-10-23 17:33 - 2015-09-17 00:21 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-10-23 17:33 - 2015-09-17 00:20 - 00764416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-10-23 17:33 - 2015-09-17 00:11 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-10-23 17:33 - 2015-09-17 00:10 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2015-10-23 17:33 - 2015-09-17 00:09 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-10-23 17:33 - 2015-09-17 00:09 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-10-23 17:33 - 2015-09-17 00:08 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-10-23 17:33 - 2015-09-17 00:08 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Speech.Pal.dll
2015-10-23 17:33 - 2015-09-17 00:08 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-10-23 17:33 - 2015-09-17 00:06 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-10-23 17:33 - 2015-09-17 00:06 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-10-23 17:33 - 2015-09-17 00:06 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-10-23 17:33 - 2015-09-17 00:05 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-10-23 17:33 - 2015-09-17 00:05 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-10-23 17:33 - 2015-09-17 00:04 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-10-23 17:33 - 2015-09-17 00:04 - 00910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-10-23 17:33 - 2015-09-17 00:04 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2015-10-23 17:33 - 2015-09-17 00:03 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2015-10-23 17:33 - 2015-09-17 00:03 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-10-23 17:33 - 2015-09-17 00:03 - 00154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-10-23 17:33 - 2015-09-17 00:03 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2015-10-23 17:33 - 2015-09-17 00:03 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2015-10-23 17:33 - 2015-09-17 00:02 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-10-23 17:33 - 2015-09-17 00:02 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2015-10-23 17:33 - 2015-09-17 00:00 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-10-23 17:33 - 2015-09-17 00:00 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KeywordDetectorMsftSidAdapter.dll
2015-10-23 17:33 - 2015-09-16 23:58 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-10-23 17:33 - 2015-09-16 23:57 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-10-23 17:33 - 2015-09-16 23:57 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-10-23 17:33 - 2015-09-16 23:57 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-10-23 17:33 - 2015-09-16 23:57 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-10-23 17:33 - 2015-09-16 23:56 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-10-23 17:33 - 2015-09-16 23:56 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-10-23 17:33 - 2015-09-16 23:56 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-10-23 17:33 - 2015-09-16 23:55 - 02236416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-10-23 17:33 - 2015-09-16 23:55 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-10-23 17:33 - 2015-09-16 23:55 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFx02000.dll
2015-10-23 17:33 - 2015-09-16 23:55 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2015-10-23 17:33 - 2015-09-16 23:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2015-10-23 17:33 - 2015-09-16 23:55 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2015-10-23 17:33 - 2015-09-16 23:55 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2015-10-23 17:33 - 2015-09-16 23:55 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2015-10-23 17:33 - 2015-09-16 23:55 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-10-23 17:33 - 2015-09-16 23:54 - 03781120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-10-23 17:33 - 2015-09-16 23:54 - 00780288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-10-23 17:33 - 2015-09-16 23:54 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-23 17:33 - 2015-09-16 23:53 - 07055872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-10-23 17:33 - 2015-09-16 23:52 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-10-23 17:33 - 2015-09-16 23:52 - 01216512 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcenter.dll
2015-10-23 17:33 - 2015-09-16 23:52 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-10-23 17:33 - 2015-09-16 23:52 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2015-10-23 17:33 - 2015-09-16 23:52 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-10-23 17:33 - 2015-09-16 23:52 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-10-23 17:33 - 2015-09-16 23:52 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-10-23 17:33 - 2015-09-16 23:52 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-10-23 17:33 - 2015-09-16 23:52 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-10-23 17:33 - 2015-09-16 23:52 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-10-23 17:33 - 2015-09-16 23:51 - 02660864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-10-23 17:33 - 2015-09-16 23:51 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-10-23 17:33 - 2015-09-16 23:51 - 01203712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-10-23 17:33 - 2015-09-16 23:51 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-10-23 17:33 - 2015-09-16 23:51 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2015-10-23 17:33 - 2015-09-16 23:50 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-10-23 17:33 - 2015-09-16 23:50 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2015-10-23 17:33 - 2015-09-16 23:50 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2015-10-23 17:33 - 2015-09-16 23:50 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeWiFi.dll
2015-10-23 17:33 - 2015-09-16 23:50 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeCell.dll
2015-10-23 17:33 - 2015-09-16 23:50 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2015-10-23 17:33 - 2015-09-16 23:49 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-10-23 17:33 - 2015-09-16 23:49 - 01290240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-10-23 17:33 - 2015-09-16 23:49 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-10-23 17:33 - 2015-09-16 23:49 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWebproxy.dll
2015-10-23 17:33 - 2015-09-16 23:49 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-10-23 17:33 - 2015-09-16 23:49 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-10-23 17:33 - 2015-09-16 23:49 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationCrowdsource.dll
2015-10-23 17:33 - 2015-09-16 23:49 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeIP.dll
2015-10-23 17:33 - 2015-09-16 23:49 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWiFiAdapter.dll
2015-10-23 17:33 - 2015-09-16 23:49 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll
2015-10-23 17:33 - 2015-09-16 23:48 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-10-23 17:33 - 2015-09-16 23:48 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-10-23 17:33 - 2015-09-16 23:48 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-10-23 17:33 - 2015-09-16 23:48 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-10-23 17:33 - 2015-09-16 23:48 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2015-10-23 17:33 - 2015-09-16 23:48 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-10-23 17:33 - 2015-09-16 23:47 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2015-10-23 17:33 - 2015-09-16 23:47 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-10-23 17:33 - 2015-09-16 23:47 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-10-23 17:33 - 2015-09-16 23:46 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-10-23 17:33 - 2015-09-16 23:46 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-10-23 17:33 - 2015-09-16 23:46 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-10-23 17:33 - 2015-09-16 23:46 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-10-23 17:33 - 2015-09-16 23:46 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-10-23 17:33 - 2015-09-16 23:46 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2015-10-23 17:33 - 2015-09-16 23:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2015-10-23 17:33 - 2015-09-16 23:46 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncmlhook.dll
2015-10-23 17:33 - 2015-09-16 23:45 - 01331200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-10-23 17:33 - 2015-09-16 23:45 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-10-23 17:33 - 2015-09-16 23:45 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-10-23 17:33 - 2015-09-16 23:45 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2015-10-23 17:33 - 2015-09-16 23:44 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2015-10-23 17:33 - 2015-09-16 23:44 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-10-23 17:33 - 2015-09-16 23:44 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2015-10-23 17:33 - 2015-09-16 23:44 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-10-23 17:33 - 2015-09-16 23:43 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-10-23 17:33 - 2015-09-16 23:43 - 00378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-10-23 17:33 - 2015-09-16 23:43 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-10-23 17:33 - 2015-09-16 23:43 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-10-23 17:33 - 2015-09-16 23:41 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-10-23 17:33 - 2015-09-16 23:40 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-10-23 17:33 - 2015-09-16 23:40 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-10-23 17:33 - 2015-09-16 23:39 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-10-23 17:33 - 2015-09-16 23:39 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-23 17:33 - 2015-09-16 23:38 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2015-10-23 17:33 - 2015-09-16 23:37 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-10-23 17:33 - 2015-09-16 23:36 - 01171456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcenter.dll
2015-10-23 17:33 - 2015-09-16 23:35 - 05079552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-10-23 17:33 - 2015-09-16 23:35 - 02207232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-10-23 17:33 - 2015-09-16 23:35 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-10-23 17:33 - 2015-09-16 23:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2015-10-23 17:33 - 2015-09-16 23:34 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2015-10-23 17:33 - 2015-09-16 23:32 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2015-10-23 17:33 - 2015-09-16 23:32 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2015-10-23 17:33 - 2015-09-16 23:32 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-10-23 17:33 - 2015-09-16 23:31 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2015-10-23 17:33 - 2015-09-16 23:30 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-10-23 17:33 - 2015-09-16 23:29 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-10-23 17:33 - 2015-09-16 23:29 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-10-23 17:33 - 2015-09-16 23:29 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-10-23 17:33 - 2015-09-16 23:28 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2015-10-23 17:33 - 2015-09-16 23:26 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-10-23 17:33 - 2015-09-16 23:16 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2015-10-23 16:21 - 2015-10-23 16:21 - 00002203 _____ C:\Users\Public\Desktop\Smart Switch.lnk
2015-10-23 16:19 - 2015-10-23 16:19 - 00000000 ____D C:\Program Files\Samsung
2015-10-23 16:19 - 2015-05-21 00:02 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2015-10-23 16:19 - 2015-05-21 00:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2015-10-23 15:57 - 2015-10-23 16:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-10-23 15:57 - 2015-10-23 15:57 - 00002049 _____ C:\Users\Public\Desktop\Samsung Kies 3.lnk
2015-10-23 15:56 - 2014-05-07 16:42 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\WINDOWS\SysWOW64\secman.dll
2015-10-23 15:36 - 2015-10-23 15:36 - 02326095 _____ C:\Users\azzybone69\Desktop\TWRP Manager v7.5.1.1 Full (Root).TROJAN.ONHAX.apk
2015-10-23 15:28 - 2015-10-23 15:28 - 00270984 _____ C:\Users\azzybone69\Desktop\Wifi Fixer.apk
2015-10-23 11:32 - 2015-10-23 11:32 - 00004486 _____ C:\WINDOWS\DPINST.LOG
2015-10-23 11:32 - 2015-10-23 11:32 - 00000000 ____D C:\Program Files\DIFX
2015-10-23 11:32 - 2015-10-23 11:32 - 00000000 ____D C:\adb
2015-10-23 11:19 - 2015-10-23 11:19 - 00000000 ____D C:\Users\azzybone69\AppData\Local\MicrosoftEdge
2015-10-23 10:28 - 2012-11-16 02:41 - 00276480 _____ (Samsung) C:\Users\azzybone69\Desktop\SS_DL.dll
2015-10-23 10:17 - 2015-10-23 07:42 - 00000000 ___DC C:\WINDOWS\Panther
2015-10-23 10:15 - 2015-10-23 10:15 - 00000000 ____D C:\Windows.old
2015-10-23 10:14 - 2015-10-23 10:14 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-10-23 10:13 - 2015-10-23 10:13 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-10-23 10:13 - 2015-10-23 10:13 - 00000000 ____D C:\Program Files\MSBuild
2015-10-23 10:13 - 2015-10-23 10:13 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-10-23 10:13 - 2015-10-23 10:13 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-10-23 10:13 - 2015-06-17 20:10 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-10-23 10:13 - 2015-06-17 20:10 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-10-23 10:13 - 2015-06-17 20:10 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-10-23 10:13 - 2015-05-29 23:07 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-10-23 10:13 - 2015-05-29 23:07 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-10-23 10:13 - 2015-05-29 23:07 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-10-23 09:46 - 2015-10-23 09:43 - 01110104 _____ C:\Users\azzybone69\Desktop\Odin3_v3.10.7.zip
2015-10-23 09:28 - 2015-10-23 09:28 - 00000000 ____D C:\Users\azzybone69\AppData\Local\PeerDistRepub
2015-10-23 08:44 - 2015-10-23 08:45 - 00000000 ____D C:\Users\azzybone69\Downloads\winMd5SumPortable
2015-10-23 08:37 - 2015-10-23 08:34 - 00463736 _____ C:\Users\azzybone69\Desktop\Odin3_v3.07_SGSIII.zip
2015-10-23 07:43 - 2015-10-23 07:43 - 10627744 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igdkmd64.sys
2015-10-23 07:43 - 2015-10-23 07:43 - 06593816 _____ (Intel Corporation) C:\WINDOWS\system32\igdumd64.dll
2015-10-23 07:43 - 2015-10-23 07:43 - 04931384 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdumd32.dll
2015-10-23 07:43 - 2015-10-23 07:43 - 04755784 _____ (Intel Corporation) C:\WINDOWS\system32\igd10umd64.dll
2015-10-23 07:43 - 2015-10-23 07:43 - 04370016 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10umd32.dll
2015-10-23 07:43 - 2015-10-23 07:43 - 01991936 _____ C:\WINDOWS\system32\iglhxa64.cpa
2015-10-23 07:43 - 2015-10-23 07:43 - 00982240 _____ C:\WINDOWS\SysWOW64\igkrng500.bin
2015-10-23 07:43 - 2015-10-23 07:43 - 00982240 _____ C:\WINDOWS\system32\igkrng500.bin
2015-10-23 07:43 - 2015-10-23 07:43 - 00439308 _____ C:\WINDOWS\SysWOW64\igcompkrng500.bin
2015-10-23 07:43 - 2015-10-23 07:43 - 00439308 _____ C:\WINDOWS\system32\igcompkrng500.bin
2015-10-23 07:43 - 2015-10-23 07:43 - 00208896 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhsip32.dll
2015-10-23 07:43 - 2015-10-23 07:43 - 00206336 _____ (Intel Corporation) C:\WINDOWS\system32\iglhsip64.dll
2015-10-23 07:43 - 2015-10-23 07:43 - 00188416 _____ (Intel Corporation) C:\WINDOWS\system32\iglhcp64.dll
2015-10-23 07:43 - 2015-10-23 07:43 - 00147456 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhcp32.dll
2015-10-23 07:43 - 2015-10-23 07:43 - 00092356 _____ C:\WINDOWS\SysWOW64\igfcg500m.bin
2015-10-23 07:43 - 2015-10-23 07:43 - 00092356 _____ C:\WINDOWS\system32\igfcg500m.bin
2015-10-23 07:43 - 2015-10-23 07:43 - 00060254 _____ C:\WINDOWS\system32\iglhxg64.vp
2015-10-23 07:43 - 2015-10-23 07:43 - 00060226 _____ C:\WINDOWS\system32\iglhxc64.vp
2015-10-23 07:43 - 2015-10-23 07:43 - 00060015 _____ C:\WINDOWS\system32\iglhxo64.vp
2015-10-23 07:43 - 2015-10-23 07:43 - 00005424 _____ C:\WINDOWS\system32\iglhxs64.vp
2015-10-23 07:43 - 2015-10-23 07:43 - 00001090 _____ C:\WINDOWS\system32\iglhxa64.vp
2015-10-23 07:42 - 2015-11-07 13:56 - 00000000 ___RD C:\Users\azzybone69\OneDrive
2015-10-23 07:42 - 2015-11-06 16:40 - 00002395 _____ C:\Users\azzybone69\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-10-23 07:40 - 2015-10-23 07:40 - 00000000 ____D C:\Users\azzybone69\AppData\Local\Publishers
2015-10-23 07:38 - 2015-10-29 13:54 - 00000786 __RSH C:\ProgramData\ntuser.pol
2015-10-23 07:38 - 2015-10-24 10:39 - 00000000 ____D C:\Users\azzybone69\AppData\Local\Comms
2015-10-23 07:38 - 2015-10-23 07:38 - 00000020 ___SH C:\Users\azzybone69\ntuser.ini
2015-10-23 07:38 - 2015-10-23 07:38 - 00000000 ____D C:\Users\azzybone69\AppData\Local\TileDataLayer
2015-10-23 07:36 - 2015-11-07 14:03 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-23 07:33 - 2015-10-23 07:33 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-10-23 07:26 - 2015-10-23 07:26 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-10-23 07:24 - 2015-10-23 07:24 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-10-23 07:23 - 2015-11-07 13:56 - 00000000 ____D C:\Users\azzybone69
2015-10-23 07:23 - 2015-10-23 07:38 - 00000000 ___RD C:\Users\azzybone69\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-23 07:23 - 2015-07-30 16:42 - 00000000 __RSD C:\Users\azzybone69\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-10-23 07:23 - 2015-07-30 16:42 - 00000000 ___RD C:\Users\azzybone69\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-23 07:23 - 2015-07-30 16:42 - 00000000 ___RD C:\Users\azzybone69\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-23 07:23 - 2015-07-30 16:42 - 00000000 ____D C:\Users\azzybone69\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-23 07:18 - 2015-10-23 07:19 - 00035712 _____ C:\WINDOWS\system32\NetSetupMig.log
2015-10-23 06:58 - 2015-10-23 07:34 - 00006599 _____ C:\WINDOWS\comsetup.log
2015-10-22 22:38 - 2015-10-23 06:56 - 00000000 ___HD C:\$Windows.~BT
2015-10-22 22:34 - 2015-10-22 22:34 - 00000000 ____D C:\ESD
2015-10-22 19:49 - 2015-10-22 19:49 - 00000000 ___HD C:\$Windows.~WS
2015-10-22 06:40 - 2015-11-03 13:21 - 00000438 _____ C:\WINDOWS\Tasks\RegCure Pro.job
2015-10-22 06:40 - 2015-10-23 07:33 - 00003452 _____ C:\WINDOWS\System32\Tasks\RegCure Pro
2015-10-22 06:40 - 2015-10-22 06:40 - 00001189 _____ C:\Users\azzybone69\Desktop\RegCure Pro.lnk
2015-10-22 04:18 - 2015-10-22 22:12 - 00000000 ____D C:\Program Files (x86)\Windows 8 n 8.1 Activator
2015-10-22 04:07 - 2015-10-22 19:41 - 00000000 ____D C:\Program Files (x86)\KMSPico 10.0.6
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-07 14:00 - 2014-07-07 04:16 - 00000000 ____D C:\Users\azzybone69\AppData\Local\CrashDumps
2015-11-07 13:58 - 2015-01-15 06:10 - 00000375 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-11-07 13:58 - 2014-07-31 00:22 - 00000000 ____D C:\Users\azzybone69\AppData\Local\LogMeIn Hamachi
2015-11-07 13:58 - 2014-07-07 03:41 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-07 13:58 - 2014-07-07 03:25 - 00000522 _____ C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job
2015-11-07 13:57 - 2015-07-30 15:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-07 13:57 - 2015-07-10 03:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-11-07 13:57 - 2015-02-25 08:11 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-07 13:56 - 2015-07-30 16:42 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-07 13:52 - 2014-07-19 06:34 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-07 13:46 - 2014-07-07 03:41 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-07 13:33 - 2015-07-30 16:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-07 13:21 - 2015-07-30 16:42 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-06 18:00 - 2014-07-07 03:25 - 00000496 _____ C:\WINDOWS\Tasks\ParetoLogic Registration3.job
2015-11-06 17:53 - 2015-07-30 16:42 - 00000000 ____D C:\WINDOWS\rescache
2015-11-06 17:00 - 2014-07-31 12:27 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-03 13:24 - 2015-07-30 16:42 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-03 13:21 - 2015-02-28 10:36 - 00000591 _____ C:\WINDOWS\Tasks\RegCure Pro_sch_F3D21C96-BF67-11E4-BEDF-948A1A25B2C9.job
2015-10-30 07:35 - 2015-07-30 16:25 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-29 14:45 - 2015-07-30 15:50 - 00055690 _____ C:\WINDOWS\setupact.log
2015-10-28 17:15 - 2014-07-07 05:45 - 00000000 ____D C:\Users\azzybone69\AppData\Roaming\uTorrent
2015-10-27 17:05 - 2015-09-09 23:33 - 00918492 _____ C:\WINDOWS\PFRO.log
2015-10-27 16:46 - 2015-03-28 18:16 - 00000000 ____D C:\Users\azzybone69\Downloads\Fury (2014)
2015-10-27 16:46 - 2015-03-12 08:13 - 00000000 ____D C:\Users\azzybone69\Downloads\The Last Starfighter (1984) [1080p]
2015-10-27 16:45 - 2015-03-26 11:17 - 00000000 ____D C:\Users\azzybone69\Downloads\Alexander and the Terrible, Horrible, No Good, Very Bad Day (2014)
2015-10-27 16:45 - 2015-03-18 16:08 - 00000000 ____D C:\Users\azzybone69\Downloads\22 Jump Street (2014)
2015-10-27 16:45 - 2015-03-12 08:40 - 00000000 ____D C:\Users\azzybone69\Downloads\Superman Unbound (2013)
2015-10-27 14:02 - 2015-03-14 10:55 - 00000000 ____D C:\Users\azzybone69\Documents\AirDroid
2015-10-24 15:23 - 2015-03-18 11:05 - 00000000 ____D C:\ProgramData\ompameomfkepcabkkdljjjogbpimkpof
2015-10-24 15:01 - 2015-07-30 16:42 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-10-24 14:24 - 2014-07-07 03:28 - 00000000 ____D C:\Users\azzybone69\AppData\Local\Packages
2015-10-24 13:42 - 2015-02-23 12:37 - 00000000 ____D C:\Users\azzybone69\AppData\Local\Steam
2015-10-24 12:48 - 2015-03-14 09:52 - 00000000 ____D C:\ProgramData\Norton
2015-10-24 12:28 - 2015-07-30 16:42 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-10-24 12:28 - 2015-07-10 03:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-10-24 12:09 - 2014-07-07 05:55 - 00000000 ____D C:\Users\azzybone69\AppData\Roaming\Macromedia
2015-10-24 12:00 - 2015-01-15 13:03 - 00111344 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2015-10-24 12:00 - 2015-01-15 13:03 - 00008214 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2015-10-24 11:00 - 2015-01-15 13:03 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-10-24 10:46 - 2015-07-30 16:42 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-10-24 10:46 - 2015-07-30 16:42 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-10-24 10:46 - 2015-07-30 16:42 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-10-24 10:46 - 2015-07-30 16:42 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-24 10:46 - 2015-07-30 16:42 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-10-24 10:46 - 2015-07-30 16:42 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-10-24 10:46 - 2015-07-30 16:42 - 00000000 ____D C:\WINDOWS\Provisioning
2015-10-24 10:46 - 2015-07-30 16:42 - 00000000 ____D C:\WINDOWS\L2Schemas
2015-10-24 10:42 - 2014-07-21 05:41 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-10-24 10:39 - 2015-07-30 16:42 - 00000000 ____D C:\WINDOWS\appcompat
2015-10-23 16:47 - 2015-07-30 15:49 - 00192960 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-10-23 16:00 - 2015-01-29 03:14 - 00000000 ____D C:\Users\azzybone69\AppData\Roaming\Samsung
2015-10-23 16:00 - 2014-07-12 01:19 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-10-23 15:59 - 2015-01-29 03:11 - 00000000 ____D C:\Program Files (x86)\Samsung
2015-10-23 15:57 - 2015-01-29 03:45 - 00000000 ____D C:\Users\azzybone69\Documents\SelfMV
2015-10-23 15:55 - 2015-07-30 16:42 - 00000000 ____D C:\WINDOWS\system32\restore
2015-10-23 10:17 - 2015-07-30 16:42 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-10-23 07:37 - 2015-07-30 16:42 - 00000000 ____D C:\WINDOWS\Registration
2015-10-23 07:35 - 2015-03-18 12:26 - 00010449 _____ C:\WINDOWS\diagerr.xml
2015-10-23 07:35 - 2015-03-18 12:26 - 00009528 _____ C:\WINDOWS\diagwrn.xml
2015-10-23 07:33 - 2015-02-28 10:36 - 00004124 _____ C:\WINDOWS\System32\Tasks\RegCure Pro_sch_F3D21C96-BF67-11E4-BEDF-948A1A25B2C9
2015-10-23 07:33 - 2015-01-15 12:45 - 00003302 _____ C:\WINDOWS\System32\Tasks\{DE585FA4-EF68-4035-BFB1-FB66C1E9A170}
2015-10-23 07:33 - 2014-07-20 13:24 - 00003312 _____ C:\WINDOWS\System32\Tasks\{B2C164E9-37A7-47A5-A572-D804A911ED86}
2015-10-23 07:33 - 2014-07-19 06:34 - 00003828 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-10-23 07:33 - 2014-07-07 03:49 - 00003554 _____ C:\WINDOWS\System32\Tasks\PastaQuotes
2015-10-23 07:33 - 2014-07-07 03:41 - 00004006 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-10-23 07:33 - 2014-07-07 03:41 - 00003770 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-10-23 07:33 - 2014-07-07 03:34 - 00003708 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-875877713-2579404753-1874690935-1001
2015-10-23 07:33 - 2014-07-07 03:25 - 00003384 _____ C:\WINDOWS\System32\Tasks\ParetoLogic Update Version3
2015-10-23 07:33 - 2014-07-07 03:25 - 00003260 _____ C:\WINDOWS\System32\Tasks\ParetoLogic Registration3
2015-10-23 07:33 - 2014-07-07 03:25 - 00003048 _____ C:\WINDOWS\System32\Tasks\ParetoLogic Update Version3 Startup Task
2015-10-23 07:32 - 2015-07-30 16:42 - 00000000 __RHD C:\Users\Public\Libraries
2015-10-23 07:28 - 2015-04-08 13:27 - 00000000 ____D C:\Users\azzybone69\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-23 07:28 - 2015-03-06 10:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-10-23 07:28 - 2015-02-26 18:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2015-10-23 07:28 - 2015-02-25 11:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-10-23 07:28 - 2015-02-18 18:02 - 00000000 ____D C:\WINDOWS\SysWOW64\DCS
2015-10-23 07:28 - 2015-02-18 11:58 - 00000000 ____D C:\WINDOWS\system32\AutoUpdateLicense
2015-10-23 07:28 - 2015-02-07 03:26 - 00000000 ____D C:\Users\azzybone69\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-10-23 07:28 - 2015-01-28 06:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
2015-10-23 07:28 - 2015-01-28 05:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2015-10-23 07:28 - 2015-01-15 12:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
2015-10-23 07:28 - 2015-01-15 08:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual WiFi Router
2015-10-23 07:28 - 2014-08-16 18:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VROOT
2015-10-23 07:28 - 2014-08-01 22:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SixaxisPairTool
2015-10-23 07:28 - 2014-07-31 12:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-10-23 07:28 - 2014-07-30 15:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\i-Funbox DevTeam
2015-10-23 07:28 - 2014-07-24 02:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
2015-10-23 07:28 - 2014-07-23 23:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-23 07:28 - 2014-07-21 16:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
2015-10-23 07:28 - 2014-07-20 22:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-10-23 07:28 - 2014-07-11 08:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-10-23 07:28 - 2014-07-09 11:21 - 00000000 ____D C:\Users\azzybone69\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bruteforce Save Data
2015-10-23 07:28 - 2014-07-09 10:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bruteforce Save Data
2015-10-23 07:28 - 2014-07-07 03:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-23 07:27 - 2015-07-30 16:43 - 00005306 _____ C:\WINDOWS\DtcInstall.log
2015-10-23 07:27 - 2012-07-25 23:37 - 00000000 ____D C:\Users\Default.migrated
2015-10-23 07:25 - 2015-07-30 16:42 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-10-23 07:25 - 2015-07-30 16:42 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-10-23 07:25 - 2015-07-30 16:42 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-10-23 07:25 - 2015-07-30 16:42 - 00000000 ____D C:\WINDOWS\system32\IME
2015-10-23 07:25 - 2015-03-31 15:13 - 00000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin
2015-10-23 07:24 - 2015-07-30 16:42 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-10-23 07:24 - 2015-07-30 16:42 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-10-23 07:24 - 2015-07-30 16:42 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-10-23 07:24 - 2015-02-25 22:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
2015-10-23 07:24 - 2015-01-29 07:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2015-10-23 07:24 - 2014-07-09 20:19 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2015-10-23 07:24 - 2014-07-07 03:28 - 00000000 ____D C:\ProgramData\PRICache
2015-10-23 07:24 - 2012-07-26 02:12 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-10-23 07:23 - 2015-02-25 20:20 - 00000000 ____D C:\Users\azzybone69\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
2015-10-23 07:23 - 2015-02-24 18:07 - 00000000 ____D C:\Users\azzybone69\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
2015-10-23 07:22 - 2013-03-18 12:52 - 00000000 __SHD C:\Recovery
2015-10-23 07:21 - 2015-07-10 03:47 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-10-23 07:18 - 2015-07-10 03:47 - 00000000 __RHD C:\Users\Default
2015-10-23 01:29 - 2012-07-26 02:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2015-10-22 23:09 - 2014-07-18 07:19 - 00000000 ____D C:\Program Files (x86)\di1Re-Markable
2015-10-22 22:00 - 2014-07-07 06:21 - 00000000 ____D C:\Program Files\KMSpico
2015-10-22 20:10 - 2014-07-07 03:40 - 00000000 ____D C:\Users\azzybone69\AppData\Local\Google
2015-10-22 19:38 - 2014-07-07 03:59 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-22 07:05 - 2015-03-19 17:20 - 00000000 ____D C:\ProgramData\PMS
2015-10-22 07:05 - 2014-07-07 03:23 - 00000000 ____D C:\WINDOWS\softwaredistribution.bak
2015-10-22 06:49 - 2015-02-20 12:19 - 00000000 ____D C:\Users\azzybone69\Desktop\New folder (2)
2015-10-22 06:34 - 2012-07-26 02:12 - 00000000 ___RD C:\WINDOWS\ToastData
2015-10-22 06:22 - 2015-01-15 12:36 - 00000000 ____D C:\ProgramData\{ce11d8a3-3cdb-4f14-ce11-1d8a33cd628c}
2015-10-22 06:22 - 2015-01-15 12:20 - 00000000 ____D C:\ProgramData\{1529b0bc-9a29-878d-1529-9b0bc9a2c2f2}
2015-10-22 06:18 - 2015-02-24 18:02 - 00000000 ____D C:\Users\azzybone69\Downloads\ParetoLogic RegCure Pro 3.1.0.0 [h33t.com] Full
2015-10-15 21:10 - 2015-07-30 16:43 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-15 21:10 - 2015-07-30 16:43 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2015-02-16 10:24 - 2015-03-14 09:54 - 0000020 _____ () C:\Users\azzybone69\AppData\Roaming\appdataFr3.bin
2015-02-28 10:36 - 2015-03-13 19:01 - 0000115 _____ () C:\Users\azzybone69\AppData\Roaming\LogFile.txt
2014-07-11 09:21 - 2014-07-11 09:22 - 0000227 _____ () C:\Users\azzybone69\AppData\Roaming\uninstall.bat
2014-07-21 10:54 - 2014-07-21 10:54 - 0000000 ___SH () C:\Users\azzybone69\AppData\Local\LumaEmu
 
Some files in TEMP:
====================
C:\Users\azzybone69\AppData\Local\Temp\ICReinstall_java_runtime_enviroment_setup.exe
C:\Users\azzybone69\AppData\Local\Temp\Uninstaller-7156.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-03 13:44
 
==================== End of FRST.txt ============================


#7 Azzybone

Azzybone
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 07 November 2015 - 03:35 PM

azzybone69 (S-1-5-21-875877713-2579404753-1874690935-1001 - Administrator - Enabled) => C:\Users\azzybone69
DefaultAccount (S-1-5-21-875877713-2579404753-1874690935-503 - Limited - Disabled)
Guest (S-1-5-21-875877713-2579404753-1874690935-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-875877713-2579404753-1874690935-1001\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast License by ZeNiX [2014-03-14] (HKLM-x32\...\Avast_2050_ZeNiX [2014-03-14]_is1) (Version:  - )
Avast Premier (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
Block YouTube Ads (HKLM-x32\...\PC Gizmos 136519) (Version: 83 - PC Gizmos LTD)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
BlueStacks App Player 0.9.6.4092 SuperUser BSEasy (HKLM-x32\...\{AC7B7E99-4E43-47B7-A526-10BE7A28E160}) (Version: 0.9.6.4092 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bruteforce Save Data (HKLM-x32\...\Bruteforce Save Data) (Version:  - )
CM Installer (HKLM-x32\...\{E8F42777-958D-4C14-9A42-8DCA1929FD26}) (Version: 1.0.0.0 - Cyanogen Inc.)
DC Universe Online Live (HKU\S-1-5-21-875877713-2579404753-1874690935-1001\...\SOE-DC Universe Online Live) (Version:  - Sony Online Entertainment)
EasyTether (HKLM-x32\...\{58b5cbff-7ea4-4fd1-b6c0-9d569faea882}) (Version: 1.3.1 - Mobile Stream)
EasyTether (Version: 1.3.1 - Mobile Stream) Hidden
EasyTether ADB USB driver (HKLM\...\{50DD726D-E167-4237-9C26-6057E421753B}) (Version: 1.0.4 - Mobile Stream)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Half-Life Dedicated Server Update Tool (HKLM-x32\...\Half-Life Dedicated Server Update Tool) (Version:  - )
iFunbox (v2.8.2414.748), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.8.2414.748 - )
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java™ 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417000FF}) (Version: 7.0.0 - Oracle)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.13.2.0 - LG Electronics)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.406 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.406 - LogMeIn, Inc.) Hidden
ManticoreBranch (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{ea755f67}) (Version:  - ManticoreBranch) <==== ATTENTION
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MotioninJoy ds3 driver version 0.6.0003 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.5.0001 - www.motioninjoy.com)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.8.23 - Symantec Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.2.0416 - Bethesda Softworks)
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 6.2.12.0 - Razer Inc.)
RegCure Pro (HKLM-x32\...\{C547F361-5750-4CD1-9FB6-BC93827CB6C1}) (Version: 3.1.0.0 - ParetoLogic, Inc.) <==== ATTENTION
Renderware (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{d65a1a66}) (Version:  - KeysCrawler) <==== ATTENTION
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Should I Remove It (HKU\S-1-5-21-875877713-2579404753-1874690935-1001\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
SixaxisPairTool 0.2.5 (HKLM-x32\...\SixaxisPairTool_is1) (Version: 0.2.5 - Dancing Pixel Studios)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15093.11 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.0.15093.11 - Samsung Electronics Co., Ltd.) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
The Elder Scrolls Arena (HKLM-x32\...\{62E2BBFA-BE97-42CD-AE89-A4EEF7F36992}) (Version: 1.00.0000 - Bethesda Softworks)
The Elder Scrolls III: Morrowind (HKLM-x32\...\Steam App 22320) (Version:  - Bethesda Game Studios®)
The Elder Scrolls IV: Oblivion  (HKLM-x32\...\Steam App 22330) (Version:  - Bethesda Game Studios)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: Tunngle - Tunngle.net GmbH)
VROOT (HKLM-x32\...\{1295E43F-382A-4CB2-9E0F-079C0D7401BB}_is1) (Version: 1.6.0.3689 - Shenzhen Xinyi Network Co.,Ltd.)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Windows Vista - 7 - 8 - 8.1 KMS Activator Ultimate 2014 v2.0 (HKLM\...\Windows Vista - 7 - 8 - 8.1 KMS Activator Ultima~8B81782A_is1) (Version: v2.0 - )
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-875877713-2579404753-1874690935-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\azzybone69\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)
 
==================== Restore Points =========================
 
28-10-2015 16:58:17 Deadpool 
30-10-2015 07:35:49 Windows Modules Installer
06-11-2015 17:17:40 Scheduled Checkpoint
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-25 23:26 - 2012-07-25 23:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {059B74E6-AFF2-49F4-9245-5921A22691D3} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {194B158A-05FB-45B6-B1A2-EF30CDBFB3C4} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
Task: {1C16A96F-F002-4AB1-A931-D13FBB0F6F09} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {22F5BFBB-BC64-445A-8A46-390CB0840484} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-09-30] ()
Task: {3C89A146-B522-4615-8F2A-70666809E835} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-09-30] ()
Task: {43D60881-5B4C-4505-9530-6D18DE9600C0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-10-02] (Microsoft Corporation)
Task: {48BD37E6-DD07-48BE-8413-0D44589156A6} - System32\Tasks\RegCure Pro_sch_F3D21C96-BF67-11E4-BEDF-948A1A25B2C9 => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe [2015-02-24] (ParetoLogic, Inc.) <==== ATTENTION
Task: {4C49566F-F6E8-452F-AA62-24B991C881E7} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-22] (Adobe Systems Incorporated)
Task: {63DC17E9-CEA0-41F7-A0BD-8B1BAEE9313C} - System32\Tasks\RegCure Pro => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe [2015-02-24] (ParetoLogic, Inc.)
Task: {70F5B662-3F4B-41FA-A7FE-D18B1F5C58D9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-10-24] (AVAST Software)
Task: {730404FD-ED0D-4659-B21A-0A76CD421E8C} - System32\Tasks\{B2C164E9-37A7-47A5-A572-D804A911ED86} => pcalua.exe -a C:\Users\azzybone69\Downloads\gmod_9_0_4b.exe -d C:\Users\azzybone69\Downloads
Task: {741D5959-220B-4234-9BC3-174ECB238D7B} - System32\Tasks\PastaQuotes => C:\Program Files (x86)\pastaleads\ScheduledTask.exe <==== ATTENTION
Task: {8C1C7F08-AF20-412F-A69E-37AF0F648CB3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-07] (Google Inc.)
Task: {8F01D11D-4B0F-4A3F-BD7D-3860F18D64C6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {933AFE4A-73D0-444D-8924-BEB5677A8761} - System32\Tasks\{DE585FA4-EF68-4035-BFB1-FB66C1E9A170} => pcalua.exe -a C:\Users\azzybone69\Downloads\SymNRT.exe -d C:\Users\azzybone69\Downloads
Task: {B46CA792-24B6-433E-B704-9231293E7724} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-875877713-2579404753-1874690935-1001
Task: {DEC258C7-486D-447A-8FCE-E02C49065864} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-07] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\ParetoLogic Registration3.job => C:\WINDOWS\system32\rundll32.exeGC:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll
Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\WINDOWS\Tasks\RegCure Pro.job => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe
Task: C:\WINDOWS\Tasks\RegCure Pro_sch_F3D21C96-BF67-11E4-BEDF-948A1A25B2C9.job => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe <==== ATTENTION
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-09-09 23:08 - 2015-09-09 23:08 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-09-09 23:08 - 2015-09-09 23:08 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-10-23 17:33 - 2015-09-17 00:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-23 17:33 - 2015-09-17 00:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-23 17:33 - 2015-09-16 23:43 - 02028544 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll
2015-10-23 17:33 - 2015-09-16 23:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-23 17:33 - 2015-09-16 23:43 - 00928768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesBackgroundTasks.dll
2015-10-23 17:33 - 2015-09-16 23:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-23 17:33 - 2015-09-16 23:42 - 00619008 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SignalsManager.dll
2015-10-23 17:33 - 2015-09-16 23:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-09 21:13 - 2015-07-09 21:13 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-10-23 17:33 - 2015-09-16 23:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-23 17:33 - 2015-09-16 23:49 - 00884736 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2015-10-23 17:33 - 2015-09-16 23:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-09 21:13 - 2015-09-09 23:08 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-11-07 14:11 - 2015-11-07 14:11 - 00852720 _____ () C:\Users\azzybone69\Downloads\SecurityCheck.exe
2015-10-24 13:39 - 2015-10-24 13:39 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-10-24 13:48 - 2014-03-14 07:00 - 00695808 _____ () C:\Program Files\AVAST Software\Avast\VERSION.dll
2015-10-24 13:39 - 2015-10-24 13:39 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-11-06 16:40 - 2015-11-06 16:40 - 02990592 _____ () C:\Program Files\AVAST Software\Avast\defs\15110604\algo.dll
2015-11-07 13:59 - 2015-11-07 13:59 - 02990592 _____ () C:\Program Files\AVAST Software\Avast\defs\15110700\algo.dll
2014-07-03 14:20 - 2014-07-03 14:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 14:19 - 2014-07-03 14:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-10-24 13:39 - 2015-10-24 13:39 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-29 04:03 - 2015-10-20 08:08 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libglesv2.dll
2015-01-29 04:03 - 2015-10-20 08:08 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Public\DRM:احتضان
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-875877713-2579404753-1874690935-1001\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-875877713-2579404753-1874690935-1001\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-875877713-2579404753-1874690935-1001\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-875877713-2579404753-1874690935-1001\...\sony.com -> sony.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-875877713-2579404753-1874690935-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 75.75.76.76 - 75.75.75.75
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKLM\...\StartupApproved\Run32: => "vProt"
HKLM\...\StartupApproved\Run32: => "RazerCortex"
HKU\S-1-5-21-875877713-2579404753-1874690935-1001\...\StartupApproved\StartupFolder: => "Windows 8.1 KMS Activator !!! (1).lnk"
HKU\S-1-5-21-875877713-2579404753-1874690935-1001\...\StartupApproved\StartupFolder: => "Windows 8.1 KMS Activator !!!.lnk"
HKU\S-1-5-21-875877713-2579404753-1874690935-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-875877713-2579404753-1874690935-1001\...\StartupApproved\Run: => "EasyTether"
HKU\S-1-5-21-875877713-2579404753-1874690935-1001\...\StartupApproved\Run: => "EA Core"
HKU\S-1-5-21-875877713-2579404753-1874690935-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-875877713-2579404753-1874690935-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_5D6BF9657FB7A90DF8D0CFF76B7BF340"
HKU\S-1-5-21-875877713-2579404753-1874690935-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{18B0A3F5-D514-4493-A24E-DB32F1E0B51A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{FDEF6DE9-39E7-4461-ADE6-1CE9A10D219C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{8A056B79-8A36-49DD-A80E-4A81CCD1B899}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{4D9B994E-E543-49B5-8984-6B3202736389}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{5C3FC1AC-36E1-44A3-9A74-BDB5F8BB5B95}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{298F6F22-03BB-4482-8E0E-958982A9681F}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{757E63D9-5625-4560-B3FB-556BAD33981D}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{DD75FB5F-A1AA-4DBC-B82E-59075344FAD7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{D2280E76-910F-427A-B789-3CE80909C5C9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{01096329-DA66-4C4E-9965-9CA6D74D938E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Oblivion\OblivionLauncher.exe
FirewallRules: [{48CBF125-3C08-4D4E-A79F-742E6234064C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Oblivion\OblivionLauncher.exe
FirewallRules: [{254E9672-E0DF-4805-9111-04688B5A371B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Morrowind\Morrowind Launcher.exe
FirewallRules: [{86DF4FBF-DB86-42C6-9144-2E49A87E5D92}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Morrowind\Morrowind Launcher.exe
FirewallRules: [{09FC3867-E7CE-4A73-8DF4-909EB858B0B3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{72C56A43-1DF6-4523-8733-302EE6567C0E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7B592F45-9FA0-4004-B8E4-7FDD3BA8CBA5}] => (Allow) C:\Users\azzybone69\AppData\Local\Temp\Rar$EXa0.096\3DMGAME-The-Sims-4-Crack-Only-3DM-rar---Tested.exe
FirewallRules: [{38DAB758-5748-4458-92DF-F25C7CCDDB0D}] => (Allow) C:\Users\azzybone69\AppData\Local\Temp\Rar$EXa0.096\3DMGAME-The-Sims-4-Crack-Only-3DM-rar---Tested.exe
FirewallRules: [{BB7E30CC-51AC-45D7-998C-29178D9051CF}] => (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{8ECB3139-08ED-49A7-9A72-46FA489648AC}] => (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{B366521D-A017-4D46-9878-B3D9BCBEE6B1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rise_of_Incarnates\exe\roi.exe
FirewallRules: [{507F65D5-CD91-4622-9AEC-76D9D012D864}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rise_of_Incarnates\exe\roi.exe
FirewallRules: [{D27B1B76-8D9F-49D5-9AAC-B08DE4D379F5}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F3BBBBAA-9113-4AAA-911A-EC8DD1AB784F}] => (Allow) LPort=1688
FirewallRules: [{EF38DC23-1698-4397-B1B3-029BC0C0AD26}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{CA6DF351-4A5E-4BEF-961C-683719617AF4}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{BD49AC01-A6D0-4C0C-AC64-4839879E8236}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9990F239-BD38-411A-8BED-327EB91AE050}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{20B11C49-576C-4E14-B4EA-79E8DAEECA54}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{51480547-2975-463E-BD92-F7A80D904021}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{2DBD639B-0220-400E-8A43-AB761386173B}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [UDP Query User{8475CA00-0557-419D-B4C1-AF1EBB630685}C:\users\azzybone69\desktop\garry's mod\hl2.exe] => (Block) C:\users\azzybone69\desktop\garry's mod\hl2.exe
FirewallRules: [TCP Query User{351446F7-D96F-4E56-A375-88103D23C4F4}C:\users\azzybone69\desktop\garry's mod\hl2.exe] => (Block) C:\users\azzybone69\desktop\garry's mod\hl2.exe
FirewallRules: [{09A02EC0-1CF6-4DDA-922C-5ADEE39D2A4F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9357EDAF-7CA4-44D0-BF25-93ABAFBC3AAC}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{EFEA2E9D-51BC-4AC8-9BF4-B6DCE67DFF95}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{B522C814-3F20-46E5-B9BB-A82FE44CA372}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{EA71EC2D-BAFF-4EC0-BD69-430D044ECACD}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{3926CCB5-25F1-4232-97F4-2C0E1DBE0015}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{78156882-EE89-4762-BBD0-BDDC006B9C0C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{A1EDFDA0-8B9B-4A53-A4C1-1EF7D46B1239}] => (Allow) C:\Users\azzybone69\Downloads\Windows_8_1_Pro_Kms_Activator_Torrent_downloader.exe
FirewallRules: [{D1B9FD29-36D1-49A7-934F-3D1C92F47601}] => (Allow) C:\Users\azzybone69\Downloads\Windows_8_1_Pro_Kms_Activator_Torrent_downloader.exe
FirewallRules: [{6A498978-C0E4-45BA-849D-F95D21666545}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{C10C6CA8-FA36-4967-BB04-649273BF61DC}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{73ECB345-BA1E-4587-B8E2-6A308227CF92}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{FC2A3B4E-E697-4E97-AE59-5C314C8CCC48}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{CA6FB527-79F5-4E02-AFB7-EC0564804F8C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{637DAF05-CF12-42CA-AD1E-F041178C9562}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{54CCB612-7AA4-43DF-ADD2-C1BA902052F6}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{E971B054-35BF-4862-8B37-8F8B4488FAF0}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F7A9B67F-BC3D-4CB8-9DD2-F1850392ED92}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{5E03126F-79C1-4702-810C-33900AA80E6E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{61F1B65D-31DE-4FB6-BCF5-11518B8DD117}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{11F0FD19-3894-4E12-9888-B863E5B9B5ED}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{1D090AB2-F15F-4536-82BE-B31FC39822FE}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{C99A9B72-658B-4635-BDFA-CED99C7CBED5}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4B509B3F-5669-451F-A3B0-DFB4971A6A12}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{28229412-DFF8-4DBB-8A9E-BA9F9A3B7657}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{2E582063-577A-46F7-BCC8-3080A9FFEE5D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{44158A64-EE46-4CE9-BA57-FF21733F2B3B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9044A774-80DD-424D-8A5B-8B932B5DA3A4}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{8B26F399-6A8F-4265-A9DC-DDC59F09CD8F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{90752A42-7CD7-4001-83B3-7F04EC6C19CF}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{CF92B3E6-95D1-4684-8736-8A9A51FF43F1}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{20853B4B-FA4A-4DA1-92EB-40747ED419A6}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{33FA2223-048F-4359-8734-2CC6CD34922F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{3D75A050-2B62-429A-B6D4-2081BF909A3F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F4543846-053C-4015-96E3-E42500EBAFEB}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{712AFDC2-19D8-418B-9209-38DE56971E54}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{D9AE99F7-6B00-4465-B91F-0F90E7736252}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{DFF55E63-7D3D-40C4-9123-0EA7F84F9035}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{445FB132-5B28-46EE-A053-78BDC13B7832}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{C02CAFBC-0C7D-4365-8604-F3554375F09E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{CDFC1E4D-E600-4D73-BEA6-632322B74A35}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{524003D3-AABB-49FE-99EC-28DA167594C8}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{1FE0D75F-A0A9-4AAD-995A-105244D6E033}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{FA74A3D3-DAAA-4BFB-BAAC-34D4FFF2436D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{B985E407-A202-4FC4-B069-647195FD20D2}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{419BBBD9-2AC9-4108-9E57-32868D15891A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9005864D-69EA-4E7C-A009-0CD49BB6E499}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{13DA8CC8-D447-4249-81E6-400A460E4DD7}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{2D9EEB31-AEA3-4F7D-A521-3EE646274EA8}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{31FC2801-5FAB-467E-A5F9-66198CE4D29F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{35E40602-D7A1-4574-9F3F-57019A2BF411}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{85D6D620-D822-427D-882E-3A2515E59C0C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{38C563DD-A390-4198-B011-2C1B0151EE84}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{1811AABA-062D-4DBE-AC4E-FF5B9498DE9C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{956975FE-26A0-4798-990D-166540CD870D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CE953FC4-4A6E-4F61-A2A2-C75DA724B8E3}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{EF888035-EAFB-4A62-BE16-83F512FBC896}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{6DA35437-0B65-400A-9411-782D4A9AC445}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9FF7A8C9-0DF2-48C4-84D0-F6C9E56807CF}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{AC5899F6-97A6-481B-A73C-6E36B4A2F30E}] => (Allow) C:\Program Files (x86)\Cracked Steam\Steam.exe
FirewallRules: [{C42F61B4-169E-473E-BBF9-C913D60BC828}] => (Allow) C:\Program Files (x86)\Cracked Steam\Steam.exe
FirewallRules: [{0C45EE42-DE0A-483A-9C7B-0FFF42C02812}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{9FDCB322-E121-406D-A348-4054238EF2EA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{11D5DD76-67B7-455E-AB10-3E1EAC34F617}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{47B72D4A-D5A8-4972-8EA0-FADFFB2A189C}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{03D0CB66-D69A-4BC6-A3D1-D8E6C0A2AA1A}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{60D51CB7-A18E-41C4-B577-C9B350172658}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A1E6CA22-A190-403E-966B-C55F5F73945F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{55B798E1-FD4B-43DF-9A6A-D7260C25E14E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{859BDD87-A926-4438-9042-9F87D07C3C4D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DA695C90-D04B-454C-908F-BC131430E854}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{55CDB6E4-646E-4BED-9361-57AC2B8B8835}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{0990CC13-EEDD-4E0E-ABBF-615E83A2E654}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{C0DCFE7F-6910-4277-8EE1-BC7E3C447283}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{7BB8696E-2561-4D01-9348-76E45ECADD01}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{79847504-B275-4962-9EC8-43DC51CD8A6C}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{317FBCAC-051F-4EF3-85FC-51885B03D346}] => (Allow) C:\Users\azzybone69\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{91D2C638-E65F-446C-9947-18A01594449A}] => (Allow) C:\Users\azzybone69\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{66F24A54-78CE-4F9E-9C79-F6DC6867C113}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [UDP Query User{A4781AE1-36D4-4812-9568-D90897074FEF}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [{A24F8DC7-65DF-4645-B344-5491B176EF8F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B542312B-B9B8-49AD-BEEB-5C1F8362353F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/07/2015 02:02:01 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (6492) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (11/07/2015 02:02:01 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (6492) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (11/07/2015 02:01:51 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (6492) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (11/07/2015 02:01:51 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (6492) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (11/07/2015 02:01:41 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (6492) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (11/07/2015 02:01:41 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (6492) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (11/07/2015 02:01:30 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (6492) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (11/07/2015 02:01:30 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (6492) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (11/07/2015 02:01:20 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (6492) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (11/07/2015 02:01:20 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (6492) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
 
System errors:
=============
Error: (11/07/2015 01:58:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Razer Game Scanner service failed to start due to the following error: 
%%1053
 
Error: (11/07/2015 01:58:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Razer Game Scanner service to connect.
 
Error: (11/07/2015 01:58:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (11/07/2015 01:57:46 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Norton Identity Safe service terminated with the following service-specific error: 
%%4294967295
 
Error: (11/07/2015 01:56:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (11/07/2015 01:56:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (11/07/2015 01:56:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (11/07/2015 01:56:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (11/07/2015 01:19:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (11/07/2015 01:19:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Razer Game Scanner service failed to start due to the following error: 
%%1053
 
 
CodeIntegrity:
===================================
  Date: 2015-10-24 13:14:39.416
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-24 13:14:39.398
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-24 13:10:10.626
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-24 13:10:10.610
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-24 13:02:43.226
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-24 13:02:43.181
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-24 12:59:16.415
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-24 12:59:16.380
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-24 12:15:55.884
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-24 12:15:55.869
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU Q8300 @ 2.50GHz
Percentage of memory in use: 42%
Total physical RAM: 4061.17 MB
Available physical RAM: 2317.55 MB
Total Virtual: 4765.17 MB
Available Virtual: 2814.25 MB
 
==================== Drives ================================
 
Drive c: (Gateway) (Fixed) (Total:573.61 GB) (Free:293.17 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: B6DB5857)
Partition 1: (Not Active) - (Size=13.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=573.6 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#8 Jo*

Jo*

  • Malware Response Team
  • 3,429 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:20 AM

Posted 07 November 2015 - 03:53 PM

P2P - I see you have P2P software uTorrent and crack software KMSPico 10.0.6 installed on your machine.
  • Avoid P2P
  • Identity Theft and / or malware infection may happen, when P2P software is running on your computer.
  • Here you will find more information.
Please note:
  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.
I would advice you, uninstall P2P software and crack software now.
You can do this via Start > Control Panel > Add Remove Programs (XP) or Start > Control Panel > Programs and Features (Vista / 7).

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 Azzybone

Azzybone
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 07 November 2015 - 04:00 PM

Ok i removed the kmspico do i have to uninstall u torrent also and is that all i needed to do.



#10 Jo*

Jo*

  • Malware Response Team
  • 3,429 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:20 AM

Posted 07 November 2015 - 04:04 PM

Uninstall it now and then we have to remove a lot of bad things from this pc.


Hello Azzybone,

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Edited by Jo*, 07 November 2015 - 04:04 PM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 Azzybone

Azzybone
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 07 November 2015 - 04:29 PM

ok im running the scan right now ill let u know if anything.



#12 Azzybone

Azzybone
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 07 November 2015 - 04:38 PM

# AdwCleaner v5.018 - Logfile created 07/11/2015 at 15:35:55
# Updated 05/11/2015 by Xplode
# Database : 2015-11-03.2 [Server]
# Operating system : Windows 10 Pro  (x64)
# Username : azzybone69 - AZZYBONE
# Running from : C:\Users\azzybone69\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files\AllDaySavings
Folder Found : C:\Program Files\slimcleaner plus
Folder Found : C:\Program Files\Concom
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\ParetoLogic
Folder Found : C:\Program Files (x86)\DriverRestore
Folder Found : C:\Program Files (x86)\TampaGeneration
Folder Found : C:\Program Files (x86)\DriverToolkit
Folder Found : C:\Program Files (x86)\IncludeMonitor
Folder Found : C:\Program Files (x86)\Itibiti Soft Phone
Folder Found : C:\Program Files (x86)\Max Driver Updater
Folder Found : C:\Program Files (x86)\803145FD-1422525906-D311-B197-00262D1910EB
Folder Found : C:\Program Files (x86)\Video Tile
Folder Found : C:\Program Files (x86)\di1Re-Markable
Folder Found : C:\Program Files (x86)\ver2Re-Markable
Folder Found : C:\Program Files (x86)\CinemaPlus_1.3dV22.10
Folder Found : C:\Program Files (x86)\CinePlus-1.44V22.10
Folder Found : C:\Program Files (x86)\Common Files\ParetoLogic
Folder Found : C:\Program Files (x86)\Common Files\Innovative Solutions
Folder Found : C:\ProgramData\ParetoLogic
Folder Found : C:\ProgramData\pastaleads
Folder Found : C:\ProgramData\Innovative Solutions
Folder Found : C:\ProgramData\slimware utilities inc
Folder Found : C:\ProgramData\683999003763500266
Folder Found : C:\ProgramData\9b033e6000004a93
Folder Found : C:\ProgramData\Avg_Update_0215tb
Folder Found : C:\ProgramData\{1529b0bc-9a29-878d-1529-9b0bc9a2c2f2}
Folder Found : C:\ProgramData\{71b73331-23ea-8197-71b7-7333123eccc4}
Folder Found : C:\ProgramData\{9bed9ed7-3000-3e47-9bed-d9ed73007b5c}
Folder Found : C:\ProgramData\{b6917821-ed30-4ba6-b691-17821ed3e087}
Folder Found : C:\ProgramData\{be270984-6002-5f9c-be27-709846002611}
Folder Found : C:\ProgramData\{ce11d8a3-3cdb-4f14-ce11-1d8a33cd628c}
Folder Found : C:\ProgramData\{fa5f0a8a-5078-0eee-fa5f-f0a8a5072a29}
Folder Found : C:\ProgramData\ompameomfkepcabkkdljjjogbpimkpof
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Folder Found : C:\Users\azzybone69\AppData\Local\globalUpdate
Folder Found : C:\Users\azzybone69\AppData\Local\WeatherAlerts
Folder Found : C:\Users\azzybone69\AppData\Local\MaxiGet Download Manager
Folder Found : C:\Users\azzybone69\AppData\Local\DriverToolkit
Folder Found : C:\Users\azzybone69\AppData\Local\Crossbrowse
Folder Found : C:\Users\azzybone69\AppData\Local\Innovative Solutions
Folder Found : C:\Users\azzybone69\AppData\Local\slimware utilities inc
Folder Found : C:\Users\azzybone69\AppData\Local\20702
Folder Found : C:\Users\azzybone69\AppData\Local\803145FD-1422504363-D311-B197-00262D1910EB
Folder Found : C:\Users\azzybone69\AppData\Roaming\DriverCure
Folder Found : C:\Users\azzybone69\AppData\Roaming\EZDownloader
Folder Found : C:\Users\azzybone69\AppData\Roaming\ParetoLogic
Folder Found : C:\Users\azzybone69\AppData\Roaming\RHEng
Folder Found : C:\Users\azzybone69\AppData\Roaming\PC-Gizmos
Folder Found : C:\Users\azzybone69\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
 
***** [ Files ] *****
 
File Found : C:\END
File Found : C:\Users\azzybone69\AppData\Roaming\Mozilla\Firefox\Profiles\9fdlz0uj.default\searchplugins\WebSearch.xml
File Found : C:\WINDOWS\SysNative\roboot64.exe
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
Task Found : paretologic registration3
Task Found : paretologic update version3
Task Found : PastaQuotes
Task Found : ParetoLogic Update Version3 Startup Task
Task Found : RegCure Pro
 
***** [ Registry ] *****
 
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Found : HKCU\Software\Classes\PepperZip
Key Found : HKLM\SOFTWARE\Classes\uus3url-pl
Key Found : HKLM\SOFTWARE\Classes\PCGizmosBHO.PCGizmosObj
Key Found : HKLM\SOFTWARE\Classes\PCGizmosBHO.PCGizmosObj.1
Key Found : HKLM\SOFTWARE\c0c9fcd5-9566-1d94-3fad-9b0c869162ee
Key Found : HKLM\SOFTWARE\ce76990f-b6a6-f0d3-6d0b-7ea03022f196
Key Found : HKLM\SOFTWARE\f4d59ae1-7978-6b70-63d4-95adae95b659
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{d65a1a66}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{ea755f67}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A817C286-3D6B-4ECD-A99C-E44E50DBC523}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F97FDF1-DA2B-4579-AD3E-E46641F9DBAB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A220BAB5-C335-48BA-8A01-309FDA37446F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0416BDB0-AFB0-4464-952D-1EAB5047B8E6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{052EB349-A9D2-470A-A1CC-8E0AD564D387}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB8CB19E-7E4D-41AE-8580-E8106CB5A7BC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C7405EEB-2E16-40FE-9E27-1F48CAAB15E1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A817C286-3D6B-4ECD-A99C-E44E50DBC523}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A817C286-3D6B-4ECD-A99C-E44E50DBC523}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A817C286-3D6B-4ECD-A99C-E44E50DBC523}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3F97FDF1-DA2B-4579-AD3E-E46641F9DBAB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A220BAB5-C335-48BA-8A01-309FDA37446F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0416BDB0-AFB0-4464-952D-1EAB5047B8E6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{052EB349-A9D2-470A-A1CC-8E0AD564D387}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\genesis
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\ParetoLogic
Key Found : HKCU\Software\Rocket Browser
Key Found : HKCU\Software\RocketUpdater
Key Found : HKCU\Software\SupHpUISoft
Key Found : HKCU\Software\TutoTag
Key Found : HKCU\Software\onekit
Key Found : HKCU\Software\DriverToolkit
Key Found : HKCU\Software\Corez
Key Found : HKCU\Software\Avg Secure Update
Key Found : HKCU\Software\WEBAPP
Key Found : HKCU\Software\PC-Gizmos
Key Found : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKCU\Software\AppDataLow\Software\Re-Markable
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKLM\SOFTWARE\AllDaySavings
Key Found : HKLM\SOFTWARE\NpApp
Key Found : HKLM\SOFTWARE\ParetoLogic
Key Found : HKLM\SOFTWARE\SupDp
Key Found : HKLM\SOFTWARE\SupTab
Key Found : HKLM\SOFTWARE\Tutorials
Key Found : HKLM\SOFTWARE\V9Software
Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Found : HKLM\SOFTWARE\SPPDCOM
Key Found : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C547F361-5750-4CD1-9FB6-BC93827CB6C1}
Key Found : [x64] HKLM\SOFTWARE\AllDaySavings 
Key Found : [x64] HKLM\SOFTWARE\AllDaySavings
Key Found : HKU\.DEFAULT\Software\Microsoft\KanarCore
Key Found : HKU\.DEFAULT\Software\Avg Secure Update
Key Found : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKU\S-1-5-18\Software\Microsoft\KanarCore
Key Found : HKU\S-1-5-18\Software\Avg Secure Update
Key Found : HKU\S-1-5-18\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://search.v9.com/web/?type=ds&ts=1406483250&from=epom1&uid=WDCXWD6400AAKS-00A7B2_WD-WCASY837958179581&i=psd&t=346544ff7&q={searchTerms}
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.v9.com/?type=hp&ts=1406483250&from=epom1&uid=WDCXWD6400AAKS-00A7B2_WD-WCASY837958179581&i=psd&t=346544ff7
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://search.v9.com/web/?type=ds&ts=1406483250&from=epom1&uid=WDCXWD6400AAKS-00A7B2_WD-WCASY837958179581&i=psd&t=346544ff7&q={searchTerms}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
 
***** [ Web browsers ] *****
 
[C:\Users\azzybone69\AppData\Roaming\Mozilla\Firefox\Profiles\9fdlz0uj.default\prefs.js] [Preference] Found : user_pref("browser.search.selectedEngine", "WebSearch");
[C:\Users\azzybone69\AppData\Roaming\Mozilla\Firefox\Profiles\9fdlz0uj.default\prefs.js] [Preference] Found : user_pref("browser.startup.homepage", "hxxp://websearch.look-for-it.info/?pid=22580&r=2015/02/12&hid=16843244799333283979&lg=EN&cc=US&unqvl=82");
[C:\Users\azzybone69\AppData\Roaming\Mozilla\Firefox\Profiles\9fdlz0uj.default\prefs.js] [Preference] Found : user_pref("keyword.URL", "hxxp://websearch.look-for-it.info/?pid=22580&r=2015/02/12&hid=16843244799333283979&lg=EN&cc=US&unqvl=82&l=1&q=");
[C:\Users\azzybone69\AppData\Roaming\Mozilla\Firefox\Profiles\9fdlz0uj.default\prefs.js] [Preference] Found : user_pref("browser.search.order.1", "WebSearch");
[C:\Users\azzybone69\AppData\Roaming\Mozilla\Firefox\Profiles\9fdlz0uj.default\prefs.js] [Preference] Found : user_pref("browser.search.order.1,S", "WebSearch");
[C:\Users\azzybone69\AppData\Roaming\Mozilla\Firefox\Profiles\9fdlz0uj.default\prefs.js] [Preference] Found : user_pref("browser.search.defaultenginename,S", "WebSearch");
[C:\Users\azzybone69\AppData\Roaming\Mozilla\Firefox\Profiles\9fdlz0uj.default\prefs.js] [Preference] Found : user_pref("browser.search.selectedEngine,S", "WebSearch");
[C:\Users\azzybone69\AppData\Roaming\Mozilla\Firefox\Profiles\9fdlz0uj.default\prefs.js] [Preference] Found : user_pref("browser.search.defaulturl", "hxxp://websearch.look-for-it.info/?pid=22580&r=2015/02/12&hid=16843244799333283979&lg=EN&cc=US&unqvl=82&l=1&q=");
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [13595 bytes] ##########


#13 Jo*

Jo*

  • Malware Response Team
  • 3,429 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:20 AM

Posted 07 November 2015 - 04:42 PM

Hello Azzybone,

Run Malwarebytes Anti-Rootkit again: Right-click mbar.exe and select Run As Administrator
  • Scan your system for malware
  • If malware is found, click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
If there is no malware found, please let me know as well.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#14 Azzybone

Azzybone
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 07 November 2015 - 04:52 PM

Windows 10 x64 NTFS
Internet Explorer 11.0.10240.16431
azzybone69 :: AZZYBONE [administrator]
 
11/7/2015 3:08:38 PM
mbar-log-2015-11-07 (15-08-38).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 340151
Time elapsed: 22 minute(s), 18 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 34
C:\Program Files (x86)\vdsmgr\locales (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\GPUCache (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Local Storage (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\J3YWZS89 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash\WritableRoot (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\G2H6YSCM (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\G2H6YSCM\aka.spotxcdn.com (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\G2H6YSCM\cdn2.dashbida.com (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\G2H6YSCM\cdn2.dashbida.com\prod (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\G2H6YSCM\cdn2.dashbida.com\prod\vpaid2-dbfp.swf (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\G2H6YSCM\macromedia.com (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\G2H6YSCM\macromedia.com\support (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\G2H6YSCM\macromedia.com\support\flashplayer (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\G2H6YSCM\macromedia.com\support\flashplayer\sys (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\G2H6YSCM\macromedia.com\support\flashplayer\sys\#cdn2.dashbida.com (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\G2H6YSCM\macromedia.com\support\flashplayer\sys\#partners.cmptch.com (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\G2H6YSCM\macromedia.com\support\flashplayer\sys\#q2u3z6t7.ssl.hwcdn.net (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\G2H6YSCM\partners.cmptch.com (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\G2H6YSCM\partners.cmptch.com\flash (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\G2H6YSCM\partners.cmptch.com\flash\ga.swf (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\G2H6YSCM\partners.cmptch.com\flash\rvc.swf (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\G2H6YSCM\q2u3z6t7.ssl.hwcdn.net (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\G2H6YSCM\q2u3z6t7.ssl.hwcdn.net\swf (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\G2H6YSCM\q2u3z6t7.ssl.hwcdn.net\swf\storage.swf (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\G2H6YSCM\vox-static.liverail.com (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\plugins (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\Update (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
 
Files Detected: 179
C:\Windows\System32\drivers\Msft_Kernel_webinstr_01009.Wdf (PUP.Optional.WebInstr) -> Delete on reboot. []
C:\Program Files (x86)\vdsmgr\locales\am.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\hi.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\ar.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\bg.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\bn.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\ca.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\cs.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\da.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\de.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\el.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\en-GB.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\en-US.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\es-419.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\es.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\et.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\fa.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\fi.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\fil.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\fr.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\gu.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\he.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\hr.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\hu.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\id.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\it.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\ja.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\kn.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\ko.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\lt.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\lv.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\ml.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\mr.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\ms.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\nb.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\nl.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\pl.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\pt-BR.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\pt-PT.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\ro.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\ru.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\sk.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\sl.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\sr.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\sv.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\sw.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\ta.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\te.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\th.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\tr.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\uk.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\vi.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\zh-CN.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\locales\zh-TW.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cef.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cef_100_percent.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cef_200_percent.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cef_extensions.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\devtools_resources.pak (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\icudtl.dat (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\natives_blob.bin (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\snapshot_blob.bin (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_00000b (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_00001f (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000033 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\ChromeDWriteFontCache (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Cookies (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Cookies-journal (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\data_0 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\data_1 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\data_2 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\data_3 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000001 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000002 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000003 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000004 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000005 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000006 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000007 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000008 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000009 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_00000a (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_00000c (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_00000d (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_00000e (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_00000f (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000010 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000011 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000012 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000013 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000014 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000015 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000016 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000017 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000018 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000019 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_00001a (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_00001b (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_00001c (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_00001d (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_00001e (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000020 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000021 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000022 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000023 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000024 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000025 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000026 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000027 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000028 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000029 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_00002a (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_00002b (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_00002c (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_00002d (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_00002e (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_00002f (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000030 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000031 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000032 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000034 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000035 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000036 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000037 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000038 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000039 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_00003a (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_00003b (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_00003c (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_00003d (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_00003e (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_00003f (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000040 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000041 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000042 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000043 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000044 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000045 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000046 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000047 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000048 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000049 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_00004a (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_00004b (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_00004c (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_00004d (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_00004e (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_00004f (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000050 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000051 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\f_000052 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\index (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\GPUCache\data_0 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\GPUCache\data_1 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\GPUCache\data_2 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\GPUCache\data_3 (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\GPUCache\index (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Local Storage\http_bh.contextweb.com_0.localstorage (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Local Storage\http_bh.contextweb.com_0.localstorage-journal (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Local Storage\http_incomesvideo.com_0.localstorage (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Local Storage\http_incomesvideo.com_0.localstorage-journal (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Local Storage\http_static.cmptch.com_0.localstorage (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Local Storage\http_static.cmptch.com_0.localstorage-journal (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\J3YWZS89\4BAE91DBAEF0CEEC0FCE5505D96DDEA865EDBFC1.heu (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\J3YWZS89\4BAE91DBAEF0CEEC0FCE5505D96DDEA865EDBFC1.swz (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\J3YWZS89\8F903698240FE799F61EEDA8595181137B996156.heu (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\J3YWZS89\8F903698240FE799F61EEDA8595181137B996156.swz (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\J3YWZS89\ABD49354324081CEBB8F60184CF5FEE81F0F9298.heu (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\J3YWZS89\ABD49354324081CEBB8F60184CF5FEE81F0F9298.swz (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\J3YWZS89\B63185FCA5D2BDBB568593F2BF232E87E5A20A7E.heu (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\J3YWZS89\B63185FCA5D2BDBB568593F2BF232E87E5A20A7E.swz (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\J3YWZS89\cacheSize.txt (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\G2H6YSCM\cdn2.dashbida.com\prod\vpaid2-dbfp.swf\dbStore.sol (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\G2H6YSCM\macromedia.com\support\flashplayer\sys\settings.sol (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\G2H6YSCM\macromedia.com\support\flashplayer\sys\#cdn2.dashbida.com\settings.sol (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\G2H6YSCM\macromedia.com\support\flashplayer\sys\#partners.cmptch.com\settings.sol (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\G2H6YSCM\macromedia.com\support\flashplayer\sys\#q2u3z6t7.ssl.hwcdn.net\settings.sol (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\G2H6YSCM\partners.cmptch.com\flash\rvc.swf\pmuid01.sol (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
C:\Program Files (x86)\vdsmgr\cache\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\G2H6YSCM\q2u3z6t7.ssl.hwcdn.net\swf\storage.swf\vbLStorage.sol (Trojan.Vdsmgr) -> Delete on reboot. [e150a6d599f2d95d23e73d94a65d966a]
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)


#15 Jo*

Jo*

  • Malware Response Team
  • 3,429 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:20 AM

Posted 07 November 2015 - 05:00 PM

Hello Azzybone,

Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run the Farbar Recovery Scan Tool again.
  • Double-click to run FSRT / FSRT64. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users