Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Searchinterneat-a.akamaihd.net redirecting browser


  • This topic is locked This topic is locked
11 replies to this topic

#1 showmethebiccies

showmethebiccies

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nottingham UK
  • Local time:10:40 AM

Posted 28 October 2015 - 05:29 AM

hi 

When i click on my chrome browser, i briefly see "Searchinterneat-a.akamaihd.net" in the address bar,

this disappears and a yahoo search page pops up, this is the address for it.

https://uk.search.yahoo.com/?fr=hp-ddc-bd-tab&type=dc-bcr-is-rhb-43__alt__ddc_dsssyctab_bd_com

 

I have deleted all search providers except, google.uk and set google as my start page this did not work, so i reset 

 

I have run, Adwcleaner, jrt, and Eset scanner. 

i have also done the following.

 

Uninstall these programs: Use CCleaner by clicking on each item to highlight and then choose Uninstall on the right.
µTorrent BitTorrent Inc. 10/13/2015 3.4.5.41202 (dangerous to use for downloading free stuff....most of which contains adware and malware)
Mozilla Firefox 32.0.1 (x86 en-GB) Mozilla 9/10/2015 75.0 MB 32.0.1 (Or Update...)
Mozilla Maintenance Service Mozilla 9/10/2015 220 KB 32.0.1
 
Disable the three Scheduled Tasks...Use CCleaner by clicking on each item to highlight and then choosing Disable on the right
 
Disable this Windows Startup:
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "G:\Program Files\CCleaner\CCleaner.exe" /MONITOR
 
I have also downloaded and run FRST, these are the results.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-10-2015 02
Ran by leon (administrator) on LEON-PC (28-10-2015 09:46:20)
Running from G:\Users\leon\Desktop
Loaded Profiles: leon (Available Profiles: leon)
Platform: Microsoft Windows 10 Pro (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Realtek Semiconductor Corp.) G:\Program Files\ADDON\NWU281 USB Wireless LAN Utility\RtlService.exe
() G:\ProgramData\TVersity\Media Server\MediaServer.exe
(Microsoft Corporation) G:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) G:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) G:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Realtek Semiconductor Corp.) G:\Program Files\ADDON\NWU281 USB Wireless LAN Utility\RtWLan.exe
(Microsoft Corporation) G:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) G:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Google Inc.) G:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) G:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) G:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) G:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) G:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) G:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IntelliPoint] => G:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576 2011-08-01] (Microsoft Corporation)
HKU\S-1-5-21-2234053327-359660119-4253514962-1000\...\Run: [CCleaner Monitoring] => G:\Program Files\CCleaner\CCleaner.exe [6564776 2015-10-19] (Piriform Ltd)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{de1f50be-8b3c-42cb-bbc5-17fac0144a85}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{e5ef7da2-28d9-4d51-91f4-82000538782c}: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2234053327-359660119-4253514962-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2234053327-359660119-4253514962-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
 
FireFox:
========
FF ProfilePath: G:\Users\leon\AppData\Roaming\Mozilla\Firefox\Profiles\wp9w52m5.default
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser//h?eq=U0EeCFZVBB8SRghBdFpeVl9IGBhGJA5cTA1BGVcOIQ4OVhQUFwISeQtaAlpEEwcFIk0FA18DB0VXfV9eFElXTwhuIVdBM1wCVFlXM3FNAw==
FF SelectedSearchEngine: Default
FF DefaultSearchEngine: Default
FF Plugin: @tools.google.com/Google Update;version=3 -> G:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> G:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://www.google.co.uk/"
CHR Profile: G:\Users\leon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - G:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - G:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Thesaurus.com - Synonyms and Antonyms) - G:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\clljlcapeomdokpgadmegpabakieebci [2014-09-14]
CHR Extension: (Google Search) - G:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Diet Diary) - G:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\neckeibmjhibmgoigmffjlihekefmffd [2014-09-14]
CHR Extension: (Chrome Web Store Payments) - G:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-10]
CHR Extension: (Gmail) - G:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-05]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ADDONCU; G:\Program Files\ADDON\NWU281 USB Wireless LAN Utility\RtlService.exe [36864 2012-05-10] (Realtek Semiconductor Corp.) [File not signed]
S2 MBAMScheduler; G:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; G:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 TVersityMediaServer; G:\ProgramData\TVersity\Media Server\MediaServer.exe [1677448 2015-07-29] ()
R3 WdNisSvc; G:\Program Files\Windows Defender\NisSrv.exe [277760 2015-07-10] (Microsoft Corporation)
R2 WinDefend; G:\Program Files\Windows Defender\MsMpEng.exe [23264 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 eapihdrv; G:\Users\leon\AppData\Local\Temp\ehdrv.sys [135760 2015-10-28] (ESET)
S3 MBAMProtector; G:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; G:\WINDOWS\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 rt640x86; G:\WINDOWS\System32\drivers\rt640x86.sys [492032 2015-07-10] (Realtek                                            )
R3 RtlWlanu; G:\WINDOWS\System32\drivers\rtwlanu.sys [3234520 2015-07-10] (Realtek Semiconductor Corporation                           )
S3 tsusbhub; G:\WINDOWS\System32\drivers\tsusbhub.sys [112640 2010-11-20] (Microsoft Corporation) [File not signed]
S3 UdeCx; G:\WINDOWS\System32\drivers\udecx.sys [31744 2015-07-10] ()
S0 WdBoot; G:\WINDOWS\System32\drivers\WdBoot.sys [37400 2015-07-10] (Microsoft Corporation)
R0 WdFilter; G:\WINDOWS\System32\drivers\WdFilter.sys [245600 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; G:\WINDOWS\System32\Drivers\WdNisDrv.sys [97632 2015-07-10] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-28 09:46 - 2015-10-28 09:46 - 00007634 _____ G:\Users\leon\Desktop\FRST.txt
2015-10-28 09:46 - 2015-10-28 09:46 - 00000000 ____D G:\FRST
2015-10-28 09:44 - 2015-10-28 09:46 - 01701376 _____ (Farbar) G:\Users\leon\Desktop\FRST.exe
2015-10-28 09:31 - 2015-10-28 09:31 - 00016148 _____ G:\WINDOWS\system32\LEON-PC_leon_HistoryPrediction.bin
2015-10-28 03:13 - 2015-10-28 03:13 - 00007606 _____ G:\Users\leon\AppData\Local\Resmon.ResmonCfg
2015-10-28 02:09 - 2015-10-28 02:09 - 00005698 _____ G:\Users\leon\Desktop\install programs.txt
2015-10-28 02:08 - 2015-10-28 02:08 - 00000630 _____ G:\Users\leon\Desktop\startup tasks.txt
2015-10-28 02:07 - 2015-10-28 02:07 - 00000636 _____ G:\Users\leon\Desktop\startup windows.txt
2015-10-27 18:15 - 2015-10-27 18:16 - 01691648 _____ G:\Users\leon\Downloads\AdwCleaner.exe
2015-10-27 11:46 - 2015-10-27 11:46 - 00000000 ____D G:\Program Files\ESET
2015-10-27 11:45 - 2015-10-27 11:46 - 02870984 _____ (ESET) G:\Users\leon\Desktop\esetsmartinstaller_enu.exe
2015-10-27 11:43 - 2015-10-27 11:43 - 00000000 ____D G:\Users\leon\AppData\LocalLow\Temp
2015-10-27 11:42 - 2015-10-27 11:42 - 00001123 _____ G:\Users\leon\Documents\JRT.txt
2015-10-27 09:16 - 2015-10-27 18:18 - 00000000 ____D G:\AdwCleaner
2015-10-27 08:44 - 2015-10-28 09:30 - 00001818 _____ G:\WINDOWS\PFRO.log
2015-10-27 08:44 - 2015-10-27 08:44 - 00001190 _____ G:\WINDOWS\system32\ServiceConfig.xml
2015-10-27 08:43 - 2015-10-27 08:43 - 00001738 _____ G:\WINDOWS\system32\EmailAVConfig.xml
2015-10-27 08:38 - 2015-10-27 09:31 - 01801288 _____ (Malwarebytes) G:\Users\leon\Desktop\JRT.exe
2015-10-27 08:33 - 2015-10-27 08:33 - 00170200 _____ (Malwarebytes) G:\WINDOWS\system32\Drivers\46E62C87.sys
2015-10-27 05:34 - 2015-10-27 05:34 - 00170200 _____ (Malwarebytes) G:\WINDOWS\system32\Drivers\7B91239E.sys
2015-10-26 21:27 - 2015-10-28 09:30 - 00000275 _____ G:\WINDOWS\WindowsUpdate.log
2015-10-26 20:25 - 2015-10-26 20:26 - 00150786 _____ G:\Users\leon\Documents\cc_20151026_202459 reg back up.reg
2015-10-26 20:08 - 2015-10-26 20:08 - 00001043 _____ G:\Users\Public\Desktop\CCleaner.lnk
2015-10-26 20:08 - 2015-10-26 20:08 - 00000000 ____D G:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-10-26 20:08 - 2015-10-26 20:08 - 00000000 ____D G:\Program Files\CCleaner
2015-10-26 20:07 - 2015-10-26 20:08 - 06762072 _____ (Piriform Ltd) G:\Users\leon\Downloads\ccsetup511.exe
2015-10-26 19:29 - 2015-10-26 19:29 - 00000000 ___RD G:\Users\leon\3D Objects
2015-10-26 19:28 - 2015-10-26 19:28 - 00000279 _____ G:\Users\leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Control Panel.lnk
2015-10-26 18:32 - 2015-10-26 18:32 - 00170200 _____ (Malwarebytes) G:\WINDOWS\system32\Drivers\235928C0.sys
2015-10-26 12:38 - 2015-10-26 12:38 - 00170200 _____ (Malwarebytes) G:\WINDOWS\system32\Drivers\155619F6.sys
2015-10-26 01:42 - 2015-10-26 01:42 - 00000000 _____ G:\WINDOWS\system32\SBRC.dat
2015-10-26 00:53 - 2015-10-27 09:08 - 00000000 ____D G:\ProgramData\STOPzilla!
2015-10-26 00:53 - 2015-10-26 00:53 - 00000000 ____D G:\Program Files\iS3
2015-10-25 23:07 - 2015-10-25 23:07 - 00000214 _____ G:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2015-10-25 20:38 - 2015-10-28 06:12 - 00000000 ____D G:\Users\leon\AppData\Local\CrashDumps
2015-10-25 12:23 - 2015-10-25 12:23 - 03237248 ____H (Enigma Software Group USA, LLC.) G:\Users\leon\Downloads\SpyHunter-Installer.exe
2015-10-25 11:45 - 2015-10-28 09:31 - 00170200 _____ (Malwarebytes) G:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-25 11:44 - 2015-10-25 11:44 - 00001138 _____ G:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-25 11:44 - 2015-10-25 11:44 - 00000000 ____D G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-25 11:44 - 2015-10-25 11:44 - 00000000 ____D G:\ProgramData\Malwarebytes
2015-10-25 11:44 - 2015-10-25 11:44 - 00000000 ____D G:\Program Files\Malwarebytes Anti-Malware
2015-10-25 11:44 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) G:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-10-25 11:44 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) G:\WINDOWS\system32\Drivers\mwac.sys
2015-10-25 11:44 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) G:\WINDOWS\system32\Drivers\mbam.sys
2015-10-25 11:43 - 2015-10-25 11:43 - 22908888 ____H (Malwarebytes ) G:\Users\leon\Downloads\mbam-setup-2.2.0.1024.exe
2015-10-25 11:17 - 2015-10-25 11:17 - 00000000 ____D G:\WINDOWS\system32\appmgmt
2015-10-24 00:38 - 2015-10-25 10:54 - 00000000 ____D G:\ProgramData\Norton
2015-10-24 00:35 - 2015-10-24 00:35 - 00000000 ____D G:\Users\Public\Documents\Baidu
2015-10-24 00:35 - 2015-10-24 00:34 - 17787368 ____H (Bitberry Software ) G:\Users\leon\Downloads\FreeFileViewerSetup [1].exe
2015-10-23 22:49 - 2015-10-23 22:49 - 00000000 ___HD G:\Users\leon\AppData\Roaming\OpenOffice
2015-10-23 22:13 - 2015-10-23 22:17 - 133616624 ____H G:\Users\leon\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-GB.exe
2015-10-22 03:53 - 2015-10-22 03:53 - 00000000 ___HD G:\Users\leon\Downloads\Limitless.S01E04.HDTV.x264-LOL[ettv]
2015-10-22 03:37 - 2015-10-22 03:40 - 00000000 ___HD G:\Users\leon\Downloads\Homeland.S05E03.WEB-DL.x264-FUM[ettv]
2015-10-22 03:36 - 2015-10-22 03:36 - 00000000 ___HD G:\Users\leon\Downloads\Limitless.S01E05.HDTV.x264-LOL[ettv]
2015-10-19 08:22 - 2015-10-19 08:54 - 00000000 ___HD G:\Users\leon\Downloads\Da.Vinci's.Demons.S02E03.The.Voyage.of.the.Damned.720p.WEB-DL.DD5.1.H.264-BS [PublicHD]
2015-10-19 08:20 - 2015-10-19 09:04 - 00000000 ___HD G:\Users\leon\Downloads\Da.Vinci's.Demons.S02E02.The.Blood.of.Brothers.720p.WEB-DL.DD5.1.H.264-BS [PublicHD]
2015-10-19 08:11 - 2015-10-19 08:43 - 578059500 ____H G:\Users\leon\Downloads\[www.Cpasbien.pe] Da.Vincis.Demons.S02E10.FASTSUB.VOSTFR.HDTV.XviD-F4ST.avi
2015-10-19 07:58 - 2015-10-19 09:42 - 577742112 ____H G:\Users\leon\Downloads\[www.Cpasbien.pe] Da.Vincis.Demons.S02E08.FASTSUB.VOSTFR.HDTV.XviD-F4ST.avi
2015-10-19 07:55 - 2015-10-19 18:45 - 441178636 ____H G:\Users\leon\Downloads\Da.Vinci's.Demons.S02E07.The.Vault.of.Heaven.720p.WEB-DL.2CH.x264-PSA.mkv
2015-10-19 07:54 - 2015-10-19 16:31 - 451582932 ____H G:\Users\leon\Downloads\Da.Vinci's.Demons.S02E06.The.Rope.of.the.Dead.720p.WEB-DL.2CH.x264-PSA.mkv
2015-10-19 07:54 - 2015-10-19 08:29 - 388616720 ____H G:\Users\leon\Downloads\Da.Vinci's.Demons.S02E04.The.Ends.of.the.Earth.720p.WEB-DL.2CH.x264-PSA.mkv
2015-10-19 07:53 - 2015-10-19 08:49 - 495668176 ____H G:\Users\leon\Downloads\Da.Vinci's.Demons.S02E01.The.Blood.of.Man.720p.WEB-DL.2CH.x264-PSA.mkv
2015-10-19 07:53 - 2015-10-19 08:31 - 446250439 ____H G:\Users\leon\Downloads\Da.Vinci's.Demons.S02E05.The.Sun.and.the.Moon.720p.WEB-DL.2CH.x264-PSA.mkv
2015-10-19 07:53 - 2015-10-19 08:22 - 426394696 ____H G:\Users\leon\Downloads\Da.Vinci's.Demons.S02E09.720p.HDTV.2CH.x264-PSA.mkv
2015-10-19 07:41 - 2015-10-19 07:46 - 00000000 ___HD G:\Users\leon\Downloads\The.Knick.S02E01.HDTV.x264-KILLERS[ettv]
2015-10-19 07:41 - 2015-10-19 07:41 - 00000000 ___HD G:\Users\leon\Downloads\The.Blacklist.S03E03.HDTV.x264-FLEET
2015-10-17 07:42 - 2015-10-17 07:51 - 198862745 ____H G:\Users\leon\Downloads\limitless.s01e04.720p.hdtv.hevc.x265.rmteam.mkv
2015-10-17 07:40 - 2015-10-17 07:49 - 00000000 ___HD G:\Users\leon\Downloads\The.Last.Kingdom.S01E02.HDTV.x264-KILLERS[ettv]
2015-10-17 07:40 - 2015-10-17 07:40 - 00000000 ___HD G:\Users\leon\Downloads\The.Good.Wife.S07E02.HDTV.x264-LOL[ettv]
2015-10-13 18:06 - 2015-10-10 06:44 - 00069312 _____ (Microsoft Corporation) G:\WINDOWS\system32\acmigration.dll
2015-10-13 18:06 - 2015-10-10 06:07 - 18806272 _____ (Microsoft Corporation) G:\WINDOWS\system32\edgehtml.dll
2015-10-13 18:06 - 2015-10-06 02:46 - 13027840 _____ (Microsoft Corporation) G:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-13 18:06 - 2015-10-01 03:36 - 06265184 _____ (Microsoft Corporation) G:\WINDOWS\system32\ntoskrnl.exe
2015-10-13 18:06 - 2015-10-01 03:36 - 01034032 _____ (Microsoft Corporation) G:\WINDOWS\system32\winload.efi
2015-10-13 18:06 - 2015-10-01 03:36 - 00907992 _____ (Microsoft Corporation) G:\WINDOWS\system32\winload.exe
2015-10-13 18:06 - 2015-10-01 03:36 - 00869232 _____ (Microsoft Corporation) G:\WINDOWS\system32\winresume.efi
2015-10-13 18:06 - 2015-10-01 03:36 - 00754080 _____ (Microsoft Corporation) G:\WINDOWS\system32\winresume.exe
2015-10-13 18:06 - 2015-10-01 02:40 - 00608768 _____ (Microsoft Corporation) G:\WINDOWS\system32\fveapi.dll
2015-10-13 18:06 - 2015-09-25 03:33 - 01997336 _____ (Microsoft Corporation) G:\WINDOWS\system32\msxml6.dll
2015-10-13 18:06 - 2015-09-25 03:31 - 00368992 _____ (Microsoft Corporation) G:\WINDOWS\system32\Drivers\usbhub.sys
2015-10-13 18:06 - 2015-09-25 03:26 - 20858360 _____ (Microsoft Corporation) G:\WINDOWS\system32\shell32.dll
2015-10-13 18:06 - 2015-09-25 03:21 - 00851296 _____ (Microsoft Corporation) G:\WINDOWS\system32\SecConfig.efi
2015-10-13 18:06 - 2015-09-25 02:48 - 19325952 _____ (Microsoft Corporation) G:\WINDOWS\system32\mshtml.dll
2015-10-13 18:06 - 2015-09-25 02:47 - 00195584 _____ (Microsoft Corporation) G:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-13 18:06 - 2015-09-25 02:47 - 00172032 _____ (Microsoft Corporation) G:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-13 18:06 - 2015-09-25 02:43 - 00997376 _____ (Microsoft Corporation) G:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-13 18:06 - 2015-09-25 02:38 - 03580416 _____ (Microsoft Corporation) G:\WINDOWS\system32\jscript9.dll
2015-10-13 18:06 - 2015-09-25 02:38 - 00650240 _____ (Microsoft Corporation) G:\WINDOWS\system32\jscript.dll
2015-10-13 18:06 - 2015-09-25 02:38 - 00574464 _____ (Microsoft Corporation) G:\WINDOWS\system32\Chakradiag.dll
2015-10-13 18:06 - 2015-09-25 02:38 - 00504320 _____ (Microsoft Corporation) G:\WINDOWS\system32\vbscript.dll
2015-10-13 18:06 - 2015-09-25 02:37 - 01917440 _____ (Microsoft Corporation) G:\WINDOWS\system32\AppXDeploymentServer.dll
2015-10-13 18:06 - 2015-09-25 02:37 - 00766976 _____ (Microsoft Corporation) G:\WINDOWS\system32\kerberos.dll
2015-10-13 18:06 - 2015-09-25 02:37 - 00613376 _____ (Microsoft Corporation) G:\WINDOWS\system32\TokenBroker.dll
2015-10-13 18:06 - 2015-09-25 02:37 - 00490496 _____ (Microsoft Corporation) G:\WINDOWS\system32\winlogon.exe
2015-10-13 18:06 - 2015-09-25 02:37 - 00480256 _____ (Microsoft Corporation) G:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-13 18:06 - 2015-09-25 02:36 - 11262976 _____ (Microsoft Corporation) G:\WINDOWS\system32\ieframe.dll
2015-10-13 18:06 - 2015-09-25 02:36 - 05454848 _____ (Microsoft Corporation) G:\WINDOWS\system32\Chakra.dll
2015-10-13 18:06 - 2015-09-25 02:35 - 02985472 _____ (Microsoft Corporation) G:\WINDOWS\system32\win32kfull.sys
2015-10-13 18:06 - 2015-09-25 02:34 - 01133568 _____ (Microsoft Corporation) G:\WINDOWS\system32\win32kbase.sys
2015-10-13 18:06 - 2015-09-25 02:34 - 01127936 _____ (Microsoft Corporation) G:\WINDOWS\system32\UserDataService.dll
2015-10-13 18:06 - 2015-09-25 02:34 - 00928256 _____ (Microsoft Corporation) G:\WINDOWS\system32\Unistore.dll
2015-10-13 18:06 - 2015-09-25 02:34 - 00625152 _____ (Microsoft Corporation) G:\WINDOWS\system32\ContactApis.dll
2015-10-13 18:06 - 2015-09-25 02:34 - 00579584 _____ (Microsoft Corporation) G:\WINDOWS\system32\AppointmentApis.dll
2015-10-13 18:06 - 2015-09-25 02:34 - 00557568 _____ (Microsoft Corporation) G:\WINDOWS\system32\ChatApis.dll
2015-10-13 18:06 - 2015-09-25 02:34 - 00525312 _____ (Microsoft Corporation) G:\WINDOWS\system32\EmailApis.dll
2015-10-13 18:06 - 2015-09-25 02:34 - 00228352 _____ (Microsoft Corporation) G:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-13 18:06 - 2015-09-25 02:33 - 01499136 _____ (Microsoft Corporation) G:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-10-13 18:06 - 2015-09-25 02:33 - 00131072 _____ (Microsoft Corporation) G:\WINDOWS\system32\CallHistoryClient.dll
2015-10-13 18:06 - 2015-09-25 02:32 - 01594368 _____ (Microsoft Corporation) G:\WINDOWS\system32\msxml3.dll
2015-10-13 18:06 - 2015-09-25 02:32 - 00466432 _____ (Microsoft Corporation) G:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-12 10:22 - 2015-10-12 10:29 - 00000000 ___HD G:\Users\leon\Downloads\The.Bastard.Executioner.S01E05.HDTV.XviD-FUM[ettv]
2015-10-12 10:11 - 2015-10-12 10:25 - 00000000 ___HD G:\Users\leon\Downloads\The.Bastard.Executioner.S01E04.HDTV.x264-KILLERS[ettv]
2015-10-12 10:09 - 2015-10-12 10:09 - 00000000 ___HD G:\Users\leon\Downloads\Limitless.S01E03.HDTV.x264-LOL[ettv]
2015-10-12 10:08 - 2015-10-12 10:09 - 00000000 ___HD G:\Users\leon\Downloads\Quantico.S01E02.HDTV.x264-LOL[ettv]
2015-10-12 10:03 - 2015-10-12 10:42 - 00000000 ___HD G:\Users\leon\Downloads\The.Walking.Dead.S06E01.PROPER.HDTV.x264-KILLERS[ettv]
2015-10-12 10:03 - 2015-10-12 10:03 - 00000000 ___HD G:\Users\leon\Downloads\Quantico.S01E03.HDTV.x264-LOL[ettv]
2015-10-12 10:02 - 2015-10-12 10:02 - 00000000 ___HD G:\Users\leon\Downloads\The.Good.Wife.S07E01.HDTV.x264-LOL[ettv]
2015-10-12 10:01 - 2015-10-12 10:11 - 354094964 ____H G:\Users\leon\Downloads\The.Blacklist.S03E01.The.Troll.Farmer.1080p.WEB-DL.x265.HEVC.AAC.5.1.Condo.mkv
2015-10-12 09:34 - 2015-10-12 09:43 - 00000000 ___HD G:\Users\leon\Downloads\The.Blacklist.S03E02.HDTV.XviD-FUM[ettv]
2015-10-12 09:32 - 2015-10-12 09:47 - 00000000 ___HD G:\Users\leon\Downloads\The.Last.Kingdom.S01E01.HDTV.x264-KILLERS[ettv]
2015-10-12 09:30 - 2015-10-12 09:32 - 00000000 ___HD G:\Users\leon\Downloads\Homeland.S05E02.WEB-DL.XviD-FUM[ettv]
2015-10-12 09:29 - 2015-10-12 09:34 - 00000000 ___HD G:\Users\leon\Downloads\Homeland S05E01 HDTV XviD-FUM[ettv]
2015-10-01 19:53 - 2015-09-17 06:28 - 05120056 _____ (Microsoft Corporation) G:\WINDOWS\system32\windows.storage.dll
2015-10-01 19:53 - 2015-09-17 05:40 - 06101504 _____ (Microsoft Corporation) G:\WINDOWS\system32\mos.dll
2015-10-01 19:53 - 2015-09-17 05:35 - 05079552 _____ (Microsoft Corporation) G:\WINDOWS\system32\BingMaps.dll
2015-10-01 19:52 - 2015-09-19 03:50 - 00083160 _____ (Microsoft Corporation) G:\WINDOWS\system32\omadmapi.dll
2015-10-01 19:52 - 2015-09-17 06:28 - 02154808 _____ (Microsoft Corporation) G:\WINDOWS\system32\mfcore.dll
2015-10-01 19:52 - 2015-09-17 06:28 - 01357888 _____ (Microsoft Corporation) G:\WINDOWS\system32\winmde.dll
2015-10-01 19:52 - 2015-09-17 06:28 - 01343952 _____ (Microsoft Corporation) G:\WINDOWS\system32\wmpmde.dll
2015-10-01 19:52 - 2015-09-17 06:28 - 00680144 _____ (Microsoft Corporation) G:\WINDOWS\system32\Drivers\Wdf01000.sys
2015-10-01 19:52 - 2015-09-17 06:28 - 00441168 _____ (Microsoft Corporation) G:\WINDOWS\system32\SettingSyncHost.exe
2015-10-01 19:52 - 2015-09-17 06:28 - 00407608 _____ (Microsoft Corporation) G:\WINDOWS\system32\AudioSes.dll
2015-10-01 19:52 - 2015-09-17 06:28 - 00083792 _____ (Microsoft Corporation) G:\WINDOWS\system32\Drivers\pdc.sys
2015-10-01 19:52 - 2015-09-17 06:28 - 00074880 _____ (Microsoft Corporation) G:\WINDOWS\system32\remoteaudioendpoint.dll
2015-10-01 19:52 - 2015-09-17 06:27 - 01766952 _____ G:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 19:52 - 2015-09-17 06:27 - 00454512 _____ (Microsoft Corporation) G:\WINDOWS\system32\directmanipulation.dll
2015-10-01 19:52 - 2015-09-17 06:26 - 02446648 _____ (Microsoft Corporation) G:\WINDOWS\system32\msmpeg2vdec.dll
2015-10-01 19:52 - 2015-09-17 06:26 - 01895568 _____ (Microsoft Corporation) G:\WINDOWS\system32\hevcdecoder.dll
2015-10-01 19:52 - 2015-09-17 06:26 - 01856848 _____ (Microsoft Corporation) G:\WINDOWS\system32\Drivers\tcpip.sys
2015-10-01 19:52 - 2015-09-17 06:26 - 01708376 _____ (Microsoft Corporation) G:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-10-01 19:52 - 2015-09-17 06:26 - 00646672 _____ (Microsoft Corporation) G:\WINDOWS\system32\mfsvr.dll
2015-10-01 19:52 - 2015-09-17 06:26 - 00587776 _____ (Microsoft Corporation) G:\WINDOWS\system32\CoreMessaging.dll
2015-10-01 19:52 - 2015-09-17 06:26 - 00508248 _____ (Microsoft Corporation) G:\WINDOWS\system32\mf.dll
2015-10-01 19:52 - 2015-09-17 06:26 - 00436064 _____ (Microsoft Corporation) G:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-10-01 19:52 - 2015-09-17 06:26 - 00434376 _____ (Microsoft Corporation) G:\WINDOWS\system32\MFCaptureEngine.dll
2015-10-01 19:52 - 2015-09-17 06:26 - 00428128 _____ (Microsoft Corporation) G:\WINDOWS\system32\WWanAPI.dll
2015-10-01 19:52 - 2015-09-17 06:26 - 00414560 _____ (Microsoft Corporation) G:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-10-01 19:52 - 2015-09-17 06:26 - 00335696 _____ (Microsoft Corporation) G:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-10-01 19:52 - 2015-09-17 06:26 - 00274272 _____ (Microsoft Corporation) G:\WINDOWS\system32\Drivers\fastfat.sys
2015-10-01 19:52 - 2015-09-17 06:26 - 00228192 _____ (Microsoft Corporation) G:\WINDOWS\system32\Drivers\sdbus.sys
2015-10-01 19:52 - 2015-09-17 06:25 - 00962400 _____ (Microsoft Corporation) G:\WINDOWS\system32\LicenseManager.dll
2015-10-01 19:52 - 2015-09-17 06:21 - 00658528 _____ (Microsoft Corporation) G:\WINDOWS\system32\mfds.dll
2015-10-01 19:52 - 2015-09-17 06:20 - 00764416 _____ (Microsoft Corporation) G:\WINDOWS\system32\twinapi.appcore.dll
2015-10-01 19:52 - 2015-09-17 06:13 - 01054048 _____ (Microsoft Corporation) G:\WINDOWS\system32\wpx.dll
2015-10-01 19:52 - 2015-09-17 06:13 - 00918880 _____ (Microsoft Corporation) G:\WINDOWS\system32\Drivers\ndis.sys
2015-10-01 19:52 - 2015-09-17 05:51 - 00189952 _____ (Microsoft Corporation) G:\WINDOWS\system32\provengine.dll
2015-10-01 19:52 - 2015-09-17 05:51 - 00139264 _____ (Microsoft Corporation) G:\WINDOWS\system32\enrollmentapi.dll
2015-10-01 19:52 - 2015-09-17 05:51 - 00106496 _____ (Microsoft Corporation) G:\WINDOWS\system32\provops.dll
2015-10-01 19:52 - 2015-09-17 05:49 - 00371712 _____ (Microsoft Corporation) G:\WINDOWS\system32\StoreAgent.dll
2015-10-01 19:52 - 2015-09-17 05:49 - 00041472 _____ (Microsoft Corporation) G:\WINDOWS\system32\Windows.Speech.Pal.dll
2015-10-01 19:52 - 2015-09-17 05:49 - 00022016 _____ (Microsoft Corporation) G:\WINDOWS\system32\LicenseManagerShellext.exe
2015-10-01 19:52 - 2015-09-17 05:48 - 00539136 _____ (Microsoft Corporation) G:\WINDOWS\system32\CellularAPI.dll
2015-10-01 19:52 - 2015-09-17 05:48 - 00370176 _____ (Microsoft Corporation) G:\WINDOWS\system32\MBMediaManager.dll
2015-10-01 19:52 - 2015-09-17 05:48 - 00121344 _____ (Microsoft Corporation) G:\WINDOWS\system32\tetheringservice.dll
2015-10-01 19:52 - 2015-09-17 05:47 - 01508864 _____ (Microsoft Corporation) G:\WINDOWS\system32\NetworkMobileSettings.dll
2015-10-01 19:52 - 2015-09-17 05:47 - 00387072 _____ (Microsoft Corporation) G:\WINDOWS\system32\DataSenseHandlers.dll
2015-10-01 19:52 - 2015-09-17 05:47 - 00371712 _____ (Microsoft Corporation) G:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-10-01 19:52 - 2015-09-17 05:46 - 00673280 _____ (Microsoft Corporation) G:\WINDOWS\system32\SharedStartModel.dll
2015-10-01 19:52 - 2015-09-17 05:46 - 00072192 _____ (Microsoft Corporation) G:\WINDOWS\system32\ngckeyenum.dll
2015-10-01 19:52 - 2015-09-17 05:45 - 00075776 _____ (Microsoft Corporation) G:\WINDOWS\system32\DeviceEnroller.exe
2015-10-01 19:52 - 2015-09-17 05:43 - 00095232 _____ (Microsoft Corporation) G:\WINDOWS\system32\KeywordDetectorMsftSidAdapter.dll
2015-10-01 19:52 - 2015-09-17 05:42 - 02646528 _____ (Microsoft Corporation) G:\WINDOWS\system32\Windows.Media.dll
2015-10-01 19:52 - 2015-09-17 05:42 - 00388096 _____ (Microsoft Corporation) G:\WINDOWS\system32\tileobjserver.dll
2015-10-01 19:52 - 2015-09-17 05:41 - 00675328 _____ (Microsoft Corporation) G:\WINDOWS\system32\modernexecserver.dll
2015-10-01 19:52 - 2015-09-17 05:41 - 00217088 _____ (Microsoft Corporation) G:\WINDOWS\system32\VEEventDispatcher.dll
2015-10-01 19:52 - 2015-09-17 05:41 - 00108032 _____ (Microsoft Corporation) G:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-10-01 19:52 - 2015-09-17 05:40 - 01918464 _____ (Microsoft Corporation) G:\WINDOWS\system32\MFMediaEngine.dll
2015-10-01 19:52 - 2015-09-17 05:40 - 01162240 _____ (Microsoft Corporation) G:\WINDOWS\system32\Windows.Media.Speech.dll
2015-10-01 19:52 - 2015-09-17 05:40 - 00504832 _____ (Microsoft Corporation) G:\WINDOWS\system32\WUDFx02000.dll
2015-10-01 19:52 - 2015-09-17 05:40 - 00418304 _____ (Microsoft Corporation) G:\WINDOWS\system32\PsmServiceExtHost.dll
2015-10-01 19:52 - 2015-09-17 05:40 - 00351744 _____ (Microsoft Corporation) G:\WINDOWS\system32\dmenrollengine.dll
2015-10-01 19:52 - 2015-09-17 05:39 - 01877504 _____ (Microsoft Corporation) G:\WINDOWS\system32\wlansvc.dll
2015-10-01 19:52 - 2015-09-17 05:39 - 01829376 _____ (Microsoft Corporation) G:\WINDOWS\system32\wuaueng.dll
2015-10-01 19:52 - 2015-09-17 05:39 - 00587264 _____ (Microsoft Corporation) G:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-10-01 19:52 - 2015-09-17 05:39 - 00296448 _____ (Microsoft Corporation) G:\WINDOWS\system32\wuuhext.dll
2015-10-01 19:52 - 2015-09-17 05:39 - 00284672 _____ (Microsoft Corporation) G:\WINDOWS\system32\ngccredprov.dll
2015-10-01 19:52 - 2015-09-17 05:39 - 00160768 _____ (Microsoft Corporation) G:\WINDOWS\system32\accountaccessor.dll
2015-10-01 19:52 - 2015-09-17 05:39 - 00102912 _____ (Microsoft Corporation) G:\WINDOWS\system32\omadmclient.exe
2015-10-01 19:52 - 2015-09-17 05:39 - 00064000 _____ (Microsoft Corporation) G:\WINDOWS\system32\wwancfg.dll
2015-10-01 19:52 - 2015-09-17 05:37 - 00454656 _____ (Microsoft Corporation) G:\WINDOWS\system32\MbaeApi.dll
2015-10-01 19:52 - 2015-09-17 05:36 - 06529024 _____ (Microsoft Corporation) G:\WINDOWS\system32\wwanmm.dll
2015-10-01 19:52 - 2015-09-17 05:36 - 00926720 _____ (Microsoft Corporation) G:\WINDOWS\system32\wwansvc.dll
2015-10-01 19:52 - 2015-09-17 05:36 - 00661504 _____ (Microsoft Corporation) G:\WINDOWS\system32\MPSSVC.dll
2015-10-01 19:52 - 2015-09-17 05:36 - 00483328 _____ (Microsoft Corporation) G:\WINDOWS\system32\wcmsvc.dll
2015-10-01 19:52 - 2015-09-17 05:36 - 00385024 _____ (Microsoft Corporation) G:\WINDOWS\system32\wwanconn.dll
2015-10-01 19:52 - 2015-09-17 05:36 - 00162816 _____ (Microsoft Corporation) G:\WINDOWS\system32\wcmcsp.dll
2015-10-01 19:52 - 2015-09-17 05:36 - 00130048 _____ (Microsoft Corporation) G:\WINDOWS\system32\SubscriptionMgr.dll
2015-10-01 19:52 - 2015-09-17 05:35 - 03026432 _____ (Microsoft Corporation) G:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-10-01 19:52 - 2015-09-17 05:35 - 02207232 _____ (Microsoft Corporation) G:\WINDOWS\system32\wininet.dll
2015-10-01 19:52 - 2015-09-17 05:35 - 01820160 _____ (Microsoft Corporation) G:\WINDOWS\system32\Windows.UI.Logon.dll
2015-10-01 19:52 - 2015-09-17 05:35 - 01762304 _____ (Microsoft Corporation) G:\WINDOWS\system32\pnidui.dll
2015-10-01 19:52 - 2015-09-17 05:35 - 00828928 _____ (Microsoft Corporation) G:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-10-01 19:52 - 2015-09-17 05:35 - 00283136 _____ (Microsoft Corporation) G:\WINDOWS\system32\ncsi.dll
2015-10-01 19:52 - 2015-09-17 05:34 - 00350208 _____ (Microsoft Corporation) G:\WINDOWS\system32\LocationWebproxy.dll
2015-10-01 19:52 - 2015-09-17 05:34 - 00253440 _____ (Microsoft Corporation) G:\WINDOWS\system32\SensorsApi.dll
2015-10-01 19:52 - 2015-09-17 05:34 - 00230400 _____ (Microsoft Corporation) G:\WINDOWS\system32\Drivers\portcls.sys
2015-10-01 19:52 - 2015-09-17 05:34 - 00026112 _____ (Microsoft Corporation) G:\WINDOWS\system32\Drivers\buttonconverter.sys
2015-10-01 19:52 - 2015-09-17 05:33 - 00076288 _____ (Microsoft Corporation) G:\WINDOWS\system32\LocationWiFiAdapter.dll
2015-10-01 19:52 - 2015-09-17 05:32 - 01543680 _____ (Microsoft Corporation) G:\WINDOWS\system32\wlidsvc.dll
2015-10-01 19:52 - 2015-09-17 05:32 - 00989696 _____ (Microsoft Corporation) G:\WINDOWS\system32\Windows.UI.Shell.dll
2015-10-01 19:52 - 2015-09-17 05:32 - 00733184 _____ (Microsoft Corporation) G:\WINDOWS\system32\RDXService.dll
2015-10-01 19:52 - 2015-09-17 05:32 - 00397824 _____ (Microsoft Corporation) G:\WINDOWS\system32\NotificationController.dll
2015-10-01 19:52 - 2015-09-17 05:32 - 00336384 _____ (Microsoft Corporation) G:\WINDOWS\system32\CredProvDataModel.dll
2015-10-01 19:52 - 2015-09-17 05:32 - 00313856 _____ (Microsoft Corporation) G:\WINDOWS\system32\LockAppBroker.dll
2015-10-01 19:52 - 2015-09-17 05:32 - 00195072 _____ (Microsoft Corporation) G:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-10-01 19:52 - 2015-09-17 05:31 - 00389632 _____ (Microsoft Corporation) G:\WINDOWS\system32\ngcsvc.dll
2015-10-01 19:52 - 2015-09-17 05:31 - 00268800 _____ (Microsoft Corporation) G:\WINDOWS\system32\ncryptprov.dll
2015-10-01 19:52 - 2015-09-17 05:30 - 00311808 _____ (Microsoft Corporation) G:\WINDOWS\system32\AppXDeploymentClient.dll
2015-10-01 19:52 - 2015-09-17 05:30 - 00145920 _____ (Microsoft Corporation) G:\WINDOWS\system32\KnobsCore.dll
2015-10-01 19:52 - 2015-09-17 05:30 - 00133632 _____ (Microsoft Corporation) G:\WINDOWS\system32\cloudAP.dll
2015-10-01 19:52 - 2015-09-17 05:30 - 00083456 _____ (Microsoft Corporation) G:\WINDOWS\system32\KnobsCsp.dll
2015-10-01 19:52 - 2015-09-17 05:30 - 00067584 _____ (Microsoft Corporation) G:\WINDOWS\system32\MDMAppInstaller.exe
2015-10-01 19:52 - 2015-09-17 05:30 - 00061952 _____ (Microsoft Corporation) G:\WINDOWS\system32\HttpsDataSource.dll
2015-10-01 19:52 - 2015-09-17 05:29 - 01104384 _____ (Microsoft Corporation) G:\WINDOWS\system32\UIAutomationCore.dll
2015-10-01 19:52 - 2015-09-17 05:29 - 00701952 _____ (Microsoft Corporation) G:\WINDOWS\system32\JpMapControl.dll
2015-10-01 19:52 - 2015-09-17 05:29 - 00677888 _____ (Microsoft Corporation) G:\WINDOWS\system32\MapControlCore.dll
2015-10-01 19:52 - 2015-09-17 05:29 - 00464896 _____ (Microsoft Corporation) G:\WINDOWS\system32\Windows.UI.dll
2015-10-01 19:52 - 2015-09-17 05:28 - 00402944 _____ (Microsoft Corporation) G:\WINDOWS\system32\bisrv.dll
2015-10-01 19:52 - 2015-09-17 05:28 - 00228352 _____ (Microsoft Corporation) G:\WINDOWS\system32\syncutil.dll
2015-10-01 19:52 - 2015-09-17 05:27 - 01380352 _____ (Microsoft Corporation) G:\WINDOWS\system32\workfolderssvc.dll
2015-10-01 19:52 - 2015-09-17 05:27 - 00269312 _____ (Microsoft Corporation) G:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-10-01 19:52 - 2015-09-17 05:27 - 00147456 _____ (Microsoft Corporation) G:\WINDOWS\system32\psmsrv.dll
2015-10-01 19:52 - 2015-09-17 05:26 - 00899584 _____ (Microsoft Corporation) G:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-10-01 19:52 - 2015-09-13 01:41 - 02639872 _____ (Microsoft Corporation) G:\WINDOWS\system32\esent.dll
2015-10-01 19:51 - 2015-09-17 05:51 - 00145920 _____ (Microsoft Corporation) G:\WINDOWS\system32\mdmregistration.dll
2015-10-01 19:51 - 2015-09-17 05:45 - 00193024 _____ (Microsoft Corporation) G:\WINDOWS\system32\Windows.Internal.Management.dll
2015-10-01 19:51 - 2015-09-17 05:45 - 00132096 _____ (Microsoft Corporation) G:\WINDOWS\system32\provisioningcsp.dll
2015-10-01 19:51 - 2015-09-17 05:45 - 00128512 _____ (Microsoft Corporation) G:\WINDOWS\system32\mdmmigrator.dll
2015-10-01 19:51 - 2015-09-17 05:45 - 00114176 _____ (Microsoft Corporation) G:\WINDOWS\system32\dmcertinst.exe
2015-10-01 19:51 - 2015-09-17 05:45 - 00055296 _____ (Microsoft Corporation) G:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2015-10-01 19:51 - 2015-09-17 05:43 - 00328704 _____ (Microsoft Corporation) G:\WINDOWS\system32\MapConfiguration.dll
2015-10-01 19:51 - 2015-09-17 05:40 - 00273408 _____ (Microsoft Corporation) G:\WINDOWS\system32\configmanager2.dll
2015-10-01 19:51 - 2015-09-17 05:39 - 00247808 _____ (Microsoft Corporation) G:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-01 19:51 - 2015-09-17 05:39 - 00103936 _____ (Microsoft Corporation) G:\WINDOWS\system32\dmcsps.dll
2015-10-01 19:51 - 2015-09-17 05:36 - 01171456 _____ (Microsoft Corporation) G:\WINDOWS\system32\netcenter.dll
2015-10-01 19:51 - 2015-09-17 05:36 - 00821248 _____ (Microsoft Corporation) G:\WINDOWS\system32\audiosrv.dll
2015-10-01 19:51 - 2015-09-17 05:34 - 00261120 _____ (Microsoft Corporation) G:\WINDOWS\system32\LocationGeofences.dll
2015-10-01 19:51 - 2015-09-17 05:33 - 00181760 _____ (Microsoft Corporation) G:\WINDOWS\system32\LocationCrowdsource.dll
2015-10-01 19:51 - 2015-09-17 05:30 - 00449536 _____ (Microsoft Corporation) G:\WINDOWS\system32\enterprisecsps.dll
2015-10-01 19:51 - 2015-09-17 05:30 - 00025088 _____ (Microsoft Corporation) G:\WINDOWS\system32\syncmlhook.dll
2015-10-01 19:51 - 2015-09-17 05:29 - 00587264 _____ (Microsoft Corporation) G:\WINDOWS\system32\MapsStore.dll
2015-10-01 19:51 - 2015-09-17 05:28 - 00473088 _____ (Microsoft Corporation) G:\WINDOWS\system32\wpnapps.dll
2015-10-01 11:47 - 2015-10-01 11:47 - 03246726 ____H G:\Users\leon\Desktop\Device_04_20150930192653_20150930200001 - Copy - Copy.avi
2015-10-01 11:46 - 2015-10-01 11:46 - 00350208 ____H (TODO: ) G:\Users\leon\Desktop\264ToAvi.exe
2015-10-01 11:45 - 2015-10-01 11:45 - 00000000 ___HD G:\Users\leon\AppData\Roaming\WinRAR
2015-10-01 11:41 - 2015-10-01 11:45 - 00000000 ____D G:\Program Files\WinRAR
2015-10-01 11:41 - 2015-10-01 11:41 - 00001059 _____ G:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2015-10-01 11:41 - 2015-10-01 11:41 - 00000000 ___HD G:\Users\leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-10-01 11:41 - 2015-10-01 11:41 - 00000000 ____D G:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-10-01 11:36 - 2015-10-01 11:36 - 00000000 ___HD G:\Users\leon\Downloads\WinRAR 5.20 Final (x86-x64) Incl. Key [ATOM]
2015-10-01 11:24 - 2015-10-01 11:24 - 00145230 ____H G:\Users\leon\Downloads\264ToAvi_v1.0.1.21.rar
2015-10-01 10:57 - 2015-10-01 11:31 - 00000000 ____D G:\Program Files\PlayBack
2015-10-01 10:25 - 2015-10-01 10:25 - 00000000 ___HD G:\Users\leon\Documents\Any Video Converter
2015-10-01 10:24 - 2015-10-03 00:19 - 00000000 ___HD G:\Users\leon\AppData\Roaming\Anvsoft
2015-09-30 22:11 - 2015-09-30 22:20 - 00000000 ___HD G:\Users\leon\Downloads\Limitless.S01E02.HDTV.x264-LOL[ettv]
2015-09-30 20:49 - 2015-09-30 20:49 - 00001187 ____H G:\Users\leon\Desktop\MyDVR - Shortcut.lnk
2015-09-28 19:42 - 2015-09-28 19:42 - 00000000 ____H G:\Users\leon\Documents\Default.rdp
2015-09-28 19:21 - 2015-09-28 19:29 - 00000000 ___HD G:\Users\leon\Downloads\Madam.Secretary.S01E22.HDTV.x264-LOL[rarbg]
2015-09-28 19:16 - 2015-09-28 19:43 - 00000000 ___HD G:\Users\leon\Downloads\Madam.Secretary.S01E21.HDTV.x264-LOL[rarbg]
2015-09-28 19:13 - 2015-09-28 19:28 - 261033841 ____H G:\Users\leon\Downloads\Madam.Secretary.S01E20.HDTV.x264-LOL.mp4
2015-09-28 19:12 - 2015-09-28 19:29 - 247986144 ____H G:\Users\leon\Downloads\Madam.Secretary.S01E19.HDTV.x264-LOL.mp4
2015-09-28 19:10 - 2015-09-28 19:30 - 276578495 ____H G:\Users\leon\Downloads\Madam.Secretary.S01E18.HDTV.x264-LOL.mp4
2015-09-28 19:08 - 2015-09-28 19:21 - 219059963 ____H G:\Users\leon\Downloads\Madam.Secretary.S01E17.HDTV.x264-LOL.mp4
2015-09-28 19:04 - 2015-09-28 19:16 - 238837463 ____H G:\Users\leon\Downloads\Madam.Secretary.S01E16.HDTV.x264-LOL.mp4
2015-09-28 19:02 - 2015-09-28 19:13 - 236145328 ____H G:\Users\leon\Downloads\Madam.Secretary.S01E15.HDTV.x264-LOL.mp4
2015-09-28 19:02 - 2015-09-28 19:10 - 236738886 ____H G:\Users\leon\Downloads\Madam.Secretary.S01E14.HDTV.x264-LOL.mp4
2015-09-28 19:02 - 2015-09-28 19:08 - 239005370 ____H G:\Users\leon\Downloads\Madam.Secretary.S01E13.HDTV.x264-LOL.mp4
2015-09-28 19:01 - 2015-09-28 19:12 - 251272094 ____H G:\Users\leon\Downloads\Madam.Secretary.S01E12.HDTV.x264-LOL.mp4
2015-09-28 18:53 - 2015-09-28 18:59 - 381454092 ____H G:\Users\leon\Downloads\Quantico.S01E01.HDTV.x264-LOL[eztv].mp4
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-28 09:35 - 2015-09-10 09:48 - 00984150 _____ G:\WINDOWS\system32\PerfStringBackup.INI
2015-10-28 09:31 - 2015-09-16 16:22 - 00795205 _____ G:\WINDOWS\system32\TVersityMediaServer.log
2015-10-28 09:30 - 2015-07-10 09:55 - 00000006 ____H G:\WINDOWS\Tasks\SA.DAT
2015-10-28 09:30 - 2015-07-10 08:28 - 00000000 ____D G:\WINDOWS\system32\sru
2015-10-28 09:30 - 2015-07-10 06:59 - 00262144 ___SH G:\WINDOWS\system32\config\BBI
2015-10-28 09:30 - 2014-09-14 13:22 - 00000910 _____ G:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-28 09:30 - 2014-09-14 13:22 - 00000906 _____ G:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-27 15:10 - 2015-07-10 08:28 - 00000000 ____D G:\WINDOWS\Microsoft.NET
2015-10-27 14:24 - 2015-07-10 08:28 - 00000000 ____D G:\WINDOWS\AppReadiness
2015-10-27 08:44 - 2015-07-10 10:43 - 00000000 ____D G:\WINDOWS\SKB
2015-10-27 08:44 - 2015-07-10 09:53 - 00196408 _____ G:\WINDOWS\system32\FNTCACHE.DAT
2015-10-26 20:18 - 2015-09-10 18:41 - 00000000 ___DC G:\WINDOWS\Panther
2015-10-26 20:18 - 2014-10-04 19:03 - 00000000 ___HD G:\Users\leon\AppData\Roaming\uTorrent
2015-10-26 20:05 - 2015-02-24 23:38 - 00000000 ___HD G:\Users\leon\AppData\Roaming\vlc
2015-10-26 19:29 - 2015-09-10 09:50 - 00000000 ___HD G:\Users\leon
2015-10-25 22:21 - 2015-07-10 08:28 - 00000000 ___RD G:\WINDOWS\ImmersiveControlPanel
2015-10-25 12:10 - 2015-07-10 08:28 - 00000000 ____D G:\WINDOWS\system32\NDF
2015-10-25 10:59 - 2015-07-10 08:28 - 00000000 ____D G:\WINDOWS\system32\WinBioDatabase
2015-10-25 10:53 - 2015-07-10 08:28 - 00000000 ____D G:\WINDOWS\system32\appraiser
2015-10-25 10:18 - 2015-07-10 08:28 - 00000000 ___HD G:\WINDOWS\ELAMBKUP
2015-10-25 10:18 - 2015-07-10 06:59 - 00032768 ___SH G:\WINDOWS\system32\config\ELAM
2015-10-24 19:55 - 2014-09-14 13:23 - 00002215 _____ G:\Users\Public\Desktop\Google Chrome.lnk
2015-10-24 00:38 - 2009-07-14 02:37 - 00000000 ____D G:\WINDOWS\system32\GroupPolicy
2015-10-23 22:18 - 2015-07-10 08:28 - 00000000 ____D G:\Program Files\Common Files\microsoft shared
2015-10-21 00:34 - 2015-07-10 08:20 - 00000000 ____D G:\WINDOWS\CbsTemp
2015-10-20 23:11 - 2015-09-16 16:22 - 00000000 ___HD G:\Users\leon\AppData\Local\TVersity
2015-10-16 03:10 - 2015-07-10 08:29 - 00810488 _____ (Adobe Systems Incorporated) G:\WINDOWS\system32\FlashPlayerApp.exe
2015-10-16 03:10 - 2015-07-10 08:29 - 00176632 _____ (Adobe Systems Incorporated) G:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-10-14 18:39 - 2015-07-10 08:28 - 00000000 ____D G:\WINDOWS\rescache
2015-10-13 18:13 - 2014-09-14 05:46 - 00000000 ____D G:\WINDOWS\system32\MRT
2015-10-13 18:08 - 2014-09-14 05:46 - 141105520 _____ (Microsoft Corporation) G:\WINDOWS\system32\MRT.exe
2015-10-13 17:53 - 2015-07-10 08:28 - 00000000 ___SD G:\WINDOWS\system32\F12
2015-10-13 17:53 - 2015-07-10 08:28 - 00000000 ___RD G:\WINDOWS\PurchaseDialog
2015-10-13 17:53 - 2015-07-10 08:28 - 00000000 ___RD G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-13 17:53 - 2015-07-10 08:28 - 00000000 ____D G:\WINDOWS\system32\WinBioPlugIns
2015-10-13 17:53 - 2015-07-10 08:28 - 00000000 ____D G:\WINDOWS\system32\SystemResetPlatform
2015-10-13 17:53 - 2015-07-10 08:28 - 00000000 ____D G:\WINDOWS\Provisioning
2015-10-13 17:53 - 2015-07-10 08:28 - 00000000 ____D G:\WINDOWS\L2Schemas
2015-10-01 10:22 - 2014-09-14 13:21 - 00000000 __SHD G:\Users\leon\AppData\Local\EmieUserList
2015-10-01 10:22 - 2014-09-14 13:21 - 00000000 __SHD G:\Users\leon\AppData\Local\EmieSiteList
 
==================== Files in the root of some directories =======
 
2015-10-28 03:13 - 2015-10-28 03:13 - 0007606 _____ () G:\Users\leon\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
G:\WINDOWS\explorer.exe => File is digitally signed
G:\WINDOWS\system32\winlogon.exe => File is digitally signed
G:\WINDOWS\system32\wininit.exe => File is digitally signed
G:\WINDOWS\system32\svchost.exe => File is digitally signed
G:\WINDOWS\system32\services.exe => File is digitally signed
G:\WINDOWS\system32\User32.dll => File is digitally signed
G:\WINDOWS\system32\userinit.exe => File is digitally signed
G:\WINDOWS\system32\rpcss.dll => File is digitally signed
G:\WINDOWS\system32\dnsapi.dll => File is digitally signed
G:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-21 21:30
 
==================== End of FRST.txt ============================
 
 

Attached Files



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,658 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:40 AM

Posted 28 October 2015 - 07:27 AM

Hello showmethebiccies and welcome to the Bleeping Computer forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

I am looking at your logs but meanwhile, please run some new scans that will give extra information.

===================================================

Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.


Download RogueKiller to your desktop


  • close all running programs
  • for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
  • when the pre-scan is finished, click on Scan
  • click on Report and copy/paste the content in your next post
  • NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad

If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.

Please post the contents of the RKreport.txt in your next reply.

===================================================

Download zoek.exe to your Desktop:

Important: Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications here.

  • on Windows Vista, 7/8, right-click Zoek.exe and select: Run as Administrator
  • give it a few seconds to appear
  • copy/paste the entire script inside the codebox below into the input field of Zoek:
    createsrpoint;
    autoclean;
    emptyalltemp;
    ipconfig /flushdns;b
    
  • close any open programs.
  • click the Run script button, and wait. It takes a few minutes to run.
  • when the tool finishes, the zoek-results.log is opened in Notepad: the log can also be found on the systemdrive, normally C:\
  • if a reboot is needed, the log will be opened after the reboot.

 Logs to include with next post:

RKreport.txt
zoek-results.log


Thanks

Satchfan

 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 showmethebiccies

showmethebiccies
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nottingham UK
  • Local time:10:40 AM

Posted 30 October 2015 - 12:10 AM

Hi

I have run both scans, and saved the reports.
The problem is that, after rebooting and trying to go online to post them, malewarebytes has been set to start on rebooting.
Malewarebytes then blocks my internet as a malicious site.
I had to turn off malewarebytes originally, so that I could access the internet,to make my first post, but don't want to do this again, if it will cause more problems.

I am posting this via my nexus 7.2, what do you advise?.

#4 satchfan

satchfan

  • Malware Response Team
  • 2,658 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:40 AM

Posted 30 October 2015 - 07:52 AM

I had to turn off malewarebytes originally, so that I could access the internet,to make my first post, but don't want to do this again, if it will cause more problems.

 

Disabling Malwarebytes shouldn't cause any problems so I don't understand what you mean.


Edited by satchfan, 30 October 2015 - 07:56 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 showmethebiccies

showmethebiccies
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nottingham UK
  • Local time:10:40 AM

Posted 30 October 2015 - 01:50 PM

When I click on chrome browser, because it is redirecting to the yahoo search page, malewarebytes blocks access to it, meaning I can't get on to the Internet.
After running your scans, the problem still exists, and wasn't sure if I should stop malewarebytes from running so that I could post the scans, as it would mean using the yahoo search engine.

#6 satchfan

satchfan

  • Malware Response Team
  • 2,658 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:40 AM

Posted 30 October 2015 - 03:57 PM

Disable, (or uninstall Malwarebytes tempoarily) and, if you still can't acces the Internet use Internet Explorer or Firefox instead of Chrome.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#7 showmethebiccies

showmethebiccies
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nottingham UK
  • Local time:10:40 AM

Posted 30 October 2015 - 04:26 PM

hi

 

i have left malewarebytes running, and am using IE 11 for the moment,

it is not being blocked by malewarebytes, so maybe the problem is with chrome.

 

here are the logs you asked for

RogueKiller V10.11.3.0 [Oct 26 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10240) 32 bits version
Started in : Normal mode
User : leon [Administrator]
Started from : G:\Users\leon\Desktop\RogueKiller.exe
Mode : Scan -- Date : 10/30/2015 01:45:47

¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] MediaServer.exe(2480) -- G:\ProgramData\TVersity\Media Server\MediaServer.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 25 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\RK_System_ON_C_E2F1\ControlSet002\Services\aswVmm (\??\C:\Users\noel\AppData\Local\Temp\aswVmm.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\RK_System_ON_C_E2F1\ControlSet003\Services\aswVmm (\??\C:\Users\noel\AppData\Local\Temp\aswVmm.sys) -> Found
[PUM.HomePage] HKEY_LOCAL_MACHINE\RK_Software_ON_C_87B0\Microsoft\Internet Explorer\Main | Start Page : http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Presario&pf=cndt  -> Found
[PUM.HomePage] HKEY_USERS\RK_Default_ON_C_C364\Software\Microsoft\Internet Explorer\Main | Start Page : http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Presario&pf=cndt  -> Found
[PUM.HomePage] HKEY_LOCAL_MACHINE\RK_Software_ON_C_87B0\Microsoft\Internet Explorer\Main | Default_Page_URL : http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Presario&pf=cndt  -> Found
[PUM.HomePage] HKEY_USERS\RK_Default_ON_C_C364\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Presario&pf=cndt  -> Found
[PUM.HomePage] HKEY_USERS\RK_noel_ON_C_DF5C\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Presario&pf=cndt  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 194.168.4.100 194.168.8.100 ([-][UNITED KINGDOM (GB)])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_C_E2F1\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 194.168.4.100 194.168.8.100 ([-][UNITED KINGDOM (GB)])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 194.168.4.100 194.168.8.100 ([-][UNITED KINGDOM (GB)])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_C_E2F1\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 194.168.4.100 194.168.8.100 ([-][UNITED KINGDOM (GB)])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_C_E2F1\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 194.168.4.100 194.168.8.100 ([-][UNITED KINGDOM (GB)])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{de1f50be-8b3c-42cb-bbc5-17fac0144a85} | DhcpNameServer : 194.168.4.100 194.168.8.100 ([-][UNITED KINGDOM (GB)])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e5ef7da2-28d9-4d51-91f4-82000538782c} | DhcpNameServer : 194.168.4.100 194.168.8.100 ([-][UNITED KINGDOM (GB)])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_C_E2F1\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6473A8BF-841D-4F18-88C8-76ACE22DA225} | DhcpNameServer : 194.168.4.100 194.168.8.100 ([-][UNITED KINGDOM (GB)])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_C_E2F1\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CB8FC5AE-5554-45DB-A5AE-53F86A30D17D} | DhcpNameServer : 194.168.4.100 194.168.8.100 ([-][UNITED KINGDOM (GB)])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_C_E2F1\ControlSet001\Services\Tcpip\Parameters\Interfaces\{EFF5D1C3-16EB-4F2E-BF34-D2EAD9157E1C} | DhcpNameServer : 194.168.4.100 194.168.8.100 ([-][UNITED KINGDOM (GB)])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{de1f50be-8b3c-42cb-bbc5-17fac0144a85} | DhcpNameServer : 194.168.4.100 194.168.8.100 ([-][UNITED KINGDOM (GB)])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e5ef7da2-28d9-4d51-91f4-82000538782c} | DhcpNameServer : 194.168.4.100 194.168.8.100 ([-][UNITED KINGDOM (GB)])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_C_E2F1\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6473A8BF-841D-4F18-88C8-76ACE22DA225} | DhcpNameServer : 194.168.4.100 194.168.8.100 ([-][UNITED KINGDOM (GB)])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_C_E2F1\ControlSet002\Services\Tcpip\Parameters\Interfaces\{89D5724A-26DF-4D48-BEFA-1AA5C093AD1A} | DhcpNameServer : 194.168.4.100 194.168.8.100 ([-][UNITED KINGDOM (GB)])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_C_E2F1\ControlSet002\Services\Tcpip\Parameters\Interfaces\{EFF5D1C3-16EB-4F2E-BF34-D2EAD9157E1C} | DhcpNameServer : 194.168.4.100 194.168.8.100 ([-][UNITED KINGDOM (GB)])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_C_E2F1\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6473A8BF-841D-4F18-88C8-76ACE22DA225} | DhcpNameServer : 194.168.4.100 194.168.8.100 ([-][UNITED KINGDOM (GB)])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_C_E2F1\ControlSet003\Services\Tcpip\Parameters\Interfaces\{89D5724A-26DF-4D48-BEFA-1AA5C093AD1A} | DhcpNameServer : 194.168.4.100 194.168.8.100 ([-][UNITED KINGDOM (GB)])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\RK_System_ON_C_E2F1\ControlSet003\Services\Tcpip\Parameters\Interfaces\{EFF5D1C3-16EB-4F2E-BF34-D2EAD9157E1C} | DhcpNameServer : 194.168.4.100 194.168.8.100 ([-][UNITED KINGDOM (GB)])  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] wp9w52m5.default : user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser//h?eq=U0EeCFZVBB8SRghBdFpeVl9IGBhGJA5cTA1BGVcOIQ4OVhQUFwISeQtaAlpEEwcFIk0FA18DB0VXfV9eFElXTwhuIVdBM1wCVFlXM3FNAw=="); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 44396ea4697313fa59874ca71d5aae34
[BSP] ceb84c3e7b096f62a58a22cb4210973b : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 164629 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 337160880 | Size: 63425 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 467056800 | Size: 10417 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1:  +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2:  +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3:  +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4:  +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

 

 

Zoek.exe v5.0.0.1 Updated 29-October-2015
Tool run by leon on Fri 10/30/2015 at  2:22:20.05.
Microsoft Windows 10 Pro 10.0.10240  x86
Running in: Normal Mode Internet Access Detected
Launched: G:\Users\leon\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

10/30/2015 2:25:57 AM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

G:\Program Files\PlayBack deleted successfully
G:\PROGRA~2\Comms deleted successfully
G:\PROGRA~2\SoftwareDistribution deleted successfully
G:\Users\leon\AppData\Local\EmieSiteList deleted successfully
G:\Users\leon\AppData\Local\EmieUserList deleted successfully
G:\Users\leon\AppData\Local\NetworkTiles deleted successfully
G:\Users\leon\AppData\Local\PeerDistRepub deleted successfully
G:\Users\leon\AppData\Local\VirtualStore deleted successfully
G:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
G:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully
G:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Batch Command(s) Run By Tool======================

==== Deleting Files \ Folders ======================

G:\Program Files\PlayBack not found
G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
G:\WINDOWS\system32\GroupPolicy\Machine deleted
G:\WINDOWS\system32\GroupPolicy\gpt.ini deleted
"G:\WINDOWS\System32\OLD86CE.tmp" not deleted
"G:\WINDOWS\System32\OLD878A.tmp" not deleted
"G:\WINDOWS\System32\OLD8808.tmp" not deleted
"G:\WINDOWS\System32\OLD86CE.tmp" not deleted
"G:\WINDOWS\System32\OLD878A.tmp" not deleted
"G:\WINDOWS\System32\OLD8808.tmp" not deleted

==== Firefox Start and Search pages ======================

ProfilePath: G:\Users\leon\AppData\Roaming\Mozilla\Firefox\Profiles\wp9w52m5.default
user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser//h?eq=U0EeCFZVBB8SRghBdFpeVl9IGBhGJA5cTA1BGVcOIQ4OVhQUFwISeQtaAlpEEwcFIk0FA18DB0VXfV9eFElXTwhuIVdBM1wCVFlXM3FNAw==");
user_pref("browser.search.defaultenginename", "Default");
user_pref("browser.search.selectedEngine", "Default");

==== Firefox Extensions ======================

==== Firefox Plugins ======================

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.80

Thesaurus.com - Synonyms and Antonyms - leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\clljlcapeomdokpgadmegpabakieebci
Diet Diary - leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\neckeibmjhibmgoigmffjlihekefmffd

==== Chromium Fix ======================

G:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
G:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
G:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
G:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\TVWiz deleted successfully

==== Empty IE Cache ======================

G:\Users\leon\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
G:\Users\leon\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
G:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
G:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
G:\Users\leon\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
G:\Users\leon\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
G:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

G:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== G:\zoek_backup content ======================

G:\zoek_backup (files=10 folders=1 206942 bytes)

==== Empty Temp Folders ======================

G:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

G:\WINDOWS\Temp successfully emptied
G:\Users\leon\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

G:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"G:\WINDOWS\System32\OLD86CE.tmp"  not deleted
"G:\WINDOWS\System32\OLD878A.tmp"  not deleted
"G:\WINDOWS\System32\OLD8808.tmp"  not deleted
"G:\WINDOWS\System32\OLD86CE.tmp"  not deleted
"G:\WINDOWS\System32\OLD878A.tmp"  not deleted
"G:\WINDOWS\System32\OLD8808.tmp"  not deleted

==== EOF on Fri 10/30/2015 at  4:47:42.85 ======================

 

thanks for your help



#8 satchfan

satchfan

  • Malware Response Team
  • 2,658 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:40 AM

Posted 30 October 2015 - 06:14 PM

i have left malewarebytes running, and am using IE 11 for the moment,
it is not being blocked by malewarebytes, so maybe the problem is with chrome.

It usually is with Chrome. :smash: :smash:

 

 

According to your initial logs you have some pretty dubious stuff on your computer as you have been using torrent sites.

After running those previous scans I’d like to see a new FRST scan to see the current situation.

Please run FRST again and make sure there is a checkmark next to "addition.txt" before you hit “Scan”.

 

Thanks

 

Satchfan
 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#9 showmethebiccies

showmethebiccies
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nottingham UK
  • Local time:10:40 AM

Posted 30 October 2015 - 10:10 PM

here you go

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-10-2015
Ran by leon (administrator) on LEON-PC (31-10-2015 02:57:24)
Running from G:\Users\leon\Desktop\bleeping computer apps
Loaded Profiles: leon (Available Profiles: leon & DefaultAppPool)
Platform: Microsoft Windows 10 Pro (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor Corp.) G:\Program Files\ADDON\NWU281 USB Wireless LAN Utility\RtlService.exe
(Microsoft Corporation) G:\Program Files\Windows Defender\MsMpEng.exe
() G:\ProgramData\TVersity\Media Server\MediaServer.exe
(Microsoft Corporation) G:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) G:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Realtek Semiconductor Corp.) G:\Program Files\ADDON\NWU281 USB Wireless LAN Utility\RtWLan.exe
(Microsoft Corporation) G:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) G:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Microsoft Corporation) G:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6310.42251.0_x86__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) G:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6310.42251.0_x86__8wekyb3d8bbwe\HxTsr.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelliPoint] => G:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576 2011-08-01] (Microsoft Corporation)
HKU\S-1-5-21-2234053327-359660119-4253514962-1000\...\Run: [CCleaner Monitoring] => G:\Program Files\CCleaner\CCleaner.exe [6564776 2015-10-19] (Piriform Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{de1f50be-8b3c-42cb-bbc5-17fac0144a85}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{e5ef7da2-28d9-4d51-91f4-82000538782c}: [DhcpNameServer] 194.168.4.100 194.168.8.100

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2234053327-359660119-4253514962-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2234053327-359660119-4253514962-1000 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2234053327-359660119-4253514962-1000 -> OldSearch URL =
SearchScopes: HKU\S-1-5-21-2234053327-359660119-4253514962-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}

FireFox:
========
FF ProfilePath: G:\Users\leon\AppData\Roaming\Mozilla\Firefox\Profiles\wp9w52m5.default
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser//h?eq=U0EeCFZVBB8SRghBdFpeVl9IGBhGJA5cTA1BGVcOIQ4OVhQUFwISeQtaAlpEEwcFIk0FA18DB0VXfV9eFElXTwhuIVdBM1wCVFlXM3FNAw==
FF SelectedSearchEngine: Default
FF DefaultSearchEngine: Default
FF Plugin: @tools.google.com/Google Update;version=3 -> G:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> G:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)

Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.google.co.uk/"
CHR Profile: G:\Users\leon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - G:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - G:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Thesaurus.com - Synonyms and Antonyms) - G:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\clljlcapeomdokpgadmegpabakieebci [2014-09-14]
CHR Extension: (Google Search) - G:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Diet Diary) - G:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\neckeibmjhibmgoigmffjlihekefmffd [2014-09-14]
CHR Extension: (Chrome Web Store Payments) - G:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-10]
CHR Extension: (Gmail) - G:\Users\leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-05]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ADDONCU; G:\Program Files\ADDON\NWU281 USB Wireless LAN Utility\RtlService.exe [36864 2012-05-10] (Realtek Semiconductor Corp.) [File not signed]
S2 MBAMScheduler; G:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; G:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 TVersityMediaServer; G:\ProgramData\TVersity\Media Server\MediaServer.exe [1677448 2015-07-29] ()
R3 WdNisSvc; G:\Program Files\Windows Defender\NisSrv.exe [277760 2015-07-10] (Microsoft Corporation)
R2 WinDefend; G:\Program Files\Windows Defender\MsMpEng.exe [23264 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 MBAMProtector; G:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; G:\WINDOWS\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R1 MpKslb7e9239f; G:\ProgramData\Microsoft\Windows Defender\Definition Updates\{09048DA4-458A-4F5A-867F-D262AF8C45C4}\MpKslb7e9239f.sys [39168 2015-10-30] (Microsoft Corporation)
R3 rt640x86; G:\WINDOWS\System32\drivers\rt640x86.sys [492032 2015-07-10] (Realtek )
R3 RtlWlanu; G:\WINDOWS\System32\drivers\rtwlanu.sys [3234520 2015-07-10] (Realtek Semiconductor Corporation )
S3 tsusbhub; G:\WINDOWS\System32\drivers\tsusbhub.sys [112640 2010-11-20] (Microsoft Corporation) [File not signed]
S3 UdeCx; G:\WINDOWS\System32\drivers\udecx.sys [31744 2015-07-10] ()
S0 WdBoot; G:\WINDOWS\System32\drivers\WdBoot.sys [37400 2015-07-10] (Microsoft Corporation)
R0 WdFilter; G:\WINDOWS\System32\drivers\WdFilter.sys [245600 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; G:\WINDOWS\System32\Drivers\WdNisDrv.sys [97632 2015-07-10] (Microsoft Corporation)
S3 eapihdrv; \??\G:\Users\leon\AppData\Local\Temp\ehdrv.sys [X]
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-31 02:35 - 2015-10-31 02:35 - 00016148 _____ G:\WINDOWS\system32\LEON-PC_leon_HistoryPrediction.bin
2015-10-30 23:07 - 2015-10-30 23:07 - 00000000 ____D G:\Users\leon\AppData\Local\PeerDistRepub
2015-10-30 20:57 - 2015-10-30 20:57 - 00000020 ___SH G:\Users\DefaultAppPool\ntuser.ini
2015-10-30 20:57 - 2015-10-30 20:57 - 00000000 ____D G:\Users\DefaultAppPool
2015-10-30 20:57 - 2015-09-10 09:52 - 00000000 ___RD G:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-30 20:57 - 2015-07-10 08:28 - 00000000 __RSD G:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-10-30 20:57 - 2015-07-10 08:28 - 00000000 ___RD G:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-30 20:57 - 2015-07-10 08:28 - 00000000 ___RD G:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-30 20:57 - 2015-07-10 08:28 - 00000000 ____D G:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-30 04:48 - 2015-10-30 04:48 - 00006655 _____ G:\Users\leon\Desktop\zoek-results.txt
2015-10-30 04:46 - 2015-10-30 04:46 - 00000008 __RSH G:\ProgramData\ntuser.pol
2015-10-30 04:46 - 2015-10-30 04:46 - 00000000 ____D G:\Users\leon\AppData\Local\VirtualStore
2015-10-30 02:40 - 2015-10-30 02:22 - 00024064 _____ G:\WINDOWS\zoek-delete.exe
2015-10-30 02:25 - 2015-10-30 04:47 - 00006655 _____ G:\zoek-results.log
2015-10-30 02:22 - 2015-10-30 02:39 - 00000000 ____D G:\zoek_backup
2015-10-30 02:16 - 2015-10-30 02:22 - 01309184 _____ G:\Users\leon\Desktop\zoek.exe
2015-10-30 02:14 - 2015-10-30 02:14 - 00014796 _____ G:\Users\leon\Desktop\rk_89F4.tmp.txt
2015-10-30 01:27 - 2015-10-30 02:15 - 00000000 ____D G:\ProgramData\RogueKiller
2015-10-30 01:27 - 2015-10-30 01:27 - 00035064 _____ G:\WINDOWS\system32\Drivers\TrueSight.sys
2015-10-30 01:22 - 2015-10-30 01:27 - 18965064 _____ G:\Users\leon\Desktop\RogueKiller.exe
2015-10-30 00:54 - 2015-10-27 23:16 - 18801664 _____ (Microsoft Corporation) G:\WINDOWS\system32\edgehtml.dll
2015-10-30 00:54 - 2015-10-21 05:57 - 00558944 _____ (Microsoft Corporation) G:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-10-30 00:54 - 2015-10-21 05:55 - 00337760 _____ (Microsoft Corporation) G:\WINDOWS\system32\Drivers\netio.sys
2015-10-30 00:54 - 2015-10-21 05:53 - 00961376 _____ (Microsoft Corporation) G:\WINDOWS\system32\LicenseManager.dll
2015-10-30 00:54 - 2015-10-21 05:49 - 02878512 _____ (Microsoft Corporation) G:\WINDOWS\system32\iertutil.dll
2015-10-30 00:54 - 2015-10-21 05:13 - 19326464 _____ (Microsoft Corporation) G:\WINDOWS\system32\mshtml.dll
2015-10-30 00:54 - 2015-10-21 05:11 - 02647040 _____ (Microsoft Corporation) G:\WINDOWS\system32\Windows.Media.dll
2015-10-30 00:54 - 2015-10-21 05:08 - 01918976 _____ (Microsoft Corporation) G:\WINDOWS\system32\MFMediaEngine.dll
2015-10-30 00:54 - 2015-10-21 05:07 - 00260608 _____ (Microsoft Corporation) G:\WINDOWS\system32\MusUpdateHandlers.dll
2015-10-30 00:54 - 2015-10-21 05:05 - 02639872 _____ (Microsoft Corporation) G:\WINDOWS\system32\esent.dll
2015-10-30 00:54 - 2015-10-21 05:03 - 01380864 _____ (Microsoft Corporation) G:\WINDOWS\system32\urlmon.dll
2015-10-30 00:54 - 2015-10-21 05:03 - 00821760 _____ (Microsoft Corporation) G:\WINDOWS\system32\audiosrv.dll
2015-10-30 00:54 - 2015-10-21 05:00 - 01917952 _____ (Microsoft Corporation) G:\WINDOWS\system32\AppXDeploymentServer.dll
2015-10-30 00:54 - 2015-10-21 05:00 - 00491008 _____ (Microsoft Corporation) G:\WINDOWS\system32\winlogon.exe
2015-10-30 00:54 - 2015-10-21 04:59 - 00546816 _____ (Microsoft Corporation) G:\WINDOWS\system32\usermgr.dll
2015-10-30 00:54 - 2015-10-21 04:58 - 02049536 _____ (Microsoft Corporation) G:\WINDOWS\system32\Windows.StateRepository.dll
2015-10-30 00:54 - 2015-10-21 04:58 - 00464896 _____ (Microsoft Corporation) G:\WINDOWS\system32\Windows.UI.dll
2015-10-30 00:54 - 2015-10-21 04:56 - 01499648 _____ (Microsoft Corporation) G:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-10-30 00:54 - 2015-10-21 04:55 - 00115712 _____ (Microsoft Corporation) G:\WINDOWS\system32\dssvc.dll
2015-10-30 00:53 - 2015-10-21 05:15 - 00063488 _____ (Microsoft Corporation) G:\WINDOWS\system32\browserbroker.dll
2015-10-30 00:53 - 2015-10-21 05:03 - 00311296 _____ (Microsoft Corporation) G:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-10-30 00:53 - 2015-10-21 04:55 - 00441344 _____ (Microsoft Corporation) G:\WINDOWS\system32\dlnashext.dll
2015-10-28 11:16 - 2015-10-28 11:16 - 01691648 _____ G:\Users\leon\Downloads\AdwCleaner.exe
2015-10-28 10:50 - 2015-10-28 10:50 - 00000000 ____D G:\Users\leon\Downloads\Public.Morals.2015.S01E10.HDTV.x264-LOL[ettv]
2015-10-28 10:50 - 2015-10-28 10:50 - 00000000 ____D G:\Users\leon\Downloads\Public.Morals.2015.S01E09.HDTV.x264-LOL[ettv]
2015-10-28 10:49 - 2015-10-28 10:49 - 00000000 ____D G:\Users\leon\Downloads\Public.Morals.2015.S01E08.HDTV.x264-FUM[ettv]
2015-10-28 10:39 - 2015-10-28 10:39 - 00000000 ____D G:\Users\leon\Downloads\Quantico.S01E05.HDTV.x264-LOL[ettv]
2015-10-28 10:38 - 2015-10-28 10:41 - 00000000 ____D G:\Users\leon\Downloads\Homeland.S05E04.WEB-DL.x264-FUM[ettv]
2015-10-28 10:36 - 2015-10-28 10:36 - 00000000 ____D G:\Users\leon\Desktop\log files
2015-10-28 09:46 - 2015-10-31 02:57 - 00000000 ____D G:\FRST
2015-10-28 03:13 - 2015-10-28 03:13 - 00007606 _____ G:\Users\leon\AppData\Local\Resmon.ResmonCfg
2015-10-27 11:46 - 2015-10-27 11:46 - 00000000 ____D G:\Program Files\ESET
2015-10-27 11:43 - 2015-10-27 11:43 - 00000000 ____D G:\Users\leon\AppData\LocalLow\Temp
2015-10-27 11:42 - 2015-10-27 11:42 - 00001123 _____ G:\Users\leon\Documents\JRT.txt
2015-10-27 09:16 - 2015-10-27 18:18 - 00000000 ____D G:\AdwCleaner
2015-10-27 08:44 - 2015-10-30 04:45 - 00002148 _____ G:\WINDOWS\PFRO.log
2015-10-27 08:44 - 2015-10-27 08:44 - 00001190 _____ G:\WINDOWS\system32\ServiceConfig.xml
2015-10-27 08:43 - 2015-10-27 08:43 - 00001738 _____ G:\WINDOWS\system32\EmailAVConfig.xml
2015-10-27 08:33 - 2015-10-27 08:33 - 00170200 _____ (Malwarebytes) G:\WINDOWS\system32\Drivers\46E62C87.sys
2015-10-27 05:34 - 2015-10-27 05:34 - 00170200 _____ (Malwarebytes) G:\WINDOWS\system32\Drivers\7B91239E.sys
2015-10-26 21:27 - 2015-10-31 02:31 - 00000275 _____ G:\WINDOWS\WindowsUpdate.log
2015-10-26 20:25 - 2015-10-26 20:26 - 00150786 _____ G:\Users\leon\Documents\cc_20151026_202459 reg back up.reg
2015-10-26 20:08 - 2015-10-26 20:08 - 00001043 _____ G:\Users\Public\Desktop\CCleaner.lnk
2015-10-26 20:08 - 2015-10-26 20:08 - 00000000 ____D G:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-10-26 20:08 - 2015-10-26 20:08 - 00000000 ____D G:\Program Files\CCleaner
2015-10-26 20:07 - 2015-10-26 20:08 - 06762072 _____ (Piriform Ltd) G:\Users\leon\Downloads\ccsetup511.exe
2015-10-26 19:29 - 2015-10-26 19:29 - 00000000 ___RD G:\Users\leon\3D Objects
2015-10-26 19:28 - 2015-10-26 19:28 - 00000279 _____ G:\Users\leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Control Panel.lnk
2015-10-26 18:32 - 2015-10-26 18:32 - 00170200 _____ (Malwarebytes) G:\WINDOWS\system32\Drivers\235928C0.sys
2015-10-26 12:38 - 2015-10-26 12:38 - 00170200 _____ (Malwarebytes) G:\WINDOWS\system32\Drivers\155619F6.sys
2015-10-26 01:42 - 2015-10-26 01:42 - 00000000 _____ G:\WINDOWS\system32\SBRC.dat
2015-10-26 00:53 - 2015-10-27 09:08 - 00000000 ____D G:\ProgramData\STOPzilla!
2015-10-26 00:53 - 2015-10-26 00:53 - 00000000 ____D G:\Program Files\iS3
2015-10-25 23:07 - 2015-10-25 23:07 - 00000214 _____ G:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2015-10-25 20:38 - 2015-10-31 02:56 - 00000000 ____D G:\Users\leon\AppData\Local\CrashDumps
2015-10-25 12:23 - 2015-10-25 12:23 - 03237248 ____H (Enigma Software Group USA, LLC.) G:\Users\leon\Downloads\SpyHunter-Installer.exe
2015-10-25 11:45 - 2015-10-30 21:26 - 00170200 _____ (Malwarebytes) G:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-25 11:44 - 2015-10-25 11:44 - 00001138 _____ G:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-25 11:44 - 2015-10-25 11:44 - 00000000 ____D G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-25 11:44 - 2015-10-25 11:44 - 00000000 ____D G:\ProgramData\Malwarebytes
2015-10-25 11:44 - 2015-10-25 11:44 - 00000000 ____D G:\Program Files\Malwarebytes Anti-Malware
2015-10-25 11:44 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) G:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-10-25 11:44 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) G:\WINDOWS\system32\Drivers\mwac.sys
2015-10-25 11:44 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) G:\WINDOWS\system32\Drivers\mbam.sys
2015-10-25 11:43 - 2015-10-25 11:43 - 22908888 ____H (Malwarebytes ) G:\Users\leon\Downloads\mbam-setup-2.2.0.1024.exe
2015-10-25 11:17 - 2015-10-25 11:17 - 00000000 ____D G:\WINDOWS\system32\appmgmt
2015-10-24 00:38 - 2015-10-25 10:54 - 00000000 ____D G:\ProgramData\Norton
2015-10-24 00:35 - 2015-10-24 00:35 - 00000000 ____D G:\Users\Public\Documents\Baidu
2015-10-24 00:35 - 2015-10-24 00:34 - 17787368 ____H (Bitberry Software ) G:\Users\leon\Downloads\FreeFileViewerSetup [1].exe
2015-10-23 22:49 - 2015-10-23 22:49 - 00000000 ___HD G:\Users\leon\AppData\Roaming\OpenOffice
2015-10-23 22:13 - 2015-10-23 22:17 - 133616624 ____H G:\Users\leon\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-GB.exe
2015-10-22 03:53 - 2015-10-22 03:53 - 00000000 ___HD G:\Users\leon\Downloads\Limitless.S01E04.HDTV.x264-LOL[ettv]
2015-10-22 03:37 - 2015-10-22 03:40 - 00000000 ___HD G:\Users\leon\Downloads\Homeland.S05E03.WEB-DL.x264-FUM[ettv]
2015-10-22 03:36 - 2015-10-22 03:36 - 00000000 ___HD G:\Users\leon\Downloads\Limitless.S01E05.HDTV.x264-LOL[ettv]
2015-10-19 08:22 - 2015-10-19 08:54 - 00000000 ___HD G:\Users\leon\Downloads\Da.Vinci's.Demons.S02E03.The.Voyage.of.the.Damned.720p.WEB-DL.DD5.1.H.264-BS [PublicHD]
2015-10-19 08:20 - 2015-10-19 09:04 - 00000000 ___HD G:\Users\leon\Downloads\Da.Vinci's.Demons.S02E02.The.Blood.of.Brothers.720p.WEB-DL.DD5.1.H.264-BS [PublicHD]
2015-10-19 08:11 - 2015-10-19 08:43 - 578059500 ____H G:\Users\leon\Downloads\[www.Cpasbien.pe] Da.Vincis.Demons.S02E10.FASTSUB.VOSTFR.HDTV.XviD-F4ST.avi
2015-10-19 07:58 - 2015-10-19 09:42 - 577742112 ____H G:\Users\leon\Downloads\[www.Cpasbien.pe] Da.Vincis.Demons.S02E08.FASTSUB.VOSTFR.HDTV.XviD-F4ST.avi
2015-10-19 07:55 - 2015-10-19 18:45 - 441178636 ____H G:\Users\leon\Downloads\Da.Vinci's.Demons.S02E07.The.Vault.of.Heaven.720p.WEB-DL.2CH.x264-PSA.mkv
2015-10-19 07:54 - 2015-10-19 16:31 - 451582932 ____H G:\Users\leon\Downloads\Da.Vinci's.Demons.S02E06.The.Rope.of.the.Dead.720p.WEB-DL.2CH.x264-PSA.mkv
2015-10-19 07:54 - 2015-10-19 08:29 - 388616720 ____H G:\Users\leon\Downloads\Da.Vinci's.Demons.S02E04.The.Ends.of.the.Earth.720p.WEB-DL.2CH.x264-PSA.mkv
2015-10-19 07:53 - 2015-10-19 08:49 - 495668176 ____H G:\Users\leon\Downloads\Da.Vinci's.Demons.S02E01.The.Blood.of.Man.720p.WEB-DL.2CH.x264-PSA.mkv
2015-10-19 07:53 - 2015-10-19 08:31 - 446250439 ____H G:\Users\leon\Downloads\Da.Vinci's.Demons.S02E05.The.Sun.and.the.Moon.720p.WEB-DL.2CH.x264-PSA.mkv
2015-10-19 07:53 - 2015-10-19 08:22 - 426394696 ____H G:\Users\leon\Downloads\Da.Vinci's.Demons.S02E09.720p.HDTV.2CH.x264-PSA.mkv
2015-10-19 07:41 - 2015-10-19 07:46 - 00000000 ___HD G:\Users\leon\Downloads\The.Knick.S02E01.HDTV.x264-KILLERS[ettv]
2015-10-19 07:41 - 2015-10-19 07:41 - 00000000 ___HD G:\Users\leon\Downloads\The.Blacklist.S03E03.HDTV.x264-FLEET
2015-10-17 07:42 - 2015-10-17 07:51 - 198862745 ____H G:\Users\leon\Downloads\limitless.s01e04.720p.hdtv.hevc.x265.rmteam.mkv
2015-10-17 07:40 - 2015-10-17 07:49 - 00000000 ___HD G:\Users\leon\Downloads\The.Last.Kingdom.S01E02.HDTV.x264-KILLERS[ettv]
2015-10-17 07:40 - 2015-10-17 07:40 - 00000000 ___HD G:\Users\leon\Downloads\The.Good.Wife.S07E02.HDTV.x264-LOL[ettv]
2015-10-13 18:06 - 2015-10-10 06:44 - 00069312 _____ (Microsoft Corporation) G:\WINDOWS\system32\acmigration.dll
2015-10-13 18:06 - 2015-10-06 02:46 - 13027840 _____ (Microsoft Corporation) G:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-13 18:06 - 2015-10-01 03:36 - 06265184 _____ (Microsoft Corporation) G:\WINDOWS\system32\ntoskrnl.exe
2015-10-13 18:06 - 2015-10-01 03:36 - 01034032 _____ (Microsoft Corporation) G:\WINDOWS\system32\winload.efi
2015-10-13 18:06 - 2015-10-01 03:36 - 00907992 _____ (Microsoft Corporation) G:\WINDOWS\system32\winload.exe
2015-10-13 18:06 - 2015-10-01 03:36 - 00869232 _____ (Microsoft Corporation) G:\WINDOWS\system32\winresume.efi
2015-10-13 18:06 - 2015-10-01 03:36 - 00754080 _____ (Microsoft Corporation) G:\WINDOWS\system32\winresume.exe
2015-10-13 18:06 - 2015-10-01 02:40 - 00608768 _____ (Microsoft Corporation) G:\WINDOWS\system32\fveapi.dll
2015-10-13 18:06 - 2015-09-25 03:33 - 01997336 _____ (Microsoft Corporation) G:\WINDOWS\system32\msxml6.dll
2015-10-13 18:06 - 2015-09-25 03:31 - 00368992 _____ (Microsoft Corporation) G:\WINDOWS\system32\Drivers\usbhub.sys
2015-10-13 18:06 - 2015-09-25 03:26 - 20858360 _____ (Microsoft Corporation) G:\WINDOWS\system32\shell32.dll
2015-10-13 18:06 - 2015-09-25 03:21 - 00851296 _____ (Microsoft Corporation) G:\WINDOWS\system32\SecConfig.efi
2015-10-13 18:06 - 2015-09-25 02:47 - 00195584 _____ (Microsoft Corporation) G:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-13 18:06 - 2015-09-25 02:47 - 00172032 _____ (Microsoft Corporation) G:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-13 18:06 - 2015-09-25 02:43 - 00997376 _____ (Microsoft Corporation) G:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-13 18:06 - 2015-09-25 02:38 - 03580416 _____ (Microsoft Corporation) G:\WINDOWS\system32\jscript9.dll
2015-10-13 18:06 - 2015-09-25 02:38 - 00650240 _____ (Microsoft Corporation) G:\WINDOWS\system32\jscript.dll
2015-10-13 18:06 - 2015-09-25 02:38 - 00574464 _____ (Microsoft Corporation) G:\WINDOWS\system32\Chakradiag.dll
2015-10-13 18:06 - 2015-09-25 02:38 - 00504320 _____ (Microsoft Corporation) G:\WINDOWS\system32\vbscript.dll
2015-10-13 18:06 - 2015-09-25 02:37 - 00766976 _____ (Microsoft Corporation) G:\WINDOWS\system32\kerberos.dll
2015-10-13 18:06 - 2015-09-25 02:37 - 00613376 _____ (Microsoft Corporation) G:\WINDOWS\system32\TokenBroker.dll
2015-10-13 18:06 - 2015-09-25 02:37 - 00480256 _____ (Microsoft Corporation) G:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-13 18:06 - 2015-09-25 02:36 - 11262976 _____ (Microsoft Corporation) G:\WINDOWS\system32\ieframe.dll
2015-10-13 18:06 - 2015-09-25 02:36 - 05454848 _____ (Microsoft Corporation) G:\WINDOWS\system32\Chakra.dll
2015-10-13 18:06 - 2015-09-25 02:35 - 02985472 _____ (Microsoft Corporation) G:\WINDOWS\system32\win32kfull.sys
2015-10-13 18:06 - 2015-09-25 02:34 - 01133568 _____ (Microsoft Corporation) G:\WINDOWS\system32\win32kbase.sys
2015-10-13 18:06 - 2015-09-25 02:34 - 01127936 _____ (Microsoft Corporation) G:\WINDOWS\system32\UserDataService.dll
2015-10-13 18:06 - 2015-09-25 02:34 - 00928256 _____ (Microsoft Corporation) G:\WINDOWS\system32\Unistore.dll
2015-10-13 18:06 - 2015-09-25 02:34 - 00625152 _____ (Microsoft Corporation) G:\WINDOWS\system32\ContactApis.dll
2015-10-13 18:06 - 2015-09-25 02:34 - 00579584 _____ (Microsoft Corporation) G:\WINDOWS\system32\AppointmentApis.dll
2015-10-13 18:06 - 2015-09-25 02:34 - 00557568 _____ (Microsoft Corporation) G:\WINDOWS\system32\ChatApis.dll
2015-10-13 18:06 - 2015-09-25 02:34 - 00525312 _____ (Microsoft Corporation) G:\WINDOWS\system32\EmailApis.dll
2015-10-13 18:06 - 2015-09-25 02:34 - 00228352 _____ (Microsoft Corporation) G:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-13 18:06 - 2015-09-25 02:33 - 00131072 _____ (Microsoft Corporation) G:\WINDOWS\system32\CallHistoryClient.dll
2015-10-13 18:06 - 2015-09-25 02:32 - 01594368 _____ (Microsoft Corporation) G:\WINDOWS\system32\msxml3.dll
2015-10-13 18:06 - 2015-09-25 02:32 - 00466432 _____ (Microsoft Corporation) G:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-12 10:22 - 2015-10-12 10:29 - 00000000 ___HD G:\Users\leon\Downloads\The.Bastard.Executioner.S01E05.HDTV.XviD-FUM[ettv]
2015-10-12 10:11 - 2015-10-12 10:25 - 00000000 ___HD G:\Users\leon\Downloads\The.Bastard.Executioner.S01E04.HDTV.x264-KILLERS[ettv]
2015-10-12 10:09 - 2015-10-12 10:09 - 00000000 ___HD G:\Users\leon\Downloads\Limitless.S01E03.HDTV.x264-LOL[ettv]
2015-10-12 10:08 - 2015-10-12 10:09 - 00000000 ___HD G:\Users\leon\Downloads\Quantico.S01E02.HDTV.x264-LOL[ettv]
2015-10-12 10:03 - 2015-10-12 10:42 - 00000000 ___HD G:\Users\leon\Downloads\The.Walking.Dead.S06E01.PROPER.HDTV.x264-KILLERS[ettv]
2015-10-12 10:03 - 2015-10-12 10:03 - 00000000 ___HD G:\Users\leon\Downloads\Quantico.S01E03.HDTV.x264-LOL[ettv]
2015-10-12 10:02 - 2015-10-12 10:02 - 00000000 ___HD G:\Users\leon\Downloads\The.Good.Wife.S07E01.HDTV.x264-LOL[ettv]
2015-10-12 10:01 - 2015-10-12 10:11 - 354094964 ____H G:\Users\leon\Downloads\The.Blacklist.S03E01.The.Troll.Farmer.1080p.WEB-DL.x265.HEVC.AAC.5.1.Condo.mkv
2015-10-12 09:34 - 2015-10-12 09:43 - 00000000 ___HD G:\Users\leon\Downloads\The.Blacklist.S03E02.HDTV.XviD-FUM[ettv]
2015-10-12 09:32 - 2015-10-12 09:47 - 00000000 ___HD G:\Users\leon\Downloads\The.Last.Kingdom.S01E01.HDTV.x264-KILLERS[ettv]
2015-10-12 09:30 - 2015-10-12 09:32 - 00000000 ___HD G:\Users\leon\Downloads\Homeland.S05E02.WEB-DL.XviD-FUM[ettv]
2015-10-12 09:29 - 2015-10-12 09:34 - 00000000 ___HD G:\Users\leon\Downloads\Homeland S05E01 HDTV XviD-FUM[ettv]
2015-10-01 19:53 - 2015-09-17 06:28 - 05120056 _____ (Microsoft Corporation) G:\WINDOWS\system32\windows.storage.dll
2015-10-01 19:53 - 2015-09-17 05:40 - 06101504 _____ (Microsoft Corporation) G:\WINDOWS\system32\mos.dll
2015-10-01 19:53 - 2015-09-17 05:35 - 05079552 _____ (Microsoft Corporation) G:\WINDOWS\system32\BingMaps.dll
2015-10-01 19:52 - 2015-09-19 03:50 - 00083160 _____ (Microsoft Corporation) G:\WINDOWS\system32\omadmapi.dll
2015-10-01 19:52 - 2015-09-17 06:28 - 02154808 _____ (Microsoft Corporation) G:\WINDOWS\system32\mfcore.dll
2015-10-01 19:52 - 2015-09-17 06:28 - 01357888 _____ (Microsoft Corporation) G:\WINDOWS\system32\winmde.dll
2015-10-01 19:52 - 2015-09-17 06:28 - 01343952 _____ (Microsoft Corporation) G:\WINDOWS\system32\wmpmde.dll
2015-10-01 19:52 - 2015-09-17 06:28 - 00680144 _____ (Microsoft Corporation) G:\WINDOWS\system32\Drivers\Wdf01000.sys
2015-10-01 19:52 - 2015-09-17 06:28 - 00441168 _____ (Microsoft Corporation) G:\WINDOWS\system32\SettingSyncHost.exe
2015-10-01 19:52 - 2015-09-17 06:28 - 00407608 _____ (Microsoft Corporation) G:\WINDOWS\system32\AudioSes.dll
2015-10-01 19:52 - 2015-09-17 06:28 - 00083792 _____ (Microsoft Corporation) G:\WINDOWS\system32\Drivers\pdc.sys
2015-10-01 19:52 - 2015-09-17 06:28 - 00074880 _____ (Microsoft Corporation) G:\WINDOWS\system32\remoteaudioendpoint.dll
2015-10-01 19:52 - 2015-09-17 06:27 - 01766952 _____ G:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 19:52 - 2015-09-17 06:27 - 00454512 _____ (Microsoft Corporation) G:\WINDOWS\system32\directmanipulation.dll
2015-10-01 19:52 - 2015-09-17 06:26 - 02446648 _____ (Microsoft Corporation) G:\WINDOWS\system32\msmpeg2vdec.dll
2015-10-01 19:52 - 2015-09-17 06:26 - 01895568 _____ (Microsoft Corporation) G:\WINDOWS\system32\hevcdecoder.dll
2015-10-01 19:52 - 2015-09-17 06:26 - 01856848 _____ (Microsoft Corporation) G:\WINDOWS\system32\Drivers\tcpip.sys
2015-10-01 19:52 - 2015-09-17 06:26 - 01708376 _____ (Microsoft Corporation) G:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-10-01 19:52 - 2015-09-17 06:26 - 00646672 _____ (Microsoft Corporation) G:\WINDOWS\system32\mfsvr.dll
2015-10-01 19:52 - 2015-09-17 06:26 - 00587776 _____ (Microsoft Corporation) G:\WINDOWS\system32\CoreMessaging.dll
2015-10-01 19:52 - 2015-09-17 06:26 - 00508248 _____ (Microsoft Corporation) G:\WINDOWS\system32\mf.dll
2015-10-01 19:52 - 2015-09-17 06:26 - 00436064 _____ (Microsoft Corporation) G:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-10-01 19:52 - 2015-09-17 06:26 - 00434376 _____ (Microsoft Corporation) G:\WINDOWS\system32\MFCaptureEngine.dll
2015-10-01 19:52 - 2015-09-17 06:26 - 00428128 _____ (Microsoft Corporation) G:\WINDOWS\system32\WWanAPI.dll
2015-10-01 19:52 - 2015-09-17 06:26 - 00414560 _____ (Microsoft Corporation) G:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-10-01 19:52 - 2015-09-17 06:26 - 00335696 _____ (Microsoft Corporation) G:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-10-01 19:52 - 2015-09-17 06:26 - 00274272 _____ (Microsoft Corporation) G:\WINDOWS\system32\Drivers\fastfat.sys
2015-10-01 19:52 - 2015-09-17 06:26 - 00228192 _____ (Microsoft Corporation) G:\WINDOWS\system32\Drivers\sdbus.sys
2015-10-01 19:52 - 2015-09-17 06:21 - 00658528 _____ (Microsoft Corporation) G:\WINDOWS\system32\mfds.dll
2015-10-01 19:52 - 2015-09-17 06:20 - 00764416 _____ (Microsoft Corporation) G:\WINDOWS\system32\twinapi.appcore.dll
2015-10-01 19:52 - 2015-09-17 06:13 - 01054048 _____ (Microsoft Corporation) G:\WINDOWS\system32\wpx.dll
2015-10-01 19:52 - 2015-09-17 06:13 - 00918880 _____ (Microsoft Corporation) G:\WINDOWS\system32\Drivers\ndis.sys
2015-10-01 19:52 - 2015-09-17 05:51 - 00189952 _____ (Microsoft Corporation) G:\WINDOWS\system32\provengine.dll
2015-10-01 19:52 - 2015-09-17 05:51 - 00139264 _____ (Microsoft Corporation) G:\WINDOWS\system32\enrollmentapi.dll
2015-10-01 19:52 - 2015-09-17 05:51 - 00106496 _____ (Microsoft Corporation) G:\WINDOWS\system32\provops.dll
2015-10-01 19:52 - 2015-09-17 05:49 - 00371712 _____ (Microsoft Corporation) G:\WINDOWS\system32\StoreAgent.dll
2015-10-01 19:52 - 2015-09-17 05:49 - 00041472 _____ (Microsoft Corporation) G:\WINDOWS\system32\Windows.Speech.Pal.dll
2015-10-01 19:52 - 2015-09-17 05:49 - 00022016 _____ (Microsoft Corporation) G:\WINDOWS\system32\LicenseManagerShellext.exe
2015-10-01 19:52 - 2015-09-17 05:48 - 00539136 _____ (Microsoft Corporation) G:\WINDOWS\system32\CellularAPI.dll
2015-10-01 19:52 - 2015-09-17 05:48 - 00370176 _____ (Microsoft Corporation) G:\WINDOWS\system32\MBMediaManager.dll
2015-10-01 19:52 - 2015-09-17 05:48 - 00121344 _____ (Microsoft Corporation) G:\WINDOWS\system32\tetheringservice.dll
2015-10-01 19:52 - 2015-09-17 05:47 - 01508864 _____ (Microsoft Corporation) G:\WINDOWS\system32\NetworkMobileSettings.dll
2015-10-01 19:52 - 2015-09-17 05:47 - 00387072 _____ (Microsoft Corporation) G:\WINDOWS\system32\DataSenseHandlers.dll
2015-10-01 19:52 - 2015-09-17 05:47 - 00371712 _____ (Microsoft Corporation) G:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-10-01 19:52 - 2015-09-17 05:46 - 00673280 _____ (Microsoft Corporation) G:\WINDOWS\system32\SharedStartModel.dll
2015-10-01 19:52 - 2015-09-17 05:46 - 00072192 _____ (Microsoft Corporation) G:\WINDOWS\system32\ngckeyenum.dll
2015-10-01 19:52 - 2015-09-17 05:45 - 00075776 _____ (Microsoft Corporation) G:\WINDOWS\system32\DeviceEnroller.exe
2015-10-01 19:52 - 2015-09-17 05:43 - 00095232 _____ (Microsoft Corporation) G:\WINDOWS\system32\KeywordDetectorMsftSidAdapter.dll
2015-10-01 19:52 - 2015-09-17 05:42 - 00388096 _____ (Microsoft Corporation) G:\WINDOWS\system32\tileobjserver.dll
2015-10-01 19:52 - 2015-09-17 05:41 - 00675328 _____ (Microsoft Corporation) G:\WINDOWS\system32\modernexecserver.dll
2015-10-01 19:52 - 2015-09-17 05:41 - 00217088 _____ (Microsoft Corporation) G:\WINDOWS\system32\VEEventDispatcher.dll
2015-10-01 19:52 - 2015-09-17 05:41 - 00108032 _____ (Microsoft Corporation) G:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-10-01 19:52 - 2015-09-17 05:40 - 01162240 _____ (Microsoft Corporation) G:\WINDOWS\system32\Windows.Media.Speech.dll
2015-10-01 19:52 - 2015-09-17 05:40 - 00504832 _____ (Microsoft Corporation) G:\WINDOWS\system32\WUDFx02000.dll
2015-10-01 19:52 - 2015-09-17 05:40 - 00418304 _____ (Microsoft Corporation) G:\WINDOWS\system32\PsmServiceExtHost.dll
2015-10-01 19:52 - 2015-09-17 05:40 - 00351744 _____ (Microsoft Corporation) G:\WINDOWS\system32\dmenrollengine.dll
2015-10-01 19:52 - 2015-09-17 05:39 - 01877504 _____ (Microsoft Corporation) G:\WINDOWS\system32\wlansvc.dll
2015-10-01 19:52 - 2015-09-17 05:39 - 01829376 _____ (Microsoft Corporation) G:\WINDOWS\system32\wuaueng.dll
2015-10-01 19:52 - 2015-09-17 05:39 - 00587264 _____ (Microsoft Corporation) G:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-10-01 19:52 - 2015-09-17 05:39 - 00296448 _____ (Microsoft Corporation) G:\WINDOWS\system32\wuuhext.dll
2015-10-01 19:52 - 2015-09-17 05:39 - 00284672 _____ (Microsoft Corporation) G:\WINDOWS\system32\ngccredprov.dll
2015-10-01 19:52 - 2015-09-17 05:39 - 00160768 _____ (Microsoft Corporation) G:\WINDOWS\system32\accountaccessor.dll
2015-10-01 19:52 - 2015-09-17 05:39 - 00102912 _____ (Microsoft Corporation) G:\WINDOWS\system32\omadmclient.exe
2015-10-01 19:52 - 2015-09-17 05:39 - 00064000 _____ (Microsoft Corporation) G:\WINDOWS\system32\wwancfg.dll
2015-10-01 19:52 - 2015-09-17 05:37 - 00454656 _____ (Microsoft Corporation) G:\WINDOWS\system32\MbaeApi.dll
2015-10-01 19:52 - 2015-09-17 05:36 - 06529024 _____ (Microsoft Corporation) G:\WINDOWS\system32\wwanmm.dll
2015-10-01 19:52 - 2015-09-17 05:36 - 00926720 _____ (Microsoft Corporation) G:\WINDOWS\system32\wwansvc.dll
2015-10-01 19:52 - 2015-09-17 05:36 - 00661504 _____ (Microsoft Corporation) G:\WINDOWS\system32\MPSSVC.dll
2015-10-01 19:52 - 2015-09-17 05:36 - 00483328 _____ (Microsoft Corporation) G:\WINDOWS\system32\wcmsvc.dll
2015-10-01 19:52 - 2015-09-17 05:36 - 00385024 _____ (Microsoft Corporation) G:\WINDOWS\system32\wwanconn.dll
2015-10-01 19:52 - 2015-09-17 05:36 - 00162816 _____ (Microsoft Corporation) G:\WINDOWS\system32\wcmcsp.dll
2015-10-01 19:52 - 2015-09-17 05:36 - 00130048 _____ (Microsoft Corporation) G:\WINDOWS\system32\SubscriptionMgr.dll
2015-10-01 19:52 - 2015-09-17 05:35 - 03026432 _____ (Microsoft Corporation) G:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-10-01 19:52 - 2015-09-17 05:35 - 02207232 _____ (Microsoft Corporation) G:\WINDOWS\system32\wininet.dll
2015-10-01 19:52 - 2015-09-17 05:35 - 01820160 _____ (Microsoft Corporation) G:\WINDOWS\system32\Windows.UI.Logon.dll
2015-10-01 19:52 - 2015-09-17 05:35 - 01762304 _____ (Microsoft Corporation) G:\WINDOWS\system32\pnidui.dll
2015-10-01 19:52 - 2015-09-17 05:35 - 00828928 _____ (Microsoft Corporation) G:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-10-01 19:52 - 2015-09-17 05:35 - 00283136 _____ (Microsoft Corporation) G:\WINDOWS\system32\ncsi.dll
2015-10-01 19:52 - 2015-09-17 05:34 - 00350208 _____ (Microsoft Corporation) G:\WINDOWS\system32\LocationWebproxy.dll
2015-10-01 19:52 - 2015-09-17 05:34 - 00253440 _____ (Microsoft Corporation) G:\WINDOWS\system32\SensorsApi.dll
2015-10-01 19:52 - 2015-09-17 05:34 - 00230400 _____ (Microsoft Corporation) G:\WINDOWS\system32\Drivers\portcls.sys
2015-10-01 19:52 - 2015-09-17 05:34 - 00026112 _____ (Microsoft Corporation) G:\WINDOWS\system32\Drivers\buttonconverter.sys
2015-10-01 19:52 - 2015-09-17 05:33 - 00076288 _____ (Microsoft Corporation) G:\WINDOWS\system32\LocationWiFiAdapter.dll
2015-10-01 19:52 - 2015-09-17 05:32 - 01543680 _____ (Microsoft Corporation) G:\WINDOWS\system32\wlidsvc.dll
2015-10-01 19:52 - 2015-09-17 05:32 - 00989696 _____ (Microsoft Corporation) G:\WINDOWS\system32\Windows.UI.Shell.dll
2015-10-01 19:52 - 2015-09-17 05:32 - 00733184 _____ (Microsoft Corporation) G:\WINDOWS\system32\RDXService.dll
2015-10-01 19:52 - 2015-09-17 05:32 - 00397824 _____ (Microsoft Corporation) G:\WINDOWS\system32\NotificationController.dll
2015-10-01 19:52 - 2015-09-17 05:32 - 00336384 _____ (Microsoft Corporation) G:\WINDOWS\system32\CredProvDataModel.dll
2015-10-01 19:52 - 2015-09-17 05:32 - 00313856 _____ (Microsoft Corporation) G:\WINDOWS\system32\LockAppBroker.dll
2015-10-01 19:52 - 2015-09-17 05:32 - 00195072 _____ (Microsoft Corporation) G:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-10-01 19:52 - 2015-09-17 05:31 - 00389632 _____ (Microsoft Corporation) G:\WINDOWS\system32\ngcsvc.dll
2015-10-01 19:52 - 2015-09-17 05:31 - 00268800 _____ (Microsoft Corporation) G:\WINDOWS\system32\ncryptprov.dll
2015-10-01 19:52 - 2015-09-17 05:30 - 00311808 _____ (Microsoft Corporation) G:\WINDOWS\system32\AppXDeploymentClient.dll
2015-10-01 19:52 - 2015-09-17 05:30 - 00145920 _____ (Microsoft Corporation) G:\WINDOWS\system32\KnobsCore.dll
2015-10-01 19:52 - 2015-09-17 05:30 - 00133632 _____ (Microsoft Corporation) G:\WINDOWS\system32\cloudAP.dll
2015-10-01 19:52 - 2015-09-17 05:30 - 00083456 _____ (Microsoft Corporation) G:\WINDOWS\system32\KnobsCsp.dll
2015-10-01 19:52 - 2015-09-17 05:30 - 00067584 _____ (Microsoft Corporation) G:\WINDOWS\system32\MDMAppInstaller.exe
2015-10-01 19:52 - 2015-09-17 05:30 - 00061952 _____ (Microsoft Corporation) G:\WINDOWS\system32\HttpsDataSource.dll
2015-10-01 19:52 - 2015-09-17 05:29 - 01104384 _____ (Microsoft Corporation) G:\WINDOWS\system32\UIAutomationCore.dll
2015-10-01 19:52 - 2015-09-17 05:29 - 00701952 _____ (Microsoft Corporation) G:\WINDOWS\system32\JpMapControl.dll
2015-10-01 19:52 - 2015-09-17 05:29 - 00677888 _____ (Microsoft Corporation) G:\WINDOWS\system32\MapControlCore.dll
2015-10-01 19:52 - 2015-09-17 05:28 - 00402944 _____ (Microsoft Corporation) G:\WINDOWS\system32\bisrv.dll
2015-10-01 19:52 - 2015-09-17 05:28 - 00228352 _____ (Microsoft Corporation) G:\WINDOWS\system32\syncutil.dll
2015-10-01 19:52 - 2015-09-17 05:27 - 01380352 _____ (Microsoft Corporation) G:\WINDOWS\system32\workfolderssvc.dll
2015-10-01 19:52 - 2015-09-17 05:27 - 00269312 _____ (Microsoft Corporation) G:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-10-01 19:52 - 2015-09-17 05:27 - 00147456 _____ (Microsoft Corporation) G:\WINDOWS\system32\psmsrv.dll
2015-10-01 19:52 - 2015-09-17 05:26 - 00899584 _____ (Microsoft Corporation) G:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-10-01 19:51 - 2015-09-17 05:51 - 00145920 _____ (Microsoft Corporation) G:\WINDOWS\system32\mdmregistration.dll
2015-10-01 19:51 - 2015-09-17 05:45 - 00193024 _____ (Microsoft Corporation) G:\WINDOWS\system32\Windows.Internal.Management.dll
2015-10-01 19:51 - 2015-09-17 05:45 - 00132096 _____ (Microsoft Corporation) G:\WINDOWS\system32\provisioningcsp.dll
2015-10-01 19:51 - 2015-09-17 05:45 - 00128512 _____ (Microsoft Corporation) G:\WINDOWS\system32\mdmmigrator.dll
2015-10-01 19:51 - 2015-09-17 05:45 - 00114176 _____ (Microsoft Corporation) G:\WINDOWS\system32\dmcertinst.exe
2015-10-01 19:51 - 2015-09-17 05:45 - 00055296 _____ (Microsoft Corporation) G:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2015-10-01 19:51 - 2015-09-17 05:43 - 00328704 _____ (Microsoft Corporation) G:\WINDOWS\system32\MapConfiguration.dll
2015-10-01 19:51 - 2015-09-17 05:40 - 00273408 _____ (Microsoft Corporation) G:\WINDOWS\system32\configmanager2.dll
2015-10-01 19:51 - 2015-09-17 05:39 - 00247808 _____ (Microsoft Corporation) G:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-01 19:51 - 2015-09-17 05:39 - 00103936 _____ (Microsoft Corporation) G:\WINDOWS\system32\dmcsps.dll
2015-10-01 19:51 - 2015-09-17 05:36 - 01171456 _____ (Microsoft Corporation) G:\WINDOWS\system32\netcenter.dll
2015-10-01 19:51 - 2015-09-17 05:34 - 00261120 _____ (Microsoft Corporation) G:\WINDOWS\system32\LocationGeofences.dll
2015-10-01 19:51 - 2015-09-17 05:33 - 00181760 _____ (Microsoft Corporation) G:\WINDOWS\system32\LocationCrowdsource.dll
2015-10-01 19:51 - 2015-09-17 05:30 - 00449536 _____ (Microsoft Corporation) G:\WINDOWS\system32\enterprisecsps.dll
2015-10-01 19:51 - 2015-09-17 05:30 - 00025088 _____ (Microsoft Corporation) G:\WINDOWS\system32\syncmlhook.dll
2015-10-01 19:51 - 2015-09-17 05:29 - 00587264 _____ (Microsoft Corporation) G:\WINDOWS\system32\MapsStore.dll
2015-10-01 19:51 - 2015-09-17 05:28 - 00473088 _____ (Microsoft Corporation) G:\WINDOWS\system32\wpnapps.dll
2015-10-01 11:47 - 2015-10-01 11:47 - 03246726 ____H G:\Users\leon\Desktop\Device_04_20150930192653_20150930200001 - Copy - Copy.avi
2015-10-01 11:46 - 2015-10-01 11:46 - 00350208 ____H (TODO: ) G:\Users\leon\Desktop\264ToAvi.exe
2015-10-01 11:45 - 2015-10-01 11:45 - 00000000 ___HD G:\Users\leon\AppData\Roaming\WinRAR
2015-10-01 11:41 - 2015-10-01 11:45 - 00000000 ____D G:\Program Files\WinRAR
2015-10-01 11:41 - 2015-10-01 11:41 - 00001059 _____ G:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2015-10-01 11:41 - 2015-10-01 11:41 - 00000000 ___HD G:\Users\leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-10-01 11:41 - 2015-10-01 11:41 - 00000000 ____D G:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-10-01 11:36 - 2015-10-01 11:36 - 00000000 ___HD G:\Users\leon\Downloads\WinRAR 5.20 Final (x86-x64) Incl. Key [ATOM]
2015-10-01 11:24 - 2015-10-01 11:24 - 00145230 ____H G:\Users\leon\Downloads\264ToAvi_v1.0.1.21.rar
2015-10-01 10:25 - 2015-10-01 10:25 - 00000000 ___HD G:\Users\leon\Documents\Any Video Converter
2015-10-01 10:24 - 2015-10-03 00:19 - 00000000 ___HD G:\Users\leon\AppData\Roaming\Anvsoft

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-31 02:50 - 2015-07-10 08:28 - 00000000 ____D G:\WINDOWS\system32\sru
2015-10-31 02:35 - 2015-02-24 23:38 - 00000000 ___HD G:\Users\leon\AppData\Roaming\vlc
2015-10-31 01:30 - 2015-07-10 08:28 - 00000000 ____D G:\WINDOWS\AppReadiness
2015-10-30 23:41 - 2015-09-16 16:22 - 00828580 _____ G:\WINDOWS\system32\TVersityMediaServer.log
2015-10-30 21:02 - 2014-09-14 13:22 - 00000000 __SHD G:\Users\leon\AppData\LocalLow\EmieUserList
2015-10-30 21:02 - 2014-09-14 13:21 - 00000000 __SHD G:\Users\leon\AppData\LocalLow\EmieSiteList
2015-10-30 19:02 - 2015-07-10 08:28 - 00000000 ____D G:\WINDOWS\Microsoft.NET
2015-10-30 04:55 - 2015-07-10 08:20 - 00000000 ____D G:\WINDOWS\CbsTemp
2015-10-30 04:52 - 2015-09-10 09:48 - 00984150 _____ G:\WINDOWS\system32\PerfStringBackup.INI
2015-10-30 04:51 - 2015-07-10 08:28 - 00000000 ____D G:\WINDOWS\system32\NDF
2015-10-30 04:45 - 2015-07-10 09:55 - 00000006 ____H G:\WINDOWS\Tasks\SA.DAT
2015-10-30 04:45 - 2015-07-10 06:59 - 00262144 ___SH G:\WINDOWS\system32\config\BBI
2015-10-30 04:44 - 2015-07-10 08:28 - 00000000 ____D G:\WINDOWS\system32\appraiser
2015-10-30 02:38 - 2009-07-14 02:37 - 00000000 ____D G:\WINDOWS\system32\GroupPolicy
2015-10-30 02:25 - 2015-07-10 08:28 - 00000000 ____D G:\WINDOWS\system32\restore
2015-10-28 09:30 - 2014-09-14 13:22 - 00000910 _____ G:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-28 09:30 - 2014-09-14 13:22 - 00000906 _____ G:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-27 08:44 - 2015-07-10 10:43 - 00000000 ____D G:\WINDOWS\SKB
2015-10-27 08:44 - 2015-07-10 09:53 - 00196408 _____ G:\WINDOWS\system32\FNTCACHE.DAT
2015-10-26 20:18 - 2015-09-10 18:41 - 00000000 ___DC G:\WINDOWS\Panther
2015-10-26 19:29 - 2015-09-10 09:50 - 00000000 ___HD G:\Users\leon
2015-10-25 22:21 - 2015-07-10 08:28 - 00000000 ___RD G:\WINDOWS\ImmersiveControlPanel
2015-10-25 10:59 - 2015-07-10 08:28 - 00000000 ____D G:\WINDOWS\system32\WinBioDatabase
2015-10-25 10:18 - 2015-07-10 08:28 - 00000000 ___HD G:\WINDOWS\ELAMBKUP
2015-10-25 10:18 - 2015-07-10 06:59 - 00032768 ___SH G:\WINDOWS\system32\config\ELAM
2015-10-24 19:55 - 2014-09-14 13:23 - 00002215 _____ G:\Users\Public\Desktop\Google Chrome.lnk
2015-10-23 22:18 - 2015-07-10 08:28 - 00000000 ____D G:\Program Files\Common Files\microsoft shared
2015-10-20 23:11 - 2015-09-16 16:22 - 00000000 ___HD G:\Users\leon\AppData\Local\TVersity
2015-10-16 03:10 - 2015-07-10 08:29 - 00810488 _____ (Adobe Systems Incorporated) G:\WINDOWS\system32\FlashPlayerApp.exe
2015-10-16 03:10 - 2015-07-10 08:29 - 00176632 _____ (Adobe Systems Incorporated) G:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-10-14 18:39 - 2015-07-10 08:28 - 00000000 ____D G:\WINDOWS\rescache
2015-10-13 18:13 - 2014-09-14 05:46 - 00000000 ____D G:\WINDOWS\system32\MRT
2015-10-13 18:08 - 2014-09-14 05:46 - 141105520 _____ (Microsoft Corporation) G:\WINDOWS\system32\MRT.exe
2015-10-13 17:53 - 2015-07-10 08:28 - 00000000 ___SD G:\WINDOWS\system32\F12
2015-10-13 17:53 - 2015-07-10 08:28 - 00000000 ___RD G:\WINDOWS\PurchaseDialog
2015-10-13 17:53 - 2015-07-10 08:28 - 00000000 ___RD G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-13 17:53 - 2015-07-10 08:28 - 00000000 ____D G:\WINDOWS\system32\WinBioPlugIns
2015-10-13 17:53 - 2015-07-10 08:28 - 00000000 ____D G:\WINDOWS\system32\SystemResetPlatform
2015-10-13 17:53 - 2015-07-10 08:28 - 00000000 ____D G:\WINDOWS\Provisioning
2015-10-13 17:53 - 2015-07-10 08:28 - 00000000 ____D G:\WINDOWS\L2Schemas

==================== Files in the root of some directories =======

2015-10-28 03:13 - 2015-10-28 03:13 - 0007606 _____ () G:\Users\leon\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

G:\WINDOWS\explorer.exe => File is digitally signed
G:\WINDOWS\system32\winlogon.exe => File is digitally signed
G:\WINDOWS\system32\wininit.exe => File is digitally signed
G:\WINDOWS\system32\svchost.exe => File is digitally signed
G:\WINDOWS\system32\services.exe => File is digitally signed
G:\WINDOWS\system32\User32.dll => File is digitally signed
G:\WINDOWS\system32\userinit.exe => File is digitally signed
G:\WINDOWS\system32\rpcss.dll => File is digitally signed
G:\WINDOWS\system32\dnsapi.dll => File is digitally signed
G:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-21 21:30

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:30-10-2015
Ran by leon (2015-10-31 02:59:05)
Running from G:\Users\leon\Desktop\bleeping computer apps
Microsoft Windows 10 Pro (X86) (2015-09-10 10:03:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2234053327-359660119-4253514962-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2234053327-359660119-4253514962-503 - Limited - Disabled)
Guest (S-1-5-21-2234053327-359660119-4253514962-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2234053327-359660119-4253514962-1002 - Limited - Enabled)
leon (S-1-5-21-2234053327-359660119-4253514962-1000 - Administrator - Enabled) => G:\Users\leon

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ADD-NWU281 Wireless LAN Driver and Utility (HKLM\...\{9C049509-055C-4CFF-A116-1D12312225EB}) (Version: 1.00.0199 - )
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Google Chrome (HKLM\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1912 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5910 - Realtek Semiconductor Corp.)
TVersity Codec Pack 1.7 (HKLM\...\TVersity Codec Pack) (Version: 1.7 - TVersity Inc.)
TVersity Media Server 3.8 (HKLM\...\TVersity Media Server) (Version: 3.8 - TVersity)
WinRAR 5.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Xiph.Org Open Codecs 0.85.17777 (HKLM\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

30-10-2015 02:25:36 zoek.exe restore point

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:04 - 2009-06-10 21:39 - 00000824 ____N G:\WINDOWS\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {015BAA2B-B50E-426E-8D56-B4AD19EF605A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => G:\WINDOWS\ehome\mcupdate.exe
Task: {0748BD11-2322-42B7-92B4-F5B0AD0C9720} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {0A6ACB8D-FDBE-46E5-8AA2-E59E045B0ABF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {0B58C596-2B44-4DB8-AD28-CB429A3C2489} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => G:\WINDOWS\ehome\ehPrivJob.exe
Task: {1072B012-B5A3-4DF9-9D53-E9739A62F57F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => G:\WINDOWS\ehome\ehPrivJob.exe
Task: {115AB927-4C31-4182-996A-C9EB8E2A8FE8} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => G:\WINDOWS\ehome\ehrec.exe
Task: {1164F7FC-27A5-4B98-924F-4FAA07F833AC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => G:\WINDOWS\ehome\ehPrivJob.exe
Task: {18042D18-B1E5-4AC4-9D26-1DEA909F0A06} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => G:\WINDOWS\ehome\ehPrivJob.exe
Task: {1D0A4740-D9D4-465E-8838-44EDB715F391} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => G:\WINDOWS\ehome\ehPrivJob.exe
Task: {20D2DCB3-4BA1-4E55-997A-501811A88DBD} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => G:\WINDOWS\ehome\mcupdate.exe
Task: {254C67A3-60B0-4911-9AC2-5787531B02BB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2C8E074A-9D4F-4FE2-A1F4-E2A102129394} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {2E542DBB-2473-4BC4-A07F-16F87D81682A} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => G:\WINDOWS\ehome\mcupdate.exe
Task: {2E64B288-F53A-4307-A69D-1421F4582E16} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => G:\WINDOWS\ehome\ehPrivJob.exe
Task: {37709AE3-DD18-4F71-A48E-C5DC49C5A405} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => G:\WINDOWS\ehome\ehPrivJob.exe
Task: {38C5DE4C-03A2-43E9-BC68-7010474A3C48} - System32\Tasks\GoogleUpdateTaskMachineUA => G:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {3EF551F7-4EF7-4589-94B4-CC73AF9FB9AA} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => G:\WINDOWS\ehome\ehPrivJob.exe
Task: {3FD09B84-BA94-4F82-B839-AE2981A70E00} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => G:\WINDOWS\ehome\ehPrivJob.exe
Task: {4506B421-4F2E-4E45-8FAE-C42F25BB3EA1} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => G:\WINDOWS\ehome\mcupdate.exe
Task: {469CA2B9-B119-4B8F-A8ED-45B545E109BB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => G:\WINDOWS\ehome\ehPrivJob.exe
Task: {49F7444F-9FD7-47F3-92F0-12DA7E49C21F} - System32\Tasks\GoogleUpdateTaskMachineCore => G:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {4CF0A2FC-DB79-487C-9D4F-FD74482FF185} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5A7070F7-51A4-4703-B04A-8A5C31F12E9D} - System32\Tasks\CCleanerSkipUAC => G:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
Task: {5CFC6547-F84F-4299-A6D9-75E2E9304389} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot => C:\windows\system32\MusNotification.exe
Task: {5FB5F01F-839D-4591-BF28-A74B0C5CB647} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => G:\WINDOWS\ehome\ehPrivJob.exe
Task: {67EAABE5-59A0-4FBD-B88B-9B81DCD4C514} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7135AB65-C102-40AF-8A95-750F84E26CA4} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display => C:\windows\system32\MusNotification.exe
Task: {7B47FB01-3B71-47E9-A7E9-B74E58241794} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {871DC7CF-A117-4C5B-A16D-660DDF556987} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {943A171C-0533-45DB-BDBA-681D2D186B2E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => G:\WINDOWS\ehome\mcupdate.exe
Task: {9CE7E7A0-E878-473D-B647-679C241CC7B1} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION
Task: {A54F363C-F0B1-4EFA-B907-C176B2A617AD} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => G:\WINDOWS\ehome\ehrec.exe
Task: {B1924268-B36C-4AC1-BBA8-6093C923DC98} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => G:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {B7832EBF-706D-4943-9426-1A7C19F13657} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {BA99E361-373F-4A8B-8FF5-20C0B8A33F28} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => G:\WINDOWS\ehome\mcupdate.exe
Task: {BC8EF1D2-425A-432C-B504-B1E782EC296B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => G:\WINDOWS\ehome\mcupdate.exe
Task: {C99F5B9F-6A10-4BB6-8D0C-9BDAE4415046} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => G:\WINDOWS\ehome\ehPrivJob.exe
Task: {D13807E1-7303-42F8-813D-26A8C2D0CBC3} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => G:\WINDOWS\ehome\ehPrivJob.exe
Task: {F2D56127-A0F1-430C-BDC6-E25DA2487E65} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => G:\WINDOWS\ehome\MCUpdate.exe
Task: {F42FFCF5-1E06-45FA-89ED-58655793E5EF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F6E65C5F-8F4D-4F58-91DE-D664A12F0971} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: G:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => G:\WINDOWS\explorer.exe
Task: G:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => G:\Program Files\Google\Update\GoogleUpdate.exe
Task: G:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => G:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-09-10 18:37 - 2015-09-10 18:37 - 00025088 _____ () G:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-09-10 18:37 - 2015-09-10 18:37 - 00301056 _____ () G:\WINDOWS\System32\diagtrack_wininternal.dll
2015-07-29 20:03 - 2015-07-29 20:03 - 01677448 _____ () G:\ProgramData\TVersity\Media Server\MediaServer.exe
2011-12-17 21:15 - 2011-12-17 21:15 - 00556840 _____ () G:\ProgramData\TVersity\Media Server\taglib.dll
2011-12-17 21:14 - 2011-12-17 21:14 - 00716584 _____ () G:\ProgramData\TVersity\Media Server\log4cxx.dll
2014-06-12 15:54 - 2014-06-12 15:54 - 22956146 _____ () G:\ProgramData\TVersity\Media Server\avcodec-52.dll
2014-06-15 02:37 - 2014-06-15 02:37 - 06714712 _____ () G:\ProgramData\TVersity\Media Server\avformat-52.dll
2014-05-09 16:02 - 2014-05-09 16:02 - 00356838 _____ () G:\ProgramData\TVersity\Media Server\avutil-50.dll
2014-05-09 16:03 - 2014-05-09 16:03 - 00631343 _____ () G:\ProgramData\TVersity\Media Server\swscale-0.dll
2011-12-17 21:15 - 2011-12-17 21:15 - 00562072 _____ () G:\ProgramData\TVersity\Media Server\sqlite3.dll
2015-01-12 21:34 - 2015-01-12 21:34 - 00113166 _____ () G:\ProgramData\TVersity\Media Server\zlib1.dll
2015-01-12 21:34 - 2015-01-12 21:34 - 00279955 _____ () G:\ProgramData\TVersity\Media Server\libidn-11.dll
2014-05-13 02:01 - 2014-05-13 02:01 - 00112142 _____ () G:\ProgramData\TVersity\Media Server\libgcc_s_dw2-1.dll
2011-12-17 21:14 - 2011-12-17 21:14 - 00225064 _____ () G:\ProgramData\TVersity\Media Server\CORE_RL_lcms_.dll
2011-12-17 21:14 - 2011-12-17 21:14 - 00031528 _____ () G:\ProgramData\TVersity\Media Server\CORE_RL_xlib_.dll
2011-12-17 21:13 - 2011-12-17 21:13 - 00309755 _____ () G:\ProgramData\TVersity\Media Server\libmp3lame-0.dll
2014-05-13 03:01 - 2014-05-13 03:01 - 00239162 _____ () G:\ProgramData\TVersity\Media Server\libvorbis-0.dll
2014-05-13 03:01 - 2014-05-13 03:01 - 00690494 _____ () G:\ProgramData\TVersity\Media Server\libvorbisenc-2.dll
2014-05-13 02:55 - 2014-05-13 02:55 - 00087192 _____ () G:\ProgramData\TVersity\Media Server\libogg-0.dll
2015-10-01 19:52 - 2015-09-17 06:27 - 01766952 _____ () G:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 19:52 - 2015-09-17 06:27 - 01766952 _____ () G:\WINDOWS\System32\CoreUIComponents.dll
2015-10-01 19:52 - 2015-09-17 05:26 - 01386496 _____ () G:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll
2015-10-01 19:51 - 2015-09-17 05:25 - 00377856 _____ () G:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-09-10 18:37 - 2015-09-10 18:37 - 00500736 _____ () G:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SignalsManager.dll
2015-10-01 19:52 - 2015-09-17 05:26 - 00707072 _____ () G:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesBackgroundTasks.dll
2015-07-10 08:24 - 2015-07-10 08:24 - 00288768 _____ () G:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 08:24 - 2015-07-10 08:24 - 00111104 _____ () G:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-10-01 19:51 - 2015-09-17 05:46 - 00405504 _____ () G:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2015-10-01 19:53 - 2015-09-17 05:28 - 04317696 _____ () G:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-01 19:51 - 2015-09-17 05:25 - 01183232 _____ () G:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 19:52 - 2015-09-17 05:26 - 01425920 _____ () G:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-09-13 20:48 - 2012-11-06 16:47 - 00114688 _____ () G:\Program Files\ADDON\NWU281 USB Wireless LAN Utility\EnumDevLib.dll
2015-09-10 18:37 - 2015-09-10 18:37 - 00200704 _____ () G:\WINDOWS\SYSTEM32\textinputframework.dll
2015-07-10 08:25 - 2015-07-10 08:25 - 00161632 _____ () g:\windows\system32\WerEtw.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2234053327-359660119-4253514962-1000\Control Panel\Desktop\\Wallpaper -> G:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SBAMSvc => 2
MSCONFIG\Services: sz7 => 2
HKU\S-1-5-21-2234053327-359660119-4253514962-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2234053327-359660119-4253514962-1000\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) LPort=808
FirewallRules: [{FA816B81-F5BC-48A1-A6A2-C107B7B6663B}] => (Allow) G:\Users\leon\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3B24A81A-DB52-491D-956C-C2D38F297AD2}] => (Allow) G:\Users\leon\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{972AE845-1F88-4088-B0C3-1EA822BE2865}] => (Allow) G:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{4BEBE26A-29CC-4EEC-AA39-2C3D9577242A}] => (Allow) G:\Program Files\ADDON\NWU281 USB Wireless LAN Utility\Rtldhcp.exe
FirewallRules: [{FB1B0C6E-A06C-4D4C-BA17-767EF27FCED6}] => (Allow) LPort=53
FirewallRules: [{CD6DC185-487A-4041-A597-202BF17E3167}] => (Allow) LPort=53
FirewallRules: [{CF0E9777-17B9-4CCF-B0F0-7CD40C00E6B6}] => (Allow) LPort=68
FirewallRules: [{19FB214A-B504-41CD-BE3E-8BAE19376EE9}] => (Allow) LPort=67
FirewallRules: [{28D7B2AE-C137-4274-91F6-226B913B3ACE}] => (Allow) LPort=53
FirewallRules: [{19BBF490-A556-4D22-A1D4-EF673C516B32}] => (Allow) LPort=1542
FirewallRules: [{0C5B3816-1976-47DC-A268-4B08FC36460E}] => (Allow) LPort=1542
FirewallRules: [{EEE5628B-E7F2-4A0B-8EE2-BF3A33FE57C1}] => (Allow) G:\Program Files\ADDON\NWU281 USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{0C520535-DFDF-4908-AFD9-4D933FD9424A}] => (Allow) G:\Program Files\ADDON\NWU281 USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{285A1576-AE29-4C24-A1DA-2D8217680B0D}] => (Allow) G:\ProgramData\TVersity\Media Server\MediaServer.exe
FirewallRules: [TCP Query User{5AE8B35C-BD89-4FEC-9639-ED72168CDDBA}C:\program files\swannview link\mydvr.exe] => (Allow) C:\program files\swannview link\mydvr.exe
FirewallRules: [UDP Query User{314B31B6-281B-405D-85DD-3B621E816254}C:\program files\swannview link\mydvr.exe] => (Allow) C:\program files\swannview link\mydvr.exe
FirewallRules: [{88D3D183-B28D-427C-BA05-81C094E1C772}] => (Allow) G:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/31/2015 02:56:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NetworkUXBroker.exe, version: 10.0.10240.16384, time stamp: 0x559f3d1a
Faulting module name: ntdll.dll, version: 10.0.10240.16430, time stamp: 0x55c599e6
Exception code: 0xc0000374
Fault offset: 0x000e1267
Faulting process id: 0xcf0
Faulting application start time: 0xNetworkUXBroker.exe0
Faulting application path: NetworkUXBroker.exe1
Faulting module path: NetworkUXBroker.exe2
Report Id: NetworkUXBroker.exe3
Faulting package full name: NetworkUXBroker.exe4
Faulting package-relative application ID: NetworkUXBroker.exe5

Error: (10/31/2015 02:16:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10240.16384, time stamp: 0x559f3b40
Faulting module name: twinapi.appcore.dll, version: 10.0.10240.16515, time stamp: 0x55fa5082
Exception code: 0xc000027b
Fault offset: 0x0001cac9
Faulting process id: 0x1268
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (10/30/2015 11:06:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.10240.16412, time stamp: 0x55b99447
Faulting module name: igdumd32.dll, version: 8.14.10.2697, time stamp: 0x4f6bfc50
Exception code: 0xc0000005
Fault offset: 0x00004f61
Faulting process id: 0x1c20
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (10/30/2015 10:55:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10240.16384, time stamp: 0x559f3b40
Faulting module name: twinapi.appcore.dll, version: 10.0.10240.16515, time stamp: 0x55fa5082
Exception code: 0xc000027b
Fault offset: 0x0001cac9
Faulting process id: 0x1fec
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (10/30/2015 09:49:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10240.16384, time stamp: 0x559f3b40
Faulting module name: twinapi.appcore.dll, version: 10.0.10240.16515, time stamp: 0x55fa5082
Exception code: 0xc000027b
Fault offset: 0x0001cac9
Faulting process id: 0x12d8
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (10/30/2015 09:38:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.10240.16412, time stamp: 0x55b99447
Faulting module name: Flash.ocx, version: 19.0.0.226, time stamp: 0x561f3171
Exception code: 0xc0000005
Fault offset: 0x00331fab
Faulting process id: 0xdc8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (10/30/2015 04:58:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10240.16384, time stamp: 0x559f3b40
Faulting module name: twinapi.appcore.dll, version: 10.0.10240.16515, time stamp: 0x55fa5082
Exception code: 0xc000027b
Fault offset: 0x0001cac9
Faulting process id: 0x550
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (10/30/2015 02:45:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10240.16384, time stamp: 0x559f3b40
Faulting module name: twinapi.appcore.dll, version: 10.0.10240.16515, time stamp: 0x55fa5082
Exception code: 0xc000027b
Fault offset: 0x0001cac9
Faulting process id: 0x1230
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (10/30/2015 02:26:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DaS_21.exe, version: 2.1.0.4, time stamp: 0x540c90b2
Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time stamp: 0x559f3b4c
Exception code: 0xe0434352
Fault offset: 0x000b24c2
Faulting process id: 0xa00
Faulting application start time: 0xDaS_21.exe0
Faulting application path: DaS_21.exe1
Faulting module path: DaS_21.exe2
Report Id: DaS_21.exe3
Faulting package full name: DaS_21.exe4
Faulting package-relative application ID: DaS_21.exe5

Error: (10/30/2015 02:26:01 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DaS_21.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentOutOfRangeException
Stack:
at System.Console.SetWindowSize(Int32, Int32)
at DriverAndServicesOut.Program.Main(System.String[])


System errors:
=============
Error: (10/30/2015 09:05:23 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (10/30/2015 09:05:23 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (10/30/2015 06:41:57 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ADDONCU service.

Error: (10/30/2015 06:41:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ADDONCU service.

Error: (10/30/2015 06:40:52 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ADDONCU service.

Error: (10/30/2015 05:10:53 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/30/2015 05:10:53 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/30/2015 05:10:53 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/30/2015 05:10:53 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/30/2015 04:49:02 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable


CodeIntegrity:
===================================
Date: 2015-10-27 08:45:24.674
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-10-26 02:27:51.713
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU E2180 @ 2.00GHz
Percentage of memory in use: 52%
Total physical RAM: 2037.18 MB
Available physical RAM: 972.31 MB
Total Virtual: 4725.18 MB
Available Virtual: 2854.22 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:160.77 GB) (Free:67.39 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.17 GB) (Free:0.93 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (windows 7) (Fixed) (Total:61.94 GB) (Free:8.48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=160.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=61.9 GB) - (Type=OF Extended)
Partition 3: (Not Active) - (Size=10.2 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#10 satchfan

satchfan

  • Malware Response Team
  • 2,658 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:40 AM

Posted 01 November 2015 - 04:52 AM

There are sigs of cracked software on your computer and unless it is removed, I can't help further. Please remove all illegal/cracked software and then do the following:

================================================

Move Farbar Recovery Scan Tool directly on to your desktop otherwise fixes will not work. At the moment it is here:

G:\Users\leon\Desktop\bleeping computer apps

It needs to be : G:\Users\leon\Desktop

  • go to the bleeping computer apps folder and locate Farbar Recovery Scan Tool
  • right click and select Cut
  • go to an empty spot on your desktop, right click and select Paste

Farbar Recovery Scan Tool should now be on your desktop.

================================================

Run Farbar Recovery Scan Tool

Open notepad (Start >All Programs > Accessories > Notepad). Please copy the entire contents of the code box below and paste it into Notepad.


S3 eapihdrv; \??\G:\Users\leon\AppData\Local\Temp\ehdrv.sys [X]
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
2015-10-26 00:53 - 2015-10-27 09:08 - 00000000 ____D G:\ProgramData\STOPzilla!
2015-10-26 00:53 - 2015-10-26 00:53 - 00000000 ____D G:\Program Files\iS3
2015-10-25 12:23 - 2015-10-25 12:23 - 03237248 ____H (Enigma Software Group USA, LLC.) G:\Users\leon\Downloads\SpyHunter-Installer.exe
2015-10-24 00:38 - 2015-10-25 10:54 - 00000000 ____D G:\ProgramData\Norton
2015-10-24 00:35 - 2015-10-24 00:34 - 17787368 ____H (Bitberry Software ) G:\Users\leon\Downloads\FreeFileViewerSetup [1].exe
Task: {0748BD11-2322-42B7-92B4-F5B0AD0C9720} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {0A6ACB8D-FDBE-46E5-8AA2-E59E045B0ABF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {254C67A3-60B0-4911-9AC2-5787531B02BB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2C8E074A-9D4F-4FE2-A1F4-E2A102129394} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4CF0A2FC-DB79-487C-9D4F-FD74482FF185} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {67EAABE5-59A0-4FBD-B88B-9B81DCD4C514} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7B47FB01-3B71-47E9-A7E9-B74E58241794} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {871DC7CF-A117-4C5B-A16D-660DDF556987} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9CE7E7A0-E878-473D-B647-679C241CC7B1} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> No File <==== ATTENTION
Task: {B7832EBF-706D-4943-9426-1A7C19F13657} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F42FFCF5-1E06-45FA-89ED-58655793E5EF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F6E65C5F-8F4D-4F58-91DE-D664A12F0971} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
FirewallRules: [{FA816B81-F5BC-48A1-A6A2-C107B7B6663B}] => (Allow) G:\Users\leon\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3B24A81A-DB52-491D-956C-C2D38F297AD2}] => (Allow) G:\Users\leon\AppData\Roaming\uTorrent\uTorrent.exe
G:\Users\leon\AppData\Roaming\uTorrent
EmptyTemp:

NOTE: this script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST then click Fix just once and wait
  • it will create a log (Fixlog.txt); please post it to your reply.

================================================

Run CKScanner

Download CKScanner by askey127 from here & save it to your Desktop.

  • double-click CKScanner.exe then click Search For Files
  • when the cursor hourglass disappears, click Save List To File
  • a message box will verify the file saved
  • double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply.

Logs to include with next post:

Fixlog.txt
CKFiles.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#11 satchfan

satchfan

  • Malware Response Team
  • 2,658 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:40 AM

Posted 05 November 2015 - 07:12 AM

Hi showmethebiccies

It has been several days since I replied to you.

Please let me know if you are having problems. If I do not hear from you within 24 hours I'll assume that you no longer need help and close this topic..

Thanks

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#12 satchfan

satchfan

  • Malware Response Team
  • 2,658 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:40 AM

Posted 06 November 2015 - 12:12 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users