Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

need virus removal help


  • This topic is locked This topic is locked
5 replies to this topic

#1 shulemmosko

shulemmosko

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:00 PM

Posted 10 December 2015 - 03:45 PM

Hi i got this stubborn virus that keeps coming back, i attached the frst scan reports if somebody can have a look on it i would really appreciate it.
Tnx in advanced!

Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Animal

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-12-2015
Ran by Yeedlee (administrator) on YEEDLEE-PC (10-12-2015 14:25:32)
Running from C:\Users\Yeedlee\Downloads
Loaded Profiles: Yeedlee (Available Profiles: Yeedlee & UpdatusUser & QBDataServiceUser22)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
() C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(ITAZ Technologies Pvt Ltd) C:\Program Files (x86)\Sohodox Desktop\Modules\Folder Monitor\FldMonSrv.exe
(ITAZ Technologies Pvt Ltd) C:\Program Files (x86)\Sohodox Desktop\Modules\Indexing Service\Itaz.Dms.IndexingService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAHWindow64.exe
(Nico Mak Computing) C:\Program Files\WinZip\WZUpdateNotifier.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla FireFox\firefox.exe
(Emsisoft Ltd) C:\EEK\bin\a2emergencykit.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12681320 2011-08-26] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2012-11-29] (LogMeIn, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1856184 2015-09-30] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2080768 2014-09-11] (iSkySoft)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-16270590-503425559-2023930739-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [876216 2015-09-30] (Adobe Systems Incorporated)
HKU\S-1-5-21-16270590-503425559-2023930739-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-16270590-503425559-2023930739-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-16270590-503425559-2023930739-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-16270590-503425559-2023930739-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-16270590-503425559-2023930739-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-16270590-503425559-2023930739-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-16270590-503425559-2023930739-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-16270590-503425559-2023930739-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-16270590-503425559-2023930739-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-16270590-503425559-2023930739-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-16270590-503425559-2023930739-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-16270590-503425559-2023930739-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-16270590-503425559-2023930739-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll [2014-10-18] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-11-16]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2015-11-16]
ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-11-16]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk [2013-02-18]
ShortcutTarget: Uninstall Webroot RunOnce.lnk -> C:\Users\UpdatusUser\AppData\Roaming\wruninstall.exe (Webroot Software, Inc.)
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 204.11.117.21 8.8.8.8
Tcpip\..\Interfaces\{9EAEE6DE-1E47-4C44-9F24-6D6C7823FDE6}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{9EAEE6DE-1E47-4C44-9F24-6D6C7823FDE6}: [DhcpNameServer] 204.11.117.21 8.8.8.8

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-16270590-503425559-2023930739-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-16270590-503425559-2023930739-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-16270590-503425559-2023930739-1000 -> {6F5D0F5A-3100-498B-9EB5-3E08818859F0} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=w3i&hsimp=yhs-geneiotransfer&type=W3i_IA,206,0_0,StartPage,20120102,18482,0,0,6434&p={searchTerms}
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll [2012-08-13] (AVG Technologies CZ, s.r.o.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll [2013-02-05] (McAfee, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-12] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-12] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-16270590-503425559-2023930739-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-16270590-503425559-2023930739-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
DPF: HKLM-x32 {B9BE4AC6-505E-480F-BAC1-35512FBA992F} hxxp://108.46.14.82:8100/eDVR.cab
Handler-x32: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll [2013-06-26] (Intuit, Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll [2012-03-27] (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll [2012-03-27] (AVG Technologies CZ, s.r.o.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Yeedlee\AppData\Roaming\Mozilla\Firefox\Profiles\diberuil.default
FF SelectedSearchEngine: Astromenda
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2013-05-06] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-03-30] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-12] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll [2013-02-05] (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [2012-05-07] (Amnis Technology Ltd)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-08] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [2014-07-10] ()
FF Plugin HKU\S-1-5-21-16270590-503425559-2023930739-1000: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [2012-05-07] (Amnis Technology Ltd)
FF user.js: detected! => C:\Users\Yeedlee\AppData\Roaming\Mozilla\Firefox\Profiles\diberuil.default\user.js [2015-12-08]
FF Extension: idms20.CFieldInteger - C:\Users\Yeedlee\AppData\Roaming\Mozilla\Firefox\Profiles\diberuil.default\Extensions\{4B147F4F-1D67-041C-3310-6D34F561F8F4} [2015-12-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-07-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2015-05-13] [not signed]

Chrome:
=======
CHR HKU\S-1-5-21-16270590-503425559-2023930739-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2012-02-01] (Intel Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [417640 2015-02-27] (LogMeIn, Inc.)
S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [234344 2015-02-27] (LogMeIn, Inc.)
S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2012-11-29] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (arvato digital services llc)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2010-09-30] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1251840 2010-09-17] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 SdxEmailCaptureService; C:\Program Files (x86)\Sohodox Desktop\Modules\Email Capture\EmailCaptureSvr.exe [69632 2012-06-04] (ITAZ Technologies Pvt Ltd) [File not signed]
R2 SdxFolderMonitorService; C:\Program Files (x86)\Sohodox Desktop\Modules\Folder Monitor\FldMonSrv.exe [65536 2011-12-29] (ITAZ Technologies Pvt Ltd) [File not signed]
R2 SdxIndexingService; C:\Program Files (x86)\Sohodox Desktop\Modules\Indexing Service\Itaz.Dms.IndexingService.exe [57344 2012-06-04] (ITAZ Technologies Pvt Ltd) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 vToolbarUpdater17.1.3; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AcpiCtlDrv; C:\Windows\System32\DRIVERS\AcpiCtlDrv.sys [25848 2011-06-28] (Intel Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-12-03] (AVG Technologies)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EfiVariable; C:\Windows\SysWOW64\Drivers\variable64.sys [18200 2010-10-28] (Windows ® Server 2003 DDK provider)
R1 epp64; C:\EEK\bin\epp64.sys [136456 2015-12-06] (Emsisoft GmbH)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-31] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-12-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S1 abthuqyi; \??\C:\Windows\system32\drivers\abthuqyi.sys [X]
S1 awvaokur; \??\C:\Windows\system32\drivers\awvaokur.sys [X]
S3 BTMCOM; System32\Drivers\btmcom.sys [X]
S1 byatgtsw; \??\C:\Windows\system32\drivers\byatgtsw.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 ceynernw; \??\C:\Windows\system32\drivers\ceynernw.sys [X]
S1 dblhmljm; \??\C:\Windows\system32\drivers\dblhmljm.sys [X]
S1 dfokymkf; \??\C:\Windows\system32\drivers\dfokymkf.sys [X]
S1 dkacdnir; \??\C:\Windows\system32\drivers\dkacdnir.sys [X]
S1 eqyxgchq; \??\C:\Windows\system32\drivers\eqyxgchq.sys [X]
S1 fjyhvucj; \??\C:\Windows\system32\drivers\fjyhvucj.sys [X]
S1 fkgugtyp; \??\C:\Windows\system32\drivers\fkgugtyp.sys [X]
S1 gcfzltif; \??\C:\Windows\system32\drivers\gcfzltif.sys [X]
S1 gndyvqyc; \??\C:\Windows\system32\drivers\gndyvqyc.sys [X]
S1 hibtknly; \??\C:\Windows\system32\drivers\hibtknly.sys [X]
S1 hnuywlby; \??\C:\Windows\system32\drivers\hnuywlby.sys [X]
S2 iocbios2; \??\C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [X]
S1 izsugzag; \??\C:\Windows\system32\drivers\izsugzag.sys [X]
S1 jjtjbfyp; \??\C:\Windows\system32\drivers\jjtjbfyp.sys [X]
S1 jnxqkyny; \??\C:\Windows\system32\drivers\jnxqkyny.sys [X]
S1 llimubvo; \??\C:\Windows\system32\drivers\llimubvo.sys [X]
S1 mqudjcyp; \??\C:\Windows\system32\drivers\mqudjcyp.sys [X]
S1 mrxsaxmz; \??\C:\Windows\system32\drivers\mrxsaxmz.sys [X]
S1 mvygfezw; \??\C:\Windows\system32\drivers\mvygfezw.sys [X]
S1 myeeeofl; \??\C:\Windows\system32\drivers\myeeeofl.sys [X]
S1 nckxdptq; \??\C:\Windows\system32\drivers\nckxdptq.sys [X]
S1 pgzbcnqt; \??\C:\Windows\system32\drivers\pgzbcnqt.sys [X]
S1 qkahhthw; \??\C:\Windows\system32\drivers\qkahhthw.sys [X]
S1 riacfmoe; \??\C:\Windows\system32\drivers\riacfmoe.sys [X]
S1 rijjboxp; \??\C:\Windows\system32\drivers\rijjboxp.sys [X]
S1 rmbdiknd; \??\C:\Windows\system32\drivers\rmbdiknd.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S1 tsgrbqrj; \??\C:\Windows\system32\drivers\tsgrbqrj.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S1 ubvwtnht; \??\C:\Windows\system32\drivers\ubvwtnht.sys [X]
S1 uudhulxf; \??\C:\Windows\system32\drivers\uudhulxf.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-10 14:25 - 2015-12-10 14:26 - 00035019 _____ C:\Users\Yeedlee\Downloads\FRST.txt
2015-12-10 14:25 - 2015-12-10 14:25 - 00000000 ___DC C:\FRST
2015-12-10 14:24 - 2015-12-10 14:24 - 02369024 _____ (Farbar) C:\Users\Yeedlee\Downloads\FRST64.exe
2015-12-10 14:22 - 2015-12-10 14:22 - 00000743 _____ C:\Users\Yeedlee\Desktop\Start Emsisoft Emergency Kit.lnk
2015-12-10 14:21 - 2015-12-10 14:22 - 00000000 ___DC C:\EEK
2015-12-10 14:20 - 2015-12-10 14:20 - 170644584 _____ C:\Users\Yeedlee\Downloads\EmsisoftEmergencyKit.exe
2015-12-10 02:33 - 2015-12-10 02:33 - 00000000 ____D C:\ProgramData\bdch
2015-12-09 16:32 - 2015-12-09 16:32 - 00430666 _____ C:\Users\Yeedlee\Desktop\rmb.cdr
2015-12-09 16:23 - 2015-12-09 16:23 - 00927824 _____ (Google Inc.) C:\Users\Yeedlee\Downloads\ChromeSetup.exe
2015-12-09 13:48 - 2015-12-09 13:48 - 00171305 _____ C:\ProgramData\1449686761.bdinstall.bin
2015-12-09 13:47 - 2015-12-09 13:47 - 00002168 _____ C:\Users\Public\Desktop\Bitdefender Antivirus Free Edition.lnk
2015-12-09 13:47 - 2015-12-09 13:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
2015-12-09 13:46 - 2015-12-09 13:47 - 00000000 ____D C:\Program Files\Bitdefender
2015-12-09 13:46 - 2015-12-09 13:46 - 00000000 ____D C:\Users\Yeedlee\AppData\Roaming\QuickScan
2015-12-09 13:46 - 2013-05-28 12:12 - 00382536 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2015-12-09 13:46 - 2013-04-22 13:21 - 00148696 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2015-12-09 13:46 - 2013-04-17 14:59 - 00718840 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2015-12-09 13:46 - 2013-04-17 14:59 - 00593144 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2015-12-09 13:46 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2015-12-09 13:45 - 2015-12-09 13:45 - 10447328 _____ C:\Users\Yeedlee\Downloads\Antivirus_Free_Edition_x64.exe
2015-12-09 13:45 - 2015-12-09 13:45 - 00162208 _____ C:\Users\Yeedlee\Downloads\Antivirus_Free_Edition.exe
2015-12-09 13:45 - 2015-12-09 13:45 - 00162208 _____ C:\Users\Yeedlee\Downloads\Antivirus_Free_Edition(1).exe
2015-12-08 18:09 - 2015-12-08 18:09 - 04398264 _____ (Kaspersky Lab ZAO) C:\Users\Yeedlee\Downloads\tdsskiller.exe
2015-12-08 18:09 - 2015-12-08 18:09 - 00219250 ____C C:\TDSSKiller.3.1.0.7_08.12.2015_18.09.14_log.txt
2015-12-08 17:46 - 2015-12-08 17:46 - 00037643 ____C C:\ComboFix.txt
2015-12-08 17:29 - 2015-12-08 17:46 - 00000000 ___DC C:\Qoobox
2015-12-08 17:29 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2015-12-08 17:29 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2015-12-08 17:29 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-12-08 17:29 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-12-08 17:29 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-12-08 17:29 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2015-12-08 17:29 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2015-12-08 17:29 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2015-12-08 17:28 - 2015-12-08 17:43 - 00000000 ____D C:\Windows\erdnt
2015-12-08 17:28 - 2015-12-08 17:28 - 05640425 ____N (Swearware) C:\Users\Yeedlee\Downloads\ComboFix.exe
2015-12-08 15:58 - 2015-12-08 15:58 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-08 15:58 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2015-12-08 15:56 - 2015-12-08 16:17 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-12-08 15:56 - 2015-12-08 15:59 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-12-08 15:56 - 2015-12-08 15:56 - 00001387 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-12-08 15:56 - 2015-12-08 15:56 - 00001375 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-12-08 15:56 - 2015-12-08 15:56 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2015-12-08 15:56 - 2015-12-08 15:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-12-08 15:56 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-12-08 15:39 - 2015-11-20 13:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-08 15:39 - 2015-11-20 13:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-08 15:39 - 2015-11-20 13:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-08 15:39 - 2015-11-20 13:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-08 15:39 - 2015-11-20 13:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-08 15:39 - 2015-11-20 13:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-08 15:39 - 2015-11-20 13:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-08 15:39 - 2015-11-20 13:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-08 15:39 - 2015-11-20 13:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-08 15:39 - 2015-11-20 13:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-08 15:39 - 2015-11-20 13:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-08 15:39 - 2015-11-20 13:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-08 15:39 - 2015-11-20 13:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-08 15:39 - 2015-11-20 13:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-08 15:39 - 2015-11-20 13:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-08 15:39 - 2015-11-20 13:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-08 15:39 - 2015-11-11 16:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-08 15:39 - 2015-11-11 15:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-08 15:39 - 2015-11-11 13:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-08 15:39 - 2015-11-11 13:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-08 15:39 - 2015-11-11 13:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-08 15:39 - 2015-11-11 13:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-08 15:39 - 2015-11-11 11:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-08 15:39 - 2015-11-11 11:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-08 15:39 - 2015-11-11 10:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-08 15:39 - 2015-11-11 10:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-08 15:39 - 2015-11-11 10:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-08 15:39 - 2015-11-11 10:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-08 15:39 - 2015-11-11 09:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-08 15:39 - 2015-11-10 13:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-08 15:39 - 2015-11-10 13:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-08 15:39 - 2015-11-10 13:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-08 15:39 - 2015-11-10 13:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-08 15:39 - 2015-11-10 13:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-08 15:39 - 2015-11-10 12:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-08 15:39 - 2015-11-09 19:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-08 15:39 - 2015-11-09 19:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-08 15:39 - 2015-11-09 19:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-08 15:39 - 2015-11-09 19:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-08 15:39 - 2015-11-09 19:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-08 15:39 - 2015-11-09 19:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-08 15:39 - 2015-11-09 19:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-08 15:39 - 2015-11-09 19:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-08 15:39 - 2015-11-09 19:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-08 15:39 - 2015-11-09 19:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-08 15:39 - 2015-11-09 19:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-08 15:39 - 2015-11-09 19:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-08 15:39 - 2015-11-09 19:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-08 15:39 - 2015-11-09 18:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-08 15:39 - 2015-11-09 18:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-08 15:39 - 2015-11-09 18:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-08 15:39 - 2015-11-09 18:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-08 15:39 - 2015-11-09 18:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-08 15:39 - 2015-11-09 18:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-08 15:39 - 2015-11-09 18:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-08 15:39 - 2015-11-09 18:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-08 15:39 - 2015-11-09 18:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-08 15:39 - 2015-11-09 18:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-08 15:39 - 2015-11-09 18:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-08 15:39 - 2015-11-08 17:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-08 15:39 - 2015-11-08 17:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-08 15:39 - 2015-11-08 17:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-08 15:39 - 2015-11-08 17:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-08 15:39 - 2015-11-08 17:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-08 15:39 - 2015-11-08 17:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-08 15:39 - 2015-11-08 17:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-08 15:39 - 2015-11-08 17:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-08 15:39 - 2015-11-08 17:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-08 15:39 - 2015-11-08 17:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-08 15:39 - 2015-11-08 17:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-08 15:39 - 2015-11-08 17:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-08 15:39 - 2015-11-08 17:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-08 15:39 - 2015-11-08 17:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-08 15:39 - 2015-11-08 17:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-08 15:39 - 2015-11-08 17:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-08 15:39 - 2015-11-08 16:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-08 15:39 - 2015-11-08 16:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-08 15:39 - 2015-11-08 16:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-08 15:39 - 2015-11-08 16:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-08 15:39 - 2015-11-08 16:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-08 15:39 - 2015-11-08 16:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-08 15:39 - 2015-11-08 16:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-08 15:39 - 2015-11-08 16:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-08 15:39 - 2015-11-08 16:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-08 15:39 - 2015-11-08 16:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-08 15:39 - 2015-11-08 16:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-08 15:39 - 2015-11-08 16:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-08 15:39 - 2015-11-08 15:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-08 15:39 - 2015-11-08 15:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-08 15:39 - 2015-11-08 15:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-08 15:39 - 2015-11-05 14:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-08 15:39 - 2015-11-05 14:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-08 15:39 - 2015-11-05 14:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-12-08 15:39 - 2015-11-05 14:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-12-08 15:39 - 2015-11-05 04:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-08 15:39 - 2015-11-03 14:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-08 15:39 - 2015-11-03 13:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-08 15:39 - 2015-10-08 18:22 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2015-12-08 15:39 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-08 15:39 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-12-08 15:39 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-12-08 15:39 - 2015-10-08 18:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-12-08 15:39 - 2015-10-08 18:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-08 15:39 - 2015-10-08 18:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-08 15:39 - 2015-10-08 18:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2015-12-08 15:39 - 2015-10-08 14:13 - 00419928 _____ C:\Windows\SysWOW64\locale.nls
2015-12-08 15:39 - 2015-10-08 13:52 - 00419928 _____ C:\Windows\system32\locale.nls
2015-12-08 15:38 - 2015-11-03 14:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-08 15:38 - 2015-11-03 13:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-08 14:45 - 2015-12-08 14:45 - 00000000 ____D C:\Users\Yeedlee\AppData\Roaming\Business Logic
2015-12-08 14:44 - 2015-12-08 14:44 - 00000000 ____D C:\Program Files (x86)\Business Logic Corporation
2015-12-07 13:28 - 2015-12-08 15:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-12-07 13:28 - 2015-12-08 15:05 - 00000000 ____D C:\Program Files\CCleaner
2015-12-07 13:27 - 2015-12-07 13:28 - 06801752 _____ (Piriform Ltd) C:\Users\Yeedlee\Downloads\ccsetup512.exe
2015-12-07 12:57 - 2015-12-07 12:57 - 00000000 ____D C:\Users\Yeedlee\AppData\Roaming\Itibiti
2015-12-07 12:57 - 2015-12-07 12:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR
2015-12-06 14:15 - 2015-12-06 14:27 - 00000000 ____D C:\Users\Yeedlee\Desktop\Yeedle Einhorn
2015-12-06 14:15 - 2015-12-06 14:15 - 00000000 ____D C:\Users\Yeedlee\Desktop\New folder (2)
2015-12-05 23:18 - 2015-12-05 23:28 - 07263529 _____ C:\Users\Yeedlee\Downloads\Latest catalog USD.xlsx
2015-12-04 13:24 - 2015-12-04 13:24 - 02742029 _____ C:\Users\Yeedlee\Downloads\LV24_44.pdf
2015-12-02 19:33 - 2015-12-02 19:33 - 00915955 _____ C:\Users\Yeedlee\Downloads\Week 4 - Heter Iska.pdf
2015-12-02 14:03 - 2015-12-02 14:03 - 08165934 _____ C:\Users\Yeedlee\Downloads\Latest catalog from Beimei .xls
2015-12-01 17:54 - 2015-12-01 17:54 - 00026661 _____ C:\Users\Yeedlee\Downloads\g4all...pdf
2015-11-29 14:55 - 2015-11-29 19:29 - 00437445 _____ C:\Users\Yeedlee\Desktop\Backup_of_booba.cdr
2015-11-29 02:05 - 2015-11-29 02:05 - 00506265 _____ C:\Users\Yeedlee\Downloads\Modern Look Inventory Sheet.xlsx
2015-11-29 02:04 - 2015-11-29 02:04 - 00506265 _____ C:\Users\Yeedlee\Downloads\1Inventory Sheet - Editable.xlsx
2015-11-26 19:01 - 2015-11-26 19:01 - 19599275 _____ C:\Users\Yeedlee\Downloads\כ''ק מר''ש בריקוד נלהב עם האדמו''ר ממכנובקא בשמחת נישואי נכדו אור לי''ב כסלו ע''ו א.מ.ש..mp4
2015-11-26 18:58 - 2015-11-26 18:58 - 20379157 _____ C:\Users\Yeedlee\Downloads\כ''ק מר''ש מסדר קידושין בחופת נכדתו של כ''ק האדמו''ר מכנובקא אור לי''ב כסלו ע''ו א.מ.ש..mp4
2015-11-26 18:56 - 2015-11-26 18:56 - 20580980 _____ C:\Users\Yeedlee\Downloads\כ''ק מר''ש משתתף בשמחת נישואי נכדת כ''ק האדמו''ר ממכנובקא אור לי''ב כסלו ע''ו א.מ.ש..mp4
2015-11-26 18:54 - 2015-11-26 18:54 - 20627088 _____ C:\Users\Yeedlee\Downloads\כ''ק מר''ש בברכהמ''ז בשמחת נישואי נכדת כ''ק האדמו''ר ממכנובקא אור לי''ב כסלו ע''ו א.מ.ש..mp4
2015-11-24 15:08 - 2015-11-24 15:08 - 09255380 _____ C:\Users\Yeedlee\Downloads\VID-20151124-WA0001.mp4
2015-11-23 14:48 - 2015-11-23 14:48 - 04280419 _____ C:\Users\Yeedlee\Downloads\IMG_6863.MOV
2015-11-22 18:00 - 2015-11-22 18:00 - 18645897 _____ C:\Users\Yeedlee\Downloads\הרה''צ רא''וו הגר בן כ''ק האדמו''ר מויזניץ מונסי שליט''א בביקור אור לח' כסלו ע''ו א.מ.ש..mp4
2015-11-20 12:58 - 2015-11-20 12:58 - 00802898 _____ C:\Users\Yeedlee\Downloads\ויצא חוץ לארץ תשע''ו.pdf
2015-11-19 15:48 - 2015-11-19 15:48 - 02244324 _____ C:\Users\Yeedlee\Documents\invitation.cdr
2015-11-19 12:30 - 2015-11-19 12:30 - 00336379 _____ C:\Users\Yeedlee\Downloads\Invite.jpeg
2015-11-18 15:51 - 2015-11-18 15:51 - 08486491 _____ C:\Users\Yeedlee\Downloads\BM Cover.pdf
2015-11-16 18:05 - 2015-11-16 18:05 - 05891839 _____ C:\Users\Yeedlee\Downloads\Machshuvas (1).pdf
2015-11-16 18:04 - 2015-11-16 18:04 - 05891839 _____ C:\Users\Yeedlee\Downloads\Machshuvas.pdf
2015-11-16 15:52 - 2015-11-16 15:52 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-11-16 15:52 - 2015-11-16 15:52 - 00002273 _____ C:\Users\Public\Desktop\WinZip.lnk
2015-11-16 15:52 - 2015-11-16 15:52 - 00000000 ____D C:\Users\Yeedlee\AppData\Local\WinZip
2015-11-16 15:52 - 2015-11-16 15:52 - 00000000 ____D C:\Users\Yeedlee\AppData\Local\Nico Mak Computing
2015-11-16 15:52 - 2015-11-16 15:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-11-16 15:52 - 2015-11-16 15:52 - 00000000 ____D C:\Program Files\WinZip
2015-11-16 15:49 - 2015-11-16 15:49 - 00685760 _____ (WinZip Computing, S.L.) C:\Users\Yeedlee\Downloads\winzip20_mf.exe
2015-11-16 15:49 - 2015-11-16 15:49 - 00000000 ____D C:\ProgramData\UniqueId
2015-11-16 15:48 - 2015-11-16 15:48 - 97079795 _____ C:\Users\Yeedlee\Downloads\יונתן שווארץ - מאמע רחל.rar
2015-11-16 13:15 - 2015-11-16 13:15 - 00113747 _____ C:\Users\Yeedlee\Downloads\20151116131408726.pdf
2015-11-15 19:25 - 2015-11-16 15:51 - 00000000 ____D C:\Users\Yeedlee\AppData\Roaming\Wise Video Converter
2015-11-15 19:25 - 2015-11-15 19:25 - 00001236 _____ C:\Users\Public\Desktop\Wise Video Converter.lnk
2015-11-15 19:25 - 2015-11-15 19:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Video Converter
2015-11-15 19:25 - 2015-11-15 19:25 - 00000000 ____D C:\Program Files (x86)\Wise
2015-11-15 19:24 - 2015-11-15 19:24 - 07257200 _____ (WiseCleaner.com ) C:\Users\Yeedlee\Downloads\WVCSetup.exe
2015-11-15 19:00 - 2015-11-15 19:00 - 00001205 _____ C:\Users\Public\Desktop\iSkysoft Video Editor.lnk
2015-11-15 19:00 - 2015-11-15 19:00 - 00000000 ____D C:\Users\Yeedlee\AppData\Local\iSkysoft
2015-11-15 19:00 - 2015-11-15 19:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSkysoft
2015-11-15 19:00 - 2015-11-15 19:00 - 00000000 ____D C:\ProgramData\iSkysoft
2015-11-15 18:59 - 2015-11-15 19:05 - 00000000 ____D C:\Users\Yeedlee\Documents\iSkysoft Video Editor
2015-11-15 18:59 - 2015-11-15 18:59 - 00000000 ____D C:\Users\Public\Documents\iSkysoft
2015-11-15 18:59 - 2015-11-15 18:59 - 00000000 ____D C:\Program Files (x86)\iSkysoft
2015-11-15 18:59 - 2015-07-30 09:57 - 02140712 _____ (MainConcept GmbH) C:\Windows\SysWOW64\mcmpgvout.004
2015-11-15 18:59 - 2015-07-30 09:57 - 00531496 _____ (MainConcept GmbH) C:\Windows\SysWOW64\mcmpeg2mux.ax
2015-11-15 18:59 - 2015-07-30 09:57 - 00375848 _____ (MainConcept GmbH) C:\Windows\SysWOW64\mcm2ve.ax
2015-11-15 18:59 - 2015-07-30 09:57 - 00257064 _____ (MainConcept GmbH) C:\Windows\SysWOW64\mcl2ae.ax
2015-11-15 18:59 - 2015-07-30 09:57 - 00244776 _____ (MainConcept GmbH) C:\Windows\SysWOW64\mcmpgaout.dll
2015-11-15 18:59 - 2015-07-30 09:57 - 00020520 _____ (MainConcept GmbH) C:\Windows\SysWOW64\mcmpgvout.dll
2015-11-15 18:58 - 2015-11-15 18:59 - 00809032 _____ C:\Users\Yeedlee\Downloads\video-editor-dco_setup_full1661.exe
2015-11-15 13:14 - 2015-11-15 13:14 - 00626688 _____ C:\Users\Yeedlee\Downloads\Belz new 5775 final (1).xls
2015-11-12 18:41 - 2015-11-12 18:41 - 00012249 _____ C:\Users\Yeedlee\Desktop\Copy of belz new.xlsx
2015-11-12 18:12 - 2015-11-12 18:30 - 00013521 _____ C:\Users\Yeedlee\Desktop\belz new.xlsx
2015-11-12 14:53 - 2015-11-12 14:53 - 00799827 _____ C:\Users\Yeedlee\Downloads\תולדות חוץ לארץ מתוקן תשע''ו.pdf
2015-11-11 17:50 - 2015-11-11 17:50 - 00080384 _____ C:\Users\Yeedlee\Documents\Heavy Weight 10 per page.pdf.pub
2015-11-11 17:13 - 2015-12-08 15:06 - 00000000 ____D C:\Users\Yeedlee\Desktop\Google Books_files
2015-11-11 15:45 - 2015-11-12 17:04 - 00623104 _____ C:\Users\Yeedlee\Downloads\Belz new 5775 final.xls
2015-11-11 14:22 - 2015-11-11 14:22 - 00000430 __RSH C:\Users\Yeedlee\ntuser.pol
2015-11-11 13:47 - 2015-11-11 13:47 - 10226248 _____ (Microsoft Corporation) C:\Users\Yeedlee\Downloads\AdminTemplates.exe
2015-11-11 11:55 - 2015-11-11 11:55 - 00335053 _____ C:\Users\Yeedlee\Desktop\Commercial invoice.cdr
2015-11-11 11:33 - 2015-11-11 11:33 - 00066439 _____ C:\Users\Yeedlee\Downloads\Credit Authorization - Revised.pdf
2015-11-11 06:49 - 2015-10-29 12:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-11 06:49 - 2015-10-29 12:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-11 06:49 - 2015-10-29 12:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-11 06:49 - 2015-10-29 12:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-11 06:49 - 2015-10-29 12:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-11-11 06:49 - 2015-10-29 12:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-11-11 06:49 - 2015-10-29 12:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-11-11 06:49 - 2015-10-19 20:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-11 06:49 - 2015-10-19 20:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-11 06:49 - 2015-10-19 20:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-11 06:49 - 2015-10-19 20:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-11 06:49 - 2015-10-19 20:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-11 06:49 - 2015-10-19 20:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-11 06:49 - 2015-10-19 20:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-11 06:49 - 2015-10-19 20:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-11 06:49 - 2015-10-19 20:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-11 06:49 - 2015-10-19 20:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-11 06:49 - 2015-10-19 20:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-11 06:49 - 2015-10-19 20:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-11 06:49 - 2015-10-19 20:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-11 06:49 - 2015-10-19 20:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-11 06:49 - 2015-10-19 20:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-11 06:49 - 2015-10-19 20:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-11 06:49 - 2015-10-19 20:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-11 06:49 - 2015-10-19 20:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-11 06:49 - 2015-10-19 20:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-11 06:49 - 2015-10-19 20:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-11 06:49 - 2015-10-19 20:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-11 06:49 - 2015-10-19 20:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-11 06:49 - 2015-10-19 20:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-11 06:49 - 2015-10-19 20:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-11 06:49 - 2015-10-19 20:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-11 06:49 - 2015-10-19 20:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-11 06:49 - 2015-10-19 20:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-11 06:49 - 2015-10-19 20:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-11 06:49 - 2015-10-19 20:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-11 06:49 - 2015-10-19 20:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-11 06:49 - 2015-10-19 20:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-11 06:49 - 2015-10-19 20:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-11 06:49 - 2015-10-19 20:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-11 06:49 - 2015-10-19 19:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-11 06:49 - 2015-10-19 19:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-11 06:49 - 2015-10-19 19:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-11 06:49 - 2015-10-19 19:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-11 06:49 - 2015-10-19 19:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-11 06:49 - 2015-10-19 19:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-11 06:49 - 2015-10-19 19:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-11 06:49 - 2015-10-19 19:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-11 06:49 - 2015-10-19 19:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-11 06:49 - 2015-10-19 19:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-11 06:49 - 2015-10-19 19:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-11 06:49 - 2015-10-19 19:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-11 06:49 - 2015-10-19 19:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-11 06:49 - 2015-10-19 19:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-11 06:49 - 2015-10-19 19:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-11 06:49 - 2015-10-19 19:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-11 06:49 - 2015-10-19 19:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-11 06:49 - 2015-10-19 19:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-11 06:49 - 2015-10-19 19:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-11 06:49 - 2015-10-19 19:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-11 06:49 - 2015-10-19 19:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-11 06:49 - 2015-10-19 19:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-11 06:49 - 2015-10-19 19:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-11 06:49 - 2015-10-19 19:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-11 06:49 - 2015-10-19 19:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-11 06:49 - 2015-10-19 19:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-11 06:49 - 2015-10-19 19:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-11 06:49 - 2015-10-19 19:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-11 06:49 - 2015-10-19 19:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 18:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-11 06:49 - 2015-10-19 18:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-11 06:49 - 2015-10-19 18:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-11 06:49 - 2015-10-19 18:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-11 06:49 - 2015-10-19 18:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-11 06:49 - 2015-10-19 18:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 18:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 18:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 06:49 - 2015-10-19 18:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-11 06:49 - 2015-10-13 11:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-11 06:49 - 2015-10-13 11:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-11 06:49 - 2015-10-12 23:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-11 06:49 - 2015-10-01 13:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-11 06:49 - 2015-10-01 13:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-11 06:49 - 2015-10-01 12:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-11 06:49 - 2015-09-23 08:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-11 06:49 - 2015-09-23 08:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-11 06:49 - 2015-09-23 08:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-10 12:10 - 2015-11-11 13:48 - 00000000 ____D C:\Users\Yeedlee\Desktop\Bar-Mitva

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-10 14:25 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2015-12-10 14:24 - 2014-11-04 19:09 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-10 14:20 - 2014-12-09 07:10 - 00000000 ____D C:\Program Files (x86)\Mozilla FireFox
2015-12-10 13:56 - 2014-12-11 14:15 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-10 13:55 - 2009-07-13 23:45 - 00023632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-10 13:55 - 2009-07-13 23:45 - 00023632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-10 13:53 - 2009-07-14 00:13 - 00786558 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-10 13:53 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2015-12-10 13:47 - 2015-03-22 12:10 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2015-12-10 13:47 - 2014-11-04 19:09 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-10 13:47 - 2013-11-26 17:35 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-12-10 13:47 - 2012-07-13 02:29 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-10 13:47 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-10 13:46 - 2012-07-11 23:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-09 16:33 - 2013-12-18 16:50 - 00000000 ____D C:\Users\Yeedlee\Desktop\Docss
2015-12-09 16:33 - 2013-09-28 21:52 - 00000000 ____D C:\Users\Yeedlee\Desktop\LOGOs
2015-12-09 15:31 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\addins
2015-12-09 13:30 - 2012-07-12 02:19 - 00000000 ____D C:\Windows\Panther
2015-12-09 04:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-12-09 03:29 - 2013-03-14 02:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-09 03:29 - 2013-03-14 02:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-09 03:29 - 2009-07-13 23:45 - 00550648 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-09 03:12 - 2013-03-14 02:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-09 03:07 - 2013-07-25 02:02 - 00000000 ____D C:\Windows\system32\MRT
2015-12-09 03:07 - 2012-07-12 00:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-09 03:01 - 2012-07-17 02:00 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-08 22:39 - 2012-07-12 00:06 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-08 18:57 - 2012-08-16 18:10 - 00000000 ____D C:\Users\Yeedlee\AppData\LocalLow\Sun
2015-12-08 18:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SchCache
2015-12-08 17:42 - 2009-07-13 21:34 - 00000215 ____C C:\Windows\system.ini
2015-12-08 17:06 - 2012-07-12 00:09 - 00002198 _____ C:\Windows\epplauncher.mif
2015-12-08 16:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-12-08 15:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Cursors
2015-12-08 15:46 - 2012-07-11 23:36 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-08 15:46 - 2012-07-11 23:36 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-08 15:46 - 2012-07-11 23:36 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-08 15:22 - 2012-07-11 23:31 - 00000000 ____D C:\Users\Yeedlee\AppData\Local\Deployment
2015-12-08 15:19 - 2014-11-04 19:09 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-08 15:19 - 2014-11-04 19:09 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-08 15:08 - 2012-07-11 23:17 - 00000000 ____D C:\Users\Yeedlee
2015-12-08 15:07 - 2014-12-11 14:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-08 15:07 - 2012-08-16 18:07 - 00000000 ____D C:\Program Files (x86)\MediaPlayerLite
2015-12-08 15:06 - 2015-11-01 15:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-12-08 15:06 - 2015-04-12 02:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-08 15:06 - 2014-12-11 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-08 15:06 - 2014-11-27 16:03 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-12-08 15:06 - 2013-06-26 15:05 - 00000000 ____D C:\Users\QBDataServiceUser22
2015-12-08 15:06 - 2012-11-19 03:01 - 00000000 ____D C:\Users\UpdatusUser
2015-12-08 15:06 - 2012-08-20 16:51 - 00000000 ____D C:\ProgramData\MFAData
2015-12-08 15:06 - 2012-08-16 18:07 - 00000000 ____D C:\Users\Yeedlee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaPlayerLite
2015-12-08 15:06 - 2012-08-16 17:45 - 00000000 ____D C:\Users\Yeedlee\Desktop\Backup
2015-12-08 15:06 - 2012-07-23 17:25 - 00000000 ____D C:\ProgramData\Protexis64
2015-12-08 15:06 - 2012-07-23 17:09 - 00000000 ____D C:\Users\Yeedlee\AppData\Roaming\uTorrent
2015-12-08 15:06 - 2012-07-17 17:43 - 00000000 ____D C:\Users\Yeedlee\Documents\PDF files
2015-12-08 15:06 - 2012-07-12 01:44 - 00000000 ____D C:\Windows\AutoKMS
2015-12-08 15:06 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-12-08 15:05 - 2014-10-30 15:33 - 00000000 ____D C:\Users\Yeedlee\Downloads\Corel Draw X7 [32-64]
2015-12-08 15:05 - 2013-12-03 13:55 - 00000000 ____D C:\Users\Yeedlee\AppData\Local\Mozilla
2015-12-08 15:05 - 2013-06-26 16:49 - 00000000 ____D C:\Users\Yeedlee\AppData\Roaming\DAEMON Tools Lite
2015-12-08 15:05 - 2013-06-26 15:27 - 00000000 ____D C:\Users\Yeedlee\AppData\Roaming\TeamViewer
2015-12-08 15:05 - 2013-06-20 11:39 - 00000000 ____D C:\Users\Yeedlee\AppData\Roaming\Skype
2015-12-08 15:05 - 2013-02-18 16:23 - 00000000 ____D C:\Users\Yeedlee\AppData\Local\Intuit
2015-12-08 15:05 - 2013-02-18 16:21 - 00000000 ____D C:\ProgramData\Intuit
2015-12-08 15:05 - 2012-08-16 17:55 - 00000000 ____D C:\Users\Yeedlee\AppData\Local\eMule
2015-12-08 15:05 - 2012-08-16 17:48 - 00000000 ____D C:\Users\Yeedlee\Desktop\docs
2015-12-08 15:05 - 2012-07-23 17:25 - 00000000 ____D C:\Users\Yeedlee\AppData\Roaming\Corel
2015-12-08 15:05 - 2012-07-23 17:24 - 00000000 ____D C:\ProgramData\Corel
2015-12-08 15:05 - 2012-07-16 13:17 - 00000000 ____D C:\Users\Yeedlee\Downloads\mflpro
2015-12-08 15:05 - 2012-07-16 12:45 - 00000000 ____D C:\Users\Yeedlee\Downloads\install
2015-12-08 15:05 - 2012-07-12 04:47 - 00000000 ____D C:\Users\Yeedlee\AppData\Local\Microsoft Games
2015-12-08 15:05 - 2012-07-11 23:36 - 00000000 ____D C:\Users\Yeedlee\AppData\Roaming\Adobe
2015-12-08 15:05 - 2012-07-11 23:31 - 00000000 ____D C:\Users\Yeedlee\AppData\Local\Google
2015-12-08 15:05 - 2009-07-14 02:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-12-08 15:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-12-08 15:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2015-12-08 14:49 - 2012-07-11 23:18 - 00000000 ____D C:\TempEI4
2015-12-08 13:34 - 2012-07-12 01:47 - 00000000 ____D C:\Users\Yeedlee\AppData\Local\Adobe
2015-12-08 13:06 - 2014-09-15 11:33 - 00000000 ____D C:\Users\Yeedlee\AppData\Roaming\Advanced Scan to PDF Free
2015-12-08 13:06 - 2013-11-13 12:44 - 00000000 ____D C:\Users\Yeedlee\AppData\Roaming\Apple Computer
2015-12-08 12:50 - 2012-07-23 11:41 - 00000000 ____D C:\Users\Yeedlee\AppData\Local\ElevatedDiagnostics
2015-12-07 15:45 - 2014-03-23 16:07 - 00000000 ____D C:\Users\Yeedlee\Downloads\xXx (2002) [1080p]
2015-12-07 15:45 - 2012-08-16 18:18 - 00000000 ____D C:\Users\Yeedlee\Downloads\The Bourne legacy 2012 ENGlISh MAxspeeD
2015-12-07 15:44 - 2012-08-30 15:15 - 00000000 ____D C:\Users\Yeedlee\Downloads\EAN-076689758989-59238
2015-12-07 15:39 - 2013-11-12 13:54 - 00000000 ____D C:\Users\Yeedlee\Desktop\Real Estate Docs
2015-12-07 15:39 - 2013-02-13 13:03 - 00000000 ____D C:\Users\Yeedlee\Desktop\Reports
2015-12-07 15:39 - 2012-08-14 16:36 - 00000000 ____D C:\Users\Yeedlee\Desktop\video
2015-12-07 15:36 - 2014-02-24 20:32 - 00000000 ____D C:\Users\Yeedlee\Desktop\New folder
2015-12-07 15:16 - 2013-07-30 16:25 - 00000000 ____D C:\Users\Yeedlee\Desktop\cisaria
2015-12-07 15:16 - 2012-08-14 16:32 - 00000000 ____D C:\Users\Yeedlee\Desktop\cam
2015-12-07 15:15 - 2013-06-26 14:45 - 00000000 ____D C:\Users\Public\Documents\Intuit
2015-12-03 14:02 - 2015-09-08 14:24 - 00000000 ___RD C:\Users\Yeedlee\Google Drive
2015-12-02 15:46 - 2015-08-10 15:41 - 00000000 ____D C:\Users\Yeedlee\Desktop\825 Mc
2015-11-29 02:50 - 2015-09-08 14:23 - 00002042 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-11-29 02:50 - 2015-09-08 14:23 - 00002040 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-11-29 02:50 - 2015-09-08 14:23 - 00002030 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-11-29 02:50 - 2015-09-08 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-11-25 12:31 - 2015-05-13 15:15 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2015-11-18 16:02 - 2012-07-23 17:25 - 00000000 ____D C:\Users\Yeedlee\Documents\Corel
2015-11-16 15:52 - 2013-06-26 14:40 - 00000000 ____D C:\ProgramData\WinZip
2015-11-15 19:00 - 2012-07-11 23:31 - 00153328 _____ C:\Users\Yeedlee\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-13 12:22 - 2012-07-23 12:33 - 00000000 ____D C:\Users\Yeedlee\Documents\Outlook Files
2015-11-12 03:36 - 2009-07-14 02:46 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-12 03:01 - 2012-07-12 00:04 - 00778680 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-11 17:30 - 2012-07-12 00:17 - 00000000 ____D C:\Users\Yeedlee\AppData\Local\Microsoft Help

==================== Files in the root of some directories =======

2014-10-30 17:47 - 2014-10-30 17:47 - 0000448 ____H () C:\Users\Yeedlee\AppData\Roaming\麽鎒駓覜
2012-08-14 16:26 - 2013-07-25 14:52 - 0120832 _____ () C:\Users\Yeedlee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-01 19:32 - 2014-12-01 19:32 - 0000010 _____ () C:\Users\Yeedlee\AppData\Local\DSI.DAT
2015-04-18 10:44 - 2015-04-18 10:44 - 0045692 _____ () C:\Users\Yeedlee\AppData\Local\HELP_DECRYPT.PNG
2015-04-18 10:44 - 2015-04-18 10:44 - 0000296 _____ () C:\Users\Yeedlee\AppData\Local\HELP_DECRYPT.URL
2008-02-05 13:28 - 2008-02-05 13:28 - 0000336 _____ () C:\Users\Yeedlee\AppData\Local\setup.txt
2015-12-09 13:48 - 2015-12-09 13:48 - 0171305 _____ () C:\ProgramData\1449686761.bdinstall.bin
2014-10-30 17:47 - 2014-12-11 16:04 - 0000680 _____ () C:\ProgramData\@system.temp
2014-10-30 17:48 - 2014-12-11 16:05 - 0000416 ____H () C:\ProgramData\@system3.att
2015-04-18 10:44 - 2015-04-18 10:44 - 0045692 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-04-18 10:44 - 2015-04-18 10:44 - 0000296 _____ () C:\ProgramData\HELP_DECRYPT.URL

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-10 00:27

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-12-2015
Ran by Yeedlee (2015-12-10 14:27:02)
Running from C:\Users\Yeedlee\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2012-07-12 04:17:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-16270590-503425559-2023930739-500 - Administrator - Disabled)
Guest (S-1-5-21-16270590-503425559-2023930739-501 - Limited - Disabled)
QBDataServiceUser22 (S-1-5-21-16270590-503425559-2023930739-1002 - Limited - Enabled) => C:\Users\QBDataServiceUser22
UpdatusUser (S-1-5-21-16270590-503425559-2023930739-1001 - Limited - Enabled) => C:\Users\UpdatusUser
Yeedlee (S-1-5-21-16270590-503425559-2023930739-1000 - Administrator - Enabled) => C:\Users\Yeedlee

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: AVG Anti-Virus Free Edition 2012 (Disabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: AVG Anti-Virus Free Edition 2012 (Disabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-16270590-503425559-2023930739-1000\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version: - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Advanced Scan to PDF Free 4.5.4 (HKLM-x32\...\Advanced Scan to PDF Free_is1) (Version: - PDFCore Co., Ltd.)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AVG 2012 (Version: 12.0.2197 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.2221 - AVG Technologies) Hidden
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.2890 - AVG Technologies)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite DCP-L2540DW series (HKLM-x32\...\{F8ECC2FD-CE2B-4ED4-BDCC-90D0D34206FD}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
Brother MFL-Pro Suite MFC-7360N (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
Brother MFL-Pro Suite MFC-8480DN (HKLM-x32\...\{004B8D14-7E3A-490A-ABB3-753535E169E3}) (Version: 1.0.5.0 - Brother Industries, Ltd.)
CGS17_Setup_x64 (Version: 17.0 - Corel Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel Graphics - Windows Shell Extension (HKLM\...\_{4AB916EE-ABA8-4079-9889-745798B6D809}) (Version: 17.0.0.491 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 17.0.491 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 17.0.491 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - EN (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.0.0.491 - Corel Corporation)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
DWACS 1.0.6.3 (HKLM-x32\...\ACS_is1) (Version: 1.0.6.3 - )
eMule (HKLM-x32\...\eMule) (Version: - )
Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{ADA8583A-C20B-414B-8CB7-3AA7A89F7952}) (Version: 7.1.4.1529 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GroupMail :: Free Edition (HKLM-x32\...\{72FC0445-FE6D-4E12-815B-3A8C5E3704DA}_is1) (Version: 6.0.0.16 - Infacta Ltd.)
iCloud (HKLM\...\{B33C558F-772F-4308-A059-390FBF9BAAAE}) (Version: 5.0.2.61 - Apple Inc.)
InstaCodecs (HKLM-x32\...\InstaCodecs_is1) (Version: 1.0 - )
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Integrator Assistant (HKLM-x32\...\{D1A35687-AEA9-422C-B237-FC4F8136B6F6}) (Version: 1.0.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.21.1134 - Intel Corporation)
Intel® Network Connections 16.5.2.0 (HKLM\...\PROSetDX) (Version: 16.5.2.0 - Intel)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
iSkysoft Video Editor(Build 4.7.2) (HKLM-x32\...\iSkysoft Video Editor_is1) (Version: - iSkysoft Software)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Kutools for Excel 11.0.0.228 (HKLM-x32\...\{A095BA43-4A97-4D55-8E25-A0BC46F10765}_is1) (Version: 11.0.0.0 - Detong)
LogMeIn (HKLM-x32\...\{36E0F777-19FE-4454-BB2D-84206758EA85}) (Version: 4.1.2651 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.0.318.3 - McAfee, Inc.)
MediaPlayerLite 0.3 (HKLM-x32\...\MediaPlayerLite) (Version: 0.3 - Amnis Technology Ltd)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Language Pack 2010 - Hebrew עברית (HKLM\...\Office14.OMUI.he-il) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
pdfFactory (HKLM\...\pdfFactory) (Version: 4.64 - FinePrint Software, LLC)
PDFlite 0.7 (HKLM-x32\...\PDFlite) (Version: 0.7 - Amnis Technology Ltd)
QuickBooks (x32 Version: 21.0.4003.904 - Intuit Inc.) Hidden
QuickBooks Pro 2011 (HKLM-x32\...\{11E0AC7D-6822-4F67-865F-EE1C13D28C38}) (Version: 21.0.4003.904 - Intuit Inc.)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6449 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.27.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.27.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 64-Bit Edition (HKLM\...\{90140000-0100-040D-1000-0000000FF1CE}_Office14.OMUI.he-il_{BDD2C3E1-72A5-4EE6-A24D-EA97ED937D8A}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 64-Bit Edition (Version: - Microsoft) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sohodox 8 (HKLM-x32\...\Sohodox_is1) (Version: 8 - ITAZ)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
UltraISO Premium V9.53 (HKLM-x32\...\UltraISO_is1) (Version: - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Web Components (HKLM-x32\...\{03B13AF8-9625-478A-AF0E-205337B9415A}_is1) (Version: - )
WinZip 20.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240EF}) (Version: 20.0.11659 - WinZip Computing, S.L. )
Wise Video Converter 1.42 (HKLM-x32\...\Wise Video Converter_is1) (Version: 1.42 - WiseCleaner.com, Inc.)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-16270590-503425559-2023930739-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Yeedlee\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-16270590-503425559-2023930739-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Yeedlee\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-16270590-503425559-2023930739-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-16270590-503425559-2023930739-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Yeedlee\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

==================== Restore Points =========================

04-12-2015 01:47:17 Windows Update
07-12-2015 12:25:48 Windows Update
08-12-2015 15:03:30 Restore Operation
08-12-2015 15:50:35 Windows Update
09-12-2015 03:00:17 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-12-08 17:41 - 2015-12-08 17:42 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03AD7BA1-6BE4-4C17-BFB7-631363F53EC8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-08] (Adobe Systems Incorporated)
Task: {0694C231-F743-44F3-80DD-C7E9C2F673A9} - System32\Tasks\Win Installer => C:\Users\Yeedlee\AppData\Roaming\Updater\winupd.exe <==== ATTENTION
Task: {0B9133A3-3CD3-466F-A99A-6CDA17BABDDA} - \Security Center Update - 1542678901 -> No File <==== ATTENTION
Task: {1A4FCD4F-B84A-4E53-9EE7-CE90477800AE} - \AmiUpdXp -> No File <==== ATTENTION
Task: {313F61B6-387F-4CB3-AF22-B92EF273EFF3} - System32\Tasks\RunAsStdUser Task => C:\Users\Yeedlee\AppData\Local\gigglinggamesSA\bin\1.0.6.0\GigglingGamesSA.exe <==== ATTENTION
Task: {32103AC6-AA21-4B4E-AB50-B7B02A9A6117} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {3E4DAC36-CE25-4B81-8B61-0176EDDE4C2E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {4BD6D833-2AF1-4AA4-80AE-F0E258A63030} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {4D6CC00F-CCD5-4894-A3D5-C897A9516EEA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {4F3B6862-C158-427B-940C-941F9C659A5B} - System32\Tasks\{0DE0F9B5-E9EB-E839-6B38-3E2B5DED7636} => /s "C:\Users\Yeedlee\AppData\Roaming\cyutrhm.dll"
Task: {54CB1741-9F11-4C05-A363-401F6021E886} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-01-07] ()
Task: {63B0C1F3-E12D-452A-BAF2-6B4FCE4BE225} - \GoforFilesUpdate -> No File <==== ATTENTION
Task: {76CF99E5-6906-49C8-ACD9-E63FD6538FC8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {7E5E1E2F-20B4-46A1-A747-E4D56599DCF6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {800C178E-835C-41E6-96F1-6089CD6959DD} - System32\Tasks\{8DE77B7F-CFFF-F20A-DA1A-9223D3F6F2AD} => /s "C:\Users\Yeedlee\AppData\Roaming\nbfnc.dll"
Task: {8554D84D-B677-4CE3-961B-95ABB7D0CCF7} - \Malware Cleaner -> No File <==== ATTENTION
Task: {86F0D7D9-A808-4687-8CE3-1D51936C6AC5} - \Security Center Update - 3427795213 -> No File <==== ATTENTION
Task: {90C5015C-25F7-47EA-BFBC-1318F1C1EA56} - \DSite -> No File <==== ATTENTION
Task: {9D08F500-3FCB-4AEA-AA49-B9A857004EA7} - \YourFile DownloaderUpdate -> No File <==== ATTENTION
Task: {ABB46F83-0B2F-49E6-BB2F-4AF601511E5F} - System32\Tasks\{33A070AE-CA3D-4553-89F4-8D081A08C7E9} => pcalua.exe -a E:\unInstaller.exe -d E:\
Task: {BAEA3793-1643-4EB0-B8F3-07613AA56CA6} - \BackgroundContainer Startup Task -> No File <==== ATTENTION
Task: {BEE9C81A-0465-430A-AFB4-476D4E296344} - System32\Tasks\Games\UpdateCheck_S-1-5-21-16270590-503425559-2023930739-1000
Task: {DD6AEF60-4F26-4631-8D15-F88DA38F7B31} - System32\Tasks\{6E59C2B4-4DE5-4578-A0A6-E71C5EA1846A} => pcalua.exe -a E:\DivXInstaller.exe -d E:\
Task: {E2C5A29E-B7EB-4447-B9C4-0B1E9A8DCE4E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {E5FB5832-9FC1-4533-9DC3-1B9D65055C25} - \Security Center Update - 917666673 -> No File <==== ATTENTION
Task: {E7CDF314-A866-48E7-8E29-4DDB9673C4E1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {EACC1A50-23B6-4340-B7C7-32AC2CF3693F} - \Security Center Update - 1413389308 -> No File <==== ATTENTION
Task: {F2CB145D-454F-4615-B4A0-6F85BD2E7C7F} - \Security Center Update - 693789788 -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-12-09 13:46 - 2013-03-19 12:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2015-12-09 13:46 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2012-07-12 01:46 - 2005-03-11 19:07 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2015-05-15 15:26 - 2015-05-15 15:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-09-17 16:04 - 2010-09-17 16:04 - 01251840 _____ () C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
2012-07-13 02:27 - 2013-01-18 10:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-07-16 13:17 - 2005-04-22 12:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2014-10-18 22:54 - 2014-10-18 22:54 - 03166208 _____ () C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll
2010-01-09 19:17 - 2010-01-09 19:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 00:40 - 2010-01-21 00:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-12-08 15:56 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-12-08 15:56 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-12-08 15:56 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-12-08 15:56 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-12-08 15:56 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-07-16 12:46 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2015-11-15 19:00 - 2014-09-11 18:58 - 01498112 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2015-11-15 19:00 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
2015-12-10 13:47 - 2015-12-10 13:47 - 00098816 _____ () C:\Users\Yeedlee\AppData\Local\Temp\_MEI56562\win32api.pyd
2015-12-10 13:47 - 2015-12-10 13:47 - 00110080 _____ () C:\Users\Yeedlee\AppData\Local\Temp\_MEI56562\pywintypes27.dll
2015-12-10 13:47 - 2015-12-10 13:47 - 00364544 _____ () C:\Users\Yeedlee\AppData\Local\Temp\_MEI56562\pythoncom27.dll
2015-12-10 13:47 - 2015-12-10 13:47 - 00046080 _____ () C:\Users\Yeedlee\AppData\Local\Temp\_MEI56562\_socket.pyd
2015-12-10 13:47 - 2015-12-10 13:47 - 01208320 _____ () C:\Users\Yeedlee\AppData\Local\Temp\_MEI56562\_ssl.pyd
2015-12-10 13:47 - 2015-12-10 13:47 - 00320512 _____ () C:\Users\Yeedlee\AppData\Local\Temp\_MEI56562\win32com.shell.shell.pyd
2015-12-10 13:47 - 2015-12-10 13:47 - 00776704 _____ () C:\Users\Yeedlee\AppData\Local\Temp\_MEI56562\_hashlib.pyd
2015-12-10 13:47 - 2015-12-10 13:47 - 01176576 _____ () C:\Users\Yeedlee\AppData\Local\Temp\_MEI56562\wx._core_.pyd
2015-12-10 13:47 - 2015-12-10 13:47 - 00806400 _____ () C:\Users\Yeedlee\AppData\Local\Temp\_MEI56562\wx._gdi_.pyd
2015-12-10 13:47 - 2015-12-10 13:47 - 00816128 _____ () C:\Users\Yeedlee\AppData\Local\Temp\_MEI56562\wx._windows_.pyd
2015-12-10 13:47 - 2015-12-10 13:47 - 01067008 _____ () C:\Users\Yeedlee\AppData\Local\Temp\_MEI56562\wx._controls_.pyd
2015-12-10 13:47 - 2015-12-10 13:47 - 00733184 _____ () C:\Users\Yeedlee\AppData\Local\Temp\_MEI56562\wx._misc_.pyd
2015-12-10 13:47 - 2015-12-10 13:47 - 00682496 _____ () C:\Users\Yeedlee\AppData\Local\Temp\_MEI56562\pysqlite2._sqlite.pyd
2015-12-10 13:47 - 2015-12-10 13:47 - 00088064 _____ () C:\Users\Yeedlee\AppData\Local\Temp\_MEI56562\_ctypes.pyd
2015-12-10 13:47 - 2015-12-10 13:47 - 00119808 _____ () C:\Users\Yeedlee\AppData\Local\Temp\_MEI56562\win32file.pyd
2015-12-10 13:47 - 2015-12-10 13:47 - 00108544 _____ () C:\Users\Yeedlee\AppData\Local\Temp\_MEI56562\win32security.pyd
2015-12-10 13:47 - 2015-12-10 13:47 - 00007168 _____ () C:\Users\Yeedlee\AppData\Local\Temp\_MEI56562\hashobjs_ext.pyd
2015-12-10 13:47 - 2015-12-10 13:47 - 00017920 _____ () C:\Users\Yeedlee\AppData\Local\Temp\_MEI56562\thumbnails_ext.pyd
2015-12-10 13:47 - 2015-12-10 13:47 - 00079360 _____ () C:\Users\Yeedlee\AppData\Local\Temp\_MEI56562\usb_ext.pyd
2015-12-10 13:47 - 2015-12-10 13:47 - 00167936 _____ () C:\Users\Yeedlee\AppData\Local\Temp\_MEI56562\win32gui.pyd
2015-12-10 13:47 - 2015-12-10 13:47 - 00018432 _____ () C:\Users\Yeedlee\AppData\Local\Temp\_MEI56562\win32event.pyd
2015-12-10 13:47 - 2015-12-10 13:47 - 00128512 _____ () C:\Users\Yeedlee\AppData\Local\Temp\_MEI56562\_elementtree.pyd
2015-12-10 13:47 - 2015-12-10 13:47 - 00127488 _____ () C:\Users\Yeedlee\AppData\Local\Temp\_MEI56562\pyexpat.pyd
2015-12-10 13:47 - 2015-12-10 13:47 - 00013824 _____ () C:\Users\Yeedlee\AppData\Local\Temp\_MEI56562\common.time34.pyd
2015-12-10 13:47 - 2015-12-10 13:47 - 00036864 _____ () C:\Users\Yeedlee\AppData\Local\Temp\_MEI56562\_psutil_windows.pyd
2015-12-10 13:47 - 2015-12-10 13:47 - 00038912 _____ () C:\Users\Yeedlee\AppData\Local\Temp\_MEI56562\win32inet.pyd
2015-12-10 13:47 - 2015-12-10 13:47 - 00525640 _____ () C:\Users\Yeedlee\AppData\Local\Temp\_MEI56562\windows._lib_cacheinvalidation.pyd
2015-12-10 13:47 - 2015-12-10 13:47 - 00011264 _____ () C:\Users\Yeedlee\AppData\Local\Temp\_MEI56562\win32crypt.pyd
2015-12-10 13:47 - 2015-12-10 13:47 - 00077312 _____ () C:\Users\Yeedlee\AppData\Local\Temp\_MEI56562\wx._html2.pyd
2015-12-10 13:47 - 2015-12-10 13:47 - 00027136 _____ () C:\Users\Yeedlee\AppData\Local\Temp\_MEI56562\_multiprocessing.pyd
2015-12-10 13:47 - 2015-12-10 13:47 - 00020480 _____ () C:\Users\Yeedlee\AppData\Local\Temp\_MEI56562\_yappi.pyd
2015-12-10 13:47 - 2015-12-10 13:47 - 00035840 _____ () C:\Users\Yeedlee\AppData\Local\Temp\_MEI56562\win32process.pyd
2015-12-10 13:47 - 2015-12-10 13:47 - 00686080 _____ () C:\Users\Yeedlee\AppData\Local\Temp\_MEI56562\unicodedata.pyd
2015-12-10 13:47 - 2015-12-10 13:47 - 00123392 _____ () C:\Users\Yeedlee\AppData\Local\Temp\_MEI56562\wx._wizard.pyd
2015-12-10 13:47 - 2015-12-10 13:47 - 00024064 _____ () C:\Users\Yeedlee\AppData\Local\Temp\_MEI56562\win32pipe.pyd
2015-12-10 13:47 - 2015-12-10 13:47 - 00010240 _____ () C:\Users\Yeedlee\AppData\Local\Temp\_MEI56562\select.pyd
2015-12-10 13:47 - 2015-12-10 13:47 - 00025600 _____ () C:\Users\Yeedlee\AppData\Local\Temp\_MEI56562\win32pdh.pyd
2015-12-10 13:47 - 2015-12-10 13:47 - 00017408 _____ () C:\Users\Yeedlee\AppData\Local\Temp\_MEI56562\win32profile.pyd
2015-12-10 13:47 - 2015-12-10 13:47 - 00022528 _____ () C:\Users\Yeedlee\AppData\Local\Temp\_MEI56562\win32ts.pyd
2015-12-10 13:47 - 2015-12-10 13:47 - 00078848 _____ () C:\Users\Yeedlee\AppData\Local\Temp\_MEI56562\wx._animate.pyd
2010-01-09 19:18 - 2010-01-09 19:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 00:34 - 2010-01-21 00:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-12-09 07:10 - 2014-12-09 07:10 - 03758192 _____ () C:\Program Files (x86)\Mozilla FireFox\mozjs.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Yeedlee\Downloads\ChromeSetup.exe:BDU
AlternateDataStreams: C:\Users\Yeedlee\Downloads\EmsisoftEmergencyKit.exe:BDU
AlternateDataStreams: C:\Users\Yeedlee\Downloads\FRST64.exe:BDU

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.

IE restricted site: HKU\S-1-5-21-16270590-503425559-2023930739-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-16270590-503425559-2023930739-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-16270590-503425559-2023930739-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-16270590-503425559-2023930739-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-16270590-503425559-2023930739-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-16270590-503425559-2023930739-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-16270590-503425559-2023930739-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-16270590-503425559-2023930739-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-16270590-503425559-2023930739-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-16270590-503425559-2023930739-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-16270590-503425559-2023930739-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-16270590-503425559-2023930739-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-16270590-503425559-2023930739-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-16270590-503425559-2023930739-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-16270590-503425559-2023930739-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-16270590-503425559-2023930739-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-16270590-503425559-2023930739-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-16270590-503425559-2023930739-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-16270590-503425559-2023930739-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-16270590-503425559-2023930739-1000\...\123simsen.com -> www.123simsen.com

There are 7864 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-16270590-503425559-2023930739-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Yeedlee\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk => C:\Windows\pss\Intuit Data Protect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\Windows\pss\QuickBooks_Standard_21.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AVG_TRAY => "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: ControlCenter4 => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
MSCONFIG\startupreg: SearchProtectAll => C:\Program Files (x86)\SearchProtect\bin\cltmng.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{04BC0EDE-F9D1-4AAF-83F4-C92DA8213101}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{341C814F-5B0D-4EAB-B870-657C5A59DAED}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{976295AA-2F77-464B-BC02-8751657EF33F}] => (Allow) C:\Program Files (x86)\Brother\Brmfl08i\FAXRX.exe
FirewallRules: [{5E09A9E8-2418-4319-9883-3519278270C2}] => (Allow) C:\Program Files (x86)\Brother\Brmfl08i\FAXRX.exe
FirewallRules: [{2AED5931-8DB9-449E-8670-256B45814F77}] => (Allow) LPort=54925
FirewallRules: [TCP Query User{2F8CE988-1113-4710-AB8B-8B6F16E9B7ED}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [UDP Query User{F703DCB0-C971-455E-995A-1C81480E3CA8}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [TCP Query User{CBB5A0A1-2438-47CA-AC8E-4EEBF9ED0E68}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{080AE4E9-8071-46AB-9EB2-2FF165736879}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{316CAE89-2574-42EB-8CF9-72E3C8BD8F23}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{79D0E440-C3B1-459C-94EE-1AC09332B18B}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
FirewallRules: [{06155739-0357-4DE8-A178-6520C190FBD7}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{0CB06FC4-A97F-4F44-B4D4-042D7DC0F00F}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
FirewallRules: [{3A656C03-8551-4BD8-8747-4793BE3442A8}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{5A2FEF0A-DBFB-43A1-8EE0-5A8F42D32AB8}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
FirewallRules: [{26488E03-4E52-4D1D-9EF4-5BDCA9806DD7}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{289568C9-A5DC-4811-BC56-71361247C923}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
FirewallRules: [{84967F2C-8E4E-4F55-987C-5F9E6CE6425F}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{233381D8-F1E8-4B0E-B42A-385BB16EBCCD}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{D210C89D-9264-4A6B-AE89-88D00F90D065}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{751DBD87-9CAC-4D48-A3A5-B993A97E3A25}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{4FA0C59E-C40F-41BD-A690-B6179B83AC28}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe
FirewallRules: [{E669BC51-2898-4E1D-9C66-CA9794C8FA6F}] => (Allow) C:\Program Files (x86)\GoforFiles\goforfilesdl.exe
FirewallRules: [{EF693158-E0CF-4877-9B56-C94ABFFD467D}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe
FirewallRules: [{C58F745F-A670-4C58-AE9D-6C5CECB41E25}] => (Allow) C:\Program Files (x86)\GoforFiles\GoforFiles.exe
FirewallRules: [{0C991798-1AA0-40E9-A7C4-A84FC7B6AE05}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{276CC6AA-1BEF-4B1E-9550-FA9E3D60B0BF}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe
FirewallRules: [{6C899093-2C38-4F19-9FD6-2117E2BC04FB}] => (Allow) C:\Program Files (x86)\YourFileDownloader\Downloader.exe
FirewallRules: [{C22C6463-9965-4DCA-B0FE-F0493AA8B7DB}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFile.exe
FirewallRules: [{CDA07B76-A853-43DE-A30B-CA69659F32E3}] => (Allow) C:\Program Files (x86)\YourFileDownloader\YourFile.exe
FirewallRules: [{26AC0E1B-F61B-4C97-BB63-AA92441FBFE5}] => (Allow) C:\Users\Yeedlee\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7848DC91-5A8F-45F7-A152-82DFFC3AE181}] => (Allow) C:\Users\Yeedlee\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F19D257F-2FAF-46AC-8332-4355837AA712}] => (Allow) C:\Users\Yeedlee\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EC1B63F5-AF60-47EE-94C9-ACC943320175}] => (Allow) C:\Users\Yeedlee\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4D130687-19A3-49A2-A37D-6D453C274A7C}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{D684C9C7-788F-4CB1-A3BE-A423F39C283C}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{DE341100-7D2F-492E-BAE6-7CCA135099AB}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe
FirewallRules: [{1E7E16E9-824A-4D25-8FFD-93BDA4C6AFFC}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe
FirewallRules: [{3D5DD30C-4538-4599-987C-634720BC387E}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{A2A0CBBD-FE61-4A81-891E-327B2DE6FC2F}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{9D467425-B4A4-4A19-8C5A-FE3FC549F51B}] => (Allow) C:\Windows\SysWOW64\explorer.exe
FirewallRules: [{961815A8-77E2-4B35-898B-94B3998E9642}] => (Allow) C:\Windows\SysWOW64\explorer.exe
FirewallRules: [TCP Query User{59CC7923-0DF4-44EA-8BFB-CAA274F82CF4}C:\program files (x86)\acs\acs\acs.exe] => (Allow) C:\program files (x86)\acs\acs\acs.exe
FirewallRules: [UDP Query User{8CAC6CD6-C580-483A-A679-30DF40FA880E}C:\program files (x86)\acs\acs\acs.exe] => (Allow) C:\program files (x86)\acs\acs\acs.exe
FirewallRules: [{8BE8A141-28BB-4678-81ED-F6C463596B08}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B77B9AED-047D-4EEA-88C5-FAB84FB3B6A7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C6B4BA36-405B-4CCD-811A-99E074C69588}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{57019D00-EC3F-4F95-B073-9C1E4B7FACDC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{309CF622-E395-4912-87A8-5ED9A351554A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A7C96020-1370-4460-8FE3-D4A68F16CC26}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8069104D-9825-436A-8EBA-451088BB1ED0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E4787CD8-2825-442D-B3E3-F1950798EBC5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{24BD6759-EE5C-4E49-BEE7-C4942CAB3B46}] => (Allow) C:\Program Files\iTunes\iTunes.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: iocbios2
Description: iocbios2
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: iocbios2
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/08/2015 03:27:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.55.0, time stamp: 0x557a2a02
Faulting module name: mbam.exe, version: 2.3.55.0, time stamp: 0x557a2a02
Exception code: 0xc0000005
Fault offset: 0x001de590
Faulting process id: 0xe20
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (12/08/2015 03:19:21 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (12/07/2015 03:02:19 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/07/2015 03:02:19 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/07/2015 03:02:19 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/07/2015 03:02:19 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (12/07/2015 03:02:19 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/07/2015 03:02:19 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (12/07/2015 03:02:19 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/07/2015 03:02:19 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (12/10/2015 01:49:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (12/10/2015 01:49:17 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (12/10/2015 01:47:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater17.1.3 service failed to start due to the following error:
%%2

Error: (12/10/2015 01:47:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The iocbios2 service failed to start due to the following error:
%%3

Error: (12/10/2015 01:37:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ITAZ Sohodox Indexing Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/10/2015 01:36:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ITAZ Sohodox Folder Monitor Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/10/2015 01:31:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (12/10/2015 01:31:24 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (12/10/2015 01:29:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater17.1.3 service failed to start due to the following error:
%%2

Error: (12/10/2015 01:29:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The iocbios2 service failed to start due to the following error:
%%3


CodeIntegrity:
===================================
Date: 2015-12-08 17:40:39.408
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-08 17:40:39.267
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i7-3820 CPU @ 3.60GHz
Percentage of memory in use: 51%
Total physical RAM: 8116.29 MB
Available physical RAM: 3951.23 MB
Total Virtual: 16230.78 MB
Available Virtual: 11335.23 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:238.37 GB) (Free:14.31 GB) NTFS
Drive e: (OFFICE14) (CDROM) (Total:0.45 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 62BEB42E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 11 December 2015 - 10:35 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:00 PM

Posted 11 December 2015 - 10:59 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

You are running the Farbar tool from this folder in bold C:\Users\Yeedlee\Downloads
Please copy the program to your Desktop.
Place the Fixlist.txt that you will create on the Desktop also, run the tool and click the fix button.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
GroupPolicyScripts: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-16270590-503425559-2023930739-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
Toolbar: HKU\S-1-5-21-16270590-503425559-2023930739-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF SelectedSearchEngine: Astromenda
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF user.js: detected! => C:\Users\Yeedlee\AppData\Roaming\Mozilla\Firefox\Profiles\diberuil.default\user.js [2015-12-08]
FF Extension: idms20.CFieldInteger - C:\Users\Yeedlee\AppData\Roaming\Mozilla\Firefox\Profiles\diberuil.default\Extensions\{4B147F4F-1D67-041C-3310-6D34F561F8F4} [2015-12-08] [not signed]
S2 vToolbarUpdater17.1.3; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe [X]
CustomCLSID: HKU\S-1-5-21-16270590-503425559-2023930739-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Yeedlee\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-16270590-503425559-2023930739-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Yeedlee\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-16270590-503425559-2023930739-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Yeedlee\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {0694C231-F743-44F3-80DD-C7E9C2F673A9} - System32\Tasks\Win Installer => C:\Users\Yeedlee\AppData\Roaming\Updater\winupd.exe <==== ATTENTION
Task: {0B9133A3-3CD3-466F-A99A-6CDA17BABDDA} - \Security Center Update - 1542678901 -> No File <==== ATTENTION
Task: {1A4FCD4F-B84A-4E53-9EE7-CE90477800AE} - \AmiUpdXp -> No File <==== ATTENTION
Task: {313F61B6-387F-4CB3-AF22-B92EF273EFF3} - System32\Tasks\RunAsStdUser Task => C:\Users\Yeedlee\AppData\Local\gigglinggamesSA\bin\1.0.6.0\GigglingGamesSA.exe <==== ATTENTION
Task: {4F3B6862-C158-427B-940C-941F9C659A5B} - System32\Tasks\{0DE0F9B5-E9EB-E839-6B38-3E2B5DED7636} => /s "C:\Users\Yeedlee\AppData\Roaming\cyutrhm.dll"
Task: {63B0C1F3-E12D-452A-BAF2-6B4FCE4BE225} - \GoforFilesUpdate -> No File <==== ATTENTION
Task: {800C178E-835C-41E6-96F1-6089CD6959DD} - System32\Tasks\{8DE77B7F-CFFF-F20A-DA1A-9223D3F6F2AD} => /s "C:\Users\Yeedlee\AppData\Roaming\nbfnc.dll"
Task: {8554D84D-B677-4CE3-961B-95ABB7D0CCF7} - \Malware Cleaner -> No File <==== ATTENTION
Task: {86F0D7D9-A808-4687-8CE3-1D51936C6AC5} - \Security Center Update - 3427795213 -> No File <==== ATTENTION
Task: {90C5015C-25F7-47EA-BFBC-1318F1C1EA56} - \DSite -> No File <==== ATTENTION
Task: {9D08F500-3FCB-4AEA-AA49-B9A857004EA7} - \YourFile DownloaderUpdate -> No File <==== ATTENTION
Task: {BAEA3793-1643-4EB0-B8F3-07613AA56CA6} - \BackgroundContainer Startup Task -> No File <==== ATTENTION
Task: {E5FB5832-9FC1-4533-9DC3-1B9D65055C25} - \Security Center Update - 917666673 -> No File <==== ATTENTION
Task: {EACC1A50-23B6-4340-B7C7-32AC2CF3693F} - \Security Center Update - 1413389308 -> No File <==== ATTENTION
Task: {F2CB145D-454F-4615-B4A0-6F85BD2E7C7F} - \Security Center Update - 693789788 -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Yeedlee\Downloads\ChromeSetup.exe:BDU
AlternateDataStreams: C:\Users\Yeedlee\Downloads\EmsisoftEmergencyKit.exe:BDU
AlternateDataStreams: C:\Users\Yeedlee\Downloads\FRST64.exe:BDU
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
C:\Users\Yeedlee\AppData\Roaming\麽鎒駓覜
C:\Users\Yeedlee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Yeedlee\AppData\Local\DSI.DAT
C:\Users\Yeedlee\AppData\Local\HELP_DECRYPT.PNG
C:\Users\Yeedlee\AppData\Local\HELP_DECRYPT.URL
C:\Users\Yeedlee\AppData\Local\setup.txt
C:\ProgramData\1449686761.bdinstall.bin
C:\ProgramData\@system.temp
C:\ProgramData\@system3.att
C:\ProgramData\HELP_DECRYPT.PNG
C:\ProgramData\HELP_DECRYPT.URL
C:\Users\Yeedlee\AppData\Roaming\Updater\winupd.exe
S4 LMIRfsClientNP; no ImagePath
S1 abthuqyi; \??\C:\Windows\system32\drivers\abthuqyi.sys [X]
S1 awvaokur; \??\C:\Windows\system32\drivers\awvaokur.sys [X]
S3 BTMCOM; System32\Drivers\btmcom.sys [X]
S1 byatgtsw; \??\C:\Windows\system32\drivers\byatgtsw.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 ceynernw; \??\C:\Windows\system32\drivers\ceynernw.sys [X]
S1 dblhmljm; \??\C:\Windows\system32\drivers\dblhmljm.sys [X]
S1 dfokymkf; \??\C:\Windows\system32\drivers\dfokymkf.sys [X]
S1 dkacdnir; \??\C:\Windows\system32\drivers\dkacdnir.sys [X]
S1 eqyxgchq; \??\C:\Windows\system32\drivers\eqyxgchq.sys [X]
S1 fjyhvucj; \??\C:\Windows\system32\drivers\fjyhvucj.sys [X]
S1 fkgugtyp; \??\C:\Windows\system32\drivers\fkgugtyp.sys [X]
S1 gcfzltif; \??\C:\Windows\system32\drivers\gcfzltif.sys [X]
S1 gndyvqyc; \??\C:\Windows\system32\drivers\gndyvqyc.sys [X]
S1 hibtknly; \??\C:\Windows\system32\drivers\hibtknly.sys [X]
S1 hnuywlby; \??\C:\Windows\system32\drivers\hnuywlby.sys [X]
S2 iocbios2; \??\C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [X]
S1 izsugzag; \??\C:\Windows\system32\drivers\izsugzag.sys [X]
S1 jjtjbfyp; \??\C:\Windows\system32\drivers\jjtjbfyp.sys [X]
S1 jnxqkyny; \??\C:\Windows\system32\drivers\jnxqkyny.sys [X]
S1 llimubvo; \??\C:\Windows\system32\drivers\llimubvo.sys [X]
S1 mqudjcyp; \??\C:\Windows\system32\drivers\mqudjcyp.sys [X]
S1 mrxsaxmz; \??\C:\Windows\system32\drivers\mrxsaxmz.sys [X]
S1 mvygfezw; \??\C:\Windows\system32\drivers\mvygfezw.sys [X]
S1 myeeeofl; \??\C:\Windows\system32\drivers\myeeeofl.sys [X]
S1 nckxdptq; \??\C:\Windows\system32\drivers\nckxdptq.sys [X]
S1 pgzbcnqt; \??\C:\Windows\system32\drivers\pgzbcnqt.sys [X]
S1 qkahhthw; \??\C:\Windows\system32\drivers\qkahhthw.sys [X]
S1 riacfmoe; \??\C:\Windows\system32\drivers\riacfmoe.sys [X]
S1 rijjboxp; \??\C:\Windows\system32\drivers\rijjboxp.sys [X]
S1 rmbdiknd; \??\C:\Windows\system32\drivers\rmbdiknd.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S1 tsgrbqrj; \??\C:\Windows\system32\drivers\tsgrbqrj.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S1 ubvwtnht; \??\C:\Windows\system32\drivers\ubvwtnht.sys [X]
S1 uudhulxf; \??\C:\Windows\system32\drivers\uudhulxf.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\Yeedlee\AppData\Roaming\Mozilla\Firefox\Profiles\diberuil.default\Extensions\{4B147F4F-1D67-041C-3310-6D34F561F8F4}

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
===

How is the compuer running now?

#3 shulemmosko

shulemmosko
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:00 PM

Posted 11 December 2015 - 12:39 PM

Tnx a lot for your help i really appreciate it!
 
virus is still coming back, see attached malwarebytes screenshot.
 
also i attached fixlog.txt adwcleaner log and jrt log
and a new frst.txt and addition.txt
 
Tnx.

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:00 PM

Posted 11 December 2015 - 02:06 PM

If not already done please run the AdwCleaner tool and clean everything that will be found.
===

Delete the folder in bold.
C:\Users\Yeedlee\AppData\Local\Temp\_MEI36642
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • When instructed Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on "Report"
  • Click on Export TXT button save the file as RogueReport.txt
  • The file RogueReport.txt will be saved in the desktop.
  • Close the program.
  • Open the file with Notepad and Copy/paste the content into your next reply.
<<<>>>

Keep me posted.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:00 PM

Posted 17 December 2015 - 11:12 AM

Are you still with me?

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:00 PM

Posted 23 December 2015 - 02:07 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users