Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE 11 browser hijack


  • Please log in to reply
71 replies to this topic

#1 john_ok1

john_ok1

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 07 March 2016 - 05:07 PM

Hi , my problem is that i have redirections ,not many and at all times but is annoying. I tried everything i already knew but the problem still exists. I am asking for your help.


Edited by Queen-Evie, 07 March 2016 - 05:09 PM.
moved from Windows 7 to Am I Infected


BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:00 AM

Posted 07 March 2016 - 05:16 PM

Hello john_ok1 and Welcome to the BleepingComputer. :welcome:
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
---------------------------------------------------------------------------------------------------------
 
Please do the following.

 

Step 1:

  • Temporarily disable your Antivirus protection - if you don't know how to do that, please consult the article below.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Please download ZOEK and save it to your desktop (preferred version is the *.exe one - upper left corner).

http://hijackthis.nl/smeenk/

  • Attached to this message you will find a file called zoekscript

txt.gif  zoekscript.txt   188bytes   118 downloads

  • Download it too and save to your desktop - _it needs to be in the same location as the ZOEK tool
  • Drag zoekscript file and drop it onto ZOEK icon - this should launch the program:
  • The scan may take a while and may need a reboot.
  • Upon completion a file zoek-results should appear.
  • Attach it for my review.

Please Restart PC and browsers now.

 

Next >>>>

 Step 2:
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure the following option is checked: addition.png
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Sincerely  . :hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 john_ok1

john_ok1
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 07 March 2016 - 05:31 PM

Thanks olgun52 for your help ,  zoek is still running and i have already download farbar. As soon as i am ready i will attach everything you mentioned


Edited by john_ok1, 07 March 2016 - 05:31 PM.


#4 john_ok1

john_ok1
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 07 March 2016 - 05:52 PM

olgun52 i cant find the attach button or i have to copy paste everything


Edited by john_ok1, 07 March 2016 - 05:53 PM.


#5 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:00 AM

Posted 07 March 2016 - 06:31 PM

olgun52 i cant find the attach button or i have to copy paste everything

You can copy and paste all on the page


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 john_ok1

john_ok1
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 07 March 2016 - 06:55 PM

olgun52  Here are the results

 

zoek-results      

 

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Detilina on ’¨  08/03/2016 at  0:24:01,01.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Detilina\Desktop\zoek.exe
Script used: C:\Users\Detilina\Desktop\zoekscript.txt

==== System Restore Info ======================

8/3/2016 12:24:42 πμ Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\Origin Games deleted successfully
C:\Users\Detilina\AppData\Roaming\Downloaded Installations deleted successfully
C:\Users\Detilina\AppData\Roaming\Identities deleted successfully
C:\Users\Detilina\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Detilina\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Detilina\AppData\Local\EmieSiteList deleted successfully
C:\Users\Detilina\AppData\Local\EmieUserList deleted successfully
C:\Users\Detilina\AppData\Local\Ubisoft deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-4161361871-1323430313-3158585620-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully

==== Deleting Services ======================

==== Batch Command(s) Run By Tool======================

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Origin Games not found
C:\PROGRA~3\Package Cache deleted

==== Chromium Look ======================

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://google.gr/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://google.gr/"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

==== Reset Google Chrome ======================

Nothing found to reset

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Detilina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Detilina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=7 folders=8 6735196 bytes)

==== Empty Temp Folders ======================

C:\Users\Administrator\AppData\Local\temp emptied successfully
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Detilina\AppData\Local\Temp will be emptied at reboot
C:\Users\Guest\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\TEMP\AppData\Local\temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Detilina\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on ’¨  08/03/2016 at  0:41:28,34 ======================

 

 

FRST

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Detilina (administrator) on DETILINA-PC (08-03-2016 01:20:22)
Running from C:\Users\Detilina\Desktop
Loaded Profiles: Detilina (Available Profiles: Detilina & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Ελληνικά (Ελλάδας)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(PC Tools) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Razer USA Ltd) C:\Program Files (x86)\Razer\Mamba\RazerTray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8317472 2009-11-03] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-02-18] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2015-12-18] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Razer Mamba Driver] => C:\Program Files (x86)\Razer\Mamba\RazerTray.exe [3278728 2009-12-15] (Razer USA Ltd)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-12-18] (Safer-Networking Ltd.)
HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\Policies\Explorer: [NoInstrumentation] 1
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  No File
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  No File
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{004AFB15-27F8-48AB-8CC8-CD0037C62D6E}: [NameServer] 192.168.1.1
Tcpip\..\Interfaces\{004AFB15-27F8-48AB-8CC8-CD0037C62D6E}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DAF73D0D-5B4B-4730-96B6-CBBA05E91C0C}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://google.gr/
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-18] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-18] (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-18] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-18] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-18] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2016-01-18] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-23] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
S3 DiskDoctorService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1150592 2016-01-06] (Symantec Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2505472 2015-10-09] (ESET)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-12-03] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-12-03] (Malwarebytes)
R2 NU16StartManagerSvc; C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [795776 2016-01-06] (PC Tools)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2007048 2015-08-24] (Electronic Arts)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2015-12-18] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2015-12-18] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2015-12-18] (Safer-Networking Ltd.)
S3 SpeedDiskService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1163904 2016-01-06] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2015-07-22] ()
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [264040 2015-09-23] (ESET)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [186784 2015-09-23] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [142976 2015-10-07] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [206312 2015-09-23] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [52872 2015-09-23] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [69840 2015-09-23] (ESET)
R1 epp; C:\EEK\bin64\epp.sys [124080 2016-02-11] (Emsisoft Ltd)
S3 ESETCleanersDriver; C:\Windows\system32\Drivers\ESETCleanersDriver.sys [170280 2015-12-03] (ESET)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-02] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2015-07-22] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-12-03] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-08] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-12-03] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation)
S3 SRS_AE_Service; C:\Windows\System32\drivers\SRS_AE_amd64.sys [549704 2012-06-21] ()
S2 thdudf; C:\Windows\SysWOW64\DRIVERS\thdudf.sys [66944 2010-09-09] (TOSHIBA Corporation) [File not signed]
S3 DFX11_1; system32\drivers\dfx11_1x64.sys [X]
S0 is3srv; SySWOW64\drivers\is3srv64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S0 szkg5; SySWOW64\drivers\szkg64.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-08 01:20 - 2016-03-08 01:20 - 00012825 _____ C:\Users\Detilina\Desktop\FRST.txt
2016-03-08 01:20 - 2016-03-08 01:20 - 00000000 ____D C:\FRST
2016-03-08 01:19 - 2016-03-08 00:23 - 02374144 _____ (Farbar) C:\Users\Detilina\Desktop\FRST64.exe
2016-03-08 01:14 - 2016-03-08 00:58 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-03-08 00:56 - 2016-03-08 01:17 - 00000000 ____D C:\Users\Detilina\Desktop\Νέος φάκελος (2)
2016-03-07 23:41 - 2016-03-07 23:41 - 00003488 _____ C:\Users\Detilina\Desktop\txt.txt
2016-03-07 23:12 - 2016-03-07 23:12 - 00108816 _____ C:\Users\Detilina\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-07 23:11 - 2016-03-07 23:12 - 00407440 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-07 23:04 - 2016-03-08 01:19 - 00000764 _____ C:\DelFix.txt
2016-03-07 22:48 - 2016-03-07 23:04 - 00000000 ____D C:\Users\Detilina\Desktop\BLEEP
2016-03-07 19:33 - 2016-03-07 19:33 - 28777312 _____ (Adlice Software ) C:\Users\Detilina\Desktop\setup.exe
2016-03-07 19:26 - 2016-03-07 21:14 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-07 08:20 - 2016-03-07 08:21 - 00047616 _____ C:\Users\Detilina\Desktop\Joker_2016.xls
2016-03-04 23:24 - 2016-03-04 23:57 - 423530341 _____ C:\Users\Detilina\Desktop\v.flv
2016-03-04 23:19 - 2016-03-05 00:39 - 352303097 _____ C:\Users\Detilina\Desktop\video.mp4
2016-03-03 08:28 - 2016-03-03 08:28 - 00000000 ____D C:\Program Files\HitmanPro
2016-03-01 22:36 - 2016-03-01 22:36 - 00450898 ____R C:\Windows\system32\Drivers\etc\hosts.20160301-223630.backup
2016-03-01 18:22 - 2016-03-01 18:22 - 00000000 ____D C:\Users\Detilina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-02-25 20:42 - 2016-03-07 23:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-02-25 20:42 - 2016-03-07 23:17 - 00000000 ____D C:\Program Files\RogueKiller
2016-02-25 20:28 - 2016-02-25 20:28 - 00000000 ____D C:\Users\Detilina\AppData\Roaming\MPC-HC
2016-02-25 20:27 - 2016-02-25 20:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2016-02-25 20:27 - 2016-02-25 20:27 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2016-02-25 20:27 - 2015-07-13 20:00 - 00126976 _____ C:\Windows\system32\ff_vfw.dll
2016-02-25 20:27 - 2015-07-13 20:00 - 00112128 _____ C:\Windows\SysWOW64\ff_vfw.dll
2016-02-25 20:27 - 2015-06-22 15:25 - 00254976 _____ C:\Windows\system32\xvidvfw.dll
2016-02-25 20:27 - 2015-06-22 15:25 - 00240128 _____ C:\Windows\SysWOW64\xvidvfw.dll
2016-02-25 20:27 - 2015-06-22 15:24 - 00729088 _____ C:\Windows\system32\xvidcore.dll
2016-02-25 20:27 - 2015-02-28 17:22 - 03571200 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll
2016-02-25 20:27 - 2015-02-28 17:21 - 03591680 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll
2016-02-25 20:27 - 2012-07-21 12:55 - 00180736 _____ (fccHandler) C:\Windows\system32\ac3acm.acm
2016-02-25 20:27 - 2012-07-21 12:54 - 00122880 _____ (fccHandler) C:\Windows\SysWOW64\ac3acm.acm
2016-02-25 20:27 - 2011-12-07 19:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll
2016-02-25 20:27 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2016-02-25 13:35 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2016-02-22 09:23 - 2016-02-25 20:38 - 00000000 ____D C:\ProgramData\RogueKiller
2016-02-18 09:27 - 2016-02-18 09:26 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-02-18 09:26 - 2016-02-18 09:26 - 00000000 ____D C:\Program Files\Java
2016-02-18 09:25 - 2016-02-18 09:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-18 09:25 - 2016-02-18 09:24 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-02-18 09:24 - 2016-02-18 09:24 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-18 05:38 - 2016-02-18 05:45 - 00000000 ____D C:\ProgramData\HitmanPro
2016-02-16 08:25 - 2016-01-22 22:31 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-16 08:25 - 2016-01-22 22:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-16 08:25 - 2016-01-22 08:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-02-16 08:25 - 2016-01-22 08:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-02-16 08:25 - 2016-01-22 08:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-16 08:25 - 2016-01-22 08:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-16 08:25 - 2016-01-22 08:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-02-16 08:25 - 2016-01-22 08:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-02-16 08:25 - 2016-01-22 08:33 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-16 08:25 - 2016-01-22 08:32 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-02-16 08:25 - 2016-01-22 08:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-16 08:25 - 2016-01-22 08:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-16 08:25 - 2016-01-22 08:27 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-02-16 08:25 - 2016-01-22 08:27 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-02-16 08:25 - 2016-01-22 08:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-16 08:25 - 2016-01-22 08:17 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-16 08:25 - 2016-01-22 08:09 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-16 08:25 - 2016-01-22 08:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-02-16 08:25 - 2016-01-22 08:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-02-16 08:25 - 2016-01-22 08:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-16 08:25 - 2016-01-22 08:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-16 08:25 - 2016-01-22 08:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-16 08:25 - 2016-01-22 08:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-02-16 08:25 - 2016-01-22 08:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-02-16 08:25 - 2016-01-22 08:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-02-16 08:25 - 2016-01-22 08:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-02-16 08:25 - 2016-01-22 08:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-02-16 08:25 - 2016-01-22 07:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-02-16 08:25 - 2016-01-22 07:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-02-16 08:25 - 2016-01-22 07:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-16 08:25 - 2016-01-22 07:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-02-16 08:25 - 2016-01-22 07:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-16 08:25 - 2016-01-22 07:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-16 08:25 - 2016-01-22 07:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-16 08:25 - 2016-01-22 07:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-16 08:25 - 2016-01-22 07:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-16 08:25 - 2016-01-22 07:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-02-16 08:25 - 2016-01-22 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-02-16 08:25 - 2016-01-22 07:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-02-16 08:25 - 2016-01-22 07:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-02-16 08:25 - 2016-01-22 07:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-16 08:25 - 2016-01-22 07:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-02-16 08:25 - 2016-01-22 07:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-02-16 08:25 - 2016-01-22 07:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-02-16 08:25 - 2016-01-22 07:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-16 08:25 - 2016-01-22 07:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-16 08:25 - 2016-01-22 07:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-16 08:25 - 2016-01-22 07:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-16 08:25 - 2016-01-22 07:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-02-16 08:25 - 2016-01-22 07:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-16 08:25 - 2016-01-22 07:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-16 08:25 - 2016-01-22 07:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-02-16 08:24 - 2016-02-16 08:24 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-02-16 08:24 - 2016-02-16 08:24 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-16 08:24 - 2016-02-16 08:24 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-16 08:24 - 2016-02-16 08:24 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-16 08:24 - 2016-02-16 08:24 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-16 08:24 - 2016-02-16 08:24 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-16 08:24 - 2016-02-16 08:24 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-16 08:24 - 2016-02-16 08:24 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-16 08:24 - 2016-02-16 08:24 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-16 08:24 - 2016-02-16 08:24 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-16 08:24 - 2016-02-16 08:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-02-16 08:24 - 2016-02-16 08:24 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-16 08:24 - 2016-02-16 08:24 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-02-16 08:24 - 2016-02-16 08:24 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-02-16 08:24 - 2016-02-16 08:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-02-16 08:24 - 2016-02-06 12:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-16 08:24 - 2016-02-06 12:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-16 08:24 - 2016-02-06 12:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-16 08:24 - 2016-02-06 12:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-16 08:24 - 2016-02-06 12:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-16 08:24 - 2016-02-06 12:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-16 08:24 - 2016-02-06 11:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-02-16 08:24 - 2016-02-06 11:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-16 08:24 - 2016-02-06 11:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-02-16 08:24 - 2016-02-06 11:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-02-16 08:24 - 2016-02-06 11:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-16 08:24 - 2016-02-06 11:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-16 08:24 - 2016-02-06 11:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-16 08:24 - 2016-02-06 10:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-16 08:24 - 2016-01-22 08:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-16 08:24 - 2016-01-22 08:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-16 08:24 - 2016-01-22 08:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-16 08:24 - 2016-01-22 08:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-16 08:24 - 2016-01-22 08:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-16 08:24 - 2016-01-22 08:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-16 08:24 - 2016-01-22 08:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-16 08:24 - 2016-01-22 08:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-16 08:24 - 2016-01-22 08:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-16 08:24 - 2016-01-22 08:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-16 08:24 - 2016-01-16 21:06 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-16 08:24 - 2016-01-16 20:54 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-16 08:24 - 2016-01-11 16:08 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-16 08:24 - 2016-01-11 16:08 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-16 08:24 - 2016-01-11 16:08 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-16 08:24 - 2016-01-11 16:08 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-16 08:24 - 2016-01-11 16:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-16 08:24 - 2016-01-06 21:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-16 08:24 - 2016-01-06 21:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-02-16 08:24 - 2016-01-06 20:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-02-16 08:23 - 2016-02-16 08:23 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-16 08:23 - 2016-02-16 08:23 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-16 08:23 - 2016-02-16 08:23 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-16 08:23 - 2016-02-16 08:23 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-02-16 08:23 - 2016-02-16 08:23 - 02610176 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-16 08:23 - 2016-02-16 08:23 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-16 08:23 - 2016-02-16 08:23 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-02-16 08:23 - 2016-02-16 08:23 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-16 08:23 - 2016-02-16 08:23 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-02-16 08:23 - 2016-02-16 08:23 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-16 08:23 - 2016-02-16 08:23 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-16 08:23 - 2016-02-16 08:23 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-16 08:23 - 2016-02-16 08:23 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-16 08:23 - 2016-02-16 08:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-16 08:23 - 2016-02-16 08:23 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-16 08:23 - 2016-02-16 08:23 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-16 08:23 - 2016-02-16 08:23 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-02-16 08:23 - 2016-02-16 08:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-16 08:23 - 2016-02-16 08:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-16 08:23 - 2016-02-16 08:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-16 08:23 - 2016-02-16 08:23 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-16 08:23 - 2016-02-16 08:23 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-02-16 08:23 - 2016-02-16 08:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-02-16 08:22 - 2016-02-16 08:22 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-16 08:22 - 2016-02-16 08:22 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-16 05:30 - 2016-02-06 11:52 - 00450913 _____ C:\Windows\system32\Drivers\etc\hosts.20160216-053049.backup
2016-02-09 20:05 - 2016-02-09 20:05 - 00000000 ____D C:\Users\Detilina\AppData\Roaming\Steam
2016-02-09 17:47 - 2016-02-19 07:26 - 00000000 ____D C:\Users\Detilina\Documents\American Truck Simulator

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-08 01:15 - 2016-01-06 20:02 - 00000294 _____ C:\Windows\Tasks\NUAutoUpdate.job
2016-03-08 01:15 - 2015-08-04 15:35 - 00000000 ____D C:\ProgramData\TEMP
2016-03-08 01:15 - 2015-05-21 09:27 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-08 01:15 - 2015-05-21 00:27 - 00000330 _____ C:\Windows\Tasks\GlaryInitialize.job
2016-03-08 01:15 - 2015-05-20 04:12 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-08 01:15 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-08 00:58 - 2016-01-23 09:31 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-08 00:49 - 2009-07-14 06:45 - 00015136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-08 00:49 - 2009-07-14 06:45 - 00015136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-07 23:47 - 2015-05-21 03:55 - 00000000 ____D C:\Users\Detilina\AppData\Local\CrashDumps
2016-03-07 23:40 - 2015-12-03 12:43 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-03-07 23:13 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-03-07 23:10 - 2015-05-23 07:58 - 00000000 ____D C:\Windows\pss
2016-03-07 21:21 - 2016-01-18 05:13 - 00000000 ____D C:\EEK
2016-03-07 19:14 - 2015-07-24 18:10 - 00000000 ____D C:\Users\Detilina\Desktop\ALLOK
2016-03-07 18:39 - 2015-08-14 08:14 - 00000000 ____D C:\Users\Detilina\AppData\LocalLow\Adblock Plus for IE
2016-03-07 15:31 - 2016-01-15 12:34 - 00000000 ____D C:\Users\Detilina\Desktop\EURO
2016-03-07 09:04 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-03-06 16:15 - 2015-06-20 09:52 - 00000000 ____D C:\Users\Detilina\AppData\Local\Adobe
2016-03-06 16:13 - 2016-01-23 09:31 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-06 16:13 - 2016-01-23 09:31 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-06 16:13 - 2016-01-23 09:31 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-03 21:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-03-02 19:54 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-01 18:22 - 2015-07-24 22:14 - 00000000 ____D C:\Users\Detilina\Documents\My Games
2016-03-01 17:46 - 2015-05-21 08:55 - 00000000 ____D C:\Users\Detilina\AppData\Roaming\BitComet
2016-02-28 09:48 - 2015-08-11 03:37 - 00000000 ____D C:\Users\Detilina\Desktop\Συντομεύσεις Παιχνιδιών
2016-02-28 09:42 - 2015-07-22 11:44 - 00000000 ____D C:\Users\Detilina\AppData\Roaming\Ubisoft
2016-02-28 09:41 - 2015-05-20 03:54 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-26 05:56 - 2015-08-08 21:53 - 00000000 ____D C:\Users\Detilina\Downloads\Video
2016-02-26 05:56 - 2015-05-22 14:50 - 00000000 ___RD C:\Users\Detilina\Desktop\Συντομεύσεις Προγραμμάτων
2016-02-25 16:47 - 2015-07-24 23:18 - 00000000 ____D C:\ProgramData\Solidshield
2016-02-24 16:39 - 2015-11-24 09:08 - 00000000 ____D C:\Users\Detilina\Desktop\ΑΘΗΝΑ
2016-02-24 16:08 - 2015-05-20 02:23 - 00000000 ____D C:\Users\Detilina
2016-02-24 16:07 - 2009-07-14 07:08 - 00032502 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-02-24 16:06 - 2016-01-10 20:37 - 00000000 ____D C:\Users\UpdatusUser
2016-02-24 16:06 - 2015-05-20 11:00 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-24 16:06 - 2009-07-14 11:52 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-02-24 16:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2016-02-23 14:02 - 2015-08-21 08:14 - 00000000 ____D C:\Program Files\Adblock Plus for IE
2016-02-23 13:49 - 2015-07-28 14:55 - 00000000 ____D C:\Windows\erdnt
2016-02-23 13:37 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2016-02-22 11:08 - 2009-07-14 04:34 - 00000768 ____R C:\Windows\system32\Drivers\etc\hosts.20160301-223607.backup
2016-02-18 09:27 - 2015-11-21 09:02 - 00000000 ____D C:\Users\Detilina\.oracle_jre_usage
2016-02-18 09:25 - 2016-01-20 07:42 - 00000000 ____D C:\ProgramData\Oracle
2016-02-16 15:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-02-16 11:11 - 2009-07-14 11:13 - 00689234 _____ C:\Windows\system32\perfh008.dat
2016-02-16 11:11 - 2009-07-14 11:13 - 00176712 _____ C:\Windows\system32\perfc008.dat
2016-02-16 11:11 - 2009-07-14 07:13 - 01639340 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-16 11:01 - 2015-05-20 06:19 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-16 11:01 - 2015-05-20 06:19 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-16 11:01 - 2009-07-14 11:54 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-16 08:42 - 2015-05-20 06:17 - 00000000 ____D C:\Windows\system32\MRT
2016-02-16 08:38 - 2015-05-20 06:17 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-10 06:26 - 2015-11-24 15:05 - 00000000 ____D C:\Program Files (x86)\Steam
2016-02-09 18:26 - 2015-12-18 09:09 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-02-09 18:26 - 2015-05-21 00:27 - 00000000 ____D C:\Program Files (x86)\Glary Utilities

==================== Files in the root of some directories =======

2015-05-21 05:12 - 2015-11-26 03:49 - 0001770 _____ () C:\Users\Detilina\AppData\Roaming\Profile0.dat
2015-11-02 02:25 - 2015-11-02 02:25 - 0000017 _____ () C:\Users\Detilina\AppData\Local\resmon.resmoncfg
2015-05-21 12:34 - 2015-05-21 12:34 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-02-28 15:46

==================== End of FRST.txt ============================

 

Addition

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Detilina (2016-03-08 01:21:03)
Running from C:\Users\Detilina\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2015-05-20 00:23:09)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-4161361871-1323430313-3158585620-500 - Administrator - Disabled)
Detilina (S-1-5-21-4161361871-1323430313-3158585620-1000 - Administrator - Enabled) => C:\Users\Detilina
Guest (S-1-5-21-4161361871-1323430313-3158585620-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-4161361871-1323430313-3158585620-1005 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 9.0.318.20 (Disabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: ESET Smart Security 9.0.318.20 (Disabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: Προσωπικό firewall της ESET (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{9A214995-CC60-4924-867B-E0899B24FF1B}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe PDF iFilter 11 for 64-bit platforms (HKLM\...\{BA5C0CC3-421B-4AE5-9370-1650D1941F30}) (Version: 11.0.00 - Adobe)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
BitComet 1.38 64-bit (HKLM-x32\...\BitComet_x64) (Version: 1.38 - CometNetwork)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
CPUID CPU-Z 1.60.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
DVDFab 8.2.2.7 (06/02/2013) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
eJuice Me Up (HKLM-x32\...\{399E77D0-5CEC-41CE-AC95-179E2A0B1893}) (Version: 15.7.0 - Breaktru Software)
ESET Smart Security (HKLM\...\{7C7860E7-FD91-4421-BC2B-B7C3C5A2A179}) (Version: 9.0.318.20 - ESET, spol. s r.o.)
Glary Utilities Pro 2.46.0.1518 (HKLM-x32\...\Glary Utilities_is1) (Version: 2.46.0.1518 - Glarysoft Ltd)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.241 - SurfRight B.V.)
ImTOO Video Converter Ultimate 6 (HKLM-x32\...\ImTOO Video Converter Ultimate 6) (Version: 6.5.5.0426 - ImTOO)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
ISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version:  - isotousb.com)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
K-Lite Mega Codec Pack 11.2.8 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.2.8 - )
Leawo Total Media Converter Ultimate version  5.0.0.0 (HKLM-x32\...\{A5F041A4-812A-47C2-AD53-8893A81019FB}_is1) (Version:  - )
Leawo Youtube Downloader Version: 4.0.0.2 (HKLM-x32\...\{9E887DDE-2882-43E3-8AAF-127F8198030D}_is1) (Version:  - )
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware έκδοση 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mamba Firmware Updater 1.13 (HKLM-x32\...\{6C6ED584-9F75-4235-8718-1F35B59814E8}) (Version: 1.13.00 - Razer USA Ltd.)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1036 - Marvell)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.10.5.3 - Marvell)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Ελληνικά) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1032) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110408-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Utilities 16 (HKLM-x32\...\Norton Utilities 16_is1) (Version: 16.0 - Symantec Corporation)
NVIDIA Λογισμικό σύστημα PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
NVIDIA Πρόγραμμα οδήγησης 3D Vision 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.62 - NVIDIA Corporation)
NVIDIA Πρόγραμμα οδήγησης γραφικών 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation)
NVIDIA Πρόγραμμα οδήγησης ελεγκτή 3D Vision 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA Πρόγραμμα οδήγησης ήχου HD 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
Razer Mamba (HKLM-x32\...\{7BE49DA7-EDA4-4C63-AA06-DCDF6858C3F3}) (Version: 1.07.00 - Razer USA Ltd.)
Razer Mamba (HKLM-x32\...\{BF60B320-3AA3-4DFB-B542-BDA6D4F1A60E}) (Version: 2.01.05 - Razer USA Ltd.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5973 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.1 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.28.1 - Renesas Electronics Corporation) Hidden
Revo Uninstaller 1.89 (HKLM-x32\...\Revo Uninstaller) (Version: 1.89 - VS Revo Group)
Revo Uninstaller Pro 2.5.7 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.7 - VS Revo Group, Ltd.)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Subtitle Workshop 6.0b (HKLM-x32\...\SubtitleWorkshop) (Version:  - )
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version:  - )
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
WATCH_DOGS (HKLM-x32\...\Uplay Install 274) (Version:  - Ubisoft)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Xilisoft DivX to DVD Converter 6 (HKLM-x32\...\Xilisoft DivX to DVD Converter 6) (Version: 6.1.2.0827 - Xilisoft)
Xilisoft Video Converter Ultimate 6 (HKLM-x32\...\Xilisoft Video Converter Ultimate 6) (Version: 6.0.7.0707 - Xilisoft)
Πακέτο συμβατότητας για το 2007 Microsoft Office system (HKLM-x32\...\{90120000-0020-0408-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Πίνακας Ελέγχου NVIDIA 353.62 (Version: 353.62 - NVIDIA Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08265362-4D69-425E-8D39-309ECAC4337F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-01-23] (Adobe Systems Incorporated)
Task: {5331B6EB-C681-45B1-9ED5-436F1339D652} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2012-06-01] (Glarysoft Ltd)
Task: {8CB97BC2-124F-47DF-A75D-BC0EE6DDEE9C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-06] (Adobe Systems Incorporated)
Task: {A152513A-6BA4-48DD-8F9C-FDD995FB4F0E} - \SUPERAntiSpyware Scheduled Task 539406b3-b564-49bc-8ff1-8eb10bab0944 -> No File <==== ATTENTION
Task: {CBA74441-7F6B-46EA-A4FC-17CB5B3CB7CD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2015-12-18] (Safer-Networking Ltd.)
Task: {D0ABFBC4-4F85-4738-8E2A-96EF0287BAD6} - System32\Tasks\NUAutoUpdate => C:\Program Files (x86)\Symantec\Norton Utilities 16\SULauncher.exe [2016-01-06] (Symantec)
Task: {D94972CB-6F42-4073-879A-96DC01E0A903} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2015-12-18] (Safer-Networking Ltd.)
Task: {E1BA1FB0-5935-494C-A614-D8A43FF3AA5F} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe
Task: {E6EE2E16-CE2F-4710-93C7-BED00CBCF2E7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-12-18] (Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe
Task: C:\Windows\Tasks\NUAutoUpdate.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\SULauncher.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-01-10 20:36 - 2015-07-23 03:31 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-12-18 09:09 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-12-18 09:09 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-12-18 09:09 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-12-18 09:09 - 2015-12-18 09:09 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-12-18 09:09 - 2015-12-18 09:09 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\autoexec.bat:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CleanMFT64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDAZE.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\KBDAZEL.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mapistub.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mcmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlsbres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdnclean64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WpdMtp.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WpdMtpUS.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bass.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDAZE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDAZEL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msorcl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mtxoci.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlsbres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\EsgScanner.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\winusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\TEMP:792D4CF1 [272]
AlternateDataStreams: C:\ProgramData\TEMP:E5BA9ADD [242]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\Software\Classes\exefile:  <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7871 more sites.

IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\123simsen.com -> www.123simsen.com

There are 7871 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2016-03-01 22:36 - 00450898 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15470 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Detilina\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FEAEECDC-11B2-4935-95DA-491C00456A5A}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{CE13F583-E4F2-4314-89D7-916939F6D6AB}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{8F94B462-2AED-4CF5-8A49-A3595FE67D4B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C6FD1D51-5F24-45D1-9261-242329247251}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F208E6CA-A0ED-473E-A5C7-C797AF8FF694}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9DDAA65D-8DF8-46D9-95CF-8E60FC2A96ED}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FAF5F0E5-1509-4A47-AB5F-8E076D08A3BE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{529FDF4E-13BB-44CF-9C14-C94EAA192169}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

24-02-2016 16:17:41 ALLOKALL
25-02-2016 13:33:51 Installed Age of Empires III - The WarChiefs Trial
25-02-2016 13:39:34 Revo Uninstaller Pro's restore point - Age of Empires III - The WarChiefs Trial
25-02-2016 13:39:54 Removed Age of Empires III - The WarChiefs Trial
25-02-2016 17:32:59 Revo Uninstaller Pro's restore point - ANNO 1404
25-02-2016 20:19:07 Revo Uninstaller Pro's restore point - RogueKiller version 11
25-02-2016 20:20:19 Revo Uninstaller Pro's restore point - Media Player Classic 6.4.9.1
25-02-2016 20:20:52 Revo Uninstaller Pro's restore point - MPC-HC 1.7.10 (64-bit)
25-02-2016 20:21:24 Revo Uninstaller Pro's restore point - K-Lite Codec Pack 11.9.6 Full
28-02-2016 09:41:13 Revo Uninstaller Pro's restore point - ANNO 1404
28-02-2016 09:47:22 Revo Uninstaller Pro's restore point - Jigsaw Puzzle Platinum Edition
03-03-2016 14:03:30 Revo Uninstaller Pro's restore point - Age of Empires III - Complete Collection
07-03-2016 22:37:13 JRT Pre-Junkware Removal
07-03-2016 22:51:17 JRT Pre-Junkware Removal
08-03-2016 00:24:24 zoek.exe restore point
08-03-2016 00:58:59 zoek.exe restore point

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/07/2016 11:47:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Όνομα ελαττωματικής εφαρμογής RogueKiller64.exe, έκδοση 12.0.1.0, χρονική σήμανση 0x56dd3be9
Όνομα ελαττωματικής λειτουργικής μονάδας RogueKiller64.exe, έκδοση 12.0.1.0, χρονική σήμανση 0x56dd3be9
Κωδικός εξαίρεσης: 0xc0000005
Μετατόπιση σφάλματος: 0x000000000025fd40
Αναγνωριστικό ελαττωματικής διεργασίας: 0x1014
Χρόνος έναρξης ελαττωματικής εφαρμογής: 0xRogueKiller64.exe0
Διαδρομή ελαττωματικής εφαρμογής: RogueKiller64.exe1
Διαδρομή ελλατωματικής λειτουργικής μονάδας:RogueKiller64.exe2
Αναγνωριστικό αναφοράς:RogueKiller64.exe3

Error: (03/07/2016 11:37:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Όνομα ελαττωματικής εφαρμογής RogueKiller64.exe, έκδοση 12.0.1.0, χρονική σήμανση 0x56dd3be9
Όνομα ελαττωματικής λειτουργικής μονάδας RogueKiller64.exe, έκδοση 12.0.1.0, χρονική σήμανση 0x56dd3be9
Κωδικός εξαίρεσης: 0xc0000005
Μετατόπιση σφάλματος: 0x00000000000ffb30
Αναγνωριστικό ελαττωματικής διεργασίας: 0x13dc
Χρόνος έναρξης ελαττωματικής εφαρμογής: 0xRogueKiller64.exe0
Διαδρομή ελαττωματικής εφαρμογής: RogueKiller64.exe1
Διαδρομή ελλατωματικής λειτουργικής μονάδας:RogueKiller64.exe2
Αναγνωριστικό αναφοράς:RogueKiller64.exe3

Error: (03/07/2016 11:12:40 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Η υπηρεσία Αναζήτησης των Windows τερματίζεται γιατί υπάρχει πρόβλημα με τον δεικτοδότη, The catalog is corrupt.

Λεπτομέρειες:
 Ο κατάλογος του ευρετηρίου περιεχομένου είναι κατεστραμμένος.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/07/2016 11:12:40 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Δεν ήταν δυνατή η προετοιμασία του ευρετηρίου.

Λεπτομέρειες:
 Ο κατάλογος του ευρετηρίου περιεχομένου είναι κατεστραμμένος.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/07/2016 11:12:40 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Δεν ήταν δυνατή η προετοιμασία της εφαρμογής.

Περιβάλλον: Windows Εφαρμογή

Λεπτομέρειες:
 Ο κατάλογος του ευρετηρίου περιεχομένου είναι κατεστραμμένος.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/07/2016 11:12:40 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Δεν ήταν δυνατή η προετοιμασία του αντικειμένου της υπηρεσίας συγκέντρωσης.

Περιβάλλον: Windows Εφαρμογή, SystemIndex Κατάλογος

Λεπτομέρειες:
 Ο κατάλογος του ευρετηρίου περιεχομένου είναι κατεστραμμένος.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/07/2016 11:12:40 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Δεν ήταν δυνατή η προετοιμασία της προσθήκης στο <Search.TripoliIndexer>.

Περιβάλλον: Windows Εφαρμογή, SystemIndex Κατάλογος

Λεπτομέρειες:
 Το στοιχείο δεν βρέθηκε.  (HRESULT : 0x80070490) (0x80070490)

Error: (03/07/2016 11:12:39 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Δεν ήταν δυνατή η προετοιμασία της προσθήκης στο <Search.JetPropStore>.

Περιβάλλον: Windows Εφαρμογή, SystemIndex Κατάλογος

Λεπτομέρειες:
 Ο κατάλογος του ευρετηρίου περιεχομένου είναι κατεστραμμένος.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (03/07/2016 11:12:39 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Η υπηρεσία Windows Search Service δεν μπορεί να φορτώσει τις πληροφορίες του χώρου αποθήκευσης ιδιοτήτων.

Περιβάλλον: Windows Εφαρμογή, SystemIndex Κατάλογος

Λεπτομέρειες:
 Δεν ήταν δυνατή η ενημέρωση ή η πρόσβαση σε πληροφορίες από το διακομιστή ευρετηρίου περιεχομένου λόγω σφάλματος στη βάση δεδομένων. Τερματίστε και ξεκινήστε πάλι την υπηρεσία αναζήτησης. Εάν το πρόβλημα δεν επιλυθεί, επαναφέρετε το ευρετήριο περιεχομένου και πραγματοποιήστε νέα ανίχνευση σε αυτό. Σε ορισμένες περιπτώσεις, ίσως να είναι απαραίτητο να διαγράψετε και να δημιουργήσετε ξανά το ευρετήριο περιεχομένου.  (HRESULT : 0x8004117f) (0x8004117f)

Error: (03/07/2016 11:12:39 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Η υπηρεσία αναζήτησης εντόπισε κατεστραμμένα αρχεία δεδομένων στο ευρετήριο {id=1100}. Η υπηρεσία θα επιχειρήσει να διορθώσει αυτόματα αυτό το πρόβλημα, δημιουργώντας ξανά το ευρετήριο.

Λεπτομέρειες:
 Ο κατάλογος του ευρετηρίου περιεχομένου είναι κατεστραμμένος.  (HRESULT : 0xc0041801) (0xc0041801)

System errors:
=============
Error: (03/08/2016 01:17:51 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (03/08/2016 01:16:10 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (03/08/2016 01:15:50 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Απέτυχε η φόρτωση των ακόλουθων προγραμμάτων οδήγησης της εκκίνησης του υπολογιστή ή της εκκίνησης του συστήματος:
is3srv
szkg5

Error: (03/08/2016 01:15:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Δεν ήταν δυνατή η εκκίνηση της υπηρεσίας TOSHIBA UDF2.5 Reader File System Driver εξαιτίας του ακόλουθου σφάλματος:
%%1275

Error: (03/08/2016 01:15:25 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Εμποδίστηκε η φόρτωση του \SystemRoot\SysWow64\DRIVERS\thdudf.sys επειδή δεν είναι συμβατή με αυτό το σύστημα. Επικοινωνήστε με τον προμηθευτή σας για μια συμβατή έκδοση του προγράμματος οδήγησης.

Error: (03/08/2016 01:12:32 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Η υπηρεσία PEVSystemStart έχει σημανθεί ως υπηρεσία αλληλεπίδρασης.  Όμως οι ρυθμίσεις του συστήματος δεν επιτρέπουν τις αλληλεπιδραστικές υπηρεσίες.  Αυτή η υπηρεσία ίσως να μην λειτουργεί σωστά.

Error: (03/08/2016 01:12:32 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Η υπηρεσία PEVSystemStart έχει σημανθεί ως υπηρεσία αλληλεπίδρασης.  Όμως οι ρυθμίσεις του συστήματος δεν επιτρέπουν τις αλληλεπιδραστικές υπηρεσίες.  Αυτή η υπηρεσία ίσως να μην λειτουργεί σωστά.

Error: (03/08/2016 01:12:32 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Η υπηρεσία PEVSystemStart έχει σημανθεί ως υπηρεσία αλληλεπίδρασης.  Όμως οι ρυθμίσεις του συστήματος δεν επιτρέπουν τις αλληλεπιδραστικές υπηρεσίες.  Αυτή η υπηρεσία ίσως να μην λειτουργεί σωστά.

Error: (03/08/2016 01:12:31 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Η υπηρεσία PEVSystemStart έχει σημανθεί ως υπηρεσία αλληλεπίδρασης.  Όμως οι ρυθμίσεις του συστήματος δεν επιτρέπουν τις αλληλεπιδραστικές υπηρεσίες.  Αυτή η υπηρεσία ίσως να μην λειτουργεί σωστά.

Error: (03/08/2016 01:12:31 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Η υπηρεσία PEVSystemStart έχει σημανθεί ως υπηρεσία αλληλεπίδρασης.  Όμως οι ρυθμίσεις του συστήματος δεν επιτρέπουν τις αλληλεπιδραστικές υπηρεσίες.  Αυτή η υπηρεσία ίσως να μην λειτουργεί σωστά.

CodeIntegrity:
===================================
  Date: 2015-12-02 19:41:07.347
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-02 19:29:19.262
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-02 19:05:05.014
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-02 18:42:52.868
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-20 23:52:56.191
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-08-20 23:52:56.160
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-22 05:55:48.211
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-21 16:02:10.347
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-21 14:52:32.676
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-21 14:50:28.892
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 42%
Total physical RAM: 6135.11 MB
Available physical RAM: 3548.71 MB
Total Virtual: 12268.43 MB
Available Virtual: 9904.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:293.74 GB) (Free:127 GB) NTFS
Drive e: (Back Up Allok) (Fixed) (Total:171.93 GB) (Free:20.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 81A781A7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=293.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=171.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#7 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:00 AM

Posted 07 March 2016 - 08:50 PM

Hi john_ok1,

 

Uninstall:

Glary Utilities Pro
C:\Program Files (x86)\Glary Utilities Pro

============================================
Step 1:
 FRST Script:

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

start
Task: {5331B6EB-C681-45B1-9ED5-436F1339D652} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2012-06-01] (Glarysoft Ltd)
Task: {A152513A-6BA4-48DD-8F9C-FDD995FB4F0E} - \SUPERAntiSpyware Scheduled Task 539406b3-b564-49bc-8ff1-8eb10bab0944 -> No File <==== ATTENTION
Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe
AlternateDataStreams: C:\autoexec.bat:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CleanMFT64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDAZE.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\KBDAZEL.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mapistub.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mcmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlsbres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdnclean64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WpdMtp.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WpdMtpUS.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bass.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDAZE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDAZEL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msorcl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mtxoci.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlsbres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\EsgScanner.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\winusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\TEMP:792D4CF1 [272]
AlternateDataStreams: C:\ProgramData\TEMP:E5BA9ADD [242]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  No File
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  No File
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S0 is3srv; SySWOW64\drivers\is3srv64.sys [X]
2016-03-01 22:36 - 2016-03-01 22:36 - 00450898 ____R C:\Windows\system32\Drivers\etc\hosts.20160301-223630.backup
C:\Users\Detilina\AppData\Roaming\MPC-HC
2016-02-16 05:30 - 2016-02-06 11:52 - 00450913 _____ C:\Windows\system32\Drivers\etc\hosts.20160216-053049.backup
2016-02-09 20:05 - 2016-02-09 20:05 - 00000000 ____D C:\Users\Detilina\AppData\Roaming\Steam
2016-03-08 01:15 - 2016-01-06 20:02 - 00000294 _____ C:\Windows\Tasks\NUAutoUpdate.job
2016-03-08 01:15 - 2015-05-21 00:27 - 00000330 _____ C:\Windows\Tasks\GlaryInitialize.job
C:\Users\Detilina\AppData\Roaming\Ubisoft
C:\Windows\system32\Drivers\etc\hosts.20160301-223607.backup
2016-02-09 18:26 - 2015-05-21 00:27 - 00000000 ____D C:\Program Files (x86)\Glary Utilities
2015-05-21 05:12 - 2015-11-26 03:49 - 0001770 _____ () C:\Users\Detilina\AppData\Roaming\Profile0.dat
2015-11-02 02:25 - 2015-11-02 02:25 - 0000017 _____ () C:\Users\Detilina\AppData\Local\resmon.resmoncfg
2015-05-21 12:34 - 2015-05-21 12:34 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Hosts:
Emptytemp:
end

Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Step 2:
Scan with Zemana AntiMalware Free:

  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program .
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Scan type > Smart scan (Default)
  • Close all open files, folders and browsers
  • Click scan now ''Run as Administrator'' and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.
  • Please PC restart now.

Have a nice day.


Edited by olgun52, 07 March 2016 - 08:53 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 john_ok1

john_ok1
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 07 March 2016 - 10:06 PM

So Yılmaz thanks so far for your help.The reports

 

Fixlog

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Detilina (2016-03-08 04:42:33) Run:2
Running from C:\Users\Detilina\Desktop
Loaded Profiles: Detilina (Available Profiles: Detilina & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
Task: {5331B6EB-C681-45B1-9ED5-436F1339D652} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2012-06-01] (Glarysoft Ltd)
Task: {A152513A-6BA4-48DD-8F9C-FDD995FB4F0E} - \SUPERAntiSpyware Scheduled Task 539406b3-b564-49bc-8ff1-8eb10bab0944 -> No File <==== ATTENTION
Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe
AlternateDataStreams: C:\autoexec.bat:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CleanMFT64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDAZE.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\KBDAZEL.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mapistub.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\mcmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlsbres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdnclean64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WpdMtp.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WpdMtpUS.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bass.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fixmapi.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDAZE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDAZEL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ksuser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mapistub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSMPEG2ENC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msorcl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mtxoci.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlsbres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmpmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wshrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\drmkaud.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\EsgScanner.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\winusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\TEMP:792D4CF1 [272]
AlternateDataStreams: C:\ProgramData\TEMP:E5BA9ADD [242]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  No File
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  No File
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S0 is3srv; SySWOW64\drivers\is3srv64.sys [X]
2016-03-01 22:36 - 2016-03-01 22:36 - 00450898 ____R C:\Windows\system32\Drivers\etc\hosts.20160301-223630.backup
C:\Users\Detilina\AppData\Roaming\MPC-HC
2016-02-16 05:30 - 2016-02-06 11:52 - 00450913 _____ C:\Windows\system32\Drivers\etc\hosts.20160216-053049.backup
2016-02-09 20:05 - 2016-02-09 20:05 - 00000000 ____D C:\Users\Detilina\AppData\Roaming\Steam
2016-03-08 01:15 - 2016-01-06 20:02 - 00000294 _____ C:\Windows\Tasks\NUAutoUpdate.job
2016-03-08 01:15 - 2015-05-21 00:27 - 00000330 _____ C:\Windows\Tasks\GlaryInitialize.job
C:\Users\Detilina\AppData\Roaming\Ubisoft
C:\Windows\system32\Drivers\etc\hosts.20160301-223607.backup
2016-02-09 18:26 - 2015-05-21 00:27 - 00000000 ____D C:\Program Files (x86)\Glary Utilities
2015-05-21 05:12 - 2015-11-26 03:49 - 0001770 _____ () C:\Users\Detilina\AppData\Roaming\Profile0.dat
2015-11-02 02:25 - 2015-11-02 02:25 - 0000017 _____ () C:\Users\Detilina\AppData\Local\resmon.resmoncfg
2015-05-21 12:34 - 2015-05-21 12:34 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Hosts:
Emptytemp:
end
*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5331B6EB-C681-45B1-9ED5-436F1339D652} => key not found.
C:\Windows\System32\Tasks\GlaryInitialize => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GlaryInitialize => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A152513A-6BA4-48DD-8F9C-FDD995FB4F0E} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPERAntiSpyware Scheduled Task 539406b3-b564-49bc-8ff1-8eb10bab0944 => key not found.
C:\Windows\Tasks\GlaryInitialize.job => not found.
"C:\autoexec.bat" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\adtschema.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\advapi32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\aepic.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\apisetschema.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\auditpol.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\authui.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\catsrvut.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\CleanMFT64.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\COLORCNV.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\comsvcs.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\conhost.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\credssp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\cryptbase.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\csrsrv.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\devenum.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\DWrite.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\evr.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ExplorerFrame.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\fixmapi.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\FntCache.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\gdi32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\KBDAZE.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\KBDAZEL.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\kbdgeoqw.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\kernel32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ksproxy.ax" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ksuser.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\lsasrv.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\lsass.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mapi32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mapistub.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mcmde.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mf.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mferror.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mfplat.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mfpmp.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mfps.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mfvdsp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\MFWMAAEC.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\MP3DMOD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\MP43DECD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\MP4SDECD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\MPG4DECD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\MpSigStub.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\MRT.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msaudite.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msmpeg2adec.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\MSMPEG2ENC.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msmpeg2vdec.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msobjs.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msv1_0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ncrypt.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\nlsbres.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ntvdm64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ole32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\qasf.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\qdvd.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\qedit.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\quartz.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\RESAMPLEDMO.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\rpcrt4.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\rrinstaller.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\rstrui.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\schannel.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\sdnclean64.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\secur32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\shell32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\smss.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\srclient.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\srcore.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\sspicli.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\sspisrv.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\SysFxUI.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\TSpkg.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\user32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\VIDRESZR.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wdigest.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\win32k.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WinSetupUI.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\winsrv.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WMADMOD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WMADMOE.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WMALFXGFXDSP.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wmpmde.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WMSPDMOD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WMSPDMOE.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WMVDECOD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WMVENCOD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WMVSDECD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WMVSENCD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WMVXENCD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wow64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wow64cpu.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wow64win.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WpdMtp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WpdMtpUS.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wu.upgrade.ps.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wuapi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wuapp.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wuauclt.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wuaueng.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wucltux.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wudriver.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wups.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wups2.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wuwebv.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\adtschema.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\advapi32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\apisetschema.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\auditpol.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\authui.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\bass.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\catsrvut.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\COLORCNV.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\comsvcs.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\credssp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\cryptbase.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\devenum.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\DWrite.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\evr.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\explorer.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ExplorerFrame.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\fixmapi.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\gdi32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\instnm.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\KBDAZE.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\KBDAZEL.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\kbdgeoqw.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\kerberos.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\kernel32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\KernelBase.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ksproxy.ax" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ksuser.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\mapi32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\mapistub.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\mf.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\mferror.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\mfplat.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\mfpmp.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\mfps.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\mfvdsp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\MFWMAAEC.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\MP3DMOD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\MP43DECD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\MP4SDECD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\MPG4DECD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msaudite.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msmpeg2adec.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\MSMPEG2ENC.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msmpeg2vdec.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msobjs.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msorcl32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msv1_0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\msxml.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\mtxoci.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ncrypt.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\nlsbres.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ntkrnlpa.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ntoskrnl.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ntvdm64.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\ole32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\qasf.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\qdvd.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\qedit.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\quartz.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\RESAMPLEDMO.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\rpcrt4.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\rrinstaller.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\schannel.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\secur32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\setup16.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\shell32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\srclient.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\sspicli.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\TSpkg.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\user.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\user32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\usp10.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\VIDRESZR.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\wdigest.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\WMADMOD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\WMADMOE.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\wmpmde.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\WMSPDMOD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\WMSPDMOE.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\WMVDECOD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\WMVENCOD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\WMVSDECD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\WMVSENCD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\WMVXENCD.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\wow32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\wshrm.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\wuapi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\wuapp.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\wudriver.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\wups.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\SysWOW64\wuwebv.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\drmk.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\drmkaud.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\EsgScanner.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\ksecdd.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\ksecpkg.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mbam.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mbamchameleon.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mrxdav.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mrxsmb.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mrxsmb10.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mrxsmb20.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mwac.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\portcls.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\winusb.sys" => ":$CmdTcID" ADS not found.
C:\ProgramData\TEMP => ":792D4CF1" ADS removed successfully.
"C:\ProgramData\TEMP" => ":E5BA9ADD" ADS not found.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayExcluded => key not found.
HKCR\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayPending => key not found.
HKCR\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayProtected => key not found.
HKCR\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148} => key not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif => key not found.
tsusbhub => service not found.
VGPU => service not found.
is3srv => service not found.
"C:\Windows\system32\Drivers\etc\hosts.20160301-223630.backup" => not found.
"C:\Users\Detilina\AppData\Roaming\MPC-HC" => not found.
"C:\Windows\system32\Drivers\etc\hosts.20160216-053049.backup" => not found.
"C:\Users\Detilina\AppData\Roaming\Steam" => not found.
C:\Windows\Tasks\NUAutoUpdate.job => moved successfully
"C:\Windows\Tasks\GlaryInitialize.job" => not found.
"C:\Users\Detilina\AppData\Roaming\Ubisoft" => not found.
"C:\Windows\system32\Drivers\etc\hosts.20160301-223607.backup" => not found.
"C:\Program Files (x86)\Glary Utilities" => not found.
"C:\Users\Detilina\AppData\Roaming\Profile0.dat" => not found.
"C:\Users\Detilina\AppData\Local\resmon.resmoncfg" => not found.
"C:\ProgramData\DP45977C.lfl" => not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 9 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 04:42:35 ====

 

 

 

 

 

 

 

Zemana AntiMalware Report

 

Zemana AntiMalware 2.19.2.904 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/3/8
Operating System       : Windows 7 64-bit
Processor              : 8X Intel® Core™ i7 CPU  920 @ 2.67GHz
BIOS Mode              : Legacy
CUID                   : 00F4A27C98F9784BAD3FBE
Scan Type              : Smart Scan
Duration               : 3m 19s
Scanned Objects        : 13674
Detected Objects       : 4
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Yes
Include All Extensions : No
Scan Documents         : No
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

NGO
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\498EF4DD320EBA19436585AFE9BBC986754778CC\Blob
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Root CA
Cleaning Action    : Delete
Traces             :
                Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\498EF4DD320EBA19436585AFE9BBC986754778CC\Blob = 190000000100000010000000A9A9877A2CDBCDEB1E7C75ED5EA345C80F00000001000000100000008287B70560D8159D6DF73C338FA0C2CA030000000100000014000000498EF4DD320EBA19436585AFE9BBC986754778CC1400000001000000140000008B49828A2DA8925E8E6A3CF20667F4CAC9F20F0220000000010000001F0200003082021B30820184A00302010202103448B3A77497A5BE404D491CDCE3F0E7300D06092A864886F70D0101040500300E310C300A060355040313034E474F301E170D3135303532313131313535315A170D3339313233313233353935395A300E310C300A060355040313034E474F30819F300D06092A864886F70D010101050003818D0030818902818100B97210A3FF97EC11801267E8C8D2A1EAF684824B5DF2F5CC7E43A88671AE6BE499C20ED9BC709433E30877875A5D9F91CC48ABF957620FEA32713B5067AD27A9425F4BFCE97620F899FAF66105D1CA9D4B0032D78A0192A62F82C26A008C84A485857FB27F2E6C1DA825D75FE93A05953D99C37EFF7FCF5FD80C543D7D7112AF0203010001A37A307830200603551D040101FF04163014300E300C060A2B0601040182370201150302078030130603551D25040C300A06082B06010505070303303F0603551D01043830368010CD16326C0237A95C2629037848981FDAA110300E310C300A060355040313034E474F82103448B3A77497A5BE404D491CDCE3F0E7300D06092A864886F70D0101040500038181008200C873DA4B6ACD34309AD609AB876398EE4AE75DBE5D3BE727EA319750CB7FB815FE8F66E5B13B595215DB02F65A5B2D5725281341EE90E40612EB5770FEF11EE195FEA4D3D362F2FA0540E75E5BF31494BEC77029E90336AA202E850131E7F81E02CFD6A99844483221AA718DAE549629A3B1D546CEA82AD4C86ACD70A1DE

Internet Explorer Shortcut
Status             : Scanned
Object             : -extoff
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Traces             :
                Browser Setting - Internet Explorer Shortcut

winter3d.exe
Status             : Scanned
Object             : %userprofile%\desktop\νέος φάκελος\christmas photo\winter3d.exe
MD5                : 47C6913DD28C2F43D29155E3AA937AB9
Publisher          : -
Size               : 53248
Version            : 0.0.0.0
Detection          : Malware:Win32/Tazzi.A!Emka
Cleaning Action    : Quarantine
Traces             :
                File - %userprofile%\desktop\νέος φάκελος\christmas photo\winter3d.exe

merrychristmas.exe
Status             : Scanned
Object             : %userprofile%\desktop\νέος φάκελος\christmas photo\merrychristmas.exe
MD5                : 5A9FD9DCEA040ACD5AD8C4562ADE20CA
Publisher          : -
Size               : 53248
Version            : 0.0.0.0
Detection          : Malware:Win32/Tazzi.A!Emka
Cleaning Action    : Quarantine
Traces             :
                File - %userprofile%\desktop\νέος φάκελος\christmas photo\merrychristmas.exe

Cleaning Result
-------------------------------------------------------
Cleaned               : 4
Reported as safe      : 0
Failed                : 0

 



#9 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:00 AM

Posted 08 March 2016 - 03:04 PM

Hi again.

 

Step 1:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step2:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3:
 Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step 4:

ComboFix run:

Please be sure to run our tools with administrator rights.

* IMPORTAN: 1   Place ComboFix.exe on your Desktop

* IMPORTAN: 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 

Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 john_ok1

john_ok1
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 08 March 2016 - 06:28 PM

Yılmaz thanks so much. Here are the reports

 

AdwCleaner[C3]

 

 

# AdwCleaner v5.101 - Logfile created 08/03/2016 at 22:10:41
# Updated 07/03/2016 by Xplode
# Database : 2016-03-08.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Detilina - DETILINA-PC
# Running from : C:\Users\Detilina\Desktop\adwcleaner_5.101.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [1097 bytes] - [07/03/2016 19:27:11]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[C2].txt - [1361 bytes] - [07/03/2016 21:14:21]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[C3].txt - [899 bytes] - [08/03/2016 22:10:41]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [900 bytes] - [07/03/2016 19:26:10]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S2].txt - [993 bytes] - [07/03/2016 19:30:12]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S3].txt - [1085 bytes] - [07/03/2016 20:59:52]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S4].txt - [1179 bytes] - [07/03/2016 21:13:29]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S5].txt - [1372 bytes] - [08/03/2016 22:09:33]

########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C3].txt - [1454 bytes] ##########

 

 

 

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 7 Ultimate x64
Ran by Detilina (Administrator) on ’¨  08/03/2016 at 22:20:41,85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

File System: 8

 

Successfully deleted: C:\Users\Detilina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6LEN0CT1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Detilina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IUJWG5GJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Detilina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UKM8TLL7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Detilina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWP2G964 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6LEN0CT1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IUJWG5GJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UKM8TLL7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWP2G964 (Temporary Internet Files Folder)

 

Registry: 0

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ’¨  08/03/2016 at 22:21:50,17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

ComboFix

 

 

 

 

ComboFix 16-03-07.01 - Detilina 09/03/2016   0:53.1.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1253.30.1032.18.6135.4059 [GMT 2:00]
Running from: c:\users\Detilina\Desktop\ComboFix.exe
AV: ESET Smart Security 9.0.318.20 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: Προσωπικό firewall της ESET *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 9.0.318.20 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2016-02-08 to 2016-03-08  )))))))))))))))))))))))))))))))
.
.
2016-03-08 22:58 . 2016-03-08 22:58 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2016-03-08 22:58 . 2016-03-08 22:58 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2016-03-08 14:06 . 2016-03-08 14:06 -------- d-----w- c:\users\Detilina\AppData\Roaming\MPC-HC
2016-03-08 02:04 . 2016-03-08 02:04 202144 ----a-w- c:\windows\system32\drivers\zam64.sys
2016-03-08 02:04 . 2016-03-08 02:04 202144 ----a-w- c:\windows\system32\drivers\zamguard64.sys
2016-03-08 02:04 . 2016-03-08 02:04 -------- d-----w- c:\program files (x86)\Zemana AntiMalware
2016-03-08 02:04 . 2016-03-08 02:04 -------- d-----w- c:\users\Detilina\AppData\Local\Zemana
2016-03-08 01:49 . 2016-03-08 01:49 -------- d-----w- c:\users\Detilina\AppData\Local\Deployment
2016-03-07 23:20 . 2016-03-08 02:44 -------- d-----w- C:\FRST
2016-03-07 23:14 . 2016-03-07 22:58 24064 ----a-w- c:\windows\zoek-delete.exe
2016-03-07 23:14 . 2016-03-08 22:58 -------- d-----w- c:\users\Detilina\AppData\Local\Temp
2016-03-07 17:26 . 2016-03-08 20:10 -------- d-----w- c:\program files (x86)\AdwCleaner
2016-03-03 06:28 . 2016-03-03 06:28 -------- d-----w- c:\program files\HitmanPro
2016-02-25 18:42 . 2016-03-08 14:15 -------- d-----w- c:\program files\RogueKiller
2016-02-25 18:27 . 2015-07-13 18:00 126976 ----a-w- c:\windows\system32\ff_vfw.dll
2016-02-25 18:27 . 2015-06-22 13:25 254976 ----a-w- c:\windows\system32\xvidvfw.dll
2016-02-25 18:27 . 2015-06-22 13:25 240128 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2016-02-25 18:27 . 2015-06-22 13:24 729088 ----a-w- c:\windows\system32\xvidcore.dll
2016-02-25 18:27 . 2015-02-28 15:22 3571200 ----a-w- c:\windows\system32\x264vfw64.dll
2016-02-25 18:27 . 2015-02-28 15:21 3591680 ----a-w- c:\windows\SysWow64\x264vfw.dll
2016-02-25 18:27 . 2012-07-21 10:55 180736 ----a-w- c:\windows\system32\ac3acm.acm
2016-02-25 18:27 . 2011-12-07 17:37 148992 ----a-w- c:\windows\system32\lagarith.dll
2016-02-25 18:27 . 2011-12-07 17:32 216064 ----a-w- c:\windows\SysWow64\lagarith.dll
2016-02-25 18:27 . 2012-07-21 10:54 122880 ----a-w- c:\windows\SysWow64\ac3acm.acm
2016-02-25 18:27 . 2015-07-13 18:00 112128 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2016-02-25 18:27 . 2016-02-25 18:27 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2016-02-22 07:23 . 2016-02-25 18:38 -------- d-----w- c:\programdata\RogueKiller
2016-02-18 07:27 . 2016-02-18 07:26 110176 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2016-02-18 07:26 . 2016-02-18 07:26 -------- d-----w- c:\program files\Java
2016-02-18 07:25 . 2016-02-18 07:25 -------- d-----w- c:\program files (x86)\Common Files\Java
2016-02-18 07:25 . 2016-02-18 07:24 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2016-02-18 07:24 . 2016-02-18 07:24 -------- d-----w- c:\program files (x86)\Java
2016-02-18 03:38 . 2016-02-18 03:45 -------- d-----w- c:\programdata\HitmanPro
2016-02-16 06:24 . 2016-02-06 10:24 2887680 ----a-w- c:\windows\system32\iertutil.dll
2016-02-16 06:23 . 2016-02-16 06:23 3231232 ----a-w- c:\windows\explorer.exe
2016-02-16 06:22 . 2016-02-16 06:22 3211776 ----a-w- c:\windows\system32\win32k.sys
2016-02-16 06:22 . 2016-02-16 06:22 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-03-08 21:03 . 2015-05-21 07:27 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-03-08 14:15 . 2015-12-03 10:43 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-03-06 14:13 . 2016-01-23 07:31 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-03-06 14:13 . 2016-01-23 07:31 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-02-16 06:38 . 2015-05-20 04:17 146614896 ----a-w- c:\windows\system32\MRT.exe
2016-02-16 06:24 . 2016-02-16 06:24 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-01-21 17:25 . 2015-12-03 10:12 2 --shatr- c:\windows\winstart.bat
2016-01-18 14:10 . 2016-01-18 14:10 91648 ----a-w- c:\windows\system32\mapistub.dll
2016-01-18 14:10 . 2016-01-18 14:10 91648 ----a-w- c:\windows\system32\mapi32.dll
2016-01-18 14:10 . 2016-01-18 14:10 76800 ----a-w- c:\windows\SysWow64\mapistub.dll
2016-01-18 14:10 . 2016-01-18 14:10 17920 ----a-w- c:\windows\system32\fixmapi.exe
2016-01-18 14:10 . 2016-01-18 14:10 14336 ----a-w- c:\windows\SysWow64\fixmapi.exe
2016-01-18 14:10 . 2016-01-18 14:10 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2016-01-18 14:10 . 2016-01-18 14:10 1307136 ----a-w- c:\windows\system32\msmpeg2adec.dll
2016-01-18 14:10 . 2016-01-18 14:10 1232896 ----a-w- c:\windows\system32\WMADMOD.DLL
2016-01-18 14:10 . 2016-01-18 14:10 978944 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2016-01-18 14:10 . 2016-01-18 14:10 970240 ----a-w- c:\windows\SysWow64\msmpeg2adec.dll
2016-01-18 14:10 . 2016-01-18 14:10 902144 ----a-w- c:\windows\SysWow64\WMADMOD.DLL
2016-01-18 14:10 . 2016-01-18 14:10 829952 ----a-w- c:\windows\SysWow64\MSMPEG2ENC.DLL
2016-01-18 14:10 . 2016-01-18 14:10 739328 ----a-w- c:\windows\SysWow64\WMSPDMOD.DLL
2016-01-18 14:10 . 2016-01-18 14:10 666112 ----a-w- c:\windows\system32\WMVSDECD.DLL
2016-01-18 14:10 . 2016-01-18 14:10 541184 ----a-w- c:\windows\SysWow64\WMVSDECD.DLL
2016-01-18 14:10 . 2016-01-18 14:10 4121600 ----a-w- c:\windows\system32\mf.dll
2016-01-18 14:10 . 2016-01-18 14:10 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2016-01-18 14:10 . 2016-01-18 14:10 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2016-01-18 14:10 . 2016-01-18 14:10 1160192 ----a-w- c:\windows\system32\MSMPEG2ENC.DLL
2016-01-18 14:10 . 2016-01-18 14:10 1153024 ----a-w- c:\windows\system32\WMADMOE.DLL
2016-01-18 14:10 . 2016-01-18 14:10 815616 ----a-w- c:\windows\SysWow64\WMADMOE.DLL
2016-01-18 14:10 . 2016-01-18 14:10 740352 ----a-w- c:\windows\SysWow64\wmpmde.dll
2016-01-18 14:10 . 2016-01-18 14:10 665088 ----a-w- c:\windows\SysWow64\WMVXENCD.DLL
2016-01-18 14:10 . 2016-01-18 14:10 642048 ----a-w- c:\windows\system32\WMVXENCD.DLL
2016-01-18 14:10 . 2016-01-18 14:10 632320 ----a-w- c:\windows\system32\evr.dll
2016-01-18 14:10 . 2016-01-18 14:10 489984 ----a-w- c:\windows\SysWow64\evr.dll
2016-01-18 14:10 . 2016-01-18 14:10 1955328 ----a-w- c:\windows\system32\WMVENCOD.DLL
2016-01-18 14:10 . 2016-01-18 14:10 189952 ----a-w- c:\windows\system32\COLORCNV.DLL
2016-01-18 14:10 . 2016-01-18 14:10 1575424 ----a-w- c:\windows\system32\WMSPDMOE.DLL
2016-01-18 14:10 . 2016-01-18 14:10 1573888 ----a-w- c:\windows\system32\quartz.dll
2016-01-18 14:10 . 2016-01-18 14:10 1568768 ----a-w- c:\windows\SysWow64\WMVENCOD.DLL
2016-01-18 14:10 . 2016-01-18 14:10 153600 ----a-w- c:\windows\SysWow64\COLORCNV.DLL
2016-01-18 14:10 . 2016-01-18 14:10 1329664 ----a-w- c:\windows\SysWow64\quartz.dll
2016-01-18 14:10 . 2016-01-18 14:10 1026048 ----a-w- c:\windows\system32\wmpmde.dll
2016-01-18 14:10 . 2016-01-18 14:10 1010688 ----a-w- c:\windows\system32\mcmde.dll
2016-01-18 14:10 . 2016-01-18 14:10 76288 ----a-w- c:\windows\system32\devenum.dll
2016-01-18 14:10 . 2016-01-18 14:10 67584 ----a-w- c:\windows\SysWow64\devenum.dll
2016-01-18 14:10 . 2016-01-18 14:10 653824 ----a-w- c:\windows\system32\MP4SDECD.DLL
2016-01-18 14:10 . 2016-01-18 14:10 484864 ----a-w- c:\windows\system32\MFWMAAEC.DLL
2016-01-18 14:10 . 2016-01-18 14:10 447488 ----a-w- c:\windows\system32\WMVSENCD.DLL
2016-01-18 14:10 . 2016-01-18 14:10 432128 ----a-w- c:\windows\system32\mfplat.dll
2016-01-18 14:10 . 2016-01-18 14:10 292352 ----a-w- c:\windows\system32\VIDRESZR.DLL
2016-01-18 14:10 . 2009-07-14 00:22 1393152 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2016-01-18 14:10 . 2016-01-18 14:10 70144 ----a-w- c:\windows\system32\mfvdsp.dll
2016-01-18 14:10 . 2016-01-18 14:10 609280 ----a-w- c:\windows\SysWow64\MFWMAAEC.DLL
2016-01-18 14:10 . 2016-01-18 14:10 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2016-01-18 14:10 . 2016-01-18 14:10 371712 ----a-w- c:\windows\system32\qdvd.dll
2016-01-18 14:10 . 2016-01-18 14:10 358400 ----a-w- c:\windows\SysWow64\WMVSENCD.DLL
2016-01-18 14:10 . 2016-01-18 14:10 354816 ----a-w- c:\windows\SysWow64\mfplat.dll
2016-01-18 14:10 . 2016-01-18 14:10 250880 ----a-w- c:\windows\system32\ksproxy.ax
2016-01-18 14:10 . 2016-01-18 14:10 241152 ----a-w- c:\windows\SysWow64\MPG4DECD.DLL
2016-01-18 14:10 . 2016-01-18 14:10 241152 ----a-w- c:\windows\SysWow64\MP43DECD.DLL
2016-01-18 14:10 . 2016-01-18 14:10 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2016-01-18 14:10 . 2016-01-18 14:10 225792 ----a-w- c:\windows\system32\RESAMPLEDMO.DLL
2016-01-18 14:10 . 2016-01-18 14:10 224768 ----a-w- c:\windows\system32\MPG4DECD.DLL
2016-01-18 14:10 . 2016-01-18 14:10 223744 ----a-w- c:\windows\system32\MP43DECD.DLL
2016-01-18 14:10 . 2016-01-18 14:10 206848 ----a-w- c:\windows\SysWow64\qasf.dll
2016-01-18 14:10 . 2016-01-18 14:10 1325056 ----a-w- c:\windows\SysWow64\WMSPDMOE.DLL
2016-01-18 14:10 . 2016-01-18 14:10 100864 ----a-w- c:\windows\system32\MP3DMOD.DLL
2016-01-18 14:10 . 2016-01-18 14:10 415744 ----a-w- c:\windows\SysWow64\MP4SDECD.DLL
2016-01-18 14:10 . 2016-01-18 14:10 378880 ----a-w- c:\windows\system32\SysFxUI.dll
2016-01-18 14:10 . 2016-01-18 14:10 254464 ----a-w- c:\windows\system32\qasf.dll
2016-01-18 14:10 . 2016-01-18 14:10 206848 ----a-w- c:\windows\SysWow64\RESAMPLEDMO.DLL
2016-01-18 14:10 . 2016-01-18 14:10 154112 ----a-w- c:\windows\SysWow64\VIDRESZR.DLL
2016-01-18 14:10 . 2016-01-18 14:10 79872 ----a-w- c:\windows\SysWow64\MP3DMOD.DLL
2016-01-18 14:10 . 2016-01-18 14:10 55808 ----a-w- c:\windows\system32\rrinstaller.exe
2016-01-18 14:10 . 2016-01-18 14:10 53248 ----a-w- c:\windows\SysWow64\mfvdsp.dll
2016-01-18 14:10 . 2016-01-18 14:10 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe
2016-01-18 14:10 . 2016-01-18 14:10 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2016-01-18 14:10 . 2016-01-18 14:10 24576 ----a-w- c:\windows\system32\mfpmp.exe
2016-01-18 14:10 . 2016-01-18 14:10 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
2016-01-18 14:10 . 2016-01-18 14:10 23040 ----a-w- c:\windows\SysWow64\mfpmp.exe
2016-01-18 14:10 . 2016-01-18 14:10 206848 ----a-w- c:\windows\system32\mfps.dll
2016-01-18 14:10 . 2016-01-18 14:10 193536 ----a-w- c:\windows\SysWow64\ksproxy.ax
2016-01-18 14:10 . 2016-01-18 14:10 103424 ----a-w- c:\windows\SysWow64\mfps.dll
2016-01-18 14:10 . 2016-01-18 14:10 5632 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2016-01-18 14:10 . 2016-01-18 14:10 5120 ----a-w- c:\windows\system32\ksuser.dll
2016-01-18 14:10 . 2016-01-18 14:10 4608 ----a-w- c:\windows\SysWow64\ksuser.dll
2016-01-18 14:10 . 2016-01-18 14:10 2048 ----a-w- c:\windows\SysWow64\mferror.dll
2016-01-18 14:10 . 2016-01-18 14:10 2048 ----a-w- c:\windows\system32\mferror.dll
2016-01-18 14:10 . 2016-01-18 14:10 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
2016-01-18 14:08 . 2016-01-18 14:08 210432 ----a-w- c:\windows\system32\aepic.dll
2016-01-18 14:08 . 2016-01-18 14:08 624640 ----a-w- c:\windows\system32\qedit.dll
2016-01-18 14:08 . 2016-01-18 14:08 509952 ----a-w- c:\windows\SysWow64\qedit.dll
2016-01-18 14:08 . 2016-01-18 14:08 405504 ----a-w- c:\windows\system32\gdi32.dll
2016-01-18 14:08 . 2016-01-18 14:08 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2016-01-06 18:02 . 2016-01-06 18:02 506368 ----a-w- c:\windows\SysWow64\msxml.dll
2016-01-06 18:02 . 2016-01-06 18:02 42624 ----a-w- c:\windows\system32\CleanMFT64.exe
2015-12-18 07:09 . 2015-12-18 07:09 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2015-12-12 11:57 . 2015-12-12 11:57 7168 ----a-w- c:\windows\system32\kbdgeoqw.dll
2015-12-12 11:57 . 2015-12-12 11:57 7168 ----a-w- c:\windows\system32\KBDAZEL.DLL
2015-12-12 11:57 . 2015-12-12 11:57 7168 ----a-w- c:\windows\system32\KBDAZE.DLL
2015-12-12 11:57 . 2015-12-12 11:57 69120 ----a-w- c:\windows\SysWow64\nlsbres.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotPostWindows10UpgradeReInstall"="c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [2015-12-18 1011200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-02-18 594992]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2015-12-18 4101576]
"Razer Mamba Driver"="c:\program files (x86)\Razer\Mamba\RazerTray.exe" [2009-12-15 3278728]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\15561693.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\25003510.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\27042459.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\40556670.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\71495709.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\80438313.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\86899273.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"Razer Mamba Elite Driver"=c:\program files (x86)\Razer\Mamba\RazerMambaSysTray.exe
.
R0 szkg5;szkg5;c:\windows\SySWOW64\drivers\szkg64.sys;c:\windows\SySWOW64\drivers\szkg64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\DRIVERS\thdudf.sys;c:\windows\SYSNATIVE\DRIVERS\thdudf.sys [x]
R3 DFX11_1;DFX Audio Enhancer 11.1;c:\windows\system32\drivers\dfx11_1x64.sys;c:\windows\SYSNATIVE\drivers\dfx11_1x64.sys [x]
R3 DiskDoctorService;Norton Disk Doctor Service;c:\program files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe;c:\program files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [x]
R3 ESETCleanersDriver;ESET Cleaner Service;c:\windows\system32\Drivers\ESETCleanersDriver.sys;c:\windows\SYSNATIVE\Drivers\ESETCleanersDriver.sys [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 SpeedDiskService;Norton SpeedDisk Service;c:\program files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe;c:\program files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [x]
R3 SRS_AE_Service;SRS Audio;c:\windows\system32\drivers\SRS_AE_amd64.sys;c:\windows\SYSNATIVE\drivers\SRS_AE_amd64.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Υπηρεσία Τεχνολογιών ενεργοποίησης των Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe;c:\program files\BitComet\tools\BitCometService.exe [x]
R4 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R4 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R4 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 epp;epp;c:\eek\bin64\epp.sys;c:\eek\bin64\epp.sys [x]
S1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]
S1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\ekbdflt.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NU16StartManagerSvc;Norton Utilities 16 Start Manager Service;c:\program files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe;c:\program files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 ZAMSvc;ZAM Controller Service;c:\program files (x86)\Zemana AntiMalware\ZAM.exe;c:\program files (x86)\Zemana AntiMalware\ZAM.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
Contents of the 'Scheduled Tasks' folder
.
2016-03-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-23 14:13]
.
2016-03-08 c:\windows\Tasks\NUAutoUpdate.job
- c:\program files (x86)\Symantec\Norton Utilities 16\SULauncher.exe [2016-01-06 18:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-03 8317472]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"ZAM"="c:\program files (x86)\Zemana AntiMalware\ZAM.exe" [2016-02-18 12831984]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
https://google.gr/
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{004AFB15-27F8-48AB-8CC8-CD0037C62D6E}: NameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.20"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-03-09  01:02:26
ComboFix-quarantined-files.txt  2016-03-08 23:02
.
Pre-Run: 15 Κατάλογοι 136.575.787.008 διαθέσιμα byte
Post-Run: 16 Κατάλογοι 136.479.191.040 διαθέσιμα byte
.
- - End Of File - - 6F7850E63875DE3E7DAEDB6D302AF21C
A36C5E4F47E84449FF07ED3517B43A31

 

Looking forward for your further assistance.
Have a nice day Yılmaz.



#11 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:00 AM

Posted 09 March 2016 - 11:34 AM

Hi again,
ESET firewall-ESET (Enabled)
Windows Firewall is enabled.
 

Please do Windows Firewall disable.

============================================================================

Please do the following:

Internet Explorer 9, 10 and 11 (Win) - Clearing Cache and Cookies
https://kb.wisc.edu/page.php?id=15141
Next >>
How to reset Internet Explorer settings
https://support.microsoft.com/en-us/kb/923737

 

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141

 

For Chrome:
Delete your cache, history, and other browser data
https://support.google.com/chrome/answer/95582?hl=en
Next >>
Reset Chrome browser settings

https://support.google.com/chrome/answer/3296214?hl=en

=======================================================================================

Hosts File
Replace your current HOSTS file with a tweaked one, as the MVPS Host file, that restricts access to known bad sites improving your security.
It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer.

To do it:

  • Download hosts.zip and save it to your desktop
  • Right click the file you just downloaded on your desktop and select => Extract to "hosts\"
  • In the hosts folder on your desktop, double click on mvps.bat file to run the program
  • A prompt will appear, press any key to continue

A good source of information about safe computing is this topic by quietman7.

=========================================================================================

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

=========================================================================

How are the machine,browsers running now and any issues ? Please let me know.

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 john_ok1

john_ok1
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 09 March 2016 - 03:31 PM

Yılmaz the scan finished, and the results are:

 

C:\Users\Detilina\Desktop\ALLOK\Παιχνίδια\C0D.B0.3.III. -trainer.exe a variant of Win64/HackTool  potentially unsafe application deleted

 

So far i haven't mentioned anything strange and the machine and browser running fine.

What's next?


Edited by john_ok1, 09 March 2016 - 03:40 PM.


#13 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:00 AM

Posted 10 March 2016 - 02:20 PM

Good :thumbup2:  But we check again.
Please post a fresh FRST Logs for my check.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 john_ok1

john_ok1
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:00 AM

Posted 11 March 2016 - 05:41 AM

Yılmaz the scan finished, and the results are:

 

FRST64

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Detilina (administrator) on DETILINA-PC (11-03-2016 12:21:30)
Running from C:\Users\Detilina\Desktop
Loaded Profiles: Detilina &  (Available Profiles: Detilina & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Ελληνικά (Ελλάδας)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(PC Tools) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8317472 2009-11-03] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2015-12-18] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Razer Mamba Driver] => C:\Program Files (x86)\Razer\Mamba\RazerTray.exe [3278728 2009-12-15] (Razer USA Ltd)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-12-18] (Safer-Networking Ltd.)
HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\Policies\Explorer: [NoInstrumentation] 1
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{004AFB15-27F8-48AB-8CC8-CD0037C62D6E}: [NameServer] 192.168.1.1
Tcpip\..\Interfaces\{004AFB15-27F8-48AB-8CC8-CD0037C62D6E}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DAF73D0D-5B4B-4730-96B6-CBBA05E91C0C}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://google.co.uk/
SearchScopes: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000 -> DefaultScope {2298399D-B8D4-4615-8F53-91A779A093B1} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000 -> {2298399D-B8D4-4615-8F53-91A779A093B1} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-03-10] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-10] (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-03-10] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-10] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-10] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2016-01-18] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-23] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
S3 DiskDoctorService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1150592 2016-01-06] (Symantec Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2505472 2015-10-09] (ESET)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-12-03] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-12-03] (Malwarebytes)
R2 NU16StartManagerSvc; C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [795776 2016-01-06] (PC Tools)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2007048 2015-08-24] (Electronic Arts)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2015-12-18] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2015-12-18] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2015-12-18] (Safer-Networking Ltd.)
S3 SpeedDiskService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1163904 2016-01-06] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2015-07-22] ()
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [264040 2015-09-23] (ESET)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [186784 2015-09-23] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [142976 2015-10-07] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [206312 2015-09-23] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [52872 2015-09-23] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [69840 2015-09-23] (ESET)
R1 epp; C:\EEK\bin64\epp.sys [124080 2016-02-11] (Emsisoft Ltd)
S3 ESETCleanersDriver; C:\Windows\system32\Drivers\ESETCleanersDriver.sys [170280 2015-12-03] (ESET)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-02] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2015-07-22] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-12-03] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-11] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-12-03] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation)
S3 SRS_AE_Service; C:\Windows\System32\drivers\SRS_AE_amd64.sys [549704 2012-06-21] ()
S2 thdudf; C:\Windows\SysWOW64\DRIVERS\thdudf.sys [66944 2010-09-09] (TOSHIBA Corporation) [File not signed]
S3 DFX11_1; system32\drivers\dfx11_1x64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S0 szkg5; SySWOW64\drivers\szkg64.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-11 12:21 - 2016-03-11 12:21 - 00012617 _____ C:\Users\Detilina\Desktop\FRST.txt
2016-03-11 12:21 - 2016-03-11 12:21 - 00000000 ____D C:\FRST
2016-03-10 22:15 - 2016-03-10 22:15 - 02374144 _____ (Farbar) C:\Users\Detilina\Desktop\FRST64.exe
2016-03-10 16:36 - 2016-03-10 16:37 - 00000000 ____D C:\Users\Detilina\Desktop\Νέος φάκελος
2016-03-10 16:30 - 2016-03-10 16:30 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-03-10 16:29 - 2016-03-10 16:29 - 00000000 ____D C:\Program Files\Java
2016-03-10 16:28 - 2016-03-10 16:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-10 16:28 - 2016-03-10 16:28 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-03-10 16:28 - 2016-03-10 16:28 - 00000000 ____D C:\Program Files (x86)\Java
2016-03-10 01:11 - 2016-03-10 01:11 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-09 21:59 - 2016-03-09 22:56 - 00000000 ____D C:\ProgramData\RogueKiller
2016-03-09 21:35 - 2016-03-09 22:30 - 00000554 _____ C:\Users\Detilina\Desktop\ESETScan.txt
2016-03-08 18:13 - 2016-03-08 19:01 - 00000000 ____D C:\Users\Detilina\Desktop\BOOM
2016-03-08 16:06 - 2016-03-08 16:06 - 00000000 ____D C:\Users\Detilina\AppData\Roaming\MPC-HC
2016-03-08 04:51 - 2016-03-11 07:20 - 00000294 _____ C:\Windows\Tasks\NUAutoUpdate.job
2016-03-08 04:04 - 2016-03-09 02:02 - 00000926 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-03-08 04:04 - 2016-03-09 02:01 - 00009285 _____ C:\Windows\ZAM.krnl.trace
2016-03-08 01:14 - 2016-03-08 00:58 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-03-08 00:56 - 2016-03-09 18:57 - 00000000 ____D C:\Users\Detilina\Desktop\Νέος φάκελος (2)
2016-03-07 22:48 - 2016-03-07 23:04 - 00000000 ____D C:\Users\Detilina\Desktop\BLEEP
2016-03-07 08:20 - 2016-03-07 08:21 - 00047616 _____ C:\Users\Detilina\Desktop\Joker_2016.xls
2016-03-04 23:24 - 2016-03-04 23:57 - 423530341 _____ C:\Users\Detilina\Desktop\v.flv
2016-03-04 23:19 - 2016-03-05 00:39 - 352303097 _____ C:\Users\Detilina\Desktop\video.mp4
2016-03-01 18:22 - 2016-03-01 18:22 - 00000000 ____D C:\Users\Detilina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-02-25 20:27 - 2016-02-25 20:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2016-02-25 20:27 - 2016-02-25 20:27 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2016-02-25 20:27 - 2015-07-13 20:00 - 00126976 _____ C:\Windows\system32\ff_vfw.dll
2016-02-25 20:27 - 2015-07-13 20:00 - 00112128 _____ C:\Windows\SysWOW64\ff_vfw.dll
2016-02-25 20:27 - 2015-06-22 15:25 - 00254976 _____ C:\Windows\system32\xvidvfw.dll
2016-02-25 20:27 - 2015-06-22 15:25 - 00240128 _____ C:\Windows\SysWOW64\xvidvfw.dll
2016-02-25 20:27 - 2015-06-22 15:24 - 00729088 _____ C:\Windows\system32\xvidcore.dll
2016-02-25 20:27 - 2015-02-28 17:22 - 03571200 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll
2016-02-25 20:27 - 2015-02-28 17:21 - 03591680 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll
2016-02-25 20:27 - 2012-07-21 12:55 - 00180736 _____ (fccHandler) C:\Windows\system32\ac3acm.acm
2016-02-25 20:27 - 2012-07-21 12:54 - 00122880 _____ (fccHandler) C:\Windows\SysWOW64\ac3acm.acm
2016-02-25 20:27 - 2011-12-07 19:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll
2016-02-25 20:27 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2016-02-25 13:35 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2016-02-16 08:25 - 2016-01-22 22:31 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-16 08:25 - 2016-01-22 22:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-16 08:25 - 2016-01-22 08:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-02-16 08:25 - 2016-01-22 08:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-02-16 08:25 - 2016-01-22 08:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-16 08:25 - 2016-01-22 08:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-16 08:25 - 2016-01-22 08:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-02-16 08:25 - 2016-01-22 08:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-02-16 08:25 - 2016-01-22 08:33 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-16 08:25 - 2016-01-22 08:32 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-02-16 08:25 - 2016-01-22 08:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-16 08:25 - 2016-01-22 08:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-16 08:25 - 2016-01-22 08:27 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-02-16 08:25 - 2016-01-22 08:27 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-02-16 08:25 - 2016-01-22 08:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-16 08:25 - 2016-01-22 08:17 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-16 08:25 - 2016-01-22 08:09 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-16 08:25 - 2016-01-22 08:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-02-16 08:25 - 2016-01-22 08:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-02-16 08:25 - 2016-01-22 08:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-16 08:25 - 2016-01-22 08:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-16 08:25 - 2016-01-22 08:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-16 08:25 - 2016-01-22 08:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-02-16 08:25 - 2016-01-22 08:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-02-16 08:25 - 2016-01-22 08:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-02-16 08:25 - 2016-01-22 08:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-02-16 08:25 - 2016-01-22 08:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-02-16 08:25 - 2016-01-22 07:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-02-16 08:25 - 2016-01-22 07:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-02-16 08:25 - 2016-01-22 07:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-16 08:25 - 2016-01-22 07:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-02-16 08:25 - 2016-01-22 07:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-16 08:25 - 2016-01-22 07:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-16 08:25 - 2016-01-22 07:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-16 08:25 - 2016-01-22 07:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-16 08:25 - 2016-01-22 07:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-16 08:25 - 2016-01-22 07:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-02-16 08:25 - 2016-01-22 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-02-16 08:25 - 2016-01-22 07:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-02-16 08:25 - 2016-01-22 07:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-02-16 08:25 - 2016-01-22 07:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-16 08:25 - 2016-01-22 07:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-02-16 08:25 - 2016-01-22 07:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-02-16 08:25 - 2016-01-22 07:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-02-16 08:25 - 2016-01-22 07:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-16 08:25 - 2016-01-22 07:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-16 08:25 - 2016-01-22 07:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-16 08:25 - 2016-01-22 07:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-16 08:25 - 2016-01-22 07:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-02-16 08:25 - 2016-01-22 07:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-16 08:25 - 2016-01-22 07:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-16 08:25 - 2016-01-22 07:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-02-16 08:24 - 2016-02-16 08:24 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-02-16 08:24 - 2016-02-16 08:24 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-16 08:24 - 2016-02-16 08:24 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-16 08:24 - 2016-02-16 08:24 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-16 08:24 - 2016-02-16 08:24 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-16 08:24 - 2016-02-16 08:24 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-16 08:24 - 2016-02-16 08:24 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-16 08:24 - 2016-02-16 08:24 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-16 08:24 - 2016-02-16 08:24 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-16 08:24 - 2016-02-16 08:24 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-16 08:24 - 2016-02-16 08:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-02-16 08:24 - 2016-02-16 08:24 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-16 08:24 - 2016-02-16 08:24 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-02-16 08:24 - 2016-02-16 08:24 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-02-16 08:24 - 2016-02-16 08:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-16 08:24 - 2016-02-16 08:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-02-16 08:24 - 2016-02-06 12:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-16 08:24 - 2016-02-06 12:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-16 08:24 - 2016-02-06 12:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-16 08:24 - 2016-02-06 12:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-16 08:24 - 2016-02-06 12:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-16 08:24 - 2016-02-06 12:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-16 08:24 - 2016-02-06 11:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-02-16 08:24 - 2016-02-06 11:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-16 08:24 - 2016-02-06 11:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-02-16 08:24 - 2016-02-06 11:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-02-16 08:24 - 2016-02-06 11:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-16 08:24 - 2016-02-06 11:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-16 08:24 - 2016-02-06 11:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-16 08:24 - 2016-02-06 10:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-16 08:24 - 2016-01-22 08:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-16 08:24 - 2016-01-22 08:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-16 08:24 - 2016-01-22 08:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-16 08:24 - 2016-01-22 08:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-16 08:24 - 2016-01-22 08:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-16 08:24 - 2016-01-22 08:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-16 08:24 - 2016-01-22 08:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-16 08:24 - 2016-01-22 08:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-16 08:24 - 2016-01-22 08:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-16 08:24 - 2016-01-22 08:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-16 08:24 - 2016-01-16 21:06 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-16 08:24 - 2016-01-16 20:54 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-16 08:24 - 2016-01-11 16:08 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-16 08:24 - 2016-01-11 16:08 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-16 08:24 - 2016-01-11 16:08 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-16 08:24 - 2016-01-11 16:08 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-16 08:24 - 2016-01-11 16:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-16 08:24 - 2016-01-06 21:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-16 08:24 - 2016-01-06 21:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-02-16 08:24 - 2016-01-06 20:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-02-16 08:23 - 2016-02-16 08:23 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-16 08:23 - 2016-02-16 08:23 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-16 08:23 - 2016-02-16 08:23 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-16 08:23 - 2016-02-16 08:23 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-02-16 08:23 - 2016-02-16 08:23 - 02610176 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-16 08:23 - 2016-02-16 08:23 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-16 08:23 - 2016-02-16 08:23 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-02-16 08:23 - 2016-02-16 08:23 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-16 08:23 - 2016-02-16 08:23 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-02-16 08:23 - 2016-02-16 08:23 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-16 08:23 - 2016-02-16 08:23 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-16 08:23 - 2016-02-16 08:23 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-16 08:23 - 2016-02-16 08:23 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-02-16 08:23 - 2016-02-16 08:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-16 08:23 - 2016-02-16 08:23 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-16 08:23 - 2016-02-16 08:23 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-02-16 08:23 - 2016-02-16 08:23 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-02-16 08:23 - 2016-02-16 08:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-16 08:23 - 2016-02-16 08:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-16 08:23 - 2016-02-16 08:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-16 08:23 - 2016-02-16 08:23 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-02-16 08:23 - 2016-02-16 08:23 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-02-16 08:23 - 2016-02-16 08:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-02-16 08:22 - 2016-02-16 08:22 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-16 08:22 - 2016-02-16 08:22 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-11 12:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-03-11 11:58 - 2016-01-23 09:31 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-11 08:39 - 2015-08-04 15:35 - 00000000 ____D C:\ProgramData\TEMP
2016-03-11 07:44 - 2015-05-21 09:27 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-11 07:40 - 2009-07-14 06:45 - 00015136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-11 07:40 - 2009-07-14 06:45 - 00015136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-11 07:19 - 2015-05-20 04:12 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-11 07:19 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-10 19:25 - 2015-08-14 08:14 - 00000000 ____D C:\Users\Detilina\AppData\LocalLow\Adblock Plus for IE
2016-03-10 18:11 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-03-10 16:32 - 2015-05-21 03:30 - 00000000 ____D C:\Users\Detilina\AppData\Roaming\NVIDIA
2016-03-10 15:32 - 2015-07-24 22:14 - 00000000 ____D C:\Users\Detilina\Documents\My Games
2016-03-10 12:28 - 2016-01-15 12:34 - 00000000 ____D C:\Users\Detilina\Desktop\EURO
2016-03-10 12:11 - 2009-07-14 11:13 - 00701636 _____ C:\Windows\system32\perfh008.dat
2016-03-10 12:11 - 2009-07-14 11:13 - 00180914 _____ C:\Windows\system32\perfc008.dat
2016-03-10 12:11 - 2009-07-14 07:13 - 01664738 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-09 22:03 - 2015-12-03 12:43 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-03-09 03:03 - 2015-05-21 03:55 - 00000000 ____D C:\Users\Detilina\AppData\Local\CrashDumps
2016-03-09 02:19 - 2016-01-23 09:31 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-09 02:19 - 2016-01-23 09:31 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-09 02:19 - 2016-01-23 09:31 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-09 02:19 - 2015-06-20 09:52 - 00000000 ____D C:\Users\Detilina\AppData\Local\Adobe
2016-03-09 02:16 - 2015-06-20 09:56 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-03-09 02:16 - 2015-06-20 09:56 - 00002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-09 01:55 - 2015-05-22 14:50 - 00000000 ___RD C:\Users\Detilina\Desktop\Συντομεύσεις Προγραμμάτων
2016-03-09 00:58 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2016-03-09 00:49 - 2015-07-28 14:55 - 00000000 ____D C:\Windows\erdnt
2016-03-08 04:51 - 2016-01-06 19:23 - 00002530 _____ C:\Windows\System32\Tasks\NUAutoUpdate
2016-03-08 04:42 - 2009-07-14 04:34 - 00000035 _____ C:\Windows\system32\Drivers\etc\HOSTS.MVP
2016-03-08 03:49 - 2015-12-31 18:05 - 00000000 ____D C:\Users\Detilina\AppData\Local\Apps\2.0
2016-03-07 23:10 - 2015-05-23 07:58 - 00000000 ____D C:\Windows\pss
2016-03-07 21:21 - 2016-01-18 05:13 - 00000000 ____D C:\EEK
2016-03-07 19:14 - 2015-07-24 18:10 - 00000000 ____D C:\Users\Detilina\Desktop\ALLOK
2016-03-03 21:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-03-02 19:54 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-01 17:46 - 2015-05-21 08:55 - 00000000 ____D C:\Users\Detilina\AppData\Roaming\BitComet
2016-02-28 09:48 - 2015-08-11 03:37 - 00000000 ____D C:\Users\Detilina\Desktop\Συντομεύσεις Παιχνιδιών
2016-02-28 09:41 - 2015-05-20 03:54 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-26 05:56 - 2015-08-08 21:53 - 00000000 ____D C:\Users\Detilina\Downloads\Video
2016-02-25 16:47 - 2015-07-24 23:18 - 00000000 ____D C:\ProgramData\Solidshield
2016-02-24 16:39 - 2015-11-24 09:08 - 00000000 ____D C:\Users\Detilina\Desktop\ΑΘΗΝΑ
2016-02-24 16:08 - 2015-05-20 02:23 - 00000000 ____D C:\Users\Detilina
2016-02-24 16:07 - 2009-07-14 07:08 - 00032502 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-02-24 16:06 - 2016-01-10 20:37 - 00000000 ____D C:\Users\UpdatusUser
2016-02-24 16:06 - 2015-05-20 11:00 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-24 16:06 - 2009-07-14 11:52 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-02-24 16:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2016-02-23 14:02 - 2015-08-21 08:14 - 00000000 ____D C:\Program Files\Adblock Plus for IE
2016-02-18 09:27 - 2015-11-21 09:02 - 00000000 ____D C:\Users\Detilina\.oracle_jre_usage
2016-02-18 09:25 - 2016-01-20 07:42 - 00000000 ____D C:\ProgramData\Oracle
2016-02-16 15:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-02-16 11:01 - 2015-05-20 06:19 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-16 11:01 - 2015-05-20 06:19 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-16 11:01 - 2009-07-14 11:54 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-16 08:42 - 2015-05-20 06:17 - 00000000 ____D C:\Windows\system32\MRT
2016-02-16 08:38 - 2015-05-20 06:17 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-10 06:26 - 2015-11-24 15:05 - 00000000 ____D C:\Program Files (x86)\Steam

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-03-09 05:51

==================== End of FRST.txt ============================

 

 

Addition

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Detilina (2016-03-11 12:22:01)
Running from C:\Users\Detilina\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2015-05-20 00:23:09)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-4161361871-1323430313-3158585620-500 - Administrator - Disabled)
Detilina (S-1-5-21-4161361871-1323430313-3158585620-1000 - Administrator - Enabled) => C:\Users\Detilina
Guest (S-1-5-21-4161361871-1323430313-3158585620-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-4161361871-1323430313-3158585620-1005 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 9.0.318.20 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: ESET Smart Security 9.0.318.20 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: Προσωπικό firewall της ESET (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{9A214995-CC60-4924-867B-E0899B24FF1B}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe PDF iFilter 11 for 64-bit platforms (HKLM\...\{BA5C0CC3-421B-4AE5-9370-1650D1941F30}) (Version: 11.0.00 - Adobe)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
BitComet 1.38 64-bit (HKLM-x32\...\BitComet_x64) (Version: 1.38 - CometNetwork)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
CPUID CPU-Z 1.60.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
DVDFab 8.2.2.7 (06/02/2013) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
eJuice Me Up (HKLM-x32\...\{399E77D0-5CEC-41CE-AC95-179E2A0B1893}) (Version: 15.7.0 - Breaktru Software)
ESET Smart Security (HKLM\...\{7C7860E7-FD91-4421-BC2B-B7C3C5A2A179}) (Version: 9.0.318.20 - ESET, spol. s r.o.)
ImTOO Video Converter Ultimate 6 (HKLM-x32\...\ImTOO Video Converter Ultimate 6) (Version: 6.5.5.0426 - ImTOO)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
ISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version:  - isotousb.com)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
K-Lite Mega Codec Pack 11.2.8 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.2.8 - )
Leawo Total Media Converter Ultimate version  5.0.0.0 (HKLM-x32\...\{A5F041A4-812A-47C2-AD53-8893A81019FB}_is1) (Version:  - )
Leawo Youtube Downloader Version: 4.0.0.2 (HKLM-x32\...\{9E887DDE-2882-43E3-8AAF-127F8198030D}_is1) (Version:  - )
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware έκδοση 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mamba Firmware Updater 1.13 (HKLM-x32\...\{6C6ED584-9F75-4235-8718-1F35B59814E8}) (Version: 1.13.00 - Razer USA Ltd.)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1036 - Marvell)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.10.5.3 - Marvell)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Ελληνικά) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1032) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110408-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Utilities 16 (HKLM-x32\...\Norton Utilities 16_is1) (Version: 16.0 - Symantec Corporation)
NVIDIA Λογισμικό σύστημα PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
NVIDIA Πρόγραμμα οδήγησης 3D Vision 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.62 - NVIDIA Corporation)
NVIDIA Πρόγραμμα οδήγησης γραφικών 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation)
NVIDIA Πρόγραμμα οδήγησης ελεγκτή 3D Vision 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA Πρόγραμμα οδήγησης ήχου HD 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
Razer Mamba (HKLM-x32\...\{7BE49DA7-EDA4-4C63-AA06-DCDF6858C3F3}) (Version: 1.07.00 - Razer USA Ltd.)
Razer Mamba (HKLM-x32\...\{BF60B320-3AA3-4DFB-B542-BDA6D4F1A60E}) (Version: 2.01.05 - Razer USA Ltd.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5973 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.1 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.28.1 - Renesas Electronics Corporation) Hidden
Revo Uninstaller 1.89 (HKLM-x32\...\Revo Uninstaller) (Version: 1.89 - VS Revo Group)
Revo Uninstaller Pro 2.5.7 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.7 - VS Revo Group, Ltd.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Subtitle Workshop 6.0b (HKLM-x32\...\SubtitleWorkshop) (Version:  - )
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version:  - )
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
WATCH_DOGS (HKLM-x32\...\Uplay Install 274) (Version:  - Ubisoft)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Xilisoft DivX to DVD Converter 6 (HKLM-x32\...\Xilisoft DivX to DVD Converter 6) (Version: 6.1.2.0827 - Xilisoft)
Xilisoft Video Converter Ultimate 6 (HKLM-x32\...\Xilisoft Video Converter Ultimate 6) (Version: 6.0.7.0707 - Xilisoft)
Πακέτο συμβατότητας για το 2007 Microsoft Office system (HKLM-x32\...\{90120000-0020-0408-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Πίνακας Ελέγχου NVIDIA 353.62 (Version: 353.62 - NVIDIA Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {8CB97BC2-124F-47DF-A75D-BC0EE6DDEE9C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-09] (Adobe Systems Incorporated)
Task: {9944B477-CD2B-4266-8EB9-121DABF491E4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-01-23] (Adobe Systems Incorporated)
Task: {CBA74441-7F6B-46EA-A4FC-17CB5B3CB7CD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2015-12-18] (Safer-Networking Ltd.)
Task: {D0ABFBC4-4F85-4738-8E2A-96EF0287BAD6} - System32\Tasks\NUAutoUpdate => C:\Program Files (x86)\Symantec\Norton Utilities 16\SULauncher.exe [2016-01-06] (Symantec)
Task: {D94972CB-6F42-4073-879A-96DC01E0A903} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2015-12-18] (Safer-Networking Ltd.)
Task: {E1BA1FB0-5935-494C-A614-D8A43FF3AA5F} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe
Task: {E6EE2E16-CE2F-4710-93C7-BED00CBCF2E7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-12-18] (Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\NUAutoUpdate.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\SULauncher.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-01-10 20:36 - 2015-07-23 03:31 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-12-18 09:09 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-12-18 09:09 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-12-18 09:09 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-12-18 09:09 - 2015-12-18 09:09 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-12-18 09:09 - 2015-12-18 09:09 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:792D4CF1 [126]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\Software\Classes\exefile:  <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7871 more sites.

IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\123simsen.com -> www.123simsen.com

There are 7869 more sites.

IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1003\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1003\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1003\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1003\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1003\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1003\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1003\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1003\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1003\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1003\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4161361871-1323430313-3158585620-1003\...\123simsen.com -> www.123simsen.com

There are 7871 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2016-02-08 03:18 - 00508411 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
0.0.0.0 m.fr.a2dfp.net
0.0.0.0 mfr.a2dfp.net
0.0.0.0 ad.a8.net
0.0.0.0 asy.a8ww.net
0.0.0.0 static.a-ads.com
0.0.0.0 atlas.aamedia.ro
0.0.0.0 abcstats.com
0.0.0.0 ad4.abradio.cz
0.0.0.0 a.abv.bg
0.0.0.0 adserver.abv.bg
0.0.0.0 adv.abv.bg
0.0.0.0 bimg.abv.bg
0.0.0.0 ca.abv.bg
0.0.0.0 track.acclaimnetwork.com
0.0.0.0 accuserveadsystem.com
0.0.0.0 www.accuserveadsystem.com
0.0.0.0 achmedia.com
0.0.0.0 csh.actiondesk.com
0.0.0.0 ads.activepower.net
0.0.0.0 app.activetrail.com
0.0.0.0 stat.active24stats.nl #[Tracking.Cookie]
0.0.0.0 traffic.acwebconnecting.com
0.0.0.0 office.ad1.ru
0.0.0.0 cms.ad2click.nl
0.0.0.0 ad2games.com
0.0.0.0 ads.ad2games.com
0.0.0.0 content.ad20.net
0.0.0.0 core.ad20.net
0.0.0.0 banner.ad.nu

There are 12091 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Detilina\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FEAEECDC-11B2-4935-95DA-491C00456A5A}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{CE13F583-E4F2-4314-89D7-916939F6D6AB}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{8F94B462-2AED-4CF5-8A49-A3595FE67D4B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C6FD1D51-5F24-45D1-9261-242329247251}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F208E6CA-A0ED-473E-A5C7-C797AF8FF694}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9DDAA65D-8DF8-46D9-95CF-8E60FC2A96ED}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FAF5F0E5-1509-4A47-AB5F-8E076D08A3BE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{529FDF4E-13BB-44CF-9C14-C94EAA192169}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

24-02-2016 16:17:41 ALLOKALL
25-02-2016 13:33:51 Installed Age of Empires III - The WarChiefs Trial
25-02-2016 13:39:34 Revo Uninstaller Pro's restore point - Age of Empires III - The WarChiefs Trial
25-02-2016 13:39:54 Removed Age of Empires III - The WarChiefs Trial
25-02-2016 17:32:59 Revo Uninstaller Pro's restore point - ANNO 1404
25-02-2016 20:19:07 Revo Uninstaller Pro's restore point - RogueKiller version 11
25-02-2016 20:20:19 Revo Uninstaller Pro's restore point - Media Player Classic 6.4.9.1
25-02-2016 20:20:52 Revo Uninstaller Pro's restore point - MPC-HC 1.7.10 (64-bit)
25-02-2016 20:21:24 Revo Uninstaller Pro's restore point - K-Lite Codec Pack 11.9.6 Full
28-02-2016 09:41:13 Revo Uninstaller Pro's restore point - ANNO 1404
28-02-2016 09:47:22 Revo Uninstaller Pro's restore point - Jigsaw Puzzle Platinum Edition
03-03-2016 14:03:30 Revo Uninstaller Pro's restore point - Age of Empires III - Complete Collection
07-03-2016 22:37:13 JRT Pre-Junkware Removal
07-03-2016 22:51:17 JRT Pre-Junkware Removal
08-03-2016 00:24:24 zoek.exe restore point
08-03-2016 00:58:59 zoek.exe restore point
08-03-2016 04:15:52 Zemana AntiMalware 8/3/2016 4:15:42 πμ
08-03-2016 04:36:52 Revo Uninstaller Pro's restore point - Glary Utilities Pro 2.46.0.1518
08-03-2016 22:20:46 JRT Pre-Junkware Removal
09-03-2016 01:53:11 Revo Uninstaller Pro's restore point - HitmanPro 3.7
09-03-2016 01:53:55 Revo Uninstaller Pro's restore point - RogueKiller version 12
09-03-2016 01:54:27 Revo Uninstaller Pro's restore point - Zemana AntiMalware
09-03-2016 02:02:18 Revo Uninstaller Pro's restore point - Zemana AntiMalware
09-03-2016 22:55:53 Revo Uninstaller Pro's restore point - RogueKiller version 12
10-03-2016 16:20:03 Revo Uninstaller Pro's restore point - Java 8 Update 73
10-03-2016 16:20:33 Removed Java 8 Update 73
10-03-2016 16:21:59 Revo Uninstaller Pro's restore point - Java 8 Update 73 (64-bit)
10-03-2016 16:22:14 Removed Java 8 Update 73 (64-bit)
Check "winmgmt" service or repair WMI.

==================== Faulty Device Manager Devices =============

Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (03/11/2016 12:20:13 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (03/11/2016 12:20:11 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

CodeIntegrity:
===================================
  Date: 2015-12-02 19:41:07.347
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-02 19:29:19.262
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-02 19:05:05.014
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-02 18:42:52.868
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-08-20 23:52:56.191
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-08-20 23:52:56.160
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-22 05:55:48.211
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-21 16:02:10.347
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-21 14:52:32.676
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-21 14:50:28.892
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 30%
Total physical RAM: 6135.11 MB
Available physical RAM: 4284.04 MB
Total Virtual: 12268.43 MB
Available Virtual: 10161.05 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:293.74 GB) (Free:118.96 GB) NTFS
Drive e: (Back Up Allok) (Fixed) (Total:171.93 GB) (Free:20.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 81A781A7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=293.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=171.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 



#15 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:00 AM

Posted 11 March 2016 - 08:21 PM

My suggestion is to remove the Spybot software. This is just a suggestion. D not need it
=======================================================================
 
Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

start
HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\...\Policies\Explorer: [NoInstrumentation] 1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
SearchScopes: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000 -> DefaultScope {2298399D-B8D4-4615-8F53-91A779A093B1} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-4161361871-1323430313-3158585620-1000 -> {2298399D-B8D4-4615-8F53-91A779A093B1} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-02] ()
2016-03-10 16:32 - 2015-05-21 03:30 - 00000000 ____D C:\Users\Detilina\AppData\Roaming\NVIDIA
Task: {E1BA1FB0-5935-494C-A614-D8A43FF3AA5F} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe
HKU\S-1-5-21-4161361871-1323430313-3158585620-1000\Software\Classes\exefile:  <===== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:792D4CF1 [126]
C:\Windows\system32\Drivers\etc\HOSTS.MVP
end

Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

==========================================================================================

Hosts File again:
Replace your current HOSTS file with a tweaked one, as the MVPS Host file, that restricts access to known bad sites improving your security.
It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer.

To do it:

  • Download hosts.zip and save it to your desktop
  • Right click the file you just downloaded on your desktop and select => Extract to "hosts\"
  • In the hosts folder on your desktop, double click on mvps.bat file to run the program
  • A prompt will appear, press any key to continue

A good source of information about safe computing is this topic by quietman7.

 

======================================================================

Please Download MiniToolBox and save it to your Desktop.

  • Right click MiniToolBox and select "Run as administrator " to run it ( if running Windows XP, just double click it to run it )
  • Checkmark following boxes:
    • Report IE Proxy Settings
    • Report FF Proxy Settings
    • List content of Hosts
    • Flush DNS
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices (Do NOT change any settings here)
    • List Users, Partitions and Memory size
    • List Restore Points
  • Now click Go.
  • A file name Result.txt will be created in the same location where you downloaded MiniToolBox.exe
  • Please attach the Result.txt log to your next Reply.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users