Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wonderlandads + Computer slowed + Internet slowed


  • This topic is locked This topic is locked
17 replies to this topic

#1 Valmighty

Valmighty

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 09 December 2016 - 03:24 AM

Greetings, my name is Val. I would use a help for my computer problem.

 

Starting 2-3 days ago, i noticed that i got popups that says wonderlandads in the addressbar when i browsed 9gag. I thought 9gag needed more money so i didn't pay attention to it. But then i browsed porn site that is unrelated to 9gag, and i noticed that it also pop wonderlandads whenever i click ANYTHING (not just link). Then more site pop wonderlandads. But it never pop on anything personal like Facebook, Google, Youtube or Whatsapp web.

 

I then googled for solution. One of them directed me here. I tried some solution from other websites and from BC. There are no harmful extension installed on my Chrome and Opera (main browser), i installed MBAM, ADWcleaner, CCleaner, JRT, TFC. The problem still persist. After i installed MBAM my PC went crazy, startup took forever, opening everything is slow, and my PC constantly freeze that i had to hard-reset. I uninstalled MBAM, it's faster now, no freezing, but i still notice it's still low by a little.

 

Internet is slow, i only got 100 KB/s. It's only about 10% from my 10 mbps speed. I checked the speed on other machines (cellphone included) and it's still fast (1 MB/s, more or less reach the max speed of 10mbps).

 

One thing is certain: i always get do-search on chrome's favicon on ADWcleaner even if i repeat that scan over and over again.

 

Below is the log from Farbar FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by Valentino (administrator) on WITCHER (09-12-2016 15:06:38)
Running from G:\Masters\Adware Removal\scoped_dir_6176_27423
Loaded Profiles: Valentino (Available Profiles: Valentino & Erin)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.08\AsSysCtrlService.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AdminService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Valve Corporation) C:\Games\Steam\Steam.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(EnTech Taiwan) C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Elaborate Bytes AG) C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe
() G:\Masters\Playstation\DS4Windows\DS4Windows.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Valve Corporation) C:\Games\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
() C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Animate CC 2015.2\Animate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-05-05] (Adobe Systems Incorporated)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-19] ()
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-11] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [AsioThk32Reg] => REGSVR32.EXE /S CTASIO.DLL
HKLM-x32\...\Run: [CTHelper] => C:\Windows\SysWOW64\CTHELPER.EXE [19456 2010-03-18] (Creative Technology Ltd)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2380480 2016-05-31] (Adobe Systems Incorporated)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1931751240-4059142664-1240906812-1000\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-1931751240-4059142664-1240906812-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1931751240-4059142664-1240906812-1000\...\Run: [Steam] => C:\Games\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-1931751240-4059142664-1240906812-1000\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)
HKU\S-1-5-21-1931751240-4059142664-1240906812-1000\...\Run: [Yahoo Messenger Updater] => C:\Users\Valentino\AppData\Roaming\Yahoo Messenger\YMUpdater\YMUpdater.exe [115144 2016-08-21] (Yahoo!, Inc.)
HKU\S-1-5-21-1931751240-4059142664-1240906812-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1931751240-4059142664-1240906812-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1931751240-4059142664-1240906812-1000\...\MountPoints2: {4ca4b124-01b5-11e6-bb38-0026831439b1} - H:\Setup.exe /s
HKU\S-1-5-21-1931751240-4059142664-1240906812-1000\...\MountPoints2: {5624bdf4-0128-11e5-86ee-806e6f6e6963} - I:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-1931751240-4059142664-1240906812-1000\...\MountPoints2: {775898dd-817f-11e5-b1b8-bcaec5753c2f} - H:\AutoRun.exe
HKU\S-1-5-21-1931751240-4059142664-1240906812-1000\...\MountPoints2: {946f6b89-02a7-11e5-b635-bcaec5753c2f} - V:\setup.exe
HKU\S-1-5-21-1931751240-4059142664-1240906812-1000\...\MountPoints2: {a158a4ab-cc1b-11e5-87a7-bcaec5753c2f} - H:\Setup.exe /s
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Display Manager.lnk [2016-06-13]
ShortcutTarget: Dell Display Manager.lnk -> C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe (EnTech Taiwan)
Startup: C:\Users\Valentino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DS4Windows.lnk [2016-03-14]
ShortcutTarget: DS4Windows.lnk -> G:\Masters\Playstation\DS4Windows\DS4Windows.exe ()
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1931751240-4059142664-1240906812-1003\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{32D084F6-D697-4B01-BF9C-A1C4A13B9085}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{337D926B-EDC1-4261-B6C5-0414996C4D86}: [DhcpNameServer] 172.18.12.1
 
Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-10-18] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-09-09] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-12-02] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-10-11] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-09] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-12-02] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-08-27] (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files\Bluetooth Suite\IEPlugIn.dll [2011-03-13] (Atheros Commnucations)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-10-11] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-12-02] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://files.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-05-27] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-09] ()
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-09] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-05-31] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-09] ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-22] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-05-31] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> about:blank
CHR DefaultSearchKeyword: Default -> google.co.id
CHR Profile: C:\Users\Valentino\AppData\Local\Google\Chrome\User Data\Default [2016-12-09]
CHR Extension: (Google Translate) - C:\Users\Valentino\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-07-01]
CHR Extension: (Google Slides) - C:\Users\Valentino\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-23]
CHR Extension: (Google Docs) - C:\Users\Valentino\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-23]
CHR Extension: (Google Drive) - C:\Users\Valentino\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-14]
CHR Extension: (YouTube) - C:\Users\Valentino\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Google Search) - C:\Users\Valentino\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-14]
CHR Extension: (Adobe Acrobat) - C:\Users\Valentino\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-09-11]
CHR Extension: (Google Sheets) - C:\Users\Valentino\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-23]
CHR Extension: (Google Docs Offline) - C:\Users\Valentino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-17]
CHR Extension: (Vysor) - C:\Users\Valentino\AppData\Local\Google\Chrome\User Data\Default\Extensions\gidgenkbbabolejbgbpnhbimgjbffefm [2016-11-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Valentino\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-17]
CHR Extension: (Hyperlink Text Selector) - C:\Users\Valentino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojnfanikhkhoklphdcehbolcpeipbaec [2015-05-23]
CHR Extension: (Gmail) - C:\Users\Valentino\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-23]
CHR Extension: (Chrome Media Router) - C:\Users\Valentino\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-26]
CHR Profile: C:\Users\Valentino\AppData\Local\Google\Chrome\User Data\System Profile [2016-12-09]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]
 
Opera: 
=======
OPR Extension: (Reverse image search on Google) - C:\Users\Valentino\AppData\Roaming\Opera Software\Opera Stable\Extensions\albdaapmpigcomkoifjkfjbljelkemlc [2015-05-30]
OPR Extension: (Select like a Boss) - C:\Users\Valentino\AppData\Roaming\Opera Software\Opera Stable\Extensions\bfigpnfillonohmonbadflnapjejfkgm [2015-12-06]
OPR Extension: (Reverse image search on Google) - C:\Users\Valentino\AppData\Roaming\Opera Software\Opera Stable\Extensions\gbekmpnpfkkijbodegokaigmhedbbkmg [2015-05-29]
OPR Extension: (Classic Images) - C:\Users\Valentino\AppData\Roaming\Opera Software\Opera Stable\Extensions\ifkopkpaepkbgpahgkbolfgnlaaihhih [2016-09-15]
OPR Extension: (User-Agent Switcher) - C:\Users\Valentino\AppData\Roaming\Opera Software\Opera Stable\Extensions\jikibpedldihacokaanimbcjipghbloo [2015-07-14]
OPR Extension: (Adblock Plus) - C:\Users\Valentino\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-10-27]
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera x64\Opera.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [737984 2016-05-31] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.08\AsSysCtrlService.exe [147072 2010-10-07] ()
R2 AtherosSvc; C:\Program Files\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-11-07] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S3 GalaxyClientService; C:\Games\GalaxyClient\GalaxyClientService.exe [244800 2016-07-05] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6514752 2016-08-23] (GOG.com)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-26] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-26] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-10-22] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-10-26] (NVIDIA Corporation)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1006784 2014-06-22] (@ByELDI) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [41472 2016-03-18] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2012-05-12] (MotioninJoy) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-10-26] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47672 2016-10-19] (NVIDIA Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2015-08-10] (The OpenVPN Project)
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-09 15:06 - 2016-12-09 15:06 - 00000000 ____D C:\FRST
2016-12-09 14:46 - 2016-12-09 14:46 - 00000000 ___RD C:\Users\Valentino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-12-09 14:35 - 2016-12-09 14:43 - 00001886 _____ C:\Users\Valentino\Desktop\JRT.txt
2016-12-08 23:28 - 2016-12-09 14:48 - 00000000 ____D C:\AdwCleaner
2016-11-26 16:33 - 2016-12-06 20:18 - 00000000 ____D C:\Users\Valentino\AppData\LocalLow\BitTorrent
2016-11-17 15:55 - 2016-11-17 15:55 - 00001927 _____ C:\Users\Public\Desktop\Google Web Designer.lnk
2016-11-10 04:09 - 2016-11-10 04:09 - 00001094 _____ C:\Windows\RED-134 Airi Ai, Akira Ichinose, Mahiru Seto, Mami Kato, Miharu Kai, Nana Oshikiri, Reimi Fujikura, Reo Matsuzaka, Yui Aoyama, Yui Kazuki, Yukina Mori, Yuna Hirose – Red Hot Fetish Collection The .lnk
2016-11-09 21:40 - 2016-11-02 22:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-09 21:40 - 2016-11-02 22:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-11-09 21:40 - 2016-11-02 22:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-09 21:40 - 2016-11-02 22:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-11-09 21:40 - 2016-11-02 22:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-11-09 21:40 - 2016-11-02 22:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-11-09 21:40 - 2016-11-02 22:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-11-09 21:40 - 2016-11-02 22:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-11-09 21:40 - 2016-11-02 22:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-11-09 21:40 - 2016-11-02 21:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-11-09 21:40 - 2016-10-28 10:59 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-09 21:40 - 2016-10-28 10:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-11-09 21:40 - 2016-10-28 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-11-09 21:40 - 2016-10-28 02:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-11-09 21:40 - 2016-10-28 01:55 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-11-09 21:40 - 2016-10-28 01:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-11-09 21:40 - 2016-10-28 01:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-11-09 21:40 - 2016-10-28 01:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-09 21:40 - 2016-10-28 01:53 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-11-09 21:40 - 2016-10-28 01:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-09 21:40 - 2016-10-28 01:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-11-09 21:40 - 2016-10-28 01:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-11-09 21:40 - 2016-10-28 01:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-11-09 21:40 - 2016-10-28 01:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-09 21:40 - 2016-10-28 01:37 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-11-09 21:40 - 2016-10-28 01:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-11-09 21:40 - 2016-10-28 01:37 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-11-09 21:40 - 2016-10-28 01:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-09 21:40 - 2016-10-28 01:28 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-11-09 21:40 - 2016-10-28 01:24 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-11-09 21:40 - 2016-10-28 01:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-09 21:40 - 2016-10-28 01:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-11-09 21:40 - 2016-10-28 01:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-11-09 21:40 - 2016-10-28 01:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-11-09 21:40 - 2016-10-28 01:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-09 21:40 - 2016-10-28 01:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-09 21:40 - 2016-10-28 01:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-11-09 21:40 - 2016-10-28 00:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-11-09 21:40 - 2016-10-28 00:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-09 21:40 - 2016-10-28 00:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-09 21:40 - 2016-10-28 00:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-09 21:40 - 2016-10-28 00:44 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-11-09 21:40 - 2016-10-28 00:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-09 21:40 - 2016-10-28 00:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-09 21:40 - 2016-10-28 00:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-09 21:40 - 2016-10-27 23:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-09 21:40 - 2016-10-27 22:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-11-09 21:40 - 2016-10-25 22:02 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-09 21:40 - 2016-10-23 00:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-11-09 21:40 - 2016-10-23 00:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-11-09 21:40 - 2016-10-23 00:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-11-09 21:40 - 2016-10-23 00:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-11-09 21:40 - 2016-10-23 00:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-11-09 21:40 - 2016-10-23 00:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-11-09 21:40 - 2016-10-23 00:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-11-09 21:40 - 2016-10-23 00:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-11-09 21:40 - 2016-10-23 00:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-11-09 21:40 - 2016-10-23 00:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-11-09 21:40 - 2016-10-23 00:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-11-09 21:40 - 2016-10-23 00:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-11-09 21:40 - 2016-10-23 00:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-11-09 21:40 - 2016-10-23 00:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-11-09 21:40 - 2016-10-23 00:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-11-09 21:40 - 2016-10-23 00:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-11-09 21:40 - 2016-10-22 23:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-11-09 21:40 - 2016-10-22 23:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-11-09 21:40 - 2016-10-22 23:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-11-09 21:40 - 2016-10-22 23:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-11-09 21:40 - 2016-10-22 23:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-11-09 21:40 - 2016-10-22 23:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-11-09 21:40 - 2016-10-22 23:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-11-09 21:40 - 2016-10-22 23:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-11-09 21:40 - 2016-10-22 23:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-11-09 21:40 - 2016-10-22 23:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-11-09 21:40 - 2016-10-22 23:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-11-09 21:40 - 2016-10-22 23:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-11-09 21:40 - 2016-10-22 23:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-11-09 21:40 - 2016-10-15 22:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-09 21:40 - 2016-10-15 22:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-11-09 21:40 - 2016-10-15 22:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-11-09 21:40 - 2016-10-15 22:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-11-09 21:40 - 2016-10-11 22:37 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-11-09 21:40 - 2016-10-11 22:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2016-11-09 21:40 - 2016-10-11 22:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-09 21:40 - 2016-10-11 22:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-11-09 21:40 - 2016-10-11 22:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2016-11-09 21:40 - 2016-10-11 22:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-09 21:40 - 2016-10-11 22:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2016-11-09 21:40 - 2016-10-11 22:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2016-11-09 21:40 - 2016-10-11 22:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2016-11-09 21:40 - 2016-10-11 22:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2016-11-09 21:40 - 2016-10-11 22:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2016-11-09 21:40 - 2016-10-11 22:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2016-11-09 21:40 - 2016-10-11 22:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2016-11-09 21:40 - 2016-10-11 22:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2016-11-09 21:40 - 2016-10-11 22:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-11-09 21:40 - 2016-10-11 22:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2016-11-09 21:40 - 2016-10-11 22:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2016-11-09 21:40 - 2016-10-11 22:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2016-11-09 21:40 - 2016-10-11 22:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2016-11-09 21:40 - 2016-10-11 22:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2016-11-09 21:40 - 2016-10-11 22:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2016-11-09 21:40 - 2016-10-11 22:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2016-11-09 21:40 - 2016-10-11 22:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2016-11-09 21:40 - 2016-10-11 22:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2016-11-09 21:40 - 2016-10-11 22:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2016-11-09 21:40 - 2016-10-11 20:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-11-09 21:40 - 2016-10-11 20:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-09 21:40 - 2016-10-10 22:38 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-11-09 21:40 - 2016-10-10 22:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-11-09 21:40 - 2016-10-10 22:34 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-11-09 21:40 - 2016-10-10 22:34 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-11-09 21:40 - 2016-10-10 22:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-11-09 21:40 - 2016-10-10 22:34 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-11-09 21:40 - 2016-10-10 22:33 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-09 21:40 - 2016-10-10 22:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-11-09 21:40 - 2016-10-10 22:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-11-09 21:40 - 2016-10-10 22:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-11-09 21:40 - 2016-10-10 22:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-11-09 21:40 - 2016-10-10 22:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-11-09 21:40 - 2016-10-10 22:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-09 21:40 - 2016-10-10 22:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-11-09 21:40 - 2016-10-10 22:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-11-09 21:40 - 2016-10-10 22:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-11-09 21:40 - 2016-10-10 22:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-11-09 21:40 - 2016-10-10 22:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-11-09 21:40 - 2016-10-10 22:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-11-09 21:40 - 2016-10-10 22:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-11-09 21:40 - 2016-10-10 22:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-11-09 21:40 - 2016-10-10 22:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-11-09 21:40 - 2016-10-10 22:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-11-09 21:40 - 2016-10-10 22:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-11-09 21:40 - 2016-10-10 22:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-11-09 21:40 - 2016-10-10 22:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-11-09 21:40 - 2016-10-10 22:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-11-09 21:40 - 2016-10-10 22:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-11-09 21:40 - 2016-10-10 22:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-11-09 21:40 - 2016-10-10 22:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-11-09 21:40 - 2016-10-10 22:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-11-09 21:40 - 2016-10-10 22:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-11-09 21:40 - 2016-10-10 22:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-11-09 21:40 - 2016-10-10 22:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-11-09 21:40 - 2016-10-10 22:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-11-09 21:40 - 2016-10-10 22:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-11-09 21:40 - 2016-10-10 21:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-11-09 21:40 - 2016-10-10 21:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-11-09 21:40 - 2016-10-10 21:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-11-09 21:40 - 2016-10-10 21:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-11-09 21:40 - 2016-10-10 21:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-11-09 21:40 - 2016-10-10 21:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-11-09 21:40 - 2016-10-07 22:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-11-09 21:40 - 2016-10-07 22:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-09 21:40 - 2016-10-07 22:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-11-09 21:40 - 2016-10-07 22:35 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-11-09 21:40 - 2016-10-07 22:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-11-09 21:40 - 2016-10-07 22:15 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-11-09 21:40 - 2016-10-07 22:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-11-09 21:40 - 2016-10-07 22:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-11-09 21:40 - 2016-10-07 22:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-11-09 21:40 - 2016-10-07 22:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-11-09 21:40 - 2016-10-07 22:12 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-11-09 21:40 - 2016-10-07 22:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-11-09 21:40 - 2016-10-07 22:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-11-09 21:40 - 2016-10-07 22:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-11-09 21:40 - 2016-10-07 22:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-11-09 21:40 - 2016-10-07 22:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-11-09 21:40 - 2016-10-07 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 22:04 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-11-09 21:40 - 2016-10-07 22:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-11-09 21:40 - 2016-10-07 22:04 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-11-09 21:40 - 2016-10-07 22:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-11-09 21:40 - 2016-10-07 22:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-11-09 21:40 - 2016-10-07 21:56 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-11-09 21:40 - 2016-10-07 21:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-11-09 21:40 - 2016-10-07 21:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-11-09 21:40 - 2016-10-07 21:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-11-09 21:40 - 2016-10-07 21:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-11-09 21:40 - 2016-10-07 21:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 21:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-11-09 21:40 - 2016-10-07 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-11-09 21:40 - 2016-10-05 21:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-09 21:40 - 2016-09-15 21:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-11-09 21:40 - 2016-09-13 22:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-11-09 21:40 - 2016-09-13 22:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-11-09 21:40 - 2016-09-10 01:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-11-09 21:40 - 2016-09-10 01:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-11-09 21:40 - 2016-08-22 23:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-11-09 04:51 - 2016-11-09 04:51 - 00001109 _____ C:\Windows\HUNT-944 Ayase Minami, Hamasaki Mao – When You Try To Proudly Erection The Plunge In Mixed Bathing, See Gun Beside Himself, Let Alone Seen Flickering Happens To Female Customers Who Were Bathing A.lnk
2016-11-09 04:43 - 2016-11-09 04:43 - 00013569 _____ C:\Windows\HUNT-577 It’s Sex Practice, But I Am Still Getting Laid For the First Time – My Sister and Her Friend Both Work in An Office, They’re So Hot That Guys Actually Keep Their Distance and So They’ve N.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-09 15:00 - 2015-12-26 17:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-09 14:54 - 2009-07-14 11:45 - 00026384 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-09 14:54 - 2009-07-14 11:45 - 00026384 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-09 14:53 - 2015-05-23 16:35 - 00001012 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-09 14:52 - 2009-07-14 12:13 - 00786558 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-09 14:52 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\inf
2016-12-09 14:46 - 2016-05-15 16:59 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-09 14:46 - 2016-04-04 18:20 - 00000000 ____D C:\Program Files (x86)\TunnelBear
2016-12-09 14:46 - 2016-03-13 02:09 - 00000000 ____D C:\Users\Valentino\AppData\Roaming\DS4Windows
2016-12-09 14:46 - 2015-05-23 16:35 - 00001008 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-09 14:46 - 2009-07-14 12:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-09 14:45 - 2016-11-08 15:02 - 00032088 _____ C:\Windows\system32\BMXCtrlState-{00000007-00000000-00000001-00001102-00000004-20021102}.rfx
2016-12-09 14:45 - 2016-11-08 15:02 - 00032088 _____ C:\Windows\system32\BMXBkpCtrlState-{00000007-00000000-00000001-00001102-00000004-20021102}.rfx
2016-12-09 14:45 - 2016-11-08 15:02 - 00011564 _____ C:\Windows\system32\DVCState-{00000007-00000000-00000001-00001102-00000004-20021102}.rfx
2016-12-09 14:45 - 2015-11-17 18:27 - 00036016 _____ C:\Windows\system32\BMXStateBkp-{00000007-00000000-00000001-00001102-00000004-20021102}.rfx
2016-12-09 14:45 - 2015-11-17 18:27 - 00036016 _____ C:\Windows\system32\BMXState-{00000007-00000000-00000001-00001102-00000004-20021102}.rfx
2016-12-09 14:31 - 2015-06-06 03:11 - 00000000 ____D C:\Users\Valentino\AppData\Local\CrashDumps
2016-12-09 14:31 - 2015-06-01 19:14 - 00000000 ____D C:\Users\Valentino\AppData\Roaming\FileZilla
2016-12-09 14:31 - 2015-05-24 06:43 - 00000000 ____D C:\Windows\Panther
2016-12-09 14:31 - 2015-05-24 04:53 - 00000000 ____D C:\Users\Valentino\AppData\Roaming\MPC-HC
2016-12-09 14:31 - 2015-05-23 19:56 - 00000000 ____D C:\Windows\Minidump
2016-12-09 14:31 - 2015-05-23 18:40 - 00000000 ____D C:\Users\Valentino\AppData\Roaming\BitTorrent
2016-12-09 14:06 - 2015-05-26 21:18 - 00000000 ____D C:\Program Files\KMSpico
2016-12-09 13:02 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\NDF
2016-12-09 12:52 - 2016-01-08 22:54 - 00000000 ____D C:\Users\Valentino\AppData\Roaming\Skype
2016-12-09 03:13 - 2015-05-27 01:42 - 00001456 _____ C:\Users\Valentino\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-12-09 03:01 - 2015-05-27 01:49 - 00000034 _____ C:\Users\Valentino\AppData\Roaming\AdobeWLCMCache.dat
2016-12-09 02:04 - 2009-07-14 11:45 - 06239504 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-09 01:38 - 2015-05-23 16:25 - 00143328 _____ C:\Users\Valentino\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-08 22:24 - 2016-11-07 14:29 - 04931577 _____ C:\Windows\{00000007-00000000-00000001-00001102-00000004-20021102}.CDF
2016-12-08 22:05 - 2015-05-23 15:54 - 00000000 ____D C:\Users\Valentino
2016-12-08 22:04 - 2016-01-30 12:34 - 00000000 ____D C:\Users\Erin
2016-12-08 22:04 - 2015-12-11 00:22 - 00000000 ____D C:\Users\Valentino\AppData\Local\JDownloader 2.0
2016-12-08 22:04 - 2015-05-26 20:53 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-12-08 22:04 - 2015-05-24 04:53 - 00000000 ____D C:\Program Files\MPC-HC
2016-12-08 22:04 - 2015-05-23 19:33 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-08 22:04 - 2015-05-23 16:48 - 00000000 ____D C:\ProgramData\Atheros
2016-12-08 22:04 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\registration
2016-12-08 22:04 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\AppCompat
2016-12-04 02:36 - 2015-06-01 19:23 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-12-01 03:00 - 2015-05-23 18:57 - 00002154 _____ C:\Windows\epplauncher.mif
2016-12-01 03:00 - 2015-05-23 18:57 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-12-01 03:00 - 2015-05-23 18:57 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-12-01 03:00 - 2015-05-23 18:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-11-25 17:00 - 2015-05-25 13:00 - 00003844 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1432533648
2016-11-25 17:00 - 2015-05-25 11:10 - 00000000 ____D C:\Program Files (x86)\Opera
2016-11-24 02:17 - 2015-10-12 19:45 - 00001135 _____ C:\Users\Valentino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2016-11-18 15:29 - 2015-08-01 03:46 - 00000000 ____D C:\Users\Valentino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-11-15 08:00 - 2015-05-23 16:36 - 00002185 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-15 08:00 - 2015-05-23 16:36 - 00002173 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-15 00:31 - 2016-11-08 21:29 - 00001187 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Animate CC 2015.2.lnk
2016-11-14 21:17 - 2016-01-08 22:54 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-11-14 21:17 - 2016-01-08 22:54 - 00000000 ____D C:\ProgramData\Skype
2016-11-12 02:59 - 2015-05-23 18:59 - 00000000 ____D C:\Games
2016-11-10 22:05 - 2015-10-12 19:45 - 00000948 _____ C:\Users\Valentino\Desktop\Start Tor Browser.lnk
2016-11-10 20:34 - 2016-10-23 22:55 - 00003838 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-10 20:34 - 2016-10-23 22:55 - 00003838 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-10 20:34 - 2016-10-23 22:55 - 00003788 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-10 20:34 - 2016-10-23 22:55 - 00003776 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-10 20:34 - 2016-10-23 22:55 - 00003600 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-10 20:34 - 2016-10-23 22:55 - 00003540 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-10 20:34 - 2016-10-23 22:55 - 00001416 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-11-10 20:34 - 2015-05-23 16:41 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-11-10 20:34 - 2015-05-23 16:40 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-11-10 20:34 - 2015-05-23 16:39 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-11-10 18:12 - 2016-10-14 01:49 - 00000000 ____D C:\Users\Valentino\AppData\Local\2K Games
2016-11-10 17:45 - 2015-05-23 18:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-11-10 17:45 - 2015-05-18 21:00 - 00000000 ____D C:\GOG Games
2016-11-10 17:44 - 2009-07-14 12:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-11-10 05:41 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\rescache
2016-11-10 04:39 - 2015-05-25 09:51 - 00000000 ____D C:\Users\Valentino\AppData\Roaming\Adobe
2016-11-10 03:06 - 2015-05-26 03:34 - 00000000 ____D C:\Windows\system32\MRT
2016-11-10 03:03 - 2015-05-26 03:34 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-10 03:02 - 2015-05-26 20:53 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-11-09 15:00 - 2015-12-26 17:18 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-11-09 15:00 - 2015-06-01 19:23 - 00003892 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-11-09 15:00 - 2015-06-01 19:23 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-09 15:00 - 2015-05-26 21:28 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-09 15:00 - 2015-05-26 21:28 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2015-05-27 01:49 - 2016-12-09 03:01 - 0000034 _____ () C:\Users\Valentino\AppData\Roaming\AdobeWLCMCache.dat
2015-06-17 01:32 - 2015-06-17 01:32 - 0000600 _____ () C:\Users\Valentino\AppData\Roaming\PUTTY.RND
2015-05-27 01:42 - 2016-12-09 03:13 - 0001456 _____ () C:\Users\Valentino\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-06-01 19:23 - 2015-12-22 03:10 - 0000600 _____ () C:\Users\Valentino\AppData\Local\PUTTY.RND
2015-05-23 20:30 - 2016-08-12 20:56 - 0007606 _____ () C:\Users\Valentino\AppData\Local\Resmon.ResmonCfg
2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Users\Valentino\AppData\Local\setup.txt
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-12-04 04:21
 
==================== End of FRST.txt ============================
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by Valentino (09-12-2016 15:07:00)
Running from G:\Masters\Adware Removal\scoped_dir_6176_27423
Windows 7 Professional Service Pack 1 (X64) (2015-05-23 08:54:02)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1931751240-4059142664-1240906812-500 - Administrator - Disabled)
Erin (S-1-5-21-1931751240-4059142664-1240906812-1003 - Limited - Enabled) => C:\Users\Erin
Guest (S-1-5-21-1931751240-4059142664-1240906812-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1931751240-4059142664-1240906812-1002 - Limited - Enabled)
Valentino (S-1-5-21-1931751240-4059142664-1240906812-1000 - Administrator - Enabled) => C:\Users\Valentino
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)
Adobe Animate CC 2015.2 (HKLM-x32\...\FLPR_15_2) (Version: 15.2 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.7.0.270 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Master Collection CC 2014 (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C2}) (Version: 8 - Adobe Systems Incorporated)
AnalogExif (HKLM-x32\...\AnalogExif) (Version: 0.0.4.1 - C-41 Bytes)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Ansel (Version: 375.63 - NVIDIA Corporation) Hidden
BitTorrent (HKU\S-1-5-21-1931751240-4059142664-1240906812-1000\...\BitTorrent) (Version: 7.9.9.42974 - BitTorrent Inc.)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications)
Cities: Skylines (HKLM\...\Steam App 255710) (Version:  - Colossal Order Ltd.)
CPUID CPU-Z 1.75 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor Pro 1.25 (HKLM\...\CPUID HWMonitorPro_is1) (Version:  - )
Creative Audio Console (HKLM-x32\...\AudioCS) (Version: 1.33 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Dell Display Manager (HKLM-x32\...\{AC50C05D-9D57-40F5-B2EF-AC402F14312B}_is1) (Version:  - EnTech Taiwan)
Don't Starve (HKLM\...\Steam App 219740) (Version:  - Klei Entertainment)
Don't Starve Together (HKLM\...\Steam App 322330) (Version:  - Klei Entertainment)
Endless Legend (HKLM-x32\...\RW5kbGVzc0xlZ2VuZA==_is1) (Version: 1 - )
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
File Splitter and Joiner version 2.9 (HKLM-x32\...\File-SJ_is1) (Version:  - Le Minh Hoang)
FileZilla Client 3.21.0 (HKU\S-1-5-21-1931751240-4059142664-1240906812-1000\...\FileZilla Client) (Version: 3.21.0 - Tim Kosse)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Google Web Designer (HKLM\...\{811767F4-C586-4673-A41F-E9D767497222}) (Version: 1.3.10.0 - Google Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel® Network Connections 15.6.25.0 (HKLM\...\PROSetDX) (Version: 15.6.25.0 - Intel)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java SE Development Kit 8 Update 71 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180710}) (Version: 8.0.710.15 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.58.2 - JMicron Technology Corp.)
KMSpico v9.3 (HKLM\...\KMSpico_is1) (Version: 9.3 - )
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Mark of the Ninja (HKLM\...\Steam App 214560) (Version:  - Klei Entertainment)
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Middle-earth: Shadow of Mordor (HKLM\...\Steam App 241930) (Version:  - Monolith Productions, Inc.)
MPC-HC 1.7.8 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.8 - MPC-HC Team)
NetBeans IDE 8.1 (HKLM\...\nbi-nb-base-8.1.0.0.201510222201) (Version: 8.1 - NetBeans.org)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.13 - Black Tree Gaming)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 375.63 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.63 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.1.0.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.0.52 - NVIDIA Corporation)
NVIDIA Graphics Driver 375.63 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.63 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Opera Stable 41.0.2353.69 (HKLM-x32\...\Opera 41.0.2353.69) (Version: 41.0.2353.69 - Opera Software)
OPPO USB Drivers 2.2.6.0 (HKLM\...\{60092746-6A0F-46A9-B9F1-53B62EC0E0A4}_is1) (Version: 2.2.6.0 - OPPO mobile telecommunications Corp., LTD)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PESMix 2016 Patch V1.0 Full Bundesliga (HKLM\...\{44BB9BCE-8855-4FB4-B7E4-96402F76EF41}) (Version: 1.0.0 - FTP Patch)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.5 - Rockstar Games)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 7.1.0330 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
Sid Meier's Civilization VI (HKLM\...\Steam App 289070) (Version:  - Firaxis)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
Sparkol VideoScribe (HKLM-x32\...\Sparkol VideoScribe 2.2.4001) (Version: 2.2.4001 - Sparkol)
Sparkol VideoScribe (x32 Version: 2.2.4001 - Sparkol) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stellaris (HKLM\...\Steam App 281990) (Version:  - Paradox Development Studio)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - )
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
TunnelBear (HKLM-x32\...\{0b667555-ee39-4195-8041-58af3c57caa2}) (Version: 2.3.23.1 - TunnelBear)
TunnelBear (x32 Version: 2.3.23.1 - TunnelBear) Hidden
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3127934) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{670823C5-9E0F-444C-A115-E8C4F37C5707}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3127934) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{670823C5-9E0F-444C-A115-E8C4F37C5707}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3127934) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{670823C5-9E0F-444C-A115-E8C4F37C5707}) (Version:  - Microsoft)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Yahoo Messenger (HKU\S-1-5-21-1931751240-4059142664-1240906812-1000\...\yahoomessenger) (Version: 0.8.269 - Yahoo! Inc)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1931751240-4059142664-1240906812-1000_Classes\CLSID\{25815CC0-43F4-3C75-8C3A-A139D9ADE740}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1931751240-4059142664-1240906812-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {007B2A44-EDB2-4509-A94F-91025AAD57A5} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe [2016-11-09] (Adobe Systems Incorporated)
Task: {01E70EC5-F499-4F27-AED8-46B67DBAE0EA} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-26] (NVIDIA Corporation)
Task: {0584EEF7-DF5B-45BE-94B2-6AB5F44DFE38} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-10-26] (NVIDIA Corporation)
Task: {13879D56-B25C-4C5F-ABF5-17F51A5F6695} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-23] (Google Inc.)
Task: {16338952-DE6C-47FC-9B32-11889471EC41} - System32\Tasks\{5F1D2398-B2DE-479E-ABF6-3499BD3DD31E} => c:\program files (x86)\opera\launcher.exe [2016-11-21] (Opera Software)
Task: {1DA24055-B4E7-42C6-A3CE-A547CF8BDBDE} - System32\Tasks\Opera scheduled Autoupdate 1432533648 => C:\Program Files (x86)\Opera\launcher.exe [2016-11-21] (Opera Software)
Task: {23E396B6-922E-41D0-938E-8B002497B318} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-26] (NVIDIA Corporation)
Task: {27743BDF-6A2A-4876-8533-3206D0DBFD64} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {38AE20B8-D668-44D9-9274-0B525011CD52} - System32\Tasks\Dell Auto Brightness => C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe [2016-06-02] (EnTech Taiwan)
Task: {3AAFBA16-104E-4CA3-B5C6-C7FE1A4E8D9E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {428A1C03-4867-43E2-9E0C-AF5C215C9DC6} - System32\Tasks\Dell Auto Brightness 40 => C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe [2016-06-02] (EnTech Taiwan)
Task: {520EEC24-4704-4E02-972D-BBED0FA9FA3F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {8BDF46CA-8034-4707-B74D-76FEAD9190F4} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-06-22] (@ByELDI)
Task: {A870A293-E5D6-4B4C-9E8E-36831118BE6E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {B3977598-E0A5-4B98-B35A-4950F1ABADC5} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {D63E67B0-2CEE-4035-AB59-BB30EA98B70B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-26] (NVIDIA Corporation)
Task: {DC7F3378-2E06-4EE7-87D9-38858E9C086F} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-26] (NVIDIA Corporation)
Task: {DF748BC7-56C2-4A75-9C91-D106D35C50E4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-09] (Adobe Systems Incorporated)
Task: {E332A39B-FA23-4C46-A964-3D74AB44722C} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-10-26] (NVIDIA Corporation)
Task: {F9016D83-7074-41BC-AA94-9763E9C413F5} - System32\Tasks\Dell Auto Dim => C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe [2016-06-02] (EnTech Taiwan)
Task: {FA804553-156D-4262-A5B7-E8908513D4BF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-23] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Valentino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Vysor.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gidgenkbbabolejbgbpnhbimgjbffefm
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-05-23 19:32 - 2010-10-07 11:25 - 00147072 _____ () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.08\AsSysCtrlService.exe
2016-10-23 22:55 - 2016-10-26 03:21 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-23 22:55 - 2016-10-26 03:21 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-23 22:55 - 2016-10-26 03:21 - 00420408 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2016-05-15 16:59 - 2016-10-22 13:04 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-05-22 19:33 - 2016-05-22 19:33 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-06-14 13:37 - 2016-06-14 13:37 - 08909504 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-10-07 16:39 - 2011-10-07 16:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2016-08-23 20:05 - 2016-08-23 20:05 - 00052400 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2016-02-03 12:34 - 2015-06-10 10:13 - 00113024 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2015-12-18 23:07 - 2016-10-08 23:17 - 03168256 _____ () G:\Masters\Playstation\DS4Windows\DS4Windows.exe
2016-05-22 19:32 - 2016-05-22 19:32 - 31680176 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2016-03-18 13:17 - 2016-03-18 13:17 - 00041472 _____ () C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
2014-12-03 13:32 - 2014-12-03 13:32 - 04891040 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\X64\AdobePDFMakerX.dll
2015-02-10 14:12 - 2015-02-10 14:12 - 02210480 _____ () C:\Program Files\Microsoft Office\Office15\tmpod.dll
2015-10-13 15:10 - 2015-10-13 15:10 - 01428648 _____ () C:\Program Files\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2016-05-21 16:43 - 2016-05-21 16:43 - 22146816 _____ () C:\Program Files\Adobe\Adobe Animate CC 2015.2\Common\Configuration\authplay.dll
2015-05-23 16:42 - 2016-10-26 03:21 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-07-29 23:38 - 2016-09-08 10:14 - 00784672 _____ () C:\Games\Steam\SDL2.dll
2015-07-29 23:38 - 2016-09-01 08:02 - 04969248 _____ () C:\Games\Steam\v8.dll
2015-07-29 23:38 - 2016-09-01 08:02 - 01563936 _____ () C:\Games\Steam\icui18n.dll
2015-07-29 23:38 - 2016-09-01 08:02 - 01195296 _____ () C:\Games\Steam\icuuc.dll
2015-07-29 23:38 - 2016-10-13 08:58 - 02321696 _____ () C:\Games\Steam\video.dll
2015-07-29 23:38 - 2016-01-27 14:49 - 02549760 _____ () C:\Games\Steam\libavcodec-56.dll
2015-07-29 23:38 - 2016-01-27 14:49 - 00442880 _____ () C:\Games\Steam\libavutil-54.dll
2015-07-29 23:38 - 2016-01-27 14:49 - 00491008 _____ () C:\Games\Steam\libavformat-56.dll
2015-07-29 23:38 - 2016-01-27 14:49 - 00332800 _____ () C:\Games\Steam\libavresample-2.dll
2015-07-29 23:38 - 2016-01-27 14:49 - 00485888 _____ () C:\Games\Steam\libswscale-3.dll
2015-07-29 23:38 - 2016-10-13 08:58 - 00836896 _____ () C:\Games\Steam\bin\chromehtml.DLL
2016-03-09 10:02 - 2016-07-05 05:17 - 00266560 _____ () C:\Games\Steam\openvr_api.dll
2016-02-03 12:34 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2016-02-03 12:34 - 2015-10-20 17:44 - 00242176 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2016-06-14 13:38 - 2016-06-14 13:38 - 08909504 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-05-31 04:46 - 2016-05-31 04:46 - 40523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-10-18 00:31 - 2016-08-05 03:56 - 49825056 _____ () C:\Games\Steam\bin\cef\cef.winxp\libcef.dll
2016-05-12 22:37 - 2016-05-12 22:37 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-05-12 22:37 - 2016-05-12 22:37 - 00205824 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-05-12 22:37 - 2016-05-12 22:37 - 00120832 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-05-12 22:37 - 2016-05-12 22:37 - 00126464 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-05-31 04:40 - 2016-05-31 04:40 - 00109760 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin7.dll
2016-05-12 22:37 - 2016-05-12 22:37 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2016-10-23 22:55 - 2016-10-26 02:57 - 00506424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-23 22:55 - 2016-10-26 02:57 - 00255936 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-23 22:55 - 2016-10-26 02:57 - 02808256 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-23 22:55 - 2016-10-26 03:21 - 00901688 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-23 22:55 - 2016-10-26 03:21 - 03776056 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-23 22:55 - 2016-10-26 02:57 - 00246840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-23 22:55 - 2016-10-26 02:57 - 00436792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-10-23 22:55 - 2016-10-26 02:57 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-23 22:55 - 2016-10-26 02:57 - 00968248 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-11-25 17:00 - 2016-11-25 17:00 - 66025168 _____ () C:\Program Files (x86)\Opera\41.0.2353.69\opera.dll
2016-11-25 17:00 - 2016-11-25 17:00 - 01888464 _____ () C:\Program Files (x86)\Opera\41.0.2353.69\libglesv2.dll
2016-11-25 17:00 - 2016-11-25 17:00 - 00094416 _____ () C:\Program Files (x86)\Opera\41.0.2353.69\libegl.dll
2016-05-12 16:24 - 2016-05-12 16:24 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f91bd970f20123a46b575cf6e92bc441\IsdiInterop.ni.dll
2015-05-23 16:14 - 2011-04-30 00:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 09:34 - 2015-10-29 00:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1931751240-4059142664-1240906812-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Valentino\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{397E3F72-5FD1-4669-9D22-117988ED9AF2}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{A920E50A-C111-4BE2-A9B5-DCC063AE12DB}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [TCP Query User{5BB09FC6-4B99-44B1-B75E-010A8D50403C}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{EB912D2E-DA51-4D68-B406-818FD7EB741E}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{CFDC761E-62A2-4A0E-8C06-819D00C6C24A}C:\program files (x86)\google\chrome\application\chrome.exe] => C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{87FF9CE6-CDAD-4FE8-A7C3-9970E7F4E22C}C:\program files (x86)\google\chrome\application\chrome.exe] => C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{2315F5F7-077E-4109-83DF-201D1455F6F6}] => C:\Games\Steam\Steam.exe
FirewallRules: [{596FF223-E667-4EEA-B711-8C307D4FB83A}] => C:\Games\Steam\Steam.exe
FirewallRules: [{6A9C74EF-0BA9-4ECC-BC3E-A4E30CD9B9DA}] => C:\Games\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{EDCC4A66-C275-4608-BB89-B6028C766389}] => C:\Games\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{4F3AE783-7A2C-42D9-A73B-83B1D132CA63}] => C:\Users\Valentino\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{0F009388-21D3-464F-9F34-AFB07151D17E}] => C:\Users\Valentino\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{987D0F46-2DF0-4254-AD72-8F7024EDE5CB}] => C:\Games\Steam\steamapps\common\Stellaris\stellaris.exe
FirewallRules: [{93288413-2353-46C8-958D-1520944E1711}] => C:\Games\Steam\steamapps\common\Stellaris\stellaris.exe
FirewallRules: [{202CE5CC-175B-4BB2-9581-61DE80172A1B}] => C:\Games\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{A4BE7A2C-6027-4B60-B6CD-2940B85E4286}] => C:\Games\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{0B76844B-FC00-4C2E-A9AA-9C6CA59E6E32}] => C:\Games\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{B576FEAE-CE59-4628-AF32-87DA3558244F}] => C:\Games\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [TCP Query User{A5BBF2D2-C264-4D23-8213-3876A2A27A29}C:\program files (x86)\adobe\adobe edge animate cc 2014.1\edgeanimate.exe] => C:\program files (x86)\adobe\adobe edge animate cc 2014.1\edgeanimate.exe
FirewallRules: [UDP Query User{DF29BCF5-E607-4418-94C7-44FA5C999DA9}C:\program files (x86)\adobe\adobe edge animate cc 2014.1\edgeanimate.exe] => C:\program files (x86)\adobe\adobe edge animate cc 2014.1\edgeanimate.exe
FirewallRules: [{902A51D6-029B-4453-98DB-C53BC9A63075}] => LPort=1688
FirewallRules: [{1C6866F1-B4F3-4AA9-AE4B-5B04DCD3FAE2}] => C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{0B79660A-C99A-4EA7-B689-1300C0E2A7DD}] => C:\Program Files\KMSpico\Service_KMS.exe
 
==================== Restore Points =========================
 
04-12-2016 03:24:59 Windows Update
07-12-2016 17:00:54 Windows Update
08-12-2016 22:02:45 Restore Operation
08-12-2016 23:04:23 Windows Update
09-12-2016 14:34:47 JRT Pre-Junkware Removal
09-12-2016 14:42:51 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
Name: NVIDIA High Definition Audio
Description: NVIDIA High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: NVHDA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/09/2016 02:48:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/09/2016 02:39:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (12/09/2016 02:38:00 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (12/09/2016 02:38:00 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (12/09/2016 02:38:00 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (12/09/2016 02:38:00 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (12/09/2016 02:38:00 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (12/09/2016 02:38:00 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (12/09/2016 02:38:00 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (12/09/2016 02:38:00 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (12/09/2016 02:46:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service KMSELDI service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (12/09/2016 02:46:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Service KMSELDI service to connect.
 
Error: (12/09/2016 02:45:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (12/09/2016 02:45:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Volume Shadow Copy service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/09/2016 02:45:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (12/09/2016 02:45:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (12/09/2016 02:45:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (12/09/2016 02:45:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (12/09/2016 02:45:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
 
Error: (12/09/2016 02:45:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2015-05-25 12:39:55.307
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-05-25 12:39:55.276
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-05-25 12:39:55.260
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-05-25 12:39:55.229
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-05-25 12:39:54.886
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LEqdUsb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-05-25 12:39:54.870
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LEqdUsb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 25%
Total physical RAM: 16351.14 MB
Available physical RAM: 12170.01 MB
Total Virtual: 32700.46 MB
Available Virtual: 27839 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:232.79 GB) (Free:37.43 GB) NTFS
Drive d: (Stark) (Fixed) (Total:931.51 GB) (Free:42.95 GB) NTFS
Drive e: (Tyrell) (Fixed) (Total:931.51 GB) (Free:19.11 GB) NTFS
Drive f: (Viper) (Fixed) (Total:3725.9 GB) (Free:2.01 GB) NTFS
Drive g: (Targaryen) (Fixed) (Total:1863.01 GB) (Free:56.12 GB) NTFS
Drive l: (Lannister) (Fixed) (Total:2794.39 GB) (Free:121.65 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 3726 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 311B0C3A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: 7D1612E3)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: DCA18B92)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,528 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:00 AM

Posted 09 December 2016 - 10:11 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these old and unwanted programs via the Control Panel > Programs > Programs and features.
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java SE Development Kit 8 Update 71 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180710}) (Version: 8.0.710.15 - Oracle Corporation)
KMSpico v9.3 (HKLM\...\KMSpico_is1) (Version: 9.3 - )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) <- if you use this program it's you call if you want to keep it or not.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1931751240-4059142664-1240906812-1000\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-1931751240-4059142664-1240906812-1000\...\Run: [AdobeBridge] => [X]
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1931751240-4059142664-1240906812-1003\User: Restriction <======= ATTENTION
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Valentino\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-17]
CHR Extension: (Chrome Media Router) - C:\Users\Valentino\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-26]
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1006784 2014-06-22] (@ByELDI) [File not signed]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
Task: {8BDF46CA-8034-4707-B74D-76FEAD9190F4} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-06-22] (@ByELDI)
FirewallRules: [{397E3F72-5FD1-4669-9D22-117988ED9AF2}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{A920E50A-C111-4BE2-A9B5-DCC063AE12DB}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{1C6866F1-B4F3-4AA9-AE4B-5B04DCD3FAE2}] => C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{0B79660A-C99A-4EA7-B689-1300C0E2A7DD}] => C:\Program Files\KMSpico\Service_KMS.exe
C:\Users\Valentino\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
C:\Program Files\KMSpico
End

Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Opera.
http://www.guidingtech.com/25425/reset-chrome-firefox-safari-factory-defaults
+++

For your added security get the latest version.

JAVA

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882
===

ADOBE AIR

Navigate to this page and follow the instructions to get the latest version.
https://get.adobe.com/air/


Please post the Fixlog.txt and let me know what problem persists with this computer.

#3 Valmighty

Valmighty
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 10 December 2016 - 07:43 AM

Thank you for quick response!

 

I will do what listed above and post the update.



#4 Valmighty

Valmighty
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 10 December 2016 - 01:05 PM

I did what listed above. Removed java and air, haven't reinstall them. Reset browser setting. Problem still persists.

 

Fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by Valentino (11-12-2016 00:06:05) Run:1
Running from G:\Masters\Adware Removal
Loaded Profiles: Valentino (Available Profiles: Valentino & Erin)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1931751240-4059142664-1240906812-1000\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-1931751240-4059142664-1240906812-1000\...\Run: [AdobeBridge] => [X]
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1931751240-4059142664-1240906812-1003\User: Restriction <======= ATTENTION
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Valentino\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-17]
CHR Extension: (Chrome Media Router) - C:\Users\Valentino\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-26]
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1006784 2014-06-22] (@ByELDI) [File not signed]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
Task: {8BDF46CA-8034-4707-B74D-76FEAD9190F4} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-06-22] (@ByELDI)
FirewallRules: [{397E3F72-5FD1-4669-9D22-117988ED9AF2}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{A920E50A-C111-4BE2-A9B5-DCC063AE12DB}] => C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{1C6866F1-B4F3-4AA9-AE4B-5B04DCD3FAE2}] => C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{0B79660A-C99A-4EA7-B689-1300C0E2A7DD}] => C:\Program Files\KMSpico\Service_KMS.exe
C:\Users\Valentino\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
C:\Program Files\KMSpico
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-1931751240-4059142664-1240906812-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GalaxyClient => value removed successfully
HKU\S-1-5-21-1931751240-4059142664-1240906812-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1931751240-4059142664-1240906812-1003\User => moved successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF} => value removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\Valentino\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Valentino\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
Service KMSELDI => service not found.
IntcAzAudAddService => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BDF46CA-8034-4707-B74D-76FEAD9190F4} => key not found. 
C:\Windows\System32\Tasks\AutoPico Daily Restart => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart => key not found. 
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{397E3F72-5FD1-4669-9D22-117988ED9AF2} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A920E50A-C111-4BE2-A9B5-DCC063AE12DB} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1C6866F1-B4F3-4AA9-AE4B-5B04DCD3FAE2} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0B79660A-C99A-4EA7-B689-1300C0E2A7DD} => value removed successfully
"C:\Users\Valentino\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm" => not found.
C:\Program Files\KMSpico => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 23921591 B
Java, Flash, Steam htmlcache => 376081725 B
Windows/system/drivers => 1192258 B
Edge => 0 B
Chrome => 41040348 B
Firefox => 0 B
Opera => 387749778 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33058 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33186 B
systemprofile32 => 33186 B
LocalService => 66228 B
NetworkService => 8826681 B
Valentino => 40352868 B
Erin => 83844 B
 
RecycleBin => 0 B
EmptyTemp: => 846.7 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 00:06:12 ====


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,528 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:00 AM

Posted 10 December 2016 - 01:54 PM

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

#6 Valmighty

Valmighty
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 12 December 2016 - 02:31 AM

There is no item in RED. All are in gray, but nevertheless i removed them all.
 
ReportRogue.txt
 
RogueKiller V12.8.4.0 (x64) [Dec  5 2016] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Valentino [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 12/12/2016 13:57:55 (Duration : 00:21:54)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 6 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{337D926B-EDC1-4261-B6C5-0414996C4D86} | DhcpNameServer : 172.18.12.1 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{337D926B-EDC1-4261-B6C5-0414996C4D86} | DhcpNameServer : 172.18.12.1 ([])  -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1931751240-4059142664-1240906812-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1931751240-4059142664-1240906812-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [http://www.key-find.com/?type=hppp&ts=1425682886&from=cor&uid=WDCXWD20EARS-00MVWB0_WD-WCAZA775008850088|http://do-search.com/?type=hp&ts=1432530974&z=32fea884faa21bdcd7fb598gaz2c7odw9cdeft3m3c&from=cor&uid=MAXTORXSTM3320620ASXXXXXXXXXXXXXXXXXXX_6QF01BG1XXXX6QF01BG1] -> Found
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive1: Samsung SSD 850 EVO 250G +++++
--- User ---
[MBR] da4abcf454fbdb0e419c8c5efff2fd08
[BSP] 384cef42e9be569f613b8f9c30b000f9 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 238373 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2: WDC WD20EARS-00S8B1 +++++
--- User ---
[MBR] 7f6fab89ddd5dbba92bac1ac71e58ca4
[BSP] 5fad1663645112a85a183e596c153dd9 : HP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive3: WDC WD30EZRX-00D8PB0 +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 2861459 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive4: WDC WD20EARS-00MVWB0 +++++
--- User ---
[MBR] 7befffd09a3a58126b6c3a1a776a5eb3
[BSP] a634603821f3d68136a7f636d6996353 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953863 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1953513472 | Size: 953863 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,528 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:00 AM

Posted 12 December 2016 - 08:46 AM

Has the problem been solved?

#8 Valmighty

Valmighty
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 12 December 2016 - 09:54 AM

Unfortunately, no.

The internet problem is solved, it's fast again. The computer is not slowed. But wonderlandads is still there in my browsers (Opera) including that i rarely use (Chrome), except IE. No wonderlandads in IE.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,528 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:00 AM

Posted 12 December 2016 - 01:46 PM


Please run the Farbar Recovery Scan Tool. Enter wonderlandads.* in the Search Box and hit the File Search button.
Post the content of the Search.txt in your next reply.

<<<>>>


Lets see what we can find in the Registry.

Please run the Farbar Recovery Scan Tool. Enter wonderlandads in the Search Box.
Click the Search Registry button, post the content of the Search.txt file in your next reply.

Edited by nasdaq, 12 December 2016 - 01:47 PM.


#10 Valmighty

Valmighty
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 12 December 2016 - 03:24 PM

No luck in searching for files nor registry :(
 
Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by Valentino (13-12-2016 03:21:00)
Running from G:\Masters\Adware Removal
Boot Mode: Normal
 
================== Search Files: "wonderlandads.*" =============
 
====== End of Search ======
 
 
Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by Valentino (13-12-2016 03:23:04)
Running from G:\Masters\Adware Removal
Boot Mode: Normal
 
================== Search Registry: "wonderlandads." ===========
 
 
====== End of Search ======


#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,528 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:00 AM

Posted 13 December 2016 - 07:50 AM

Run this cleaning tool.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

#12 Valmighty

Valmighty
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 13 December 2016 - 12:54 PM

Oh and i frequently bump into this:
 

This site can’t be reached

www.facebook.com’s server DNS address could not be found.



#13 Valmighty

Valmighty
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 13 December 2016 - 01:20 PM

zoek-result.txt
 
Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by Valentino on 14/12/2016 at  1:05:58,78.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: G:\Masters\Adware Removal\scoped_dir_4856_18179\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
14/12/2016 1:06:45 Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~3\ALM deleted successfully
C:\Users\Valentino\AppData\Roaming\MPC-HC deleted successfully
C:\Users\Valentino\AppData\Roaming\Yahoo Messenger deleted successfully
C:\Users\Valentino\AppData\Local\CrashDumps deleted successfully
C:\Users\Valentino\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Valentino\AppData\Local\EmieSiteList deleted successfully
C:\Users\Valentino\AppData\Local\EmieUserList deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\Opera x64 deleted
C:\Users\Valentino\.android deleted
C:\PROGRA~2\Pro Evolution Soccer 2016 deleted
C:\PROGRA~2\Yahoo! deleted
C:\Users\Valentino\AppData\Roaming\Yahoo! deleted
C:\PROGRA~3\Yahoo! deleted
C:\PROGRA~3\com.sparkol.VideoScribeDesktop deleted
C:\PROGRA~3\Package Cache deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
C:\Users\Valentino\Desktop\Continue FileZilla Installation.lnk deleted
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"web2pdfextension@web2pdf.adobedotcom"="C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn" [27/05/2015 01:37]
 
==== Chromium Look ======================
 
Google Chrome Version: 46.0.2490.86
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx[03/12/2014 13:31]
 
Vysor - Valentino\AppData\Local\Google\Chrome\User Data\Default\Extensions\gidgenkbbabolejbgbpnhbimgjbffefm
Select Link - Valentino\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojnfanikhkhoklphdcehbolcpeipbaec
Reverse image search - Valentino\AppData\Roaming\Opera Software\Opera Stable\Extensions\albdaapmpigcomkoifjkfjbljelkemlc
Select like a Boss - Valentino\AppData\Roaming\Opera Software\Opera Stable\Extensions\bfigpnfillonohmonbadflnapjejfkgm
User-Agent Switcher - Valentino\AppData\Roaming\Opera Software\Opera Stable\Extensions\jikibpedldihacokaanimbcjipghbloo
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKLM and HKCU SearchScopes ======================
 
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
 
==== Reset Google Chrome ======================
 
C:\Users\Erin\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Erin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Valentino\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Valentino\AppData\Local\Google\Chrome\User Data\Default\Preferences.bad was reset successfully
C:\Users\Valentino\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Valentino\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\Erin\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Erin\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Valentino\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Valentino\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Valentino\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
C:\Users\Valentino\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Valentino\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Valentino\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ODPXJB4E will be deleted at reboot
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Valentino\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Erin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Valentino\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=89 folders=72 1392635616 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Erin\AppData\Local\Temp emptied successfully
C:\Users\Valentino\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\VALENT~1\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Users\Valentino\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ODPXJB4E" not found
 
==== EOF on 14/12/2016 at  1:18:49,14 ======================


#14 Valmighty

Valmighty
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 13 December 2016 - 01:25 PM

OMG wonderlandads gone. Thank youu thank youu

 

But, i'm still bumping into DNS error for (mostly) Facebook and Youtube. Is it provider related? If so, the coincidence is very high, the problem started when i got wonderlandads and i read somewhere that malware can hijack my connection with some proxy.

 

Edit: oh and i can browse Facebook and Youtube from my cellphone. Are the mobile and web version using the same DNS?

Edit again: tried flushDNS, didn't work.


Edited by Valmighty, 13 December 2016 - 01:34 PM.


#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,528 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:00 AM

Posted 13 December 2016 - 01:31 PM

Try this.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers

reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users