Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan(Noblockingweb . net)/Very Slow browsers


  • This topic is locked This topic is locked
7 replies to this topic

#1 glejdius

glejdius

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 02 January 2017 - 10:38 AM

I'm new here and I hope you will help me, thanks!

 

I don't know how but everytime i open Google Chrome or Mozilla Firefox this appears from my antivirus.

 

Attached File  Screenshot_2.jpg   13KB   0 downloads

 

Also, My browsers are very slow and i can't download almost anything.

 


Edited by glejdius, 02 January 2017 - 10:50 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,211 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:41 PM

Posted 03 January 2017 - 08:32 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Please post the logs for my review.

Wait for my instructions.

Edited by nasdaq, 03 January 2017 - 08:32 AM.


#3 glejdius

glejdius
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 03 January 2017 - 01:48 PM

Attached File  Addition.txt   29.36KB   1 downloads


Tell me what should i do next and thanks so much for the reply



#4 glejdius

glejdius
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 03 January 2017 - 01:51 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-01-2017
Ran by German (administrator) on GLEJDI-PC (03-01-2017 19:45:32)
Running from C:\Users\German\Desktop
Loaded Profiles: German (Available Profiles: German)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(BitTorrent Inc.) C:\Users\German\AppData\Roaming\BitTorrent\BitTorrent.exe
() C:\Program Files (x86)\AMC 4G WI-FI\W800\BackgroundService\ModemListener.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
() C:\Program Files (x86)\AMC 4G WI-FI\W800\BackgroundService\ServiceManager.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(BitTorrent Inc.) C:\Users\German\AppData\Roaming\BitTorrent\updates\7.9.9_42974\bittorrentie.exe
(BitTorrent Inc.) C:\Users\German\AppData\Roaming\BitTorrent\updates\7.9.9_42974\bittorrentie.exe
() C:\xampp\xampp-control.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
() C:\xampp\mysql\bin\mysqld.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
() C:\xampp\xampp-control.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5618456 2013-09-12] (ESET)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AMC_ALBANIA Kingfisher ModemListener] => C:\Program Files (x86)\AMC 4G WI-FI\W800\BackgroundService\ModemListener.exe [169768 2015-01-04] ()
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1528164837-3682725260-664172240-1000\...\Run: [BitTorrent] => C:\Users\German\AppData\Roaming\BitTorrent\BitTorrent.exe [2149064 2016-11-27] (BitTorrent Inc.)
HKU\S-1-5-21-1528164837-3682725260-664172240-1000\...\MountPoints2: {19f5f51c-cf43-11e5-b354-a088b424c950} - G:\autorun.exe
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-1528164837-3682725260-664172240-1000] => hxxp://noblockingweb.net/wpad.dat?91e4f1db37bbb12852d55a48075eb15b23169203
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{892EEAA4-B19D-4A78-A161-FE90ACAAFFE7}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B84A4BAC-4F88-46E1-AA23-2C5F048874DF}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{CB468A7F-DD7F-4712-91AF-495038AA57E4}: [DhcpNameServer] 192.168.1.1
ManualProxies: 0hxxp://noblockingweb.net/wpad.dat?91e4f1db37bbb12852d55a48075eb15b23169203

Internet Explorer:
==================
HKU\S-1-5-21-1528164837-3682725260-664172240-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 2sv3zq4o.default
FF ProfilePath: C:\Users\German\AppData\Roaming\Mozilla\Firefox\Profiles\2sv3zq4o.default [2017-01-03]
FF NewTab: Mozilla\Firefox\Profiles\2sv3zq4o.default -> C:\\ProgramData\\Medlights\\ff.NT
FF Homepage: Mozilla\Firefox\Profiles\2sv3zq4o.default -> about:home
FF Extension: (Easy Screenshot) - C:\Users\German\AppData\Roaming\Mozilla\Firefox\Profiles\2sv3zq4o.default\Extensions\easyscreenshot@mozillaonline.com [2016-07-31]
FF Extension: (FireFTP) - C:\Users\German\AppData\Roaming\Mozilla\Firefox\Profiles\2sv3zq4o.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2016-12-30]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: (ESET Smart Security Extension) - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2015-12-28] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-08-06] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-08-06] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp\npwachk.dll [2013-12-13] (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\225693822.js [2017-01-02] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\225693822.cfg [2017-01-02] <==== ATTENTION

Chrome:
=======
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqm5d7rHjGs0-XkFvV0FSWTF0NMJmFZhFoddm98vq1PeAC2RU4XR0VQAAHr5dTYIrCR57cQbCAHi_oyMNTyOMgxfDekJFhdgAU_1002UmF6keE_otpq96b-n53fqG0GreANcHixdKf7xSKU4qKR5x9qdz9w,,
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\German\AppData\Local\Google\Chrome\User Data\Default [2017-01-03]
CHR Extension: (Google Slides) - C:\Users\German\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-28]
CHR Extension: (Google Docs) - C:\Users\German\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-28]
CHR Extension: (Google Drive) - C:\Users\German\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-28]
CHR Extension: (YouTube) - C:\Users\German\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-28]
CHR Extension: (Google Search) - C:\Users\German\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-28]
CHR Extension: (Google Sheets) - C:\Users\German\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-28]
CHR Extension: (Google Docs Offline) - C:\Users\German\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\German\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\German\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-28]
CHR Extension: (Chrome Media Router) - C:\Users\German\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-02]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation) [File not signed]
R2 AMC_ALBANIA Kingfisher Modem Device Helper; C:\Program Files (x86)\AMC 4G WI-FI\W800\BackgroundService\ServiceManager.exe [76584 2014-12-11] ()
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [8016240 2016-11-06] (Reimage®)
R2 STacSV; C:\Program Files\IDT\WDM\stacsv64.exe [323072 2012-09-20] (IDT, Inc.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-12-11] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [43128 2012-12-25] (IVT Corporation.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-14] (Intel Corporation)
S3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2012-07-16] (JMicron Technology Corp.)
S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [123776 2013-06-18] (TCT International Mobile Ltd.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1864328 2012-10-03] ()
R3 ubohci; C:\Windows\System32\DRIVERS\ubohci.sys [132608 2012-10-05] (Unibrain)
R2 ubsbm; C:\Windows\System32\DRIVERS\ubsbm.sys [24064 2012-10-05] (Unibrain)
R2 ubumapi; C:\Windows\System32\DRIVERS\ubumapi.sys [92160 2012-10-05] (Unibrain)
S3 cpuz134; \??\C:\Users\German\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-03 19:45 - 2017-01-03 19:45 - 00012015 _____ C:\Users\German\Desktop\FRST.txt
2017-01-03 19:45 - 2017-01-03 19:45 - 00000000 ____D C:\FRST
2017-01-03 19:44 - 2017-01-03 19:44 - 02418176 _____ (Farbar) C:\Users\German\Desktop\FRST64.exe
2017-01-03 05:45 - 2017-01-03 05:45 - 20825064 _____ C:\Users\German\Desktop\PHP6 and MySQL Bible by Steve Suehring.pdf
2017-01-03 05:38 - 2017-01-03 05:38 - 12179117 _____ C:\Users\German\Desktop\php_mysql_javascript__html5_all-in-one_for_dummies.pdf
2017-01-03 05:28 - 2017-01-03 05:28 - 04234784 _____ C:\Users\German\Desktop\sharma.pdf
2017-01-03 05:22 - 2017-01-03 05:23 - 13955338 _____ C:\Users\German\Desktop\Packt.Drupal.6.Social.Networking.Build.A.Social.Or.Community.Web.Site.With.Friends.Lists.Groups.Custom.User.Profiles.And.Much.More.Feb.2009.ISBN.1847196101.pdf
2017-01-03 05:12 - 2015-03-22 20:06 - 00000000 ____D C:\Users\German\Desktop\clickworksWesite
2017-01-03 05:11 - 2017-01-03 05:18 - 00000000 ____D C:\Users\German\Desktop\NetLinked
2017-01-03 04:25 - 2017-01-03 04:47 - 00001011 _____ C:\Users\German\Desktop\template.php
2017-01-03 04:04 - 2017-01-03 04:05 - 00000000 ____D C:\Users\German\AppData\Roaming\com.adobe.WidgetBrowser
2017-01-03 03:14 - 2017-01-03 03:41 - 00000000 ____D C:\Users\German\Documents\Unnamed Site 3
2017-01-03 03:11 - 2017-01-03 03:11 - 00000000 ____D C:\Users\German\Documents\Unnamed Site 2
2017-01-03 02:16 - 2017-01-03 03:45 - 00000000 ____D C:\Users\German\Desktop\connections
2017-01-03 02:12 - 2017-01-03 02:12 - 00001231 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS6.lnk
2017-01-03 02:12 - 2017-01-03 02:12 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-01-03 02:10 - 2017-01-03 02:10 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2017-01-03 02:10 - 2017-01-03 02:10 - 00001353 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2017-01-03 02:10 - 2017-01-03 02:10 - 00000997 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2017-01-03 02:09 - 2017-01-03 02:09 - 00001097 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
2017-01-03 02:04 - 2017-01-03 02:32 - 00000000 ____D C:\ProgramData\Adobe
2017-01-03 02:02 - 2012-04-29 16:34 - 00000000 ____D C:\Users\German\Desktop\Adobe Dreamweaver CS6
2017-01-03 01:58 - 2017-01-03 02:01 - 299651233 ____R C:\Users\German\Downloads\Adobe Dreamweaver CS6.exe
2017-01-03 01:45 - 2017-01-03 01:48 - 280393402 _____ C:\Users\German\Desktop\How to build a User Registration System - Registration_ Login_ Email Password_ U.mp4
2017-01-03 01:36 - 2017-01-03 01:36 - 05336334 _____ C:\Users\German\Desktop\clickworksWesite.zip
2017-01-03 00:59 - 2017-01-03 00:59 - 00001571 _____ C:\Users\German\Desktop\GoodPieTutorials_LoginPage.zip
2017-01-03 00:08 - 2017-01-03 00:09 - 08451276 _____ C:\Users\German\Desktop\SocialNetworkingProject - Copy.rar
2017-01-03 00:00 - 2017-01-03 00:00 - 14331990 _____ C:\Users\German\Desktop\netlinked.zip
2017-01-02 23:59 - 2017-01-02 23:59 - 28958467 _____ C:\Users\German\Desktop\socialnetworkingsite.zip
2017-01-02 23:45 - 2017-01-02 23:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP
2017-01-02 23:41 - 2017-01-02 23:45 - 00000000 ____D C:\xampp
2017-01-02 23:40 - 2017-01-02 23:40 - 00044932 _____ C:\Users\German\Desktop\7b607868de83d984a4ef55a8698cb479.zip
2017-01-02 23:34 - 2017-01-02 23:37 - 93495520 _____ (Bitnami) C:\Users\German\Desktop\xampp-portable-win32-5.6.28-0-VC11-installer.exe
2017-01-02 23:18 - 2017-01-02 23:18 - 00069514 _____ C:\Users\German\Desktop\laravel-basics-youtube-master.zip
2017-01-02 22:56 - 2017-01-02 22:59 - 33718822 _____ C:\Users\German\Desktop\How to Connect PHP to MySQL Database using XAMPP.mp4
2017-01-02 22:00 - 2017-01-02 23:37 - 00000000 ____D C:\Users\German\Desktop\New folder
2017-01-02 21:03 - 2017-01-02 21:03 - 00000000 ____D C:\Users\German\AppData\LocalLow\BitTorrent
2017-01-02 21:02 - 2017-01-03 01:53 - 00107520 ___SH C:\Users\German\Desktop\Thumbs.db
2017-01-02 18:19 - 2017-01-03 05:18 - 00028238 _____ C:\Users\German\AppData\Roaming\phpdesigner.xml
2017-01-02 18:17 - 2017-01-02 18:17 - 00001001 _____ C:\Users\German\Desktop\phpDesigner 8.lnk
2017-01-02 18:17 - 2017-01-02 18:17 - 00000000 ____D C:\ProgramData\phpDesigner
2017-01-02 18:16 - 2017-01-02 18:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\phpDesigner 8
2017-01-02 18:15 - 2017-01-03 05:16 - 00000000 ____D C:\Program Files (x86)\phpDesigner 8
2017-01-02 18:15 - 2017-01-02 18:19 - 00000000 ____D C:\Users\German\AppData\Roaming\phpDesigner
2017-01-02 16:51 - 2017-01-02 18:20 - 00000225 _____ C:\Users\German\Desktop\Lista per tu bere.txt
2017-01-02 16:16 - 2017-01-02 16:17 - 00000000 ____D C:\Users\German\Desktop\GC
2017-01-02 15:41 - 2017-01-02 15:43 - 00113313 _____ C:\Users\German\Downloads\Unconfirmed 885163.crdownload
2017-01-02 04:26 - 2017-01-03 05:14 - 00000000 ____D C:\Users\German\Desktop\robinsnest
2016-12-30 22:06 - 2016-12-30 22:19 - 03227691 _____ C:\Users\German\Desktop\4th_edition_examples.zip
2016-12-30 02:55 - 2016-12-30 02:55 - 00070993 _____ C:\Users\German\Desktop\welcome3.png
2016-12-30 02:39 - 2016-12-30 02:39 - 00011853 _____ C:\Users\German\Desktop\welcome2.png
2016-12-30 02:31 - 2016-12-30 02:31 - 00100602 _____ C:\Users\German\Desktop\Screenshot_7.jpg
2016-12-30 01:20 - 2016-12-30 01:45 - 00041569 _____ C:\Users\German\Desktop\WELCOME.PNG
2016-12-30 01:20 - 2016-12-30 01:20 - 00234796 _____ C:\Users\German\Desktop\welcome.psd
2016-12-30 00:20 - 2016-12-30 14:11 - 00002704 _____ C:\Users\German\Desktop\albforum.html
2016-12-30 00:20 - 2016-12-30 03:12 - 00003769 _____ C:\Users\German\Desktop\albforum.css
2016-12-29 23:38 - 2016-12-29 23:38 - 00008229 _____ C:\Users\German\Desktop\img_avatar.png
2016-12-29 14:35 - 2017-01-03 04:33 - 00014171 _____ C:\Users\German\Desktop\ALBFORUM.png
2016-12-29 14:34 - 2016-12-29 17:25 - 00030791 _____ C:\Users\German\Desktop\logo.png
2016-12-29 14:34 - 2016-12-29 14:51 - 00111125 _____ C:\Users\German\Desktop\ALBFORUM.psd
2016-12-29 14:02 - 2016-12-29 14:33 - 00000132 _____ C:\Users\German\AppData\Roaming\Adobe GIF Format CS6 Prefs
2016-12-29 14:01 - 2016-12-29 14:33 - 00005066 _____ C:\Users\German\Desktop\logo.gif
2016-12-29 00:25 - 2017-01-03 02:09 - 00000000 ____D C:\Users\German\AppData\Local\Adobe
2016-12-25 23:07 - 2017-01-03 04:05 - 00000000 ____D C:\Users\German\AppData\Roaming\Adobe
2016-12-16 00:41 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2016-12-16 00:41 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2016-12-16 00:41 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2016-12-16 00:41 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2016-12-16 00:41 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2016-12-16 00:41 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2016-12-16 00:41 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2016-12-16 00:41 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2016-12-16 00:41 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2016-12-16 00:41 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2016-12-16 00:41 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2016-12-16 00:41 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2016-12-16 00:41 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2016-12-16 00:41 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2016-12-16 00:41 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2016-12-16 00:41 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2016-12-16 00:41 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2016-12-16 00:41 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2016-12-16 00:41 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2016-12-16 00:41 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2016-12-16 00:41 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2016-12-16 00:41 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2016-12-16 00:41 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2016-12-16 00:41 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2016-12-16 00:41 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2016-12-16 00:41 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2016-12-16 00:41 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2016-12-16 00:41 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2016-12-16 00:41 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2016-12-16 00:41 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2016-12-16 00:41 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2016-12-16 00:41 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2016-12-16 00:41 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2016-12-16 00:41 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2016-12-16 00:41 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2016-12-16 00:41 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2016-12-16 00:41 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2016-12-16 00:41 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2016-12-16 00:41 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2016-12-16 00:41 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2016-12-16 00:41 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2016-12-16 00:41 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2016-12-16 00:41 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2016-12-16 00:41 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2016-12-16 00:41 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2016-12-16 00:41 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2016-12-16 00:41 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2016-12-16 00:41 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2016-12-16 00:41 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2016-12-16 00:41 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2016-12-16 00:41 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2016-12-16 00:41 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2016-12-16 00:41 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2016-12-16 00:41 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2016-12-16 00:41 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2016-12-16 00:41 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2016-12-16 00:41 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2016-12-16 00:41 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2016-12-16 00:41 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2016-12-16 00:41 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2016-12-16 00:41 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2016-12-16 00:41 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2016-12-16 00:41 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2016-12-16 00:41 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2016-12-16 00:41 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2016-12-16 00:41 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2016-12-16 00:41 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2016-12-16 00:41 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2016-12-16 00:41 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2016-12-16 00:41 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2016-12-16 00:41 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2016-12-16 00:41 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2016-12-16 00:41 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2016-12-16 00:41 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2016-12-16 00:41 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2016-12-16 00:41 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2016-12-16 00:41 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2016-12-16 00:41 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2016-12-16 00:41 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2016-12-16 00:41 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2016-12-16 00:41 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2016-12-16 00:41 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2016-12-16 00:41 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2016-12-16 00:41 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2016-12-16 00:41 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2016-12-16 00:41 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2016-12-16 00:41 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2016-12-16 00:41 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2016-12-16 00:41 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2016-12-16 00:41 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2016-12-16 00:40 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2016-12-16 00:40 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2016-12-16 00:40 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2016-12-16 00:40 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2016-12-16 00:40 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2016-12-16 00:40 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2016-12-16 00:40 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2016-12-16 00:40 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2016-12-16 00:40 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2016-12-16 00:40 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2016-12-16 00:40 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2016-12-16 00:40 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2016-12-16 00:40 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2016-12-16 00:40 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2016-12-16 00:40 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2016-12-16 00:40 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2016-12-16 00:40 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2016-12-16 00:40 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2016-12-16 00:40 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2016-12-16 00:40 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2016-12-16 00:40 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2016-12-16 00:40 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2016-12-16 00:40 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2016-12-16 00:40 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2016-12-16 00:40 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2016-12-16 00:40 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2016-12-16 00:40 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2016-12-16 00:40 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2016-12-16 00:40 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2016-12-16 00:40 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2016-12-16 00:40 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2016-12-16 00:40 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2016-12-16 00:40 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2016-12-16 00:40 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2016-12-16 00:40 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2016-12-16 00:40 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2016-12-16 00:40 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2016-12-16 00:40 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2016-12-16 00:40 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2016-12-16 00:40 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2016-12-16 00:40 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2016-12-16 00:40 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2016-12-16 00:40 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2016-12-16 00:40 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2016-12-16 00:40 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2016-12-16 00:40 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2016-12-16 00:40 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2016-12-16 00:40 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2016-12-16 00:40 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2016-12-16 00:40 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2016-12-16 00:40 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2016-12-16 00:40 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2016-12-16 00:40 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2016-12-16 00:40 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2016-12-16 00:40 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2016-12-16 00:40 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2016-12-16 00:40 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2016-12-16 00:40 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2016-12-16 00:40 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2016-12-16 00:40 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2016-12-16 00:40 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2016-12-16 00:40 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2016-12-16 00:40 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2016-12-16 00:40 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2016-12-16 00:40 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2016-12-16 00:40 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2016-12-16 00:40 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2016-12-16 00:40 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2016-12-16 00:40 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2016-12-16 00:40 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2016-12-16 00:40 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2016-12-16 00:40 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2016-12-16 00:40 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2016-12-16 00:40 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2016-12-16 00:40 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2016-12-16 00:40 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2016-12-16 00:40 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2016-12-16 00:40 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2016-12-16 00:40 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2016-12-16 00:40 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2016-12-16 00:40 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2016-12-16 00:40 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2016-12-16 00:40 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2016-12-16 00:40 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2016-12-16 00:40 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2016-12-16 00:40 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2016-12-16 00:40 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2016-12-16 00:40 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2016-12-16 00:40 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2016-12-16 00:40 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2016-12-16 00:36 - 2016-12-16 00:41 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-12-15 08:26 - 2016-12-15 08:26 - 06075404 _____ C:\Users\German\Downloads\Zhvillimi-i-udhëheqjes-arsimore-NSO.pdf
2016-12-15 07:45 - 2016-12-15 07:46 - 00122880 _____ C:\Users\German\Downloads\Drejtuesi.doc
2016-12-15 07:44 - 2016-12-20 12:39 - 00000000 ____D C:\Users\German\Desktop\drejtori
2016-12-09 00:58 - 2016-12-09 00:58 - 00047297 _____ C:\Users\German\Desktop\Elektronika2.docx
2016-12-08 20:06 - 2016-12-09 00:57 - 00347456 _____ C:\Users\German\Desktop\glejdi elektronike.docx
2016-12-06 20:40 - 2016-12-19 22:32 - 00000000 ____D C:\Users\German\Desktop\elektroniktest

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-03 19:45 - 2016-11-10 17:59 - 00000000 ____D C:\Users\German\AppData\Roaming\BitTorrent
2017-01-03 19:24 - 2009-07-14 06:13 - 00785366 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-03 19:24 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-01-03 19:23 - 2016-11-15 22:14 - 00000000 ____D C:\Users\German\AppData\LocalLow\Mozilla
2017-01-03 19:19 - 2016-06-08 13:49 - 00000390 _____ C:\Windows\Tasks\update-sys.job
2017-01-03 19:15 - 2016-06-08 13:49 - 00000390 _____ C:\Windows\Tasks\update-S-1-5-21-1528164837-3682725260-664172240-1000.job
2017-01-03 19:15 - 2015-12-28 19:42 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2017-01-03 04:32 - 2015-12-28 22:15 - 00000000 ____D C:\Users\German\AppData\Roaming\vlc
2017-01-03 02:11 - 2015-12-28 19:31 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-01-03 02:02 - 2016-07-23 02:45 - 00382976 ___SH C:\Users\German\Downloads\Thumbs.db
2017-01-02 21:11 - 2009-07-14 05:45 - 00033712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-02 21:11 - 2009-07-14 05:45 - 00033712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-02 21:03 - 2016-08-01 20:37 - 00000000 ____D C:\Users\German\Desktop\GCDESIGN
2017-01-02 21:02 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-02 15:19 - 2016-11-15 21:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-02 04:18 - 2016-08-01 20:34 - 00000000 ____D C:\Users\German\Desktop\Muzik
2017-01-02 00:31 - 2016-06-25 08:34 - 00003350 _____ C:\Windows\System32\Tasks\ESET Windows 10 upgrade – Refresh settings
2016-12-31 00:39 - 2016-08-01 20:31 - 00000000 ____D C:\Users\German\Desktop\FILMA
2016-12-30 21:19 - 2016-11-27 20:47 - 00000000 ____D C:\Users\German\Desktop\MUZIK TOOLS
2016-12-30 21:18 - 2015-12-27 04:33 - 00000000 __SHD C:\System Volume Information
2016-12-30 21:01 - 2009-07-14 04:20 - 00000000 ___RD C:\Program Files
2016-12-30 21:00 - 2016-02-01 17:22 - 00000000 ____D C:\Users\German\AppData\Local\Viber
2016-12-30 21:00 - 2015-12-28 19:25 - 00000000 ___RD C:\Users\German\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2016-12-30 20:59 - 2015-12-28 19:47 - 00000000 ____D C:\ProgramData\Skype
2016-12-30 20:59 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files (x86)\Common Files
2016-12-30 20:58 - 2015-12-28 19:54 - 00000000 ____D C:\Users\German\AppData\Roaming\Skype
2016-12-30 20:28 - 2015-12-28 20:28 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{edb06ed6-ad94-11e5-9c9e-643150a42c16}.TMContainer00000000000000000001.regtrans-ms
2016-12-30 20:18 - 2016-11-10 18:31 - 00000000 ____D C:\ProgramData\National Instruments
2016-12-30 20:17 - 2009-07-14 04:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2016-12-30 20:15 - 2009-07-14 04:20 - 00000000 __RSD C:\Windows\assembly
2016-12-30 20:13 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files (x86)\Internet Explorer
2016-12-30 20:09 - 2016-08-06 00:47 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-30 19:57 - 2015-12-28 19:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-30 19:57 - 2010-11-21 04:47 - 00182622 _____ C:\Windows\PFRO.log
2016-12-30 19:57 - 2009-07-14 05:45 - 00460936 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-30 02:55 - 2016-07-22 20:44 - 00001456 _____ C:\Users\German\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-12-29 14:35 - 2016-06-22 21:50 - 00000132 _____ C:\Users\German\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-12-29 14:02 - 2016-11-28 23:55 - 00000000 ____D C:\Users\German\Desktop\projekte photoshop
2016-12-29 01:36 - 2016-11-28 03:04 - 00000000 ____D C:\Users\German\Desktop\Fonts
2016-12-29 01:35 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Desktop
2016-12-27 20:40 - 2016-11-10 00:38 - 00000000 ____D C:\Program Files (x86)\cstrike
2016-12-25 23:46 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\config\RegBack
2016-12-25 14:56 - 2016-11-18 23:28 - 00000000 ____D C:\Program Files (x86)\freac
2016-12-25 14:56 - 2016-10-17 22:02 - 00000000 ____D C:\Users\German\AppData\Roaming\Audacity
2016-12-24 03:00 - 2015-12-28 22:46 - 00130488 _____ C:\Users\German\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-24 02:58 - 2009-07-14 04:20 - 00000000 __RSD C:\Windows\Fonts
2016-12-17 00:06 - 2016-05-10 22:58 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d1ab07b37f693
2016-12-17 00:06 - 2015-12-28 19:42 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-17 00:06 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Tasks
2016-12-16 00:40 - 2015-12-28 19:40 - 00036805 _____ C:\Windows\DirectX.log
2016-12-16 00:40 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Microsoft.NET
2016-12-15 07:45 - 2015-12-28 19:54 - 00000000 ____D C:\Users\German\AppData\Local\Google
2016-12-15 07:45 - 2015-12-28 19:42 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-15 07:45 - 2015-12-28 19:42 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-08 23:56 - 2016-09-15 19:41 - 00000000 ____D C:\Users\German\Desktop\VITI 2

==================== Files in the root of some directories =======

2015-03-16 10:14 - 2015-03-16 10:14 - 0327472 _____ (National Instruments) C:\Program Files\autorun.exe
2015-03-16 10:14 - 2015-03-16 10:14 - 0000663 _____ () C:\Program Files\Autorun.inf
2015-03-26 22:00 - 2015-03-26 22:00 - 0000364 _____ () C:\Program Files\nidist.id
2015-03-16 10:14 - 2015-03-16 10:14 - 0022891 _____ () C:\Program Files\patents.txt
2015-12-09 13:19 - 2015-08-05 08:13 - 0211456 _____ (Aureal Semiconductor) C:\Program Files (x86)\a3dapi.dll
2015-12-09 13:19 - 2015-08-05 08:13 - 0258106 _____ () C:\Program Files (x86)\Core.dll
2015-12-09 13:19 - 2015-08-05 08:13 - 0069632 _____ () C:\Program Files (x86)\dbg.dll
2015-12-09 13:19 - 2015-08-05 08:13 - 0090112 _____ () C:\Program Files (x86)\DemoPlayer.dll
2015-12-09 13:19 - 2015-08-05 08:13 - 0122974 _____ () C:\Program Files (x86)\FileSystem_Steam.dll
2015-12-09 13:30 - 2015-12-09 13:30 - 0000044 ____R () C:\Program Files (x86)\guid.dat
2015-12-09 13:19 - 2015-08-05 08:13 - 0086077 _____ (Valve) C:\Program Files (x86)\hl.exe
2015-12-09 13:19 - 2015-08-05 08:13 - 0389120 _____ (Valve) C:\Program Files (x86)\hlds.exe
2015-12-09 13:19 - 2015-08-05 08:13 - 0024705 _____ () C:\Program Files (x86)\HLTV-Readme.txt
2015-12-09 13:19 - 2015-08-05 08:13 - 0001569 _____ () C:\Program Files (x86)\hltv.cfg
2015-12-09 13:19 - 2015-08-05 08:13 - 0221184 _____ (Valve) C:\Program Files (x86)\hltv.exe
2015-12-09 13:19 - 2015-08-05 08:13 - 1840440 _____ () C:\Program Files (x86)\hw.dll
2015-12-09 13:19 - 2015-08-05 08:13 - 0139264 _____ () C:\Program Files (x86)\hwpatcher.dll
2015-12-09 13:19 - 2015-08-05 08:13 - 1840440 _____ () C:\Program Files (x86)\hw_orig.dll
2015-12-09 13:19 - 2015-08-05 08:13 - 0000063 _____ () C:\Program Files (x86)\language.inf
2015-12-09 13:19 - 2015-08-05 08:13 - 0000952 _____ () C:\Program Files (x86)\license.txt
2015-12-09 13:19 - 2015-08-05 08:13 - 0125952 _____ () C:\Program Files (x86)\Mp3dec.asi
2015-12-09 13:19 - 2015-08-05 08:13 - 0351744 _____ () C:\Program Files (x86)\Mss32.dll
2015-12-09 13:19 - 2015-08-05 08:13 - 0142848 _____ () C:\Program Files (x86)\Mssv12.asi
2015-12-09 13:19 - 2015-08-05 08:13 - 0161792 _____ () C:\Program Files (x86)\Mssv29.asi
2015-12-09 13:19 - 2015-08-05 08:13 - 0761152 _____ (Microsoft Corporation) C:\Program Files (x86)\msvcr100.dll
2015-12-09 13:19 - 2015-08-05 08:13 - 0039818 _____ () C:\Program Files (x86)\readme.txt
2015-12-09 13:19 - 2015-08-05 08:13 - 0000548 ____R () C:\Program Files (x86)\rev.ini
2015-12-09 13:28 - 2015-08-05 08:13 - 0148992 ____R () C:\Program Files (x86)\revSrvBrowser.dll
2015-12-09 13:19 - 2015-08-05 08:13 - 0329728 _____ (Valve Corporation) C:\Program Files (x86)\Steam.dll
2015-12-09 13:19 - 2015-08-05 08:13 - 0392704 _____ () C:\Program Files (x86)\steamclient.dll
2015-12-09 13:19 - 2015-08-05 08:13 - 3377648 _____ (Valve Corporation) C:\Program Files (x86)\steamclient_original.dll
2015-12-09 13:19 - 2015-08-05 08:13 - 0067072 _____ (Valve Corporation) C:\Program Files (x86)\steam_api.dll
2015-12-09 13:19 - 2015-08-05 08:13 - 0070144 _____ (Valve Corporation) C:\Program Files (x86)\steam_api_c.dll
2015-12-09 13:19 - 2015-08-05 08:13 - 0000002 _____ () C:\Program Files (x86)\steam_appid.txt
2015-12-09 13:19 - 2015-08-05 08:13 - 2894832 _____ (Valve Corporation) C:\Program Files (x86)\Steam_original.dll
2015-12-09 13:19 - 2015-08-05 08:13 - 1672504 _____ () C:\Program Files (x86)\sw.dll
2015-12-09 13:19 - 2015-08-05 08:13 - 1668968 _____ () C:\Program Files (x86)\swds.dll
2015-12-09 13:19 - 2015-08-05 08:13 - 0344064 _____ () C:\Program Files (x86)\tier0.dll
2015-12-09 13:19 - 2015-08-05 08:13 - 0275704 _____ (Valve Corporation) C:\Program Files (x86)\tier0_s.dll
2015-12-09 13:18 - 2015-12-09 13:28 - 0538378 _____ () C:\Program Files (x86)\unins000.dat
2015-12-09 13:19 - 2015-12-09 13:18 - 0722593 _____ () C:\Program Files (x86)\unins000.exe
2016-11-10 00:38 - 2016-11-10 00:39 - 0234719 _____ () C:\Program Files (x86)\Uninstal.exe
2015-12-09 13:28 - 2015-08-05 08:13 - 0028926 _____ () C:\Program Files (x86)\uninstall.ico
2015-12-09 13:19 - 2015-08-05 08:13 - 0001189 _____ () C:\Program Files (x86)\UninstallCSBotPatch.bat
2015-12-09 13:19 - 2015-08-05 08:13 - 0002560 _____ () C:\Program Files (x86)\upatch.dll
2015-12-09 13:19 - 2015-08-05 08:13 - 0352256 _____ () C:\Program Files (x86)\vgui.dll
2015-12-09 13:19 - 2015-08-05 08:13 - 0245819 _____ () C:\Program Files (x86)\vgui2.dll
2015-12-09 13:19 - 2015-08-05 08:13 - 0053248 _____ () C:\Program Files (x86)\voice_miles.dll
2015-12-09 13:19 - 2015-08-05 08:13 - 0008704 ____R () C:\Program Files (x86)\voice_mp3.asi
2015-12-09 13:19 - 2015-08-05 08:13 - 0084480 ____R () C:\Program Files (x86)\voice_mp3.dll
2015-12-09 13:19 - 2015-08-05 08:13 - 0139264 _____ () C:\Program Files (x86)\voice_speex.dll
2015-12-09 13:19 - 2015-08-05 08:13 - 0340480 _____ (Valve Corporation) C:\Program Files (x86)\vstdlib.dll
2015-12-09 13:19 - 2015-08-05 08:13 - 0402680 _____ (Valve Corporation) C:\Program Files (x86)\vstdlib_s.dll
2016-12-29 14:02 - 2016-12-29 14:33 - 0000132 _____ () C:\Users\German\AppData\Roaming\Adobe GIF Format CS6 Prefs
2016-06-22 21:50 - 2016-12-29 14:35 - 0000132 _____ () C:\Users\German\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-01-02 18:19 - 2017-01-03 05:18 - 0028238 _____ () C:\Users\German\AppData\Roaming\phpdesigner.xml
2016-07-23 03:07 - 2016-07-23 03:09 - 0014848 ___SH () C:\Users\German\AppData\Roaming\Thumbs.db
2015-12-28 22:07 - 2015-12-28 22:08 - 1533667 _____ () C:\Users\German\AppData\Roaming\UserTile.png
2016-07-22 20:44 - 2016-12-30 02:55 - 0001456 _____ () C:\Users\German\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-09-27 21:53 - 2016-09-27 21:53 - 0000017 _____ () C:\Users\German\AppData\Local\resmon.resmoncfg
2016-06-08 13:49 - 2016-06-08 13:49 - 0000003 _____ () C:\Users\German\AppData\Local\updater.log
2016-06-08 13:49 - 2016-08-07 01:23 - 0000424 _____ () C:\Users\German\AppData\Local\UserProducts.xml

Some files in TEMP:
====================
C:\Users\German\AppData\Local\Temp\avgnt.exe
C:\Users\German\AppData\Local\Temp\eseBF05.tmp.exe
C:\Users\German\AppData\Local\Temp\eseC04E.tmp.exe
C:\Users\German\AppData\Local\Temp\ReimagePackage.exe
C:\Users\German\AppData\Local\Temp\ReimageRepair.exe
C:\Users\German\AppData\Local\Temp\ReimageRepairTemp.exe
C:\Users\German\AppData\Local\Temp\sqlite3.exe
C:\Users\German\AppData\Local\Temp\X-tech.exe
C:\Users\German\AppData\Local\Temp\{AD83D28F-F9F8-43CE-B859-4F3436AAAA19}-49.0.2623.87_48.0.2564.116_chrome_updater.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-25 23:46

==================== End of FRST.txt ============================



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,211 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:41 PM

Posted 04 January 2017 - 09:06 AM

Remove this programs in bold via the Control Panel > Programs > Programs and Features.
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.2.6 - Reimage) <==== ATTENTION


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:


(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
AutoConfigURL: [S-1-5-21-1528164837-3682725260-664172240-1000] => hxxp://noblockingweb.net/wpad.dat?91e4f1db37bbb12852d55a48075eb15b23169203
ManualProxies: 0hxxp://noblockingweb.net/wpad.dat?91e4f1db37bbb12852d55a48075eb15b23169203
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\225693822.js [2017-01-02] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\225693822.cfg [2017-01-02] <==== ATTENTION
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWqm5d7rHjGs0-XkFvV0FSWTF0NMJmFZhFoddm98vq1PeAC2RU4XR0VQAAHr5dTYIrCR57cQbCAHi_oyMNTyOMgxfDekJFhdgAU_1002UmF6keE_otpq96b-n53fqG0GreANcHixdKf7xSKU4qKR5x9qdz9w,,
CHR Extension: (Chrome Web Store Payments) - C:\Users\German\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\German\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-02]
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [8016240 2016-11-06] (Reimage®)
S3 cpuz134; \??\C:\Users\German\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
Task: {26E881BE-8ADA-4C53-9EE9-DD424E11BD09} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2016-01-25] (Reimage ltd.) <==== ATTENTION
Task: {4E2AB2F8-4446-4DCF-817C-DF6E34E05978} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2016-11-06] (Reimage®) <==== ATTENTION
C:\Program Files\Reimage

RemoveProxy:
Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===


Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please post the logs and let me know what problem persists with this computer.

#6 glejdius

glejdius
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 05 January 2017 - 04:02 PM

I can only say that you are the best! I made what you said and everything is working fine again!

Anyway, i'm sending you what you said so you can maybe look up for another problem.

 

 

ADWCLEANER LOG FILE:

 

 

Folder Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reimage repair


***** [ Files ] *****

File Found:  C:\Windows\Reimage.ini


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found:  HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Key Found:  HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Key Found:  [x64] HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Key Found:  HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Found:  HKU\S-1-5-21-1528164837-3682725260-664172240-1000\Software\PRODUCTSETUP
Key Found:  HKU\S-1-5-21-1528164837-3682725260-664172240-1000\Software\Reimage
Key Found:  HKU\S-1-5-21-1528164837-3682725260-664172240-1000\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Key Found:  HKU\S-1-5-21-1528164837-3682725260-664172240-1000\Software\csastats
Key Found:  HKCU\Software\PRODUCTSETUP
Key Found:  HKCU\Software\Reimage
Key Found:  HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Key Found:  HKCU\Software\csastats
Key Found:  [x64] HKCU\Software\PRODUCTSETUP
Key Found:  [x64] HKCU\Software\Reimage
Key Found:  [x64] HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Key Found:  [x64] HKCU\Software\csastats
Key Found:  [x64] HKLM\SOFTWARE\Reimage
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Repair
Key Found:  HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\German\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\German\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found:  [C:\Users\German\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - fcgnigmofekcllgbiejhmigggmgehkip

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [3440 Bytes] - [05/01/2017 22:00:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3513 Bytes] ##########
 

 

 

Attached Files



#7 glejdius

glejdius
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:41 PM

Posted 05 January 2017 - 04:09 PM

I deleted the infected files with AdwCleaner and now everything is working really fine!



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,211 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:41 PM

Posted 06 January 2017 - 09:35 AM

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users