Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome pop-up ads every time I open a new tab


  • This topic is locked This topic is locked
38 replies to this topic

#1 shainess

shainess

  • Members
  • 27 posts
  • OFFLINE
  •  

Posted 03 July 2017 - 06:42 AM

Hello! I keep randomly getting pop-up ads every time I open a new tab on Google Chrome. I deleted all the unwanted programs I might have downloaded in accident but no avail. Malwarebytes found some threats and PUPs and I removed them but somehow something still keeps coming back to cause these pop-up ads? If someone could help, I would appreciate it!
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2017
Ran by Ilona (administrator) on HAIYENTRAN (03-07-2017 14:18:51)
Running from C:\Users\Ilona\Downloads
Loaded Profiles: Ilona &  (Available Profiles: Ilona & Vieras)
Platform: Windows 8.1 (Update) (X64) Language: suomi (Suomi)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
 
==================== Registry (Whitelisted) ====================
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4D6E185D-418F-41C1-A647-034AB080360B}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{F4431549-3D45-44FA-A5CE-4C6193EBB609}: [DhcpNameServer] 192.168.1.1
ManualProxies: 
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-404751162-3923029424-1761788839-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07032017123750984\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-404751162-3923029424-1761788839-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07032017123750984\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-404751162-3923029424-1761788839-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07032017123750984\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-404751162-3923029424-1761788839-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07032017123752245\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com
HKU\S-1-5-21-404751162-3923029424-1761788839-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07032017123752245\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKU\S-1-5-21-404751162-3923029424-1761788839-1001 -> {3F51A905-FDFD-4E98-AF17-17CB29BF1EF8} URL = 
SearchScopes: HKU\S-1-5-21-404751162-3923029424-1761788839-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07032017123750984 -> {3F51A905-FDFD-4E98-AF17-17CB29BF1EF8} URL = 
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-26] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-26] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-01-01] (Skype Technologies)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-17] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-05-26] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-17] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-26] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [No File]
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-05-26] (Adobe Systems)
FF Plugin HKU\S-1-5-21-404751162-3923029424-1761788839-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin HKU\S-1-5-21-404751162-3923029424-1761788839-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07032017123750984: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
 
Chrome: 
=======
CHR NewTab: Default ->  Active:"chrome-extension://kebemdfahifkfmpgbffjjobpgjhjcdnd/index.html"
CHR Profile: C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default [2017-07-03]
CHR Extension: (Google-presentaatiot) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-04-12]
CHR Extension: (Google-dokumentit) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-12]
CHR Extension: (Google Drive) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-12]
CHR Extension: (YouTube) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-12]
CHR Extension: (NicoNico Audio Extractor) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecoahjklhopckkiefihjloeidikepdh [2017-04-12]
CHR Extension: (Google-taulukot) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-04-12]
CHR Extension: (Google Docsin offline-tila) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-15]
CHR Extension: (AdBlock) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-07-02]
CHR Extension: (New XKit) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\inobiceghmpkaklcknpniboilbjmlald [2017-04-12]
CHR Extension: (rikaikun) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipdnfibhldikgcjhfnomkfpcebammhp [2017-04-12]
CHR Extension: (Kanji Tab) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\kebemdfahifkfmpgbffjjobpgjhjcdnd [2017-04-12]
CHR Extension: (Chrome Web Storen maksut) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-12]
CHR Extension: (helpplz uber) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdahnpejkgddhmhabggnacmefphfpdoh [2017-04-12]
CHR Extension: (Gmail) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-12]
CHR Extension: (Chrome Media Router) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-01]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
===================== Drivers (Whitelisted) ======================
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-03 13:04 - 2017-07-03 13:57 - 00049488 _____ C:\Users\Ilona\Downloads\Addition.txt
2017-07-03 12:38 - 2017-07-03 14:18 - 00011062 _____ C:\Users\Ilona\Downloads\FRST.txt
2017-07-03 12:38 - 2017-07-03 12:38 - 00000000 ____D C:\Users\Ilona\Downloads\FRST-OlderVersion
2017-07-03 12:33 - 2017-07-03 12:33 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000101-000000.txt
2017-07-03 12:32 - 2017-07-03 12:32 - 00015424 _____ C:\WINDOWS\system32\Drivers\hrdbgwggw.sys
2017-07-03 10:40 - 2017-07-03 10:40 - 00188352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\44823793.sys
2017-07-03 10:40 - 2017-07-03 10:40 - 00188352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\406C37A6.sys
2017-07-03 10:38 - 2017-07-03 13:53 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-07-03 10:38 - 2017-07-03 12:33 - 00101784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-07-03 10:38 - 2017-07-03 12:33 - 00045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-07-03 10:38 - 2017-07-03 10:38 - 00188352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4B8836A4.sys
2017-07-03 10:37 - 2017-07-03 10:37 - 01192400 _____ C:\WINDOWS\isRS-000.tmp
2017-07-03 10:37 - 2017-07-03 10:37 - 00001895 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-03 10:37 - 2017-07-03 10:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-03 10:37 - 2017-06-27 12:06 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-07-03 10:34 - 2017-07-03 10:35 - 65033984 _____ (Malwarebytes ) C:\Users\Ilona\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-03 07:01 - 2017-07-03 07:01 - 00000000 ____D C:\Users\Ilona\AppData\LocalLow\uTorrent
2017-07-02 19:31 - 2017-07-02 19:31 - 00002181 _____ C:\Users\Ilona\Desktop\Google Chrome (2).lnk
2017-07-02 14:42 - 2017-07-02 13:40 - 00078845 _____ C:\Users\Ilona\Desktop\Parade 2010 Bluray 720p AC3 x264-LooKMaNe.srt
2017-07-02 14:35 - 2017-07-02 14:35 - 00000000 ____D C:\Users\Ilona\Downloads\Parade
2017-07-02 13:33 - 2017-07-02 13:33 - 00000000 ____D C:\Users\Ilona\Downloads\Parade.2009.DVDRip.x264.AC3-Zoo
2017-07-01 23:22 - 2017-07-02 20:11 - 00000000 ____D C:\EEK
2017-07-01 23:17 - 2017-07-01 23:22 - 00001634 _____ C:\Users\Ilona\Desktop\Rkill.txt
2017-07-01 23:10 - 2017-07-03 12:31 - 00121200 _____ C:\WINDOWS\system32\Drivers\gfyadmrpp.sys
2017-07-01 23:10 - 2017-07-01 23:10 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000100-000000.txt
2017-07-01 23:08 - 2017-07-01 23:09 - 00009458 _____ C:\Users\Ilona\Downloads\Fixlog.txt
2017-07-01 23:07 - 2017-07-03 12:38 - 02435584 _____ (Farbar) C:\Users\Ilona\Downloads\FRST64.exe
2017-07-01 22:59 - 2017-07-01 22:59 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000099-000000.txt
2017-07-01 22:54 - 2017-07-03 10:34 - 00000000 ____D C:\AdwCleaner
2017-07-01 22:54 - 2017-07-01 22:54 - 04110280 _____ C:\Users\Ilona\Downloads\AdwCleaner.exe
2017-07-01 22:54 - 2017-07-01 22:54 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Ilona\Downloads\rkill.exe
2017-07-01 22:52 - 2017-07-01 23:10 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-07-01 22:13 - 2017-07-01 22:13 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000098-000000.txt
2017-07-01 22:03 - 2017-07-01 22:03 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000097-000000.txt
2017-07-01 22:02 - 2017-07-01 22:02 - 00015424 _____ C:\WINDOWS\system32\Drivers\gfizbnxuv.sys
2017-07-01 20:28 - 2017-07-03 12:33 - 00253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-01 20:28 - 2017-07-03 12:33 - 00188352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-07-01 20:28 - 2017-07-02 16:08 - 00000000 ____D C:\Users\Ilona\Desktop\mbar
2017-07-01 20:13 - 2017-07-01 20:13 - 00003160 _____ C:\WINDOWS\System32\Tasks\279784d93b11843bfd275b27395e6580
2017-07-01 20:12 - 2017-07-01 20:12 - 00003096 _____ C:\WINDOWS\System32\Tasks\{B5F19B29-C680-48C0-AB93-D9A4B6063141}
2017-07-01 20:10 - 2017-07-01 21:59 - 00000000 ____D C:\Users\Ilona\AppData\Roaming\slluz3xfz5f
2017-07-01 20:09 - 2017-07-01 21:59 - 00000000 ____D C:\Users\Ilona\AppData\Roaming\fbkgqxe3ek5
2017-07-01 20:08 - 2017-07-01 20:08 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000096-000000.txt
2017-07-01 19:59 - 2017-07-03 12:31 - 00020384 _____ C:\pagefile_bak.$$$
2017-07-01 19:59 - 2017-07-03 12:31 - 00000584 _____ C:\pagefile_bak3.$$$
2017-07-01 19:59 - 2017-07-03 12:31 - 00000048 _____ C:\pagefile_bak2.$$$
2017-07-01 19:59 - 2017-07-01 19:59 - 00000032 _____ C:\pagefile.$$$
2017-07-01 19:56 - 2017-07-01 21:59 - 00000000 ____D C:\Users\Ilona\AppData\Roaming\pny4b2rrttf
2017-07-01 19:55 - 2017-07-01 21:59 - 00000000 ____D C:\Users\Ilona\AppData\Roaming\0jw2sqskfm5
2017-07-01 19:53 - 2017-07-01 19:53 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000095-000000.txt
2017-07-01 19:51 - 2017-07-01 21:59 - 00000000 ____D C:\Users\Ilona\AppData\Roaming\r5jsgbnchha
2017-07-01 19:51 - 2017-07-01 21:59 - 00000000 ____D C:\Users\Ilona\AppData\Roaming\hylpvm3zaik
2017-07-01 19:51 - 2017-07-01 21:59 - 00000000 ____D C:\Users\Ilona\AppData\Roaming\2bg43s3ms5p
2017-07-01 19:51 - 2017-07-01 19:51 - 00016762 _____ C:\WINDOWS\System32\Tasks\Silentipla Video Converter
2017-07-01 19:51 - 2017-07-01 19:51 - 00000000 ____D C:\Users\Ilona\AppData\Roaming\TestService
2017-07-01 19:45 - 2017-07-02 16:07 - 00000000 ____D C:\Users\Ilona\AppData\Roaming\vlc
2017-07-01 19:28 - 2017-07-01 19:34 - 1057861767 _____ C:\Users\Ilona\Downloads\Japanese movie english subtitle-パレード (1).mp4
2017-06-28 21:05 - 2017-06-28 21:05 - 00708358 _____ C:\Users\Ilona\Downloads\KuronoFIX2.psd
2017-06-28 15:38 - 2017-06-28 15:38 - 00051629 _____ C:\WINDOWS\uninstaller.dat
2017-06-26 10:42 - 2017-06-26 10:42 - 00715330 _____ C:\Users\Ilona\Downloads\Azusa.psd
2017-06-23 06:02 - 2017-06-23 06:03 - 00138264 _____ C:\Users\Ilona\Downloads\2.0_inch_raster.psd
2017-06-22 05:34 - 2017-06-22 05:34 - 00174451 _____ C:\Users\Ilona\Documents\shai GO.pdf
2017-06-20 18:36 - 2017-06-20 18:36 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000094-000000.txt
2017-06-20 18:20 - 2017-06-20 18:20 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000093-000000.txt
2017-06-20 18:12 - 2017-06-20 18:12 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000092-000000.txt
2017-06-20 17:46 - 2017-06-20 17:46 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000091-000000.txt
2017-06-20 17:18 - 2017-06-20 17:18 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000090-000000.txt
2017-06-20 16:41 - 2017-06-20 16:41 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000089-000000.txt
2017-06-20 16:27 - 2017-06-20 16:27 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000088-000000.txt
2017-06-20 16:23 - 2017-06-20 16:23 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000087-000000.txt
2017-06-20 16:18 - 2017-06-20 16:18 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000086-000000.txt
2017-06-20 16:00 - 2017-06-20 16:00 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000085-000000.txt
2017-06-20 15:51 - 2017-06-20 15:51 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000084-000000.txt
2017-06-20 10:02 - 2017-06-20 10:02 - 00001144 _____ C:\Users\Public\Desktop\Intel® Driver Update Utility 2.8.lnk
2017-06-20 10:02 - 2017-06-20 10:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2017-06-20 10:01 - 2017-06-20 10:01 - 00003210 _____ C:\WINDOWS\System32\Tasks\USER_ESRV_SVC_QUEENCREEK
2017-06-20 10:01 - 2017-06-20 10:01 - 00000000 ____D C:\WINDOWS\System32\Tasks\Intel
2017-06-20 10:01 - 2017-06-20 10:01 - 00000000 ____D C:\Program Files\Intel Driver Update Utility
2017-06-20 10:00 - 2017-06-20 10:00 - 00000000 ____D C:\Users\Ilona\Downloads\Temp
2017-06-20 09:46 - 2017-06-20 09:46 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000083-000000.txt
2017-06-20 09:19 - 2017-06-20 09:19 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000082-000000.txt
2017-06-20 07:35 - 2017-06-20 07:35 - 00000000 _____ C:\Recovery.txt
2017-06-20 06:45 - 2017-06-20 06:45 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000081-000000.txt
2017-06-20 06:38 - 2017-06-20 06:38 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000080-000000.txt
2017-06-19 17:44 - 2017-06-19 17:44 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000079-000000.txt
2017-06-19 05:30 - 2017-06-19 05:30 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000078-000000.txt
2017-06-19 02:18 - 2017-04-22 00:53 - 00029376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2017-06-19 02:18 - 2017-04-22 00:50 - 00030912 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2017-06-19 02:16 - 2017-04-22 00:53 - 00018600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2017-06-19 02:16 - 2017-04-22 00:50 - 00018592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2017-06-19 02:16 - 2017-04-11 21:27 - 00987840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2017-06-19 02:16 - 2017-04-11 21:27 - 00485576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2017-06-19 02:16 - 2017-03-15 21:15 - 00993632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2017-06-19 02:16 - 2017-03-15 21:15 - 00690008 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2017-06-19 02:01 - 2017-06-19 02:01 - 00002422 _____ C:\WINDOWS\system32\default_error_stack-000077-000000.txt
2017-06-19 01:24 - 2017-06-19 01:24 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000076-000000.txt
2017-06-19 01:21 - 2017-06-19 01:21 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000075-000000.txt
2017-06-19 00:05 - 2017-06-19 00:05 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000074-000000.txt
2017-06-18 23:36 - 2017-06-18 23:36 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000073-000000.txt
2017-06-18 23:32 - 2017-06-18 23:32 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000072-000000.txt
2017-06-18 23:10 - 2017-06-18 23:10 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000071-000000.txt
2017-06-18 22:55 - 2017-06-18 22:55 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000070-000000.txt
2017-06-18 22:44 - 2017-06-18 22:44 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000069-000000.txt
2017-06-18 22:01 - 2017-06-18 22:01 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000068-000000.txt
2017-06-18 21:50 - 2017-06-18 21:50 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000067-000000.txt
2017-06-17 16:03 - 2017-06-17 16:03 - 00002422 _____ C:\WINDOWS\system32\default_error_stack-000066-000000.txt
2017-06-13 21:18 - 2017-06-02 14:30 - 03635200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-13 21:18 - 2017-05-14 23:44 - 04170240 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-06-13 21:18 - 2017-05-14 23:19 - 25738752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-13 21:18 - 2017-05-14 22:55 - 05975040 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-13 21:18 - 2017-05-14 22:32 - 07077376 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2017-06-13 21:18 - 2017-05-14 22:11 - 20274688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-13 21:18 - 2017-05-14 21:54 - 15252992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-13 21:18 - 2017-05-14 21:52 - 03240960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-06-13 21:18 - 2017-05-14 21:48 - 05274112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2017-06-13 21:18 - 2017-05-14 21:44 - 04549120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-13 21:18 - 2017-05-14 21:38 - 07796736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-13 21:18 - 2017-05-14 21:30 - 13664768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-13 21:18 - 2017-05-14 21:16 - 05268992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-13 21:18 - 2017-05-14 21:06 - 07441240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-13 21:18 - 2017-05-12 05:18 - 03714560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-13 21:18 - 2017-05-12 02:36 - 22361848 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-13 21:18 - 2017-05-12 02:32 - 19788672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-13 21:17 - 2017-06-02 15:15 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-06-13 21:17 - 2017-06-02 15:12 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2017-06-13 21:17 - 2017-06-02 15:12 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2017-06-13 21:17 - 2017-06-02 15:06 - 01001984 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-13 21:17 - 2017-06-02 15:01 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2017-06-13 21:17 - 2017-06-02 14:03 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-13 21:17 - 2017-06-02 13:58 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-13 21:17 - 2017-06-02 13:25 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-06-13 21:17 - 2017-06-02 13:24 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2017-06-13 21:17 - 2017-06-02 13:17 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2017-06-13 21:17 - 2017-06-02 13:02 - 02751488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-13 21:17 - 2017-06-02 12:43 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-13 21:17 - 2017-06-02 12:43 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-13 21:17 - 2017-05-15 22:58 - 00121184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-13 21:17 - 2017-05-14 23:42 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-13 21:17 - 2017-05-14 23:26 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-06-13 21:17 - 2017-05-14 23:19 - 01364040 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-06-13 21:17 - 2017-05-14 23:10 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-06-13 21:17 - 2017-05-14 22:31 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-06-13 21:17 - 2017-05-14 22:22 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-06-13 21:17 - 2017-05-14 22:19 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-06-13 21:17 - 2017-05-14 22:10 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-06-13 21:17 - 2017-05-14 22:04 - 00315224 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-13 21:17 - 2017-05-14 22:03 - 00373080 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-13 21:17 - 2017-05-14 21:46 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-06-13 21:17 - 2017-05-14 21:40 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-06-13 21:17 - 2017-05-14 21:37 - 01544704 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-06-13 21:17 - 2017-05-14 21:27 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-06-13 21:17 - 2017-05-14 21:15 - 02767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-06-13 21:17 - 2017-05-14 21:13 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-06-13 21:17 - 2017-05-14 21:11 - 01314816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-06-13 21:17 - 2017-05-14 21:11 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-06-13 21:17 - 2017-05-14 21:06 - 01737600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-06-13 21:17 - 2017-05-14 21:06 - 01502000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-06-13 21:17 - 2017-05-12 20:05 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-13 21:17 - 2017-05-12 19:16 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-06-13 21:17 - 2017-05-12 19:13 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-13 21:17 - 2017-05-12 18:51 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2017-06-13 21:17 - 2017-05-12 18:50 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2017-06-13 21:17 - 2017-05-12 18:48 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-06-13 21:17 - 2017-05-12 18:47 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-06-13 21:17 - 2017-05-12 07:10 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-13 21:17 - 2017-05-12 05:58 - 01985536 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-13 21:17 - 2017-05-12 05:48 - 01377792 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-13 21:17 - 2017-05-12 05:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2017-06-13 21:17 - 2017-05-12 05:10 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2017-06-13 21:17 - 2017-05-12 05:07 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2017-06-13 21:17 - 2017-05-12 05:06 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-06-13 21:17 - 2017-05-12 05:04 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-06-13 21:17 - 2017-05-12 05:00 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2017-06-13 21:17 - 2017-05-10 21:19 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2017-06-13 21:17 - 2017-05-06 19:05 - 01094656 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-13 21:17 - 2017-05-06 19:04 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-13 21:17 - 2017-04-06 20:37 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-06-13 21:17 - 2017-04-06 20:16 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpd_ci.dll
2017-06-13 21:17 - 2017-04-06 19:50 - 01436672 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-06-13 21:17 - 2017-04-06 19:46 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2017-06-13 21:17 - 2017-04-06 19:46 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-06-13 21:17 - 2017-04-06 19:35 - 01362432 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2017-06-13 21:17 - 2017-04-06 19:15 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2017-06-13 21:17 - 2017-04-06 18:44 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2017-06-13 21:17 - 2017-04-02 17:49 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-06-13 21:17 - 2017-04-02 16:40 - 02013016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-06-13 15:20 - 2017-06-13 15:20 - 00003706 _____ C:\WINDOWS\System32\Tasks\ALU_SelfUpgrade
2017-06-13 13:57 - 2017-06-13 13:57 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000065-000000.txt
2017-06-13 13:28 - 2017-06-13 13:28 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000064-000000.txt
2017-06-13 12:37 - 2017-06-13 12:37 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000063-000000.txt
2017-06-13 12:34 - 2017-06-13 12:34 - 00000000 ____D C:\Users\Vieras\AppData\Local\Apple
2017-06-13 10:45 - 2017-06-13 10:45 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000062-000000.txt
2017-06-13 07:49 - 2017-06-13 07:49 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000061-000000.txt
2017-06-13 07:39 - 2017-06-13 07:40 - 00000000 ____D C:\Users\Vieras\AppData\Roaming\Apple Computer
2017-06-13 07:39 - 2017-06-13 07:39 - 00000000 ____D C:\Users\Vieras\AppData\Local\Apple Computer
2017-06-13 06:16 - 2017-06-13 06:16 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000060-000000.txt
2017-06-12 11:06 - 2017-06-12 11:06 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000059-000000.txt
2017-06-12 10:42 - 2017-06-12 10:42 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000058-000000.txt
2017-06-12 03:53 - 2017-06-12 03:53 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000057-000000.txt
2017-06-05 02:33 - 2017-06-05 02:33 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000056-000000.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-03 14:18 - 2017-04-26 13:19 - 00000000 ____D C:\FRST
2017-07-03 13:51 - 2012-12-31 12:10 - 00000000 ____D C:\Users\Ilona\AppData\Roaming\Skype
2017-07-03 13:12 - 2016-01-14 17:46 - 00003954 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{47C9991F-5ACF-4D83-A791-F239DFBE3DE2}
2017-07-03 12:32 - 2017-04-26 23:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2017-07-03 12:32 - 2013-08-22 17:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-03 11:21 - 2012-11-15 16:36 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-404751162-3923029424-1761788839-1001
2017-07-03 07:33 - 2017-04-26 23:32 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2017-07-03 02:02 - 2012-11-21 14:23 - 00000000 ____D C:\Users\Ilona\AppData\Local\Adobe
2017-07-02 16:09 - 2017-04-21 01:52 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-07-02 14:43 - 2012-11-25 15:54 - 15483392 ___SH C:\Users\Ilona\Downloads\Thumbs.db
2017-07-01 23:09 - 2017-03-14 19:23 - 00029628 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-07-01 23:03 - 2017-03-14 19:23 - 00049347 _____ C:\WINDOWS\ZAM.krnl.trace
2017-07-01 22:58 - 2014-07-11 05:28 - 00000000 ____D C:\Users\Ilona
2017-07-01 21:59 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Silentipla Video Converter
2017-07-01 20:28 - 2015-09-26 03:50 - 00003412 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachineDaily
2017-07-01 20:28 - 2015-09-26 03:50 - 00003286 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine
2017-07-01 20:28 - 2012-11-16 06:24 - 00000000 ____D C:\Program Files (x86)\Gyazo
2017-07-01 20:07 - 2013-08-22 16:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2017-06-30 00:44 - 2013-04-10 21:05 - 00000000 ____D C:\Program Files (x86)\PaintToolSAI
2017-06-29 19:31 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Inf
2017-06-29 09:08 - 2013-04-10 20:00 - 07027712 ___SH C:\Users\Ilona\Documents\Thumbs.db
2017-06-28 23:59 - 2012-12-30 08:00 - 00001456 _____ C:\Users\Ilona\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-06-27 22:11 - 2017-04-12 02:06 - 00002181 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-22 23:19 - 2012-11-21 19:46 - 00000132 _____ C:\Users\Ilona\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-06-20 18:04 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-20 16:40 - 2017-03-04 17:40 - 02419294 _____ C:\WINDOWS\ntbtlog.txt
2017-06-20 10:02 - 2017-03-08 00:17 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2017-06-20 10:02 - 2016-01-13 15:55 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-20 10:01 - 2012-08-29 11:14 - 00000000 ____D C:\Program Files\Intel
2017-06-20 09:26 - 2014-03-18 18:31 - 00005646 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-20 09:26 - 2014-03-18 17:54 - 00555010 _____ C:\WINDOWS\system32\perfh00B.dat
2017-06-20 09:26 - 2014-03-18 17:54 - 00203966 _____ C:\WINDOWS\system32\perfc00B.dat
2017-06-19 17:44 - 2013-06-19 15:13 - 00000375 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2017-06-19 02:32 - 2012-07-26 10:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-18 21:33 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\rescache
2017-06-17 16:03 - 2013-08-22 17:44 - 05776896 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-17 16:02 - 2014-08-20 14:48 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-17 16:02 - 2014-08-20 14:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-17 15:54 - 2013-08-22 18:36 - 00000000 ___RD C:\WINDOWS\ToastData
2017-06-17 15:27 - 2012-11-24 07:25 - 00004288 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-06-17 15:26 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-17 15:26 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-16 14:02 - 2013-08-22 18:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-16 14:02 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-16 04:09 - 2012-11-15 16:29 - 00000000 ____D C:\Users\Ilona\AppData\Local\Packages
2017-06-13 23:08 - 2014-08-20 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-13 23:04 - 2014-05-11 20:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-13 22:54 - 2014-05-11 20:37 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-13 20:13 - 2017-04-10 20:11 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-06-13 20:13 - 2017-04-10 20:11 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-06-13 20:12 - 2017-04-10 20:11 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-06-13 13:23 - 2017-04-22 09:07 - 00000000 ____D C:\Users\Vieras
2017-06-13 13:14 - 2017-04-22 09:08 - 00002241 _____ C:\Users\Vieras\Desktop\Google Chrome.lnk
2017-06-13 07:40 - 2016-12-23 23:14 - 00000000 ____D C:\Program Files\iTunes
2017-06-03 05:31 - 2017-05-14 01:32 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-03 05:31 - 2017-05-14 01:32 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2013-07-04 17:12 - 2013-07-04 17:12 - 0000132 _____ () C:\Users\Ilona\AppData\Roaming\Adobe AIFF Format CS6 Prefs
2013-05-09 03:57 - 2013-05-09 03:58 - 0000132 _____ () C:\Users\Ilona\AppData\Roaming\Adobe BMP Format CS6 Prefs
2013-01-10 23:21 - 2013-01-10 23:21 - 0000132 _____ () C:\Users\Ilona\AppData\Roaming\Adobe GIF Format CS6 Prefs
2012-11-21 19:46 - 2017-06-22 23:19 - 0000132 _____ () C:\Users\Ilona\AppData\Roaming\Adobe PNG Format CS6 Prefs
2012-12-30 08:00 - 2017-06-28 23:59 - 0001456 _____ () C:\Users\Ilona\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-07-26 19:37 - 2017-04-12 01:44 - 0007617 _____ () C:\Users\Ilona\AppData\Local\Resmon.ResmonCfg
2017-04-20 03:17 - 2017-04-20 03:17 - 0000552 _____ () C:\Users\Ilona\AppData\Local\TroubleshooterConfig.json
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-01 23:44
 
==================== End of FRST.txt ============================
 
Also somehow my attach files section won't let me upload my Addition.txt it says "Attach This File" and after I click it it says Error No file was selected for upload when I can't even select my files. Hopefully it is okay if I paste it here?
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2017
Ran by Ilona (03-07-2017 14:20:04)
Running from C:\Users\Ilona\Downloads
Windows 8.1 (Update) (X64) (2014-07-11 03:08:51)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
HomeGroupUser$ (S-1-5-21-404751162-3923029424-1761788839-1008 - Limited - Enabled)
Ilona (S-1-5-21-404751162-3923029424-1761788839-1001 - Administrator - Enabled) => C:\Users\Ilona
Järjestelmänvalvoja (S-1-5-21-404751162-3923029424-1761788839-500 - Administrator - Disabled)
Vieras (S-1-5-21-404751162-3923029424-1761788839-501 - Limited - Enabled) => C:\Users\Vieras
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
. . (HKLM\...\{7565710A-C97D-44A4-A030-768957F9F2C1}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{F3B4320C-C72B-46B3-96D7-0C38E37388B8}) (Version: 2.8.0.7 - Intel) Hidden
µTorrent (HKU\S-1-5-21-404751162-3923029424-1761788839-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07032017123750984\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Audition CS6 (HKLM-x32\...\{30FD541D-3C9D-41C4-B240-A994EE4E0231}) (Version: 5.0.2 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.6.0.393 - Adobe Systems Incorporated)
Adobe CS6 Design and Web Premium (HKLM-x32\...\{402F6F2E-5683-491C-977D-0CA599A07CAF}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Any Audio Converter 5.8.4 (HKLM-x32\...\Any Audio Converter_is1) (Version:  - Any-Audio-Converter.com)
Apple Application Support(32 ビット) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support(64 ビット) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.6.108.7905 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.170 - Broadcom Corporation)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.4.2 - Broadcom Corporation)
CLIP STUDIO 1.6.3 (HKLM-x32\...\{49274EB8-4598-47E6-8039-9BB7CE07627E}) (Version: 1.6.3 - CELSYS)
CLIP STUDIO PAINT 1.6.3 (HKLM-x32\...\{1E4572D2-28BC-4BC9-B743-13DC6CFD71DB}) (Version: 1.6.3 - CELSYS)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-404751162-3923029424-1761788839-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07032017123750984\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-404751162-3923029424-1761788839-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
f.lux (HKU\S-1-5-21-404751162-3923029424-1761788839-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07032017123750984\...\Flux) (Version:  - )
f.lux (HKU\S-1-5-21-404751162-3923029424-1761788839-1001\...\Flux) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Gyazo 3.3.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
HF pAppLoc version 1.1.1 (HKLM-x32\...\{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1) (Version: 1.1.1 - Inquisitor)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3002 - Packard Bell)
ILLUSION ジンコウガクエン2 (HKLM-x32\...\{AF83EF7D-353A-4E0C-9919-C4E4BCB5F742}) (Version: 1.00.0000 - ILLUSION)
ILLUSION ジンコウガクエン2 きゃらめいく (HKLM-x32\...\{A56F495B-7075-4510-AC91-485416140DA2}) (Version: 1.00.0000 - ILLUSION)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{b480f6cc-fa56-482b-b0a3-49d69a32db6d}) (Version: 2.8.0.7 - Intel)
iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
join.me (HKU\S-1-5-21-404751162-3923029424-1761788839-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07032017123750984\...\JoinMe) (Version: 3.1.0.4367 - LogMeIn, Inc.)
join.me (HKU\S-1-5-21-404751162-3923029424-1761788839-1001\...\JoinMe) (Version: 3.1.0.4367 - LogMeIn, Inc.)
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.4 - Packard Bell)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3002 - Packard Bell)
Livestream Procaster (HKLM-x32\...\{68E4C751-272B-44E1-94C7-4E1FDC40F7DA}) (Version: 20.3.25 - Procaster)
Malwarebytes versio 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
MediBang Paint Pro 10.2 (64-bit) (HKLM\...\MediBang Paint Pro_is1) (Version: 10.2 - Medibang)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{26E474C7-E63A-4EC2-A08C-909B996AA75D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 49.0.2 (x86 fi) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 fi)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
Nero 12 Essentials OEM.a01 (HKLM-x32\...\{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}) (Version: 12.5.00000 - Nero AG)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{B2B0EC73-AD4A-4716-A3DE-CEA8440B309B}) (Version: 12.5.00000 - Nero AG)
Norton Online Backup ARA (HKLM-x32\...\NARA) (Version: 4.1.0.10 - Symantec Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{C1278BE4-2F1D-420B-A62F-0CFD6879FAEA}) (Version: 3.41.9593 - Apache Software Foundation)
Packard Bell Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3003 - Packard Bell)
Packard Bell Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3003 - Packard Bell)
Packard Bell Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3006 - Packard Bell)
PaintTool SAI Ver.1 (HKLM-x32\...\PaintToolSAI) (Version:  - )
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
piaip AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Pokemon Online 2.4.1 (HKLM-x32\...\{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1) (Version:  - Dreambelievers)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.3 - Power Software Ltd)
Prerequisite installer (HKLM-x32\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0002 - Nero AG) Hidden
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
RPG Maker VX RTP (HKLM-x32\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
RPGツクール2000 ランタイムパッケージ (HKLM-x32\...\{33F7A957-A66D-45A1-BADF-6576083B14E2}) (Version:  - )
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TalonRO Client 1.0.0 (HKLM-x32\...\TalonRO_is1) (Version: 1.0.0 - TalonRO)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Jackbox Party Pack (HKLM-x32\...\Steam App 331670) (Version:  - Jackbox Games, Inc.)
Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{15015752-9990-4516-A2B1-93823281FB8E}) (Version: 15.0.1759 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Dictionary (HKLM-x32\...\{E75B82FD-B6FD-4653-8685-F3A97BDFEA6E}) (Version: 15.0.2013 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{01E87699-A49D-413A-B75B-7C434FEF979C}) (Version: 15.0.2013 - Microsoft Corporation)
Valokuvavalikoima (HKLM-x32\...\{B315ABA6-8217-484E-9AC5-38806E265664}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version:  - VB-Audio Software)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.3-2 - Wacom Technology Corp.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.8-4 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.)
Windows Liven peruspaketti (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windowsin ohjainpaketti - Intel (NETwNb64) net  (08/01/2013 16.5.0.15) (HKLM\...\53BB83F31267476EA08730A3A6A5440B13232E47) (Version: 08/01/2013 16.5.0.15 - Intel)
Windowsin ohjainpaketti - Intel (NETwNe64) net  (08/08/2013 15.10.0.15) (HKLM\...\0DA2A4408EAF79301181D83EDE00C299E257CE3F) (Version: 08/08/2013 15.10.0.15 - Intel)
Windowsin ohjainpaketti - Intel (NETwNs64) net  (01/22/2012 14.3.2.1) (HKLM\...\CD88F0FADE1395C9F91302912FD35B13CF75C196) (Version: 01/22/2012 14.3.2.1 - Intel)
Windowsin ohjainpaketti - Intel (NETwNs64) net  (06/16/2013 15.9.0.5) (HKLM\...\E803A23E1EF431584A07E57A135C48ACB831FF76) (Version: 06/16/2013 15.9.0.5 - Intel)
XSplit Broadcaster (HKLM-x32\...\{F485BA07-A09E-464D-A550-8BBCB211F632}) (Version: 2.9.1701.1616 - SplitmediaLabs)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-404751162-3923029424-1761788839-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ilona\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-404751162-3923029424-1761788839-1001_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-404751162-3923029424-1761788839-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-404751162-3923029424-1761788839-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-404751162-3923029424-1761788839-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-404751162-3923029424-1761788839-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-404751162-3923029424-1761788839-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-404751162-3923029424-1761788839-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-404751162-3923029424-1761788839-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-404751162-3923029424-1761788839-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-404751162-3923029424-1761788839-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-05-23] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-05-23] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-05-23] ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ContextMenuHandlers01: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-05-23] ()
ContextMenuHandlers01: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2015-06-08] (Power Software Ltd)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext64.dll [2009-06-02] ()
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers04: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2015-06-08] (Power Software Ltd)
ContextMenuHandlers04: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext64.dll [2009-06-02] ()
ContextMenuHandlers04: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2015-06-01] (Intel Corporation)
ContextMenuHandlers06: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-05-23] ()
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2015-06-08] (Power Software Ltd)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext64.dll [2009-06-02] ()
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers1_S-1-5-21-404751162-3923029424-1761788839-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-404751162-3923029424-1761788839-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-404751162-3923029424-1761788839-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0F2C154F-347A-484D-8186-881D47C30CFE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {13E414BB-46C9-4793-950C-E3E15E47DA9D} - System32\Tasks\{F43A7692-3A77-4A24-8D07-A121C632C189} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Rankstrong\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Rankstrong\uninstall.dat" -a uninstallme 7574F464-F14A-4123-887F-2BA437321078 DeviceId=e2ad04cc-7fbd-2278-1f11-bb9e84a22d76 BarcodeId=51557003 ChannelId=3 DistributerName=APSFWemonetize
Task: {141A7A10-F460-435B-BCD5-5926D6001F65} - System32\Tasks\ALU_SelfUpgrade => C:\ProgramData\Packard Bell\updater2\Download\52971989\D\UpgradeDownload.exe [2017-06-13] ()
Task: {15E368C8-C1C8-49C1-B29A-0C291485F105} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {39FDECEC-9147-4848-AAA5-602E948B5E4B} - System32\Tasks\{C45EB629-4DAE-4FE0-B037-2ACD0C503566} => pcalua.exe -a "C:\Users\Ilona\AppData\Local\Zame\PaintTool SAI English Pack\start-sai.exe" -d "C:\Users\Ilona\AppData\Local\Zame\PaintTool SAI English Pack"
Task: {3F31F794-C3D6-42EC-87DB-13023706F383} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {42ED7251-B47B-471B-A3EB-ACB3D4B8E37D} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {4E0D793B-DBB4-4A04-8C7D-908578F2A9A3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-06-13] (Microsoft Corporation)
Task: {55FA6F19-EF99-497F-A0A3-12420BCDDDF2} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Packard Bell\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {58CED335-57DC-47F9-98F8-A94CB807BD63} - System32\Tasks\{939D2FB6-1F92-462A-B91E-8C3E598EB12F} => pcalua.exe -a "C:\Program Files (x86)\Intel\Intel® Processor Graphics\Uninstall\setup.exe" -c -uninstall
Task: {5C83827A-F721-4746-821B-2EDD16F0D0F4} - System32\Tasks\{7A3FA45E-BB79-4F63-A1B1-4D6EF4E931EB} => pcalua.exe -a C:\Users\Ilona\Desktop\WLAN_Broadcom_6.30.223.170_W81x64\bcmwls32.exe -d C:\Users\Ilona\Desktop\WLAN_Broadcom_6.30.223.170_W81x64
Task: {60514631-F709-47C9-B1FD-844BCE95F4D8} - System32\Tasks\Power Management => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [2012-08-01] (Acer Incorporated)
Task: {6582259E-9112-4E43-A4D6-6AEE98DDBB54} - System32\Tasks\AdobeAAMUpdater-1.0-haiyentran-Ilona => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {79CD61D3-47B7-45A6-B894-0EEF4869FE35} - System32\Tasks\{345A3A90-1DD8-4E05-913C-43E5C79A6B28} => pcalua.exe -a "C:\Program Files (x86)\Intel\OpenCL SDK\2.0\Uninstall\setup.exe" -c -uninstall
Task: {7A2B78EC-E767-4452-B3D3-B938D5B84AAE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-17] (Adobe Systems Incorporated)
Task: {AD2AF7D1-14F0-4D85-AF20-6158251A0005} - System32\Tasks\ALU => C:\Program Files (x86)\Packard Bell\Live Updater\updater.exe [2012-07-13] ()
Task: {B7AD51D8-380C-45BE-8E3A-9E95042BC77F} - System32\Tasks\{B5F19B29-C680-48C0-AB93-D9A4B6063141} => pcalua.exe -a "C:\Program Files (x86)\zdaplmYOSe\uninstall.exe"
Task: {BD81893D-771B-47F3-BBE1-FB8C55256D3F} - System32\Tasks\279784d93b11843bfd275b27395e6580 => sc start 279784d93b11843bfd275b27395e6580 <==== ATTENTION
Task: {CD2F8839-49A2-41BA-B1AA-7DDA5E45F483} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {CFF87471-8F8E-4B5D-8934-986046D95F61} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-05-16] ()
Task: {DC2B5180-C70E-483B-802C-DF161FCA12F6} - System32\Tasks\{C2D1D880-07AB-4CE3-85D5-6F2BD95830B1} => pcalua.exe -a "C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\20.2.0.19\InstStub.exe" -c /X /ARP
Task: {DEEA70D2-2CB4-4E65-8E5B-4E9A3F266E1B} - System32\Tasks\Silentipla Video Converter => Rundll32.exe "C:\Program Files\Silentipla Video Converter\Silentipla Video Converter.dll",JAhlOdVAO <==== ATTENTION
Task: {F08A387C-4F41-4F21-AB90-7BCEAD6A3D67} - System32\Tasks\{76F8CBC1-AEB2-4B62-8BCA-B8B19EA4467A} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\unins000.exe"
Task: {F35D9254-270D-474D-890B-B14973E6A5C3} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-05-16] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Ilona\Favorites\Packard Bell\Packard Bell.lnk -> hxxp://www.packardbell.com
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-11-17 02:28 - 2016-11-17 02:28 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 02:28 - 2016-11-17 02:28 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-07 19:04 - 2017-03-07 19:04 - 00157456 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
2017-07-03 10:37 - 2017-06-27 12:06 - 02260432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2014-05-23 02:10 - 2014-05-23 02:10 - 00671904 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2012-11-17 18:39 - 2009-06-02 01:15 - 00051200 _____ () C:\Program Files\WinRAR\rarext64.dll
2012-11-17 18:39 - 2013-12-17 04:17 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2017-06-27 22:11 - 2017-06-23 06:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-27 22:11 - 2017-06-23 06:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2017-06-17 15:23 - 2017-06-15 09:16 - 31133184 _____ () C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\PepperFlash\26.0.0.131\pepflashplayer.dll
2017-01-30 12:52 - 2017-01-30 12:52 - 01926632 ____R () C:\Program Files (x86)\Skype\Phone\roottools.dll
2017-02-16 16:20 - 2017-02-16 16:20 - 00062464 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\ftl.dll
2012-08-29 11:14 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-404751162-3923029424-1761788839-1001\...\skype.com -> hxxps://apps.skype.com
IE restricted site: HKU\S-1-5-21-404751162-3923029424-1761788839-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07032017123750984\...\skype.com -> hxxps://apps.skype.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ilona\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-404751162-3923029424-1761788839-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07032017123750984\Control Panel\Desktop\\Wallpaper -> C:\Users\Ilona\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-404751162-3923029424-1761788839-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07032017123752245\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-404751162-3923029424-1761788839-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07032017123750984\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-404751162-3923029424-1761788839-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07032017123750984\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-404751162-3923029424-1761788839-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07032017123750984\...\StartupApproved\Run: => "Steam"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{C42698A3-CD17-4AA4-8E48-A3B4F90D42ED}] => (Allow) LPort=1900
FirewallRules: [{D39DFAB7-6A91-4D8D-8EE6-C7297DF5912B}] => (Allow) LPort=2869
FirewallRules: [{EB24231D-153D-469B-B45E-E45B7D07366C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{9686D16F-F0BD-4D07-A10C-38F2D3C06158}] => (Allow) C:\CherryDeGames\Dragon Nest\DragonNest.exe
FirewallRules: [{ADC154B5-2EA8-45C1-96CF-9CB10CF39F7D}] => (Allow) C:\CherryDeGames\Dragon Nest\DragonNest.exe
FirewallRules: [{FAD0A4D7-8ABE-4AF7-B84C-429E25724F13}] => (Allow) C:\Users\Ilona\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{39B73A54-C2BC-4E71-81B3-337C258665D5}] => (Allow) C:\Users\Ilona\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{2BB147B9-4156-4258-9519-31EEE48CF0AA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{43D9E809-D960-4D77-B65C-A23D08DBE5DA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{36ADB0BB-C339-44C6-9D8E-CB35F7322AA9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A89A1AD2-1E88-43F9-A689-87615BC16DBF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{87280CFC-F72A-4CF3-A6AA-F98E6F79AD3B}C:\users\ilona\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\ilona\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{EE7B98CB-D1C3-4534-8553-6FE903E20689}C:\users\ilona\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\ilona\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{91E5C789-7656-407D-9448-D3705768E25C}] => (Allow) C:\Users\Ilona\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{572B3F8D-E5FD-493B-B612-8B8B4D891A53}] => (Allow) C:\Users\Ilona\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2D812B08-ABCE-47D6-8898-D5163567361F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [UDP Query User{D5CF19B9-5767-4B50-A893-CB011C52E519}C:\users\ilona\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Allow) C:\users\ilona\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
FirewallRules: [TCP Query User{6A24D8A4-187E-4366-AEE3-E37B7DB3E76A}C:\users\ilona\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Allow) C:\users\ilona\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
FirewallRules: [{8C48841A-AD4A-406A-8298-FCC8446842FF}] => (Allow) C:\koramgame\STOnline\_Launcher.exe
FirewallRules: [{D49DCC20-6DD4-43BF-A14D-DD3222C7B8F0}] => (Allow) C:\koramgame\STOnline\_Launcher.exe
FirewallRules: [{5DDAC1D3-BC4F-426E-A91A-339E220A43F5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4B22F641-2DFD-46CE-BBAC-D5C575CC9D32}] => (Allow) LPort=7000
FirewallRules: [{62A5E0BF-1A0E-49E7-8DA8-AEFD7950743F}] => (Allow) LPort=7000
FirewallRules: [{1E683910-E7BC-4BF1-9EF4-049F77ED88FF}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe
FirewallRules: [{DA7990C6-CCB9-4218-BCAB-9CA36BE65C69}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe
FirewallRules: [{8247AEE0-7F3E-4F0E-A32B-2F3517F0BA84}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{953A731E-AE18-4E94-AB14-903EE91209EF}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{F1096375-1F68-4823-8622-D47E0297DC4D}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{BA7EF300-EABF-4778-9E7E-3F8382EA2DFD}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{391D50BF-7AE4-4577-9D40-FEED12DD0C70}] => (Allow) C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe
FirewallRules: [{64F37E24-6504-4769-A033-5E7531B79955}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{550E75A1-5D41-4568-BE86-B510A404F9E3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CAA11875-B0C3-4E29-B408-7A83C913D26A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Jackbox Party Pack\TJPP.exe
FirewallRules: [{C2F4F1BF-5799-41E0-B317-D8308E6BB0CA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Jackbox Party Pack\TJPP.exe
FirewallRules: [TCP Query User{CB4F4117-6489-4038-B270-14AC57AD2BB2}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{9D6239B7-3445-4910-91C9-6B5045E2301E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{E389C9B0-077A-4B7F-A531-A2E979742633}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{783494FE-9668-477D-BC3F-01BBEE18D95D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{4A17B057-57B1-4A64-B2C0-B65878FEFD8E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6EE13595-4604-4F23-B441-AFFB1C643CA5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FDC53436-B3FD-4A8D-BF04-54E967FD5A75}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{67ABA2EF-A3EF-4C12-BF1C-AA92AE9ED9BB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{9425ECAC-3F80-4E8E-8534-BF18CD33E57E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{73B117C3-B4FF-4319-8ACF-55F3603C4A94}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{39BA2BB1-4EF7-43F0-BE2E-E19CCECAB886}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{77AB8F4D-90BC-4241-B862-CA4B13E4F753}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{753A0143-7501-41DE-811B-9333B33A55CD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EBAE456C-B095-4EFD-9B96-0DA22F2FE172}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{47A72294-F75C-4436-9163-5144F376BAF7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A874FFF9-6E6C-4FF2-A9DB-6730D1FFAAF8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3283BFAF-11F8-435E-BC99-F207AAA3A10C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{53EB4C8C-9A88-48EC-A3EA-62E2427FBF71}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1F3CC7BF-E67A-4E8E-B1FD-7DEA4970204B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{39B70A48-6DCC-40C8-AE16-60C4D682A7B5}] => (Allow) 㩃啜敳獲䥜潬慮䅜灰慄慴剜慯業杮獜湳獜湳攮數
FirewallRules: [{59B46603-D21D-4E17-BDDF-077A2D456C7D}] => (Allow) 㩃啜敳獲䥜潬慮䅜灰慄慴剜慯業杮獜湳獜癡略⹰硥e
FirewallRules: [{5B772F6F-4948-4A1A-8F2D-B536C2049059}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{583EBDD9-C96D-4153-89A1-2EE0F77B0543}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{46FC487A-25D5-45F3-BE11-28911B7FEE1D}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{85850670-2C36-44BE-A2D4-A231B9B1DFDA}] => (Allow) C:\Users\Ilona\AppData\Local\Temp\7zS929A.tmp\SymNRT.exe
FirewallRules: [{E29132DF-16F3-4DF6-AC22-4AFD14F1B22F}] => (Allow) C:\Users\Ilona\AppData\Local\Temp\7zS929A.tmp\SymNRT.exe
FirewallRules: [{784CCF4F-8442-48E3-AE8C-3A76B34CF501}] => (Allow) C:\Program Files (x86)\SplitMediaLabs\XSplit\XSplit.Core.exe
FirewallRules: [{03039D27-3E27-4AEC-91EE-7EA05F3AB2A7}] => (Allow) C:\Program Files (x86)\SplitMediaLabs\XSplit\XSplit.cam.exe
FirewallRules: [{DB3C8388-4CB5-4867-80DC-81438C293597}] => (Allow) C:\Program Files (x86)\SplitMediaLabs\XSplit\XSplit.Core.exe
FirewallRules: [{59FF47F8-27D0-4A1A-96CB-77C18DA92BC6}] => (Allow) C:\Program Files (x86)\SplitMediaLabs\XSplit\XSplit.cam.exe
FirewallRules: [{FCC8CA05-3FA0-4AAC-8932-B710681816EE}] => (Allow) C:\Program Files (x86)\PaintToolSAI\sai.exe
FirewallRules: [{8530BF9C-2A18-4902-8C1B-52C73AFE66E2}] => (Allow) C:\Program Files (x86)\PaintToolSAI\sai.exe
FirewallRules: [{7C1A2D67-89F6-4CEF-B554-6758EEF1BDA7}] => (Allow) C:\Program Files (x86)\PaintToolSAI\sai.exe
FirewallRules: [{BD33DEAE-86DB-4E79-82C5-604791E53742}] => (Allow) C:\Program Files (x86)\PaintToolSAI\sai.exe
FirewallRules: [{76E2A98A-6F4F-4BC4-820E-8322CCD7B90F}] => (Allow) C:\Program Files (x86)\PaintToolSAI\start-sai.exe
FirewallRules: [{DFC1E05C-576D-44DE-AC62-97E897CA7183}] => (Allow) C:\Program Files (x86)\PaintToolSAI\start-sai.exe
FirewallRules: [{BF835732-EAB0-4458-9FC7-D37992F24658}] => (Allow) C:\Program Files (x86)\PaintToolSAI\start-sai.exe
FirewallRules: [{C7300D46-2CE3-49CE-9664-101A85E0EFE5}] => (Allow) C:\Program Files (x86)\PaintToolSAI\start-sai.exe
FirewallRules: [{A0EF2136-751E-49D4-BF8D-AE05BD35186D}] => (Allow) C:\Program Files (x86)\Antanna\Application\chrome.exe
FirewallRules: [{C0F59CA0-64D6-4DE0-AF89-3A02526414E6}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe
FirewallRules: [{B79FFF21-76BC-4B2F-BBB3-2A14C415976E}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{F1CBB7FF-AEFF-4081-8F52-35EDB8FED82E}] => (Allow) LPort=1723
FirewallRules: [{70DC6DD4-509D-459B-82C9-4324BDACA5C5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D7840803-5FB6-4EE1-B42B-88EE30FC20E3}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{3814309B-6F5D-4B9D-AEEF-293D67DE911C}] => (Allow) C:\Windows\System32\rundll32.exe
 
==================== Restore Points =========================
 
19-06-2017 02:12:58 Windows Update
20-06-2017 10:00:19 Intel® Driver Update Utility
28-06-2017 09:46:34 Ajoitettu tarkistuspiste
01-07-2017 20:13:18 Removed Online Application
01-07-2017 20:19:54 Removed Online Application
01-07-2017 21:58:19 Malwarebytes Anti-Rootkit Restore Point
02-07-2017 16:07:32 Malwarebytes Anti-Rootkit Restore Point
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/03/2017 12:36:07 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Open-komento palvelulle WmiApRpl DLL-tiedostossa C:\WINDOWS\system32\wbem\wmiaprpl.dll epäonnistui. Tämän palvelun resurssitiedot eivät ole käytettävissä. Dataosan ensimmäiset neljä tavua (DWORD) sisältävät virhekoodin.
 
Error: (07/03/2017 12:36:07 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows ei voi ladata laajennettavan laskurin DLL-tiedostoa rdyboost. Dataosan ensimmäiset neljä tavua (DWORD) sisältävät Windows-virhekoodin.
 
Error: (07/03/2017 12:36:07 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Palvelinpalvelun resurssiobjektia ei voi avata. Dataosan ensimmäiset neljä tavua (DWORD) sisältävät tilakoodin.
 
Error: (07/03/2017 12:36:07 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Open-komento palvelulle MSDTC DLL-tiedostossa C:\WINDOWS\system32\msdtcuiu.DLL epäonnistui. Tämän palvelun resurssitiedot eivät ole käytettävissä. Dataosan ensimmäiset neljä tavua (DWORD) sisältävät virhekoodin.
 
Error: (07/03/2017 12:36:07 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Open-komento palvelulle Lsa DLL-tiedostossa C:\Windows\System32\Secur32.dll epäonnistui. Tämän palvelun resurssitiedot eivät ole käytettävissä. Dataosan ensimmäiset neljä tavua (DWORD) sisältävät virhekoodin.
 
Error: (07/03/2017 12:36:07 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Open-komento palvelulle ESENT DLL-tiedostossa C:\WINDOWS\system32\esentprf.dll epäonnistui. Tämän palvelun resurssitiedot eivät ole käytettävissä. Dataosan ensimmäiset neljä tavua (DWORD) sisältävät virhekoodin.
 
Error: (07/03/2017 12:36:07 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Open-komento palvelulle BITS DLL-tiedostossa C:\Windows\System32\bitsperf.dll epäonnistui. Tämän palvelun resurssitiedot eivät ole käytettävissä. Dataosan ensimmäiset neljä tavua (DWORD) sisältävät virhekoodin.
 
Error: (07/03/2017 12:36:06 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Open-komento palvelulle WmiApRpl DLL-tiedostossa C:\WINDOWS\system32\wbem\wmiaprpl.dll epäonnistui. Tämän palvelun resurssitiedot eivät ole käytettävissä. Dataosan ensimmäiset neljä tavua (DWORD) sisältävät virhekoodin.
 
Error: (07/03/2017 12:36:04 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows ei voi ladata laajennettavan laskurin DLL-tiedostoa rdyboost. Dataosan ensimmäiset neljä tavua (DWORD) sisältävät Windows-virhekoodin.
 
Error: (07/03/2017 12:36:04 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Palvelinpalvelun resurssiobjektia ei voi avata. Dataosan ensimmäiset neljä tavua (DWORD) sisältävät tilakoodin.
 
 
System errors:
=============
Error: (07/03/2017 01:54:05 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-hallinta)
Description: Ilmeni virhe yritettäessä lukea paikallista isäntätiedostoa.
 
Error: (07/03/2017 12:33:53 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-hallinta)
Description: Ilmeni virhe yritettäessä lukea paikallista isäntätiedostoa.
 
Error: (07/03/2017 12:33:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Palvelu Reititys ja etäkäyttö on riippuvainen palvelusta Etäkäytön yhteyksienhallinta, jonka käynnistyminen epäonnistui virheen vuoksi: 
Liittopalvelu tai -ryhmä ei käynnistynyt.
 
Error: (07/03/2017 12:33:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Palvelu Etäkäytön yhteyksienhallinta on riippuvainen palvelusta SSTP (Secure Socket Tunneling Protocol) -palvelu, jonka käynnistyminen epäonnistui virheen vuoksi: 
Toiminto suoritettiin.
 
Error: (07/03/2017 12:33:31 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: ICS_IPV6 ei voinut määrittää IPv6-pinoa.
 
Error: (07/03/2017 12:33:31 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: ICS_IPV6 ei voinut määrittää IPv6-pinoa.
 
Error: (07/03/2017 12:33:18 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-hallinta)
Description: Ilmeni virhe yritettäessä lukea paikallista isäntätiedostoa.
 
Error: (07/03/2017 12:33:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Palvelu Energy Server Service queencreek lopetettiin virheen takia. Virhe: 
%%502
 
Error: (07/03/2017 12:33:08 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-hallinta)
Description: Ilmeni virhe yritettäessä lukea paikallista isäntätiedostoa.
 
Error: (07/03/2017 12:33:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Palvelu User Energy Server Service queencreek lopetettiin virheen takia. Virhe: 
%%497
 
 
CodeIntegrity:
===================================
  Date: 2017-03-14 17:58:53.601
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-03-14 16:57:46.549
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-03-14 16:20:27.067
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-03-14 11:45:13.010
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-03-14 06:01:11.193
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-03-14 06:01:10.958
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-03-14 06:01:10.907
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-03-14 06:01:10.904
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-03-14 05:52:01.213
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-03-14 05:52:00.924
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU B830 @ 1.80GHz
Percentage of memory in use: 74%
Total physical RAM: 3909.28 MB
Available physical RAM: 1005.61 MB
Total Virtual: 6725.28 MB
Available Virtual: 3677.07 MB
 
==================== Drives ================================
 
Drive c: (Packard Bell) (Fixed) (Total:278.75 GB) (Free:98.3 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 8B044F1D)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


Edited by Oh My!, 03 July 2017 - 06:55 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:08 AM

Posted 03 July 2017 - 06:58 PM

Greetings shainess and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please rename FRST64.exe to FRST64english.exe and run another scan. Copy/paste both reports in your reply without using the quote box.

Edited by Oh My!, 03 July 2017 - 07:00 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 shainess

shainess
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  

Posted 04 July 2017 - 08:55 AM

Hello Gary, thank you so much for assisting me!

 

I apologize for taking a while to reply, I think it's the timezones.. You can call me Ilona or Shai whatever is fine!

I renamed the file and below this text are the reports.

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-07-2017 01

Ran by Ilona (administrator) on HAIYENTRAN (04-07-2017 16:46:13)
Running from C:\Users\Ilona\Downloads
Loaded Profiles: Ilona (Available Profiles: Ilona & Vieras)
Platform: Windows 8.1 (Update) (X64) Language: suomi (Suomi)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel) C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Flux Software LLC) C:\Users\Ilona\AppData\Local\FluxSoftware\Flux\flux.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\PaintToolSAI\sai.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Ilona\Downloads\FRST64english.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2688920 2014-05-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-06-08] (Power Software Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver Update Utility\DsaTray.exe [132856 2017-05-18] (Intel)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5077792 2017-05-16] (Nota Inc.)
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\...\Run: [f.lux] => C:\Users\Ilona\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545048 2017-03-14] (Skype Technologies S.A.)
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [159768 2017-04-07] (BlueStack Systems, Inc.)
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\...\MountPoints2: E - "E:\Startup.exe" 
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\...\MountPoints2: {03f39816-5320-11e2-be82-b888e35cb298} - "E:\Startup.exe" 
Startup: C:\Users\Ilona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-02-13]
ShortcutTarget: Dropbox.lnk -> C:\Users\Ilona\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * bootdelete
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4D6E185D-418F-41C1-A647-034AB080360B}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{F4431549-3D45-44FA-A5CE-4C6193EBB609}: [DhcpNameServer] 192.168.1.1
ManualProxies: 
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-404751162-3923029424-1761788839-1001 -> {3F51A905-FDFD-4E98-AF17-17CB29BF1EF8} URL = 
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-26] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-26] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-01-01] (Skype Technologies)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-17] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-05-26] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-17] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-26] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [No File]
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-05-26] (Adobe Systems)
FF Plugin HKU\S-1-5-21-404751162-3923029424-1761788839-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
 
Chrome: 
=======
CHR NewTab: Default ->  Active:"chrome-extension://kebemdfahifkfmpgbffjjobpgjhjcdnd/index.html"
CHR Profile: C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default [2017-07-04]
CHR Extension: (Google-presentaatiot) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-04-12]
CHR Extension: (Google-dokumentit) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-12]
CHR Extension: (Google Drive) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-12]
CHR Extension: (YouTube) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-12]
CHR Extension: (NicoNico Audio Extractor) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecoahjklhopckkiefihjloeidikepdh [2017-04-12]
CHR Extension: (Google-taulukot) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-04-12]
CHR Extension: (Google Docsin offline-tila) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-15]
CHR Extension: (AdBlock) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-07-02]
CHR Extension: (New XKit) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\inobiceghmpkaklcknpniboilbjmlald [2017-04-12]
CHR Extension: (rikaikun) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipdnfibhldikgcjhfnomkfpcebammhp [2017-04-12]
CHR Extension: (Kanji Tab) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\kebemdfahifkfmpgbffjjobpgjhjcdnd [2017-04-12]
CHR Extension: (Chrome Web Storen maksut) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-12]
CHR Extension: (helpplz uber) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdahnpejkgddhmhabggnacmefphfpdoh [2017-04-12]
CHR Extension: (Gmail) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-12]
CHR Extension: (Chrome Media Router) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-01]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [387096 2017-04-07] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369688 2017-04-07] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [408600 2017-04-07] (BlueStack Systems, Inc.)
S3 DeviceFastLaneService; C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe [466064 2012-07-31] (Acer Incorporated)
R2 DSAService; C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe [21240 2017-05-18] (Intel)
R3 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [659600 2012-08-01] (Acer Incorporated)
S2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-08-29] (Dritek System INC.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [157456 2017-03-07] ()
S2 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2013-12-17] (Wacom Technology, Corp.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2017-04-07] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-04-07] (Bluestack System Inc. )
R1 ccSet_NARA; C:\WINDOWS\system32\drivers\NARAx64\0401000.00A\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-06-27] ()
S1 gfizbnxuv.sys; C:\WINDOWS\system32\drivers\gfizbnxuv.sys [15424 2017-07-01] () [File not signed]
R1 gfyadmrpp.sys; C:\WINDOWS\system32\drivers\gfyadmrpp.sys [121200 2017-07-03] () [File not signed]
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [54736 2017-03-14] ()
S1 hrdbgwggw.sys; C:\WINDOWS\system32\drivers\hrdbgwggw.sys [15424 2017-07-03] () [File not signed]
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\406C37A6.sys [188352 2017-07-03] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-07-03] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-07-03] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-07-04] (Malwarebytes)
R1 MpKsl6efcd78d; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0CFD072B-51A3-4C01-8BAB-0C51FCABEEB9}\MpKsl6efcd78d.sys [44928 2017-07-03] (Microsoft Corporation)
R3 Ps2Kb2Hid; C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys [26736 2012-08-29] (Dritek System Inc.)
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 VBAudioVACMME; C:\WINDOWS\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2014-09-02] (Windows ® Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 XSplit_Dummy; C:\WINDOWS\system32\drivers\xspltspk.sys [26200 2016-06-15] (SplitmediaLabs Limited)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-03 13:04 - 2017-07-03 14:20 - 00049639 _____ C:\Users\Ilona\Downloads\Addition.txt
2017-07-03 12:38 - 2017-07-04 16:48 - 00021686 _____ C:\Users\Ilona\Downloads\FRST.txt
2017-07-03 12:38 - 2017-07-04 16:45 - 00000000 ____D C:\Users\Ilona\Downloads\FRST-OlderVersion
2017-07-03 12:33 - 2017-07-03 12:33 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000101-000000.txt
2017-07-03 12:32 - 2017-07-03 12:32 - 00015424 _____ C:\WINDOWS\system32\Drivers\hrdbgwggw.sys
2017-07-03 10:40 - 2017-07-03 10:40 - 00188352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\44823793.sys
2017-07-03 10:40 - 2017-07-03 10:40 - 00188352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\406C37A6.sys
2017-07-03 10:38 - 2017-07-04 15:00 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-07-03 10:38 - 2017-07-03 12:33 - 00101784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-07-03 10:38 - 2017-07-03 12:33 - 00045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-07-03 10:38 - 2017-07-03 10:38 - 00188352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4B8836A4.sys
2017-07-03 10:37 - 2017-07-03 10:37 - 01192400 _____ C:\WINDOWS\isRS-000.tmp
2017-07-03 10:37 - 2017-07-03 10:37 - 00001895 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-03 10:37 - 2017-07-03 10:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-03 10:37 - 2017-06-27 12:06 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-07-03 10:34 - 2017-07-03 10:35 - 65033984 _____ (Malwarebytes ) C:\Users\Ilona\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-03 07:01 - 2017-07-03 07:01 - 00000000 ____D C:\Users\Ilona\AppData\LocalLow\uTorrent
2017-07-02 19:31 - 2017-07-02 19:31 - 00002181 _____ C:\Users\Ilona\Desktop\Google Chrome (2).lnk
2017-07-02 14:42 - 2017-07-02 13:40 - 00078845 _____ C:\Users\Ilona\Desktop\Parade 2010 Bluray 720p AC3 x264-LooKMaNe.srt
2017-07-02 14:35 - 2017-07-02 14:35 - 00000000 ____D C:\Users\Ilona\Downloads\Parade
2017-07-02 13:33 - 2017-07-02 13:33 - 00000000 ____D C:\Users\Ilona\Downloads\Parade.2009.DVDRip.x264.AC3-Zoo
2017-07-01 23:22 - 2017-07-02 20:11 - 00000000 ____D C:\EEK
2017-07-01 23:17 - 2017-07-01 23:22 - 00001634 _____ C:\Users\Ilona\Desktop\Rkill.txt
2017-07-01 23:10 - 2017-07-03 12:31 - 00121200 _____ C:\WINDOWS\system32\Drivers\gfyadmrpp.sys
2017-07-01 23:10 - 2017-07-01 23:10 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000100-000000.txt
2017-07-01 23:08 - 2017-07-01 23:09 - 00009458 _____ C:\Users\Ilona\Downloads\Fixlog.txt
2017-07-01 23:07 - 2017-07-04 16:45 - 02436096 _____ (Farbar) C:\Users\Ilona\Downloads\FRST64english.exe
2017-07-01 22:59 - 2017-07-01 22:59 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000099-000000.txt
2017-07-01 22:54 - 2017-07-03 10:34 - 00000000 ____D C:\AdwCleaner
2017-07-01 22:54 - 2017-07-01 22:54 - 04110280 _____ C:\Users\Ilona\Downloads\AdwCleaner.exe
2017-07-01 22:54 - 2017-07-01 22:54 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Ilona\Downloads\rkill.exe
2017-07-01 22:52 - 2017-07-01 23:10 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-07-01 22:13 - 2017-07-01 22:13 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000098-000000.txt
2017-07-01 22:03 - 2017-07-01 22:03 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000097-000000.txt
2017-07-01 22:02 - 2017-07-01 22:02 - 00015424 _____ C:\WINDOWS\system32\Drivers\gfizbnxuv.sys
2017-07-01 20:28 - 2017-07-03 23:18 - 00000000 ____D C:\Users\Ilona\Desktop\mbar
2017-07-01 20:28 - 2017-07-03 12:33 - 00253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-01 20:28 - 2017-07-03 12:33 - 00188352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-07-01 20:13 - 2017-07-01 20:13 - 00003160 _____ C:\WINDOWS\System32\Tasks\279784d93b11843bfd275b27395e6580
2017-07-01 20:12 - 2017-07-01 20:12 - 00003096 _____ C:\WINDOWS\System32\Tasks\{B5F19B29-C680-48C0-AB93-D9A4B6063141}
2017-07-01 20:08 - 2017-07-01 20:08 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000096-000000.txt
2017-07-01 19:59 - 2017-07-03 12:31 - 00020384 _____ C:\pagefile_bak.$$$
2017-07-01 19:59 - 2017-07-03 12:31 - 00000584 _____ C:\pagefile_bak3.$$$
2017-07-01 19:59 - 2017-07-03 12:31 - 00000048 _____ C:\pagefile_bak2.$$$
2017-07-01 19:59 - 2017-07-01 19:59 - 00000032 _____ C:\pagefile.$$$
2017-07-01 19:53 - 2017-07-01 19:53 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000095-000000.txt
2017-07-01 19:45 - 2017-07-02 16:07 - 00000000 ____D C:\Users\Ilona\AppData\Roaming\vlc
2017-07-01 19:28 - 2017-07-01 19:34 - 1057861767 _____ C:\Users\Ilona\Downloads\Japanese movie english subtitle-パレード (1).mp4
2017-06-28 21:05 - 2017-06-28 21:05 - 00708358 _____ C:\Users\Ilona\Downloads\KuronoFIX2.psd
2017-06-28 15:38 - 2017-06-28 15:38 - 00051629 _____ C:\WINDOWS\uninstaller.dat
2017-06-26 10:42 - 2017-06-26 10:42 - 00715330 _____ C:\Users\Ilona\Downloads\Azusa.psd
2017-06-23 06:02 - 2017-06-23 06:03 - 00138264 _____ C:\Users\Ilona\Downloads\2.0_inch_raster.psd
2017-06-22 05:34 - 2017-06-22 05:34 - 00174451 _____ C:\Users\Ilona\Documents\shai GO.pdf
2017-06-20 18:36 - 2017-06-20 18:36 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000094-000000.txt
2017-06-20 18:20 - 2017-06-20 18:20 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000093-000000.txt
2017-06-20 18:12 - 2017-06-20 18:12 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000092-000000.txt
2017-06-20 17:46 - 2017-06-20 17:46 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000091-000000.txt
2017-06-20 17:18 - 2017-06-20 17:18 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000090-000000.txt
2017-06-20 16:41 - 2017-06-20 16:41 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000089-000000.txt
2017-06-20 16:27 - 2017-06-20 16:27 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000088-000000.txt
2017-06-20 16:23 - 2017-06-20 16:23 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000087-000000.txt
2017-06-20 16:18 - 2017-06-20 16:18 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000086-000000.txt
2017-06-20 16:00 - 2017-06-20 16:00 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000085-000000.txt
2017-06-20 15:51 - 2017-06-20 15:51 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000084-000000.txt
2017-06-20 10:02 - 2017-06-20 10:02 - 00001144 _____ C:\Users\Public\Desktop\Intel® Driver Update Utility 2.8.lnk
2017-06-20 10:02 - 2017-06-20 10:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2017-06-20 10:01 - 2017-06-20 10:01 - 00003210 _____ C:\WINDOWS\System32\Tasks\USER_ESRV_SVC_QUEENCREEK
2017-06-20 10:01 - 2017-06-20 10:01 - 00000000 ____D C:\WINDOWS\System32\Tasks\Intel
2017-06-20 10:01 - 2017-06-20 10:01 - 00000000 ____D C:\Program Files\Intel Driver Update Utility
2017-06-20 10:00 - 2017-06-20 10:00 - 00000000 ____D C:\Users\Ilona\Downloads\Temp
2017-06-20 09:46 - 2017-06-20 09:46 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000083-000000.txt
2017-06-20 09:19 - 2017-06-20 09:19 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000082-000000.txt
2017-06-20 07:35 - 2017-06-20 07:35 - 00000000 _____ C:\Recovery.txt
2017-06-20 06:45 - 2017-06-20 06:45 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000081-000000.txt
2017-06-20 06:38 - 2017-06-20 06:38 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000080-000000.txt
2017-06-19 17:44 - 2017-06-19 17:44 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000079-000000.txt
2017-06-19 05:30 - 2017-06-19 05:30 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000078-000000.txt
2017-06-19 02:18 - 2017-04-22 00:53 - 00029376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2017-06-19 02:18 - 2017-04-22 00:50 - 00030912 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2017-06-19 02:16 - 2017-04-22 00:53 - 00018600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2017-06-19 02:16 - 2017-04-22 00:50 - 00018592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2017-06-19 02:16 - 2017-04-11 21:27 - 00987840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2017-06-19 02:16 - 2017-04-11 21:27 - 00485576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2017-06-19 02:16 - 2017-03-15 21:15 - 00993632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2017-06-19 02:16 - 2017-03-15 21:15 - 00690008 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2017-06-19 02:01 - 2017-06-19 02:01 - 00002422 _____ C:\WINDOWS\system32\default_error_stack-000077-000000.txt
2017-06-19 01:24 - 2017-06-19 01:24 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000076-000000.txt
2017-06-19 01:21 - 2017-06-19 01:21 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000075-000000.txt
2017-06-19 00:05 - 2017-06-19 00:05 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000074-000000.txt
2017-06-18 23:36 - 2017-06-18 23:36 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000073-000000.txt
2017-06-18 23:32 - 2017-06-18 23:32 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000072-000000.txt
2017-06-18 23:10 - 2017-06-18 23:10 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000071-000000.txt
2017-06-18 22:55 - 2017-06-18 22:55 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000070-000000.txt
2017-06-18 22:44 - 2017-06-18 22:44 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000069-000000.txt
2017-06-18 22:01 - 2017-06-18 22:01 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000068-000000.txt
2017-06-18 21:50 - 2017-06-18 21:50 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000067-000000.txt
2017-06-17 16:03 - 2017-06-17 16:03 - 00002422 _____ C:\WINDOWS\system32\default_error_stack-000066-000000.txt
2017-06-13 21:18 - 2017-06-02 14:30 - 03635200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-13 21:18 - 2017-05-14 23:44 - 04170240 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-06-13 21:18 - 2017-05-14 23:19 - 25738752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-13 21:18 - 2017-05-14 22:55 - 05975040 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-13 21:18 - 2017-05-14 22:32 - 07077376 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2017-06-13 21:18 - 2017-05-14 22:11 - 20274688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-13 21:18 - 2017-05-14 21:54 - 15252992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-13 21:18 - 2017-05-14 21:52 - 03240960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-06-13 21:18 - 2017-05-14 21:48 - 05274112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2017-06-13 21:18 - 2017-05-14 21:44 - 04549120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-13 21:18 - 2017-05-14 21:38 - 07796736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-13 21:18 - 2017-05-14 21:30 - 13664768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-13 21:18 - 2017-05-14 21:16 - 05268992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-13 21:18 - 2017-05-14 21:06 - 07441240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-13 21:18 - 2017-05-12 05:18 - 03714560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-13 21:18 - 2017-05-12 02:36 - 22361848 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-13 21:18 - 2017-05-12 02:32 - 19788672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-13 21:17 - 2017-06-02 15:15 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-06-13 21:17 - 2017-06-02 15:12 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2017-06-13 21:17 - 2017-06-02 15:12 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2017-06-13 21:17 - 2017-06-02 15:06 - 01001984 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-13 21:17 - 2017-06-02 15:01 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2017-06-13 21:17 - 2017-06-02 14:03 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-13 21:17 - 2017-06-02 13:58 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-13 21:17 - 2017-06-02 13:25 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-06-13 21:17 - 2017-06-02 13:24 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2017-06-13 21:17 - 2017-06-02 13:17 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2017-06-13 21:17 - 2017-06-02 13:02 - 02751488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-13 21:17 - 2017-06-02 12:43 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-13 21:17 - 2017-06-02 12:43 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-13 21:17 - 2017-05-15 22:58 - 00121184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-13 21:17 - 2017-05-14 23:42 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-13 21:17 - 2017-05-14 23:26 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-06-13 21:17 - 2017-05-14 23:19 - 01364040 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-06-13 21:17 - 2017-05-14 23:10 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-06-13 21:17 - 2017-05-14 22:31 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-06-13 21:17 - 2017-05-14 22:22 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-06-13 21:17 - 2017-05-14 22:19 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-06-13 21:17 - 2017-05-14 22:10 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-06-13 21:17 - 2017-05-14 22:04 - 00315224 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-13 21:17 - 2017-05-14 22:03 - 00373080 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-13 21:17 - 2017-05-14 21:46 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-06-13 21:17 - 2017-05-14 21:40 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-06-13 21:17 - 2017-05-14 21:37 - 01544704 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-06-13 21:17 - 2017-05-14 21:27 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-06-13 21:17 - 2017-05-14 21:15 - 02767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-06-13 21:17 - 2017-05-14 21:13 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-06-13 21:17 - 2017-05-14 21:11 - 01314816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-06-13 21:17 - 2017-05-14 21:11 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-06-13 21:17 - 2017-05-14 21:06 - 01737600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-06-13 21:17 - 2017-05-14 21:06 - 01502000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-06-13 21:17 - 2017-05-12 20:05 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-13 21:17 - 2017-05-12 19:16 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-06-13 21:17 - 2017-05-12 19:13 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-13 21:17 - 2017-05-12 18:51 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2017-06-13 21:17 - 2017-05-12 18:50 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2017-06-13 21:17 - 2017-05-12 18:48 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-06-13 21:17 - 2017-05-12 18:47 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-06-13 21:17 - 2017-05-12 07:10 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-13 21:17 - 2017-05-12 05:58 - 01985536 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-13 21:17 - 2017-05-12 05:48 - 01377792 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-13 21:17 - 2017-05-12 05:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2017-06-13 21:17 - 2017-05-12 05:10 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2017-06-13 21:17 - 2017-05-12 05:07 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2017-06-13 21:17 - 2017-05-12 05:06 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-06-13 21:17 - 2017-05-12 05:04 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-06-13 21:17 - 2017-05-12 05:00 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2017-06-13 21:17 - 2017-05-10 21:19 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2017-06-13 21:17 - 2017-05-06 19:05 - 01094656 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-13 21:17 - 2017-05-06 19:04 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-13 21:17 - 2017-04-06 20:37 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-06-13 21:17 - 2017-04-06 20:16 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpd_ci.dll
2017-06-13 21:17 - 2017-04-06 19:50 - 01436672 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-06-13 21:17 - 2017-04-06 19:46 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2017-06-13 21:17 - 2017-04-06 19:46 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-06-13 21:17 - 2017-04-06 19:35 - 01362432 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2017-06-13 21:17 - 2017-04-06 19:15 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2017-06-13 21:17 - 2017-04-06 18:44 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2017-06-13 21:17 - 2017-04-02 17:49 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-06-13 21:17 - 2017-04-02 16:40 - 02013016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-06-13 15:20 - 2017-06-13 15:20 - 00003706 _____ C:\WINDOWS\System32\Tasks\ALU_SelfUpgrade
2017-06-13 13:57 - 2017-06-13 13:57 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000065-000000.txt
2017-06-13 13:28 - 2017-06-13 13:28 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000064-000000.txt
2017-06-13 12:37 - 2017-06-13 12:37 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000063-000000.txt
2017-06-13 12:34 - 2017-06-13 12:34 - 00000000 ____D C:\Users\Vieras\AppData\Local\Apple
2017-06-13 10:45 - 2017-06-13 10:45 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000062-000000.txt
2017-06-13 07:49 - 2017-06-13 07:49 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000061-000000.txt
2017-06-13 07:39 - 2017-06-13 07:40 - 00000000 ____D C:\Users\Vieras\AppData\Roaming\Apple Computer
2017-06-13 07:39 - 2017-06-13 07:39 - 00000000 ____D C:\Users\Vieras\AppData\Local\Apple Computer
2017-06-13 06:16 - 2017-06-13 06:16 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000060-000000.txt
2017-06-12 11:06 - 2017-06-12 11:06 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000059-000000.txt
2017-06-12 10:42 - 2017-06-12 10:42 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000058-000000.txt
2017-06-12 03:53 - 2017-06-12 03:53 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000057-000000.txt
2017-06-05 02:33 - 2017-06-05 02:33 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000056-000000.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-04 16:46 - 2017-04-26 13:19 - 00000000 ____D C:\FRST
2017-07-04 16:42 - 2012-12-31 12:10 - 00000000 ____D C:\Users\Ilona\AppData\Roaming\Skype
2017-07-04 16:33 - 2016-01-14 17:46 - 00003954 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{47C9991F-5ACF-4D83-A791-F239DFBE3DE2}
2017-07-04 16:10 - 2013-04-10 21:05 - 00000000 ____D C:\Program Files (x86)\PaintToolSAI
2017-07-04 07:47 - 2013-04-10 20:00 - 07041536 ___SH C:\Users\Ilona\Documents\Thumbs.db
2017-07-04 02:02 - 2012-11-21 14:23 - 00000000 ____D C:\Users\Ilona\AppData\Local\Adobe
2017-07-03 23:18 - 2017-04-21 01:52 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-07-03 22:39 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Inf
2017-07-03 12:32 - 2017-04-26 23:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2017-07-03 12:32 - 2013-08-22 17:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-03 11:21 - 2012-11-15 16:36 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-404751162-3923029424-1761788839-1001
2017-07-03 07:33 - 2017-04-26 23:32 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2017-07-02 14:43 - 2012-11-25 15:54 - 15483392 ___SH C:\Users\Ilona\Downloads\Thumbs.db
2017-07-01 23:09 - 2017-03-14 19:23 - 00029628 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-07-01 23:03 - 2017-03-14 19:23 - 00049347 _____ C:\WINDOWS\ZAM.krnl.trace
2017-07-01 22:58 - 2014-07-11 05:28 - 00000000 ____D C:\Users\Ilona
2017-07-01 21:59 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Silentipla Video Converter
2017-07-01 20:28 - 2015-09-26 03:50 - 00003412 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachineDaily
2017-07-01 20:28 - 2015-09-26 03:50 - 00003286 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine
2017-07-01 20:28 - 2012-11-16 06:24 - 00000000 ____D C:\Program Files (x86)\Gyazo
2017-07-01 20:07 - 2013-08-22 16:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2017-06-28 23:59 - 2012-12-30 08:00 - 00001456 _____ C:\Users\Ilona\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-06-27 22:11 - 2017-04-12 02:06 - 00002181 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-22 23:19 - 2012-11-21 19:46 - 00000132 _____ C:\Users\Ilona\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-06-20 18:04 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-20 16:40 - 2017-03-04 17:40 - 02419294 _____ C:\WINDOWS\ntbtlog.txt
2017-06-20 10:02 - 2017-03-08 00:17 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2017-06-20 10:02 - 2016-01-13 15:55 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-20 10:01 - 2012-08-29 11:14 - 00000000 ____D C:\Program Files\Intel
2017-06-20 09:26 - 2014-03-18 18:31 - 00005646 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-20 09:26 - 2014-03-18 17:54 - 00555010 _____ C:\WINDOWS\system32\perfh00B.dat
2017-06-20 09:26 - 2014-03-18 17:54 - 00203966 _____ C:\WINDOWS\system32\perfc00B.dat
2017-06-19 17:44 - 2013-06-19 15:13 - 00000375 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2017-06-19 02:32 - 2012-07-26 10:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-18 21:33 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\rescache
2017-06-17 16:03 - 2013-08-22 17:44 - 05776896 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-17 16:02 - 2014-08-20 14:48 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-17 16:02 - 2014-08-20 14:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-17 15:54 - 2013-08-22 18:36 - 00000000 ___RD C:\WINDOWS\ToastData
2017-06-17 15:27 - 2012-11-24 07:25 - 00004288 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-06-17 15:26 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-17 15:26 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-16 14:02 - 2013-08-22 18:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-16 14:02 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-16 04:09 - 2012-11-15 16:29 - 00000000 ____D C:\Users\Ilona\AppData\Local\Packages
2017-06-13 23:08 - 2014-08-20 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-13 23:04 - 2014-05-11 20:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-13 22:54 - 2014-05-11 20:37 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-13 20:13 - 2017-04-10 20:11 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-06-13 20:13 - 2017-04-10 20:11 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-06-13 20:12 - 2017-04-10 20:11 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-06-13 13:23 - 2017-04-22 09:07 - 00000000 ____D C:\Users\Vieras
2017-06-13 13:14 - 2017-04-22 09:08 - 00002241 _____ C:\Users\Vieras\Desktop\Google Chrome.lnk
2017-06-13 07:40 - 2016-12-23 23:14 - 00000000 ____D C:\Program Files\iTunes
 
==================== Files in the root of some directories =======
 
2013-07-04 17:12 - 2013-07-04 17:12 - 0000132 _____ () C:\Users\Ilona\AppData\Roaming\Adobe AIFF Format CS6 Prefs
2013-05-09 03:57 - 2013-05-09 03:58 - 0000132 _____ () C:\Users\Ilona\AppData\Roaming\Adobe BMP Format CS6 Prefs
2013-01-10 23:21 - 2013-01-10 23:21 - 0000132 _____ () C:\Users\Ilona\AppData\Roaming\Adobe GIF Format CS6 Prefs
2012-11-21 19:46 - 2017-06-22 23:19 - 0000132 _____ () C:\Users\Ilona\AppData\Roaming\Adobe PNG Format CS6 Prefs
2012-12-30 08:00 - 2017-06-28 23:59 - 0001456 _____ () C:\Users\Ilona\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-07-26 19:37 - 2017-04-12 01:44 - 0007617 _____ () C:\Users\Ilona\AppData\Local\Resmon.ResmonCfg
2017-04-20 03:17 - 2017-04-20 03:17 - 0000552 _____ () C:\Users\Ilona\AppData\Local\TroubleshooterConfig.json
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-04 04:20
 
==================== End of FRST.txt ============================Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-07-2017 01
Ran by Ilona (administrator) on HAIYENTRAN (04-07-2017 16:46:13)
Running from C:\Users\Ilona\Downloads
Loaded Profiles: Ilona (Available Profiles: Ilona & Vieras)
Platform: Windows 8.1 (Update) (X64) Language: suomi (Suomi)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel) C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Flux Software LLC) C:\Users\Ilona\AppData\Local\FluxSoftware\Flux\flux.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\PaintToolSAI\sai.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Ilona\Downloads\FRST64english.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2688920 2014-05-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-06-08] (Power Software Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver Update Utility\DsaTray.exe [132856 2017-05-18] (Intel)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5077792 2017-05-16] (Nota Inc.)
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\...\Run: [f.lux] => C:\Users\Ilona\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545048 2017-03-14] (Skype Technologies S.A.)
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [159768 2017-04-07] (BlueStack Systems, Inc.)
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\...\MountPoints2: E - "E:\Startup.exe" 
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\...\MountPoints2: {03f39816-5320-11e2-be82-b888e35cb298} - "E:\Startup.exe" 
Startup: C:\Users\Ilona\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-02-13]
ShortcutTarget: Dropbox.lnk -> C:\Users\Ilona\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * bootdelete
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4D6E185D-418F-41C1-A647-034AB080360B}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{F4431549-3D45-44FA-A5CE-4C6193EBB609}: [DhcpNameServer] 192.168.1.1
ManualProxies: 
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-404751162-3923029424-1761788839-1001 -> {3F51A905-FDFD-4E98-AF17-17CB29BF1EF8} URL = 
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-26] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-26] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-01-01] (Skype Technologies)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-17] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-05-26] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-17] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-26] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [No File]
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-05-26] (Adobe Systems)
FF Plugin HKU\S-1-5-21-404751162-3923029424-1761788839-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-25] (Wacom)
 
Chrome: 
=======
CHR NewTab: Default ->  Active:"chrome-extension://kebemdfahifkfmpgbffjjobpgjhjcdnd/index.html"
CHR Profile: C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default [2017-07-04]
CHR Extension: (Google-presentaatiot) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-04-12]
CHR Extension: (Google-dokumentit) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-12]
CHR Extension: (Google Drive) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-12]
CHR Extension: (YouTube) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-12]
CHR Extension: (NicoNico Audio Extractor) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\eecoahjklhopckkiefihjloeidikepdh [2017-04-12]
CHR Extension: (Google-taulukot) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-04-12]
CHR Extension: (Google Docsin offline-tila) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-15]
CHR Extension: (AdBlock) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-07-02]
CHR Extension: (New XKit) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\inobiceghmpkaklcknpniboilbjmlald [2017-04-12]
CHR Extension: (rikaikun) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\jipdnfibhldikgcjhfnomkfpcebammhp [2017-04-12]
CHR Extension: (Kanji Tab) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\kebemdfahifkfmpgbffjjobpgjhjcdnd [2017-04-12]
CHR Extension: (Chrome Web Storen maksut) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-12]
CHR Extension: (helpplz uber) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdahnpejkgddhmhabggnacmefphfpdoh [2017-04-12]
CHR Extension: (Gmail) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-12]
CHR Extension: (Chrome Media Router) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-01]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [387096 2017-04-07] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369688 2017-04-07] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [408600 2017-04-07] (BlueStack Systems, Inc.)
S3 DeviceFastLaneService; C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe [466064 2012-07-31] (Acer Incorporated)
R2 DSAService; C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe [21240 2017-05-18] (Intel)
R3 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [659600 2012-08-01] (Acer Incorporated)
S2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-08-29] (Dritek System INC.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [157456 2017-03-07] ()
S2 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2013-12-17] (Wacom Technology, Corp.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2017-04-07] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-04-07] (Bluestack System Inc. )
R1 ccSet_NARA; C:\WINDOWS\system32\drivers\NARAx64\0401000.00A\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-06-27] ()
S1 gfizbnxuv.sys; C:\WINDOWS\system32\drivers\gfizbnxuv.sys [15424 2017-07-01] () [File not signed]
R1 gfyadmrpp.sys; C:\WINDOWS\system32\drivers\gfyadmrpp.sys [121200 2017-07-03] () [File not signed]
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [54736 2017-03-14] ()
S1 hrdbgwggw.sys; C:\WINDOWS\system32\drivers\hrdbgwggw.sys [15424 2017-07-03] () [File not signed]
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\406C37A6.sys [188352 2017-07-03] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-07-03] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-07-03] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-07-04] (Malwarebytes)
R1 MpKsl6efcd78d; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0CFD072B-51A3-4C01-8BAB-0C51FCABEEB9}\MpKsl6efcd78d.sys [44928 2017-07-03] (Microsoft Corporation)
R3 Ps2Kb2Hid; C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys [26736 2012-08-29] (Dritek System Inc.)
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 VBAudioVACMME; C:\WINDOWS\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2014-09-02] (Windows ® Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 XSplit_Dummy; C:\WINDOWS\system32\drivers\xspltspk.sys [26200 2016-06-15] (SplitmediaLabs Limited)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-03 13:04 - 2017-07-03 14:20 - 00049639 _____ C:\Users\Ilona\Downloads\Addition.txt
2017-07-03 12:38 - 2017-07-04 16:48 - 00021686 _____ C:\Users\Ilona\Downloads\FRST.txt
2017-07-03 12:38 - 2017-07-04 16:45 - 00000000 ____D C:\Users\Ilona\Downloads\FRST-OlderVersion
2017-07-03 12:33 - 2017-07-03 12:33 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000101-000000.txt
2017-07-03 12:32 - 2017-07-03 12:32 - 00015424 _____ C:\WINDOWS\system32\Drivers\hrdbgwggw.sys
2017-07-03 10:40 - 2017-07-03 10:40 - 00188352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\44823793.sys
2017-07-03 10:40 - 2017-07-03 10:40 - 00188352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\406C37A6.sys
2017-07-03 10:38 - 2017-07-04 15:00 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-07-03 10:38 - 2017-07-03 12:33 - 00101784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-07-03 10:38 - 2017-07-03 12:33 - 00045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-07-03 10:38 - 2017-07-03 10:38 - 00188352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4B8836A4.sys
2017-07-03 10:37 - 2017-07-03 10:37 - 01192400 _____ C:\WINDOWS\isRS-000.tmp
2017-07-03 10:37 - 2017-07-03 10:37 - 00001895 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-03 10:37 - 2017-07-03 10:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-03 10:37 - 2017-06-27 12:06 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-07-03 10:34 - 2017-07-03 10:35 - 65033984 _____ (Malwarebytes ) C:\Users\Ilona\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-03 07:01 - 2017-07-03 07:01 - 00000000 ____D C:\Users\Ilona\AppData\LocalLow\uTorrent
2017-07-02 19:31 - 2017-07-02 19:31 - 00002181 _____ C:\Users\Ilona\Desktop\Google Chrome (2).lnk
2017-07-02 14:42 - 2017-07-02 13:40 - 00078845 _____ C:\Users\Ilona\Desktop\Parade 2010 Bluray 720p AC3 x264-LooKMaNe.srt
2017-07-02 14:35 - 2017-07-02 14:35 - 00000000 ____D C:\Users\Ilona\Downloads\Parade
2017-07-02 13:33 - 2017-07-02 13:33 - 00000000 ____D C:\Users\Ilona\Downloads\Parade.2009.DVDRip.x264.AC3-Zoo
2017-07-01 23:22 - 2017-07-02 20:11 - 00000000 ____D C:\EEK
2017-07-01 23:17 - 2017-07-01 23:22 - 00001634 _____ C:\Users\Ilona\Desktop\Rkill.txt
2017-07-01 23:10 - 2017-07-03 12:31 - 00121200 _____ C:\WINDOWS\system32\Drivers\gfyadmrpp.sys
2017-07-01 23:10 - 2017-07-01 23:10 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000100-000000.txt
2017-07-01 23:08 - 2017-07-01 23:09 - 00009458 _____ C:\Users\Ilona\Downloads\Fixlog.txt
2017-07-01 23:07 - 2017-07-04 16:45 - 02436096 _____ (Farbar) C:\Users\Ilona\Downloads\FRST64english.exe
2017-07-01 22:59 - 2017-07-01 22:59 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000099-000000.txt
2017-07-01 22:54 - 2017-07-03 10:34 - 00000000 ____D C:\AdwCleaner
2017-07-01 22:54 - 2017-07-01 22:54 - 04110280 _____ C:\Users\Ilona\Downloads\AdwCleaner.exe
2017-07-01 22:54 - 2017-07-01 22:54 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Ilona\Downloads\rkill.exe
2017-07-01 22:52 - 2017-07-01 23:10 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-07-01 22:13 - 2017-07-01 22:13 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000098-000000.txt
2017-07-01 22:03 - 2017-07-01 22:03 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000097-000000.txt
2017-07-01 22:02 - 2017-07-01 22:02 - 00015424 _____ C:\WINDOWS\system32\Drivers\gfizbnxuv.sys
2017-07-01 20:28 - 2017-07-03 23:18 - 00000000 ____D C:\Users\Ilona\Desktop\mbar
2017-07-01 20:28 - 2017-07-03 12:33 - 00253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-01 20:28 - 2017-07-03 12:33 - 00188352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-07-01 20:13 - 2017-07-01 20:13 - 00003160 _____ C:\WINDOWS\System32\Tasks\279784d93b11843bfd275b27395e6580
2017-07-01 20:12 - 2017-07-01 20:12 - 00003096 _____ C:\WINDOWS\System32\Tasks\{B5F19B29-C680-48C0-AB93-D9A4B6063141}
2017-07-01 20:08 - 2017-07-01 20:08 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000096-000000.txt
2017-07-01 19:59 - 2017-07-03 12:31 - 00020384 _____ C:\pagefile_bak.$$$
2017-07-01 19:59 - 2017-07-03 12:31 - 00000584 _____ C:\pagefile_bak3.$$$
2017-07-01 19:59 - 2017-07-03 12:31 - 00000048 _____ C:\pagefile_bak2.$$$
2017-07-01 19:59 - 2017-07-01 19:59 - 00000032 _____ C:\pagefile.$$$
2017-07-01 19:53 - 2017-07-01 19:53 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000095-000000.txt
2017-07-01 19:45 - 2017-07-02 16:07 - 00000000 ____D C:\Users\Ilona\AppData\Roaming\vlc
2017-07-01 19:28 - 2017-07-01 19:34 - 1057861767 _____ C:\Users\Ilona\Downloads\Japanese movie english subtitle-パレード (1).mp4
2017-06-28 21:05 - 2017-06-28 21:05 - 00708358 _____ C:\Users\Ilona\Downloads\KuronoFIX2.psd
2017-06-28 15:38 - 2017-06-28 15:38 - 00051629 _____ C:\WINDOWS\uninstaller.dat
2017-06-26 10:42 - 2017-06-26 10:42 - 00715330 _____ C:\Users\Ilona\Downloads\Azusa.psd
2017-06-23 06:02 - 2017-06-23 06:03 - 00138264 _____ C:\Users\Ilona\Downloads\2.0_inch_raster.psd
2017-06-22 05:34 - 2017-06-22 05:34 - 00174451 _____ C:\Users\Ilona\Documents\shai GO.pdf
2017-06-20 18:36 - 2017-06-20 18:36 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000094-000000.txt
2017-06-20 18:20 - 2017-06-20 18:20 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000093-000000.txt
2017-06-20 18:12 - 2017-06-20 18:12 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000092-000000.txt
2017-06-20 17:46 - 2017-06-20 17:46 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000091-000000.txt
2017-06-20 17:18 - 2017-06-20 17:18 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000090-000000.txt
2017-06-20 16:41 - 2017-06-20 16:41 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000089-000000.txt
2017-06-20 16:27 - 2017-06-20 16:27 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000088-000000.txt
2017-06-20 16:23 - 2017-06-20 16:23 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000087-000000.txt
2017-06-20 16:18 - 2017-06-20 16:18 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000086-000000.txt
2017-06-20 16:00 - 2017-06-20 16:00 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000085-000000.txt
2017-06-20 15:51 - 2017-06-20 15:51 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000084-000000.txt
2017-06-20 10:02 - 2017-06-20 10:02 - 00001144 _____ C:\Users\Public\Desktop\Intel® Driver Update Utility 2.8.lnk
2017-06-20 10:02 - 2017-06-20 10:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2017-06-20 10:01 - 2017-06-20 10:01 - 00003210 _____ C:\WINDOWS\System32\Tasks\USER_ESRV_SVC_QUEENCREEK
2017-06-20 10:01 - 2017-06-20 10:01 - 00000000 ____D C:\WINDOWS\System32\Tasks\Intel
2017-06-20 10:01 - 2017-06-20 10:01 - 00000000 ____D C:\Program Files\Intel Driver Update Utility
2017-06-20 10:00 - 2017-06-20 10:00 - 00000000 ____D C:\Users\Ilona\Downloads\Temp
2017-06-20 09:46 - 2017-06-20 09:46 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000083-000000.txt
2017-06-20 09:19 - 2017-06-20 09:19 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000082-000000.txt
2017-06-20 07:35 - 2017-06-20 07:35 - 00000000 _____ C:\Recovery.txt
2017-06-20 06:45 - 2017-06-20 06:45 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000081-000000.txt
2017-06-20 06:38 - 2017-06-20 06:38 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000080-000000.txt
2017-06-19 17:44 - 2017-06-19 17:44 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000079-000000.txt
2017-06-19 05:30 - 2017-06-19 05:30 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000078-000000.txt
2017-06-19 02:18 - 2017-04-22 00:53 - 00029376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2017-06-19 02:18 - 2017-04-22 00:50 - 00030912 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2017-06-19 02:16 - 2017-04-22 00:53 - 00018600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2017-06-19 02:16 - 2017-04-22 00:50 - 00018592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2017-06-19 02:16 - 2017-04-11 21:27 - 00987840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2017-06-19 02:16 - 2017-04-11 21:27 - 00485576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2017-06-19 02:16 - 2017-03-15 21:15 - 00993632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2017-06-19 02:16 - 2017-03-15 21:15 - 00690008 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2017-06-19 02:01 - 2017-06-19 02:01 - 00002422 _____ C:\WINDOWS\system32\default_error_stack-000077-000000.txt
2017-06-19 01:24 - 2017-06-19 01:24 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000076-000000.txt
2017-06-19 01:21 - 2017-06-19 01:21 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000075-000000.txt
2017-06-19 00:05 - 2017-06-19 00:05 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000074-000000.txt
2017-06-18 23:36 - 2017-06-18 23:36 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000073-000000.txt
2017-06-18 23:32 - 2017-06-18 23:32 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000072-000000.txt
2017-06-18 23:10 - 2017-06-18 23:10 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000071-000000.txt
2017-06-18 22:55 - 2017-06-18 22:55 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000070-000000.txt
2017-06-18 22:44 - 2017-06-18 22:44 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000069-000000.txt
2017-06-18 22:01 - 2017-06-18 22:01 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000068-000000.txt
2017-06-18 21:50 - 2017-06-18 21:50 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000067-000000.txt
2017-06-17 16:03 - 2017-06-17 16:03 - 00002422 _____ C:\WINDOWS\system32\default_error_stack-000066-000000.txt
2017-06-13 21:18 - 2017-06-02 14:30 - 03635200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-13 21:18 - 2017-05-14 23:44 - 04170240 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-06-13 21:18 - 2017-05-14 23:19 - 25738752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-13 21:18 - 2017-05-14 22:55 - 05975040 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-13 21:18 - 2017-05-14 22:32 - 07077376 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2017-06-13 21:18 - 2017-05-14 22:11 - 20274688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-13 21:18 - 2017-05-14 21:54 - 15252992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-13 21:18 - 2017-05-14 21:52 - 03240960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-06-13 21:18 - 2017-05-14 21:48 - 05274112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2017-06-13 21:18 - 2017-05-14 21:44 - 04549120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-13 21:18 - 2017-05-14 21:38 - 07796736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-13 21:18 - 2017-05-14 21:30 - 13664768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-13 21:18 - 2017-05-14 21:16 - 05268992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-13 21:18 - 2017-05-14 21:06 - 07441240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-13 21:18 - 2017-05-12 05:18 - 03714560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-13 21:18 - 2017-05-12 02:36 - 22361848 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-13 21:18 - 2017-05-12 02:32 - 19788672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-13 21:17 - 2017-06-02 15:15 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-06-13 21:17 - 2017-06-02 15:12 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2017-06-13 21:17 - 2017-06-02 15:12 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2017-06-13 21:17 - 2017-06-02 15:06 - 01001984 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-13 21:17 - 2017-06-02 15:01 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2017-06-13 21:17 - 2017-06-02 14:03 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-13 21:17 - 2017-06-02 13:58 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-13 21:17 - 2017-06-02 13:25 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-06-13 21:17 - 2017-06-02 13:24 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2017-06-13 21:17 - 2017-06-02 13:17 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2017-06-13 21:17 - 2017-06-02 13:02 - 02751488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-13 21:17 - 2017-06-02 12:43 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-13 21:17 - 2017-06-02 12:43 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-13 21:17 - 2017-05-15 22:58 - 00121184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-13 21:17 - 2017-05-14 23:42 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-13 21:17 - 2017-05-14 23:26 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-06-13 21:17 - 2017-05-14 23:19 - 01364040 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-06-13 21:17 - 2017-05-14 23:10 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-06-13 21:17 - 2017-05-14 22:31 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-06-13 21:17 - 2017-05-14 22:22 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-06-13 21:17 - 2017-05-14 22:19 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-06-13 21:17 - 2017-05-14 22:10 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-06-13 21:17 - 2017-05-14 22:04 - 00315224 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-13 21:17 - 2017-05-14 22:03 - 00373080 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-13 21:17 - 2017-05-14 21:46 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-06-13 21:17 - 2017-05-14 21:40 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-06-13 21:17 - 2017-05-14 21:37 - 01544704 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-06-13 21:17 - 2017-05-14 21:27 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-06-13 21:17 - 2017-05-14 21:15 - 02767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-06-13 21:17 - 2017-05-14 21:13 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-06-13 21:17 - 2017-05-14 21:11 - 01314816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-06-13 21:17 - 2017-05-14 21:11 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-06-13 21:17 - 2017-05-14 21:06 - 01737600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-06-13 21:17 - 2017-05-14 21:06 - 01502000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-06-13 21:17 - 2017-05-12 20:05 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-13 21:17 - 2017-05-12 19:16 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-06-13 21:17 - 2017-05-12 19:13 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-13 21:17 - 2017-05-12 18:51 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2017-06-13 21:17 - 2017-05-12 18:50 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2017-06-13 21:17 - 2017-05-12 18:48 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-06-13 21:17 - 2017-05-12 18:47 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-06-13 21:17 - 2017-05-12 07:10 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-13 21:17 - 2017-05-12 05:58 - 01985536 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-13 21:17 - 2017-05-12 05:48 - 01377792 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-13 21:17 - 2017-05-12 05:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2017-06-13 21:17 - 2017-05-12 05:10 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2017-06-13 21:17 - 2017-05-12 05:07 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2017-06-13 21:17 - 2017-05-12 05:06 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-06-13 21:17 - 2017-05-12 05:04 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-06-13 21:17 - 2017-05-12 05:00 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2017-06-13 21:17 - 2017-05-10 21:19 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2017-06-13 21:17 - 2017-05-06 19:05 - 01094656 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-13 21:17 - 2017-05-06 19:04 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-13 21:17 - 2017-04-06 20:37 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-06-13 21:17 - 2017-04-06 20:16 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpd_ci.dll
2017-06-13 21:17 - 2017-04-06 19:50 - 01436672 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-06-13 21:17 - 2017-04-06 19:46 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2017-06-13 21:17 - 2017-04-06 19:46 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-06-13 21:17 - 2017-04-06 19:35 - 01362432 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2017-06-13 21:17 - 2017-04-06 19:15 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2017-06-13 21:17 - 2017-04-06 18:44 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2017-06-13 21:17 - 2017-04-02 17:49 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-06-13 21:17 - 2017-04-02 16:40 - 02013016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-06-13 15:20 - 2017-06-13 15:20 - 00003706 _____ C:\WINDOWS\System32\Tasks\ALU_SelfUpgrade
2017-06-13 13:57 - 2017-06-13 13:57 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000065-000000.txt
2017-06-13 13:28 - 2017-06-13 13:28 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000064-000000.txt
2017-06-13 12:37 - 2017-06-13 12:37 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000063-000000.txt
2017-06-13 12:34 - 2017-06-13 12:34 - 00000000 ____D C:\Users\Vieras\AppData\Local\Apple
2017-06-13 10:45 - 2017-06-13 10:45 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000062-000000.txt
2017-06-13 07:49 - 2017-06-13 07:49 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000061-000000.txt
2017-06-13 07:39 - 2017-06-13 07:40 - 00000000 ____D C:\Users\Vieras\AppData\Roaming\Apple Computer
2017-06-13 07:39 - 2017-06-13 07:39 - 00000000 ____D C:\Users\Vieras\AppData\Local\Apple Computer
2017-06-13 06:16 - 2017-06-13 06:16 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000060-000000.txt
2017-06-12 11:06 - 2017-06-12 11:06 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000059-000000.txt
2017-06-12 10:42 - 2017-06-12 10:42 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000058-000000.txt
2017-06-12 03:53 - 2017-06-12 03:53 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000057-000000.txt
2017-06-05 02:33 - 2017-06-05 02:33 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000056-000000.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-04 16:46 - 2017-04-26 13:19 - 00000000 ____D C:\FRST
2017-07-04 16:42 - 2012-12-31 12:10 - 00000000 ____D C:\Users\Ilona\AppData\Roaming\Skype
2017-07-04 16:33 - 2016-01-14 17:46 - 00003954 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{47C9991F-5ACF-4D83-A791-F239DFBE3DE2}
2017-07-04 16:10 - 2013-04-10 21:05 - 00000000 ____D C:\Program Files (x86)\PaintToolSAI
2017-07-04 07:47 - 2013-04-10 20:00 - 07041536 ___SH C:\Users\Ilona\Documents\Thumbs.db
2017-07-04 02:02 - 2012-11-21 14:23 - 00000000 ____D C:\Users\Ilona\AppData\Local\Adobe
2017-07-03 23:18 - 2017-04-21 01:52 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-07-03 22:39 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Inf
2017-07-03 12:32 - 2017-04-26 23:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2017-07-03 12:32 - 2013-08-22 17:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-03 11:21 - 2012-11-15 16:36 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-404751162-3923029424-1761788839-1001
2017-07-03 07:33 - 2017-04-26 23:32 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2017-07-02 14:43 - 2012-11-25 15:54 - 15483392 ___SH C:\Users\Ilona\Downloads\Thumbs.db
2017-07-01 23:09 - 2017-03-14 19:23 - 00029628 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-07-01 23:03 - 2017-03-14 19:23 - 00049347 _____ C:\WINDOWS\ZAM.krnl.trace
2017-07-01 22:58 - 2014-07-11 05:28 - 00000000 ____D C:\Users\Ilona
2017-07-01 21:59 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Silentipla Video Converter
2017-07-01 20:28 - 2015-09-26 03:50 - 00003412 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachineDaily
2017-07-01 20:28 - 2015-09-26 03:50 - 00003286 _____ C:\WINDOWS\System32\Tasks\GyazoUpdateTaskMachine
2017-07-01 20:28 - 2012-11-16 06:24 - 00000000 ____D C:\Program Files (x86)\Gyazo
2017-07-01 20:07 - 2013-08-22 16:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2017-06-28 23:59 - 2012-12-30 08:00 - 00001456 _____ C:\Users\Ilona\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-06-27 22:11 - 2017-04-12 02:06 - 00002181 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-22 23:19 - 2012-11-21 19:46 - 00000132 _____ C:\Users\Ilona\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-06-20 18:04 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-20 16:40 - 2017-03-04 17:40 - 02419294 _____ C:\WINDOWS\ntbtlog.txt
2017-06-20 10:02 - 2017-03-08 00:17 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2017-06-20 10:02 - 2016-01-13 15:55 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-20 10:01 - 2012-08-29 11:14 - 00000000 ____D C:\Program Files\Intel
2017-06-20 09:26 - 2014-03-18 18:31 - 00005646 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-20 09:26 - 2014-03-18 17:54 - 00555010 _____ C:\WINDOWS\system32\perfh00B.dat
2017-06-20 09:26 - 2014-03-18 17:54 - 00203966 _____ C:\WINDOWS\system32\perfc00B.dat
2017-06-19 17:44 - 2013-06-19 15:13 - 00000375 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2017-06-19 02:32 - 2012-07-26 10:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-18 21:33 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\rescache
2017-06-17 16:03 - 2013-08-22 17:44 - 05776896 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-17 16:02 - 2014-08-20 14:48 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-17 16:02 - 2014-08-20 14:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-17 15:54 - 2013-08-22 18:36 - 00000000 ___RD C:\WINDOWS\ToastData
2017-06-17 15:27 - 2012-11-24 07:25 - 00004288 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-06-17 15:26 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-17 15:26 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-16 14:02 - 2013-08-22 18:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-16 14:02 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-16 04:09 - 2012-11-15 16:29 - 00000000 ____D C:\Users\Ilona\AppData\Local\Packages
2017-06-13 23:08 - 2014-08-20 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-13 23:04 - 2014-05-11 20:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-13 22:54 - 2014-05-11 20:37 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-13 20:13 - 2017-04-10 20:11 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-06-13 20:13 - 2017-04-10 20:11 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-06-13 20:12 - 2017-04-10 20:11 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-06-13 13:23 - 2017-04-22 09:07 - 00000000 ____D C:\Users\Vieras
2017-06-13 13:14 - 2017-04-22 09:08 - 00002241 _____ C:\Users\Vieras\Desktop\Google Chrome.lnk
2017-06-13 07:40 - 2016-12-23 23:14 - 00000000 ____D C:\Program Files\iTunes
 
==================== Files in the root of some directories =======
 
2013-07-04 17:12 - 2013-07-04 17:12 - 0000132 _____ () C:\Users\Ilona\AppData\Roaming\Adobe AIFF Format CS6 Prefs
2013-05-09 03:57 - 2013-05-09 03:58 - 0000132 _____ () C:\Users\Ilona\AppData\Roaming\Adobe BMP Format CS6 Prefs
2013-01-10 23:21 - 2013-01-10 23:21 - 0000132 _____ () C:\Users\Ilona\AppData\Roaming\Adobe GIF Format CS6 Prefs
2012-11-21 19:46 - 2017-06-22 23:19 - 0000132 _____ () C:\Users\Ilona\AppData\Roaming\Adobe PNG Format CS6 Prefs
2012-12-30 08:00 - 2017-06-28 23:59 - 0001456 _____ () C:\Users\Ilona\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-07-26 19:37 - 2017-04-12 01:44 - 0007617 _____ () C:\Users\Ilona\AppData\Local\Resmon.ResmonCfg
2017-04-20 03:17 - 2017-04-20 03:17 - 0000552 _____ () C:\Users\Ilona\AppData\Local\TroubleshooterConfig.json
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-04 04:20
 
==================== End of FRST.txt ============================
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-07-2017 01
Ran by Ilona (04-07-2017 16:48:50)
Running from C:\Users\Ilona\Downloads
Windows 8.1 (Update) (X64) (2014-07-11 03:08:51)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
HomeGroupUser$ (S-1-5-21-404751162-3923029424-1761788839-1008 - Limited - Enabled)
Ilona (S-1-5-21-404751162-3923029424-1761788839-1001 - Administrator - Enabled) => C:\Users\Ilona
Järjestelmänvalvoja (S-1-5-21-404751162-3923029424-1761788839-500 - Administrator - Disabled)
Vieras (S-1-5-21-404751162-3923029424-1761788839-501 - Limited - Enabled) => C:\Users\Vieras
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
. . (HKLM\...\{7565710A-C97D-44A4-A030-768957F9F2C1}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{F3B4320C-C72B-46B3-96D7-0C38E37388B8}) (Version: 2.8.0.7 - Intel) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Audition CS6 (HKLM-x32\...\{30FD541D-3C9D-41C4-B240-A994EE4E0231}) (Version: 5.0.2 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.6.0.393 - Adobe Systems Incorporated)
Adobe CS6 Design and Web Premium (HKLM-x32\...\{402F6F2E-5683-491C-977D-0CA599A07CAF}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Any Audio Converter 5.8.4 (HKLM-x32\...\Any Audio Converter_is1) (Version:  - Any-Audio-Converter.com)
Apple Application Support(32 ビット) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support(64 ビット) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.6.108.7905 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.170 - Broadcom Corporation)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.4.2 - Broadcom Corporation)
CLIP STUDIO 1.6.3 (HKLM-x32\...\{49274EB8-4598-47E6-8039-9BB7CE07627E}) (Version: 1.6.3 - CELSYS)
CLIP STUDIO PAINT 1.6.3 (HKLM-x32\...\{1E4572D2-28BC-4BC9-B743-13DC6CFD71DB}) (Version: 1.6.3 - CELSYS)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-404751162-3923029424-1761788839-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
f.lux (HKU\S-1-5-21-404751162-3923029424-1761788839-1001\...\Flux) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Gyazo 3.3.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
HF pAppLoc version 1.1.1 (HKLM-x32\...\{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1) (Version: 1.1.1 - Inquisitor)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3002 - Packard Bell)
ILLUSION ジンコウガクエン2 (HKLM-x32\...\{AF83EF7D-353A-4E0C-9919-C4E4BCB5F742}) (Version: 1.00.0000 - ILLUSION)
ILLUSION ジンコウガクエン2 きゃらめいく (HKLM-x32\...\{A56F495B-7075-4510-AC91-485416140DA2}) (Version: 1.00.0000 - ILLUSION)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{b480f6cc-fa56-482b-b0a3-49d69a32db6d}) (Version: 2.8.0.7 - Intel)
iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
join.me (HKU\S-1-5-21-404751162-3923029424-1761788839-1001\...\JoinMe) (Version: 3.1.0.4367 - LogMeIn, Inc.)
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.4 - Packard Bell)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3002 - Packard Bell)
Livestream Procaster (HKLM-x32\...\{68E4C751-272B-44E1-94C7-4E1FDC40F7DA}) (Version: 20.3.25 - Procaster)
Malwarebytes versio 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
MediBang Paint Pro 10.2 (64-bit) (HKLM\...\MediBang Paint Pro_is1) (Version: 10.2 - Medibang)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{26E474C7-E63A-4EC2-A08C-909B996AA75D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 49.0.2 (x86 fi) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 fi)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
Nero 12 Essentials OEM.a01 (HKLM-x32\...\{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}) (Version: 12.5.00000 - Nero AG)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{B2B0EC73-AD4A-4716-A3DE-CEA8440B309B}) (Version: 12.5.00000 - Nero AG)
Norton Online Backup ARA (HKLM-x32\...\NARA) (Version: 4.1.0.10 - Symantec Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{C1278BE4-2F1D-420B-A62F-0CFD6879FAEA}) (Version: 3.41.9593 - Apache Software Foundation)
Packard Bell Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3003 - Packard Bell)
Packard Bell Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3003 - Packard Bell)
Packard Bell Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3006 - Packard Bell)
PaintTool SAI Ver.1 (HKLM-x32\...\PaintToolSAI) (Version:  - )
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
piaip AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Pokemon Online 2.4.1 (HKLM-x32\...\{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1) (Version:  - Dreambelievers)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.3 - Power Software Ltd)
Prerequisite installer (HKLM-x32\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0002 - Nero AG) Hidden
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
RPG Maker VX RTP (HKLM-x32\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
RPGツクール2000 ランタイムパッケージ (HKLM-x32\...\{33F7A957-A66D-45A1-BADF-6576083B14E2}) (Version:  - )
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TalonRO Client 1.0.0 (HKLM-x32\...\TalonRO_is1) (Version: 1.0.0 - TalonRO)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Jackbox Party Pack (HKLM-x32\...\Steam App 331670) (Version:  - Jackbox Games, Inc.)
Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{15015752-9990-4516-A2B1-93823281FB8E}) (Version: 15.0.1759 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Dictionary (HKLM-x32\...\{E75B82FD-B6FD-4653-8685-F3A97BDFEA6E}) (Version: 15.0.2013 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{01E87699-A49D-413A-B75B-7C434FEF979C}) (Version: 15.0.2013 - Microsoft Corporation)
Valokuvavalikoima (HKLM-x32\...\{B315ABA6-8217-484E-9AC5-38806E265664}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version:  - VB-Audio Software)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.3-2 - Wacom Technology Corp.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.8-4 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.)
Windows Liven peruspaketti (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windowsin ohjainpaketti - Intel (NETwNb64) net  (08/01/2013 16.5.0.15) (HKLM\...\53BB83F31267476EA08730A3A6A5440B13232E47) (Version: 08/01/2013 16.5.0.15 - Intel)
Windowsin ohjainpaketti - Intel (NETwNe64) net  (08/08/2013 15.10.0.15) (HKLM\...\0DA2A4408EAF79301181D83EDE00C299E257CE3F) (Version: 08/08/2013 15.10.0.15 - Intel)
Windowsin ohjainpaketti - Intel (NETwNs64) net  (01/22/2012 14.3.2.1) (HKLM\...\CD88F0FADE1395C9F91302912FD35B13CF75C196) (Version: 01/22/2012 14.3.2.1 - Intel)
Windowsin ohjainpaketti - Intel (NETwNs64) net  (06/16/2013 15.9.0.5) (HKLM\...\E803A23E1EF431584A07E57A135C48ACB831FF76) (Version: 06/16/2013 15.9.0.5 - Intel)
XSplit Broadcaster (HKLM-x32\...\{F485BA07-A09E-464D-A550-8BBCB211F632}) (Version: 2.9.1701.1616 - SplitmediaLabs)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-404751162-3923029424-1761788839-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ilona\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-404751162-3923029424-1761788839-1001_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-404751162-3923029424-1761788839-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-404751162-3923029424-1761788839-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-404751162-3923029424-1761788839-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-404751162-3923029424-1761788839-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-404751162-3923029424-1761788839-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-404751162-3923029424-1761788839-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-404751162-3923029424-1761788839-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-404751162-3923029424-1761788839-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-404751162-3923029424-1761788839-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-05-23] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-05-23] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-05-23] ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ContextMenuHandlers01: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-05-23] ()
ContextMenuHandlers01: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2015-06-08] (Power Software Ltd)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext64.dll [2009-06-02] ()
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers04: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2015-06-08] (Power Software Ltd)
ContextMenuHandlers04: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext64.dll [2009-06-02] ()
ContextMenuHandlers04: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2015-06-01] (Intel Corporation)
ContextMenuHandlers06: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-05-23] ()
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2015-06-08] (Power Software Ltd)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext64.dll [2009-06-02] ()
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers1_S-1-5-21-404751162-3923029424-1761788839-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-404751162-3923029424-1761788839-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-404751162-3923029424-1761788839-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Ilona\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0F2C154F-347A-484D-8186-881D47C30CFE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {13E414BB-46C9-4793-950C-E3E15E47DA9D} - System32\Tasks\{F43A7692-3A77-4A24-8D07-A121C632C189} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Rankstrong\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Rankstrong\uninstall.dat" -a uninstallme 7574F464-F14A-4123-887F-2BA437321078 DeviceId=e2ad04cc-7fbd-2278-1f11-bb9e84a22d76 BarcodeId=51557003 ChannelId=3 DistributerName=APSFWemonetize
Task: {141A7A10-F460-435B-BCD5-5926D6001F65} - System32\Tasks\ALU_SelfUpgrade => C:\ProgramData\Packard Bell\updater2\Download\52971989\D\UpgradeDownload.exe [2017-06-13] ()
Task: {15E368C8-C1C8-49C1-B29A-0C291485F105} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {39FDECEC-9147-4848-AAA5-602E948B5E4B} - System32\Tasks\{C45EB629-4DAE-4FE0-B037-2ACD0C503566} => pcalua.exe -a "C:\Users\Ilona\AppData\Local\Zame\PaintTool SAI English Pack\start-sai.exe" -d "C:\Users\Ilona\AppData\Local\Zame\PaintTool SAI English Pack"
Task: {3F31F794-C3D6-42EC-87DB-13023706F383} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {42ED7251-B47B-471B-A3EB-ACB3D4B8E37D} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {4E0D793B-DBB4-4A04-8C7D-908578F2A9A3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-06-13] (Microsoft Corporation)
Task: {55FA6F19-EF99-497F-A0A3-12420BCDDDF2} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Packard Bell\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {58CED335-57DC-47F9-98F8-A94CB807BD63} - System32\Tasks\{939D2FB6-1F92-462A-B91E-8C3E598EB12F} => pcalua.exe -a "C:\Program Files (x86)\Intel\Intel® Processor Graphics\Uninstall\setup.exe" -c -uninstall
Task: {5C83827A-F721-4746-821B-2EDD16F0D0F4} - System32\Tasks\{7A3FA45E-BB79-4F63-A1B1-4D6EF4E931EB} => pcalua.exe -a C:\Users\Ilona\Desktop\WLAN_Broadcom_6.30.223.170_W81x64\bcmwls32.exe -d C:\Users\Ilona\Desktop\WLAN_Broadcom_6.30.223.170_W81x64
Task: {60514631-F709-47C9-B1FD-844BCE95F4D8} - System32\Tasks\Power Management => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [2012-08-01] (Acer Incorporated)
Task: {6582259E-9112-4E43-A4D6-6AEE98DDBB54} - System32\Tasks\AdobeAAMUpdater-1.0-haiyentran-Ilona => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {79CD61D3-47B7-45A6-B894-0EEF4869FE35} - System32\Tasks\{345A3A90-1DD8-4E05-913C-43E5C79A6B28} => pcalua.exe -a "C:\Program Files (x86)\Intel\OpenCL SDK\2.0\Uninstall\setup.exe" -c -uninstall
Task: {7A2B78EC-E767-4452-B3D3-B938D5B84AAE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-17] (Adobe Systems Incorporated)
Task: {AD2AF7D1-14F0-4D85-AF20-6158251A0005} - System32\Tasks\ALU => C:\Program Files (x86)\Packard Bell\Live Updater\updater.exe [2012-07-13] ()
Task: {B7AD51D8-380C-45BE-8E3A-9E95042BC77F} - System32\Tasks\{B5F19B29-C680-48C0-AB93-D9A4B6063141} => pcalua.exe -a "C:\Program Files (x86)\zdaplmYOSe\uninstall.exe"
Task: {BD81893D-771B-47F3-BBE1-FB8C55256D3F} - System32\Tasks\279784d93b11843bfd275b27395e6580 => sc start 279784d93b11843bfd275b27395e6580 <==== ATTENTION
Task: {CD2F8839-49A2-41BA-B1AA-7DDA5E45F483} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {CFF87471-8F8E-4B5D-8934-986046D95F61} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-05-16] ()
Task: {DC2B5180-C70E-483B-802C-DF161FCA12F6} - System32\Tasks\{C2D1D880-07AB-4CE3-85D5-6F2BD95830B1} => pcalua.exe -a "C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\20.2.0.19\InstStub.exe" -c /X /ARP
Task: {F08A387C-4F41-4F21-AB90-7BCEAD6A3D67} - System32\Tasks\{76F8CBC1-AEB2-4B62-8BCA-B8B19EA4467A} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Enterbrain\RGSS3\RPGVXAce\unins000.exe"
Task: {F35D9254-270D-474D-890B-B14973E6A5C3} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-05-16] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\Ilona\Favorites\Packard Bell\Packard Bell.lnk -> hxxp://www.packardbell.com
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-11-17 02:28 - 2016-11-17 02:28 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 02:28 - 2016-11-17 02:28 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-07 19:04 - 2017-03-07 19:04 - 00157456 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
2017-07-03 10:37 - 2017-06-27 12:06 - 02260432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2014-05-23 02:10 - 2014-05-23 02:10 - 00671904 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2012-11-17 18:39 - 2009-06-02 01:15 - 00051200 _____ () C:\Program Files\WinRAR\rarext64.dll
2012-11-17 18:39 - 2013-12-17 04:17 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2013-04-10 21:06 - 2008-12-28 11:19 - 01642496 _____ () C:\Program Files (x86)\PaintToolSAI\sai.exe
2017-06-27 22:11 - 2017-06-23 06:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-27 22:11 - 2017-06-23 06:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2017-01-30 12:52 - 2017-01-30 12:52 - 01926632 ____R () C:\Program Files (x86)\Skype\Phone\roottools.dll
2012-08-29 11:14 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-04-10 21:06 - 2008-11-13 05:37 - 00499712 _____ () C:\Program Files (x86)\PaintToolSAI\sfl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-404751162-3923029424-1761788839-1001\...\skype.com -> hxxps://apps.skype.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ilona\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "DSATray"
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\...\StartupApproved\Run: => "Steam"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{C42698A3-CD17-4AA4-8E48-A3B4F90D42ED}] => (Allow) LPort=1900
FirewallRules: [{D39DFAB7-6A91-4D8D-8EE6-C7297DF5912B}] => (Allow) LPort=2869
FirewallRules: [{EB24231D-153D-469B-B45E-E45B7D07366C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{9686D16F-F0BD-4D07-A10C-38F2D3C06158}] => (Allow) C:\CherryDeGames\Dragon Nest\DragonNest.exe
FirewallRules: [{ADC154B5-2EA8-45C1-96CF-9CB10CF39F7D}] => (Allow) C:\CherryDeGames\Dragon Nest\DragonNest.exe
FirewallRules: [{FAD0A4D7-8ABE-4AF7-B84C-429E25724F13}] => (Allow) C:\Users\Ilona\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{39B73A54-C2BC-4E71-81B3-337C258665D5}] => (Allow) C:\Users\Ilona\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{2BB147B9-4156-4258-9519-31EEE48CF0AA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{43D9E809-D960-4D77-B65C-A23D08DBE5DA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{36ADB0BB-C339-44C6-9D8E-CB35F7322AA9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A89A1AD2-1E88-43F9-A689-87615BC16DBF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{87280CFC-F72A-4CF3-A6AA-F98E6F79AD3B}C:\users\ilona\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\ilona\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{EE7B98CB-D1C3-4534-8553-6FE903E20689}C:\users\ilona\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\ilona\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{91E5C789-7656-407D-9448-D3705768E25C}] => (Allow) C:\Users\Ilona\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{572B3F8D-E5FD-493B-B612-8B8B4D891A53}] => (Allow) C:\Users\Ilona\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2D812B08-ABCE-47D6-8898-D5163567361F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [UDP Query User{D5CF19B9-5767-4B50-A893-CB011C52E519}C:\users\ilona\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Allow) C:\users\ilona\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
FirewallRules: [TCP Query User{6A24D8A4-187E-4366-AEE3-E37B7DB3E76A}C:\users\ilona\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Allow) C:\users\ilona\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
FirewallRules: [{8C48841A-AD4A-406A-8298-FCC8446842FF}] => (Allow) C:\koramgame\STOnline\_Launcher.exe
FirewallRules: [{D49DCC20-6DD4-43BF-A14D-DD3222C7B8F0}] => (Allow) C:\koramgame\STOnline\_Launcher.exe
FirewallRules: [{5DDAC1D3-BC4F-426E-A91A-339E220A43F5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4B22F641-2DFD-46CE-BBAC-D5C575CC9D32}] => (Allow) LPort=7000
FirewallRules: [{62A5E0BF-1A0E-49E7-8DA8-AEFD7950743F}] => (Allow) LPort=7000
FirewallRules: [{1E683910-E7BC-4BF1-9EF4-049F77ED88FF}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe
FirewallRules: [{DA7990C6-CCB9-4218-BCAB-9CA36BE65C69}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe
FirewallRules: [{8247AEE0-7F3E-4F0E-A32B-2F3517F0BA84}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{953A731E-AE18-4E94-AB14-903EE91209EF}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{F1096375-1F68-4823-8622-D47E0297DC4D}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{BA7EF300-EABF-4778-9E7E-3F8382EA2DFD}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{391D50BF-7AE4-4577-9D40-FEED12DD0C70}] => (Allow) C:\program files (x86)\nero\nero 12\nero backitup\backitup.exe
FirewallRules: [{64F37E24-6504-4769-A033-5E7531B79955}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{550E75A1-5D41-4568-BE86-B510A404F9E3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CAA11875-B0C3-4E29-B408-7A83C913D26A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Jackbox Party Pack\TJPP.exe
FirewallRules: [{C2F4F1BF-5799-41E0-B317-D8308E6BB0CA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Jackbox Party Pack\TJPP.exe
FirewallRules: [TCP Query User{CB4F4117-6489-4038-B270-14AC57AD2BB2}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{9D6239B7-3445-4910-91C9-6B5045E2301E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{E389C9B0-077A-4B7F-A531-A2E979742633}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{783494FE-9668-477D-BC3F-01BBEE18D95D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{4A17B057-57B1-4A64-B2C0-B65878FEFD8E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6EE13595-4604-4F23-B441-AFFB1C643CA5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FDC53436-B3FD-4A8D-BF04-54E967FD5A75}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{67ABA2EF-A3EF-4C12-BF1C-AA92AE9ED9BB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{9425ECAC-3F80-4E8E-8534-BF18CD33E57E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{73B117C3-B4FF-4319-8ACF-55F3603C4A94}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{39BA2BB1-4EF7-43F0-BE2E-E19CCECAB886}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{77AB8F4D-90BC-4241-B862-CA4B13E4F753}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{753A0143-7501-41DE-811B-9333B33A55CD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EBAE456C-B095-4EFD-9B96-0DA22F2FE172}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{47A72294-F75C-4436-9163-5144F376BAF7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A874FFF9-6E6C-4FF2-A9DB-6730D1FFAAF8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3283BFAF-11F8-435E-BC99-F207AAA3A10C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{53EB4C8C-9A88-48EC-A3EA-62E2427FBF71}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1F3CC7BF-E67A-4E8E-B1FD-7DEA4970204B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{39B70A48-6DCC-40C8-AE16-60C4D682A7B5}] => (Allow) 㩃啜敳獲䥜潬慮䅜灰慄慴剜慯業杮獜湳獜湳攮數
FirewallRules: [{59B46603-D21D-4E17-BDDF-077A2D456C7D}] => (Allow) 㩃啜敳獲䥜潬慮䅜灰慄慴剜慯業杮獜湳獜癡略⹰硥e
FirewallRules: [{5B772F6F-4948-4A1A-8F2D-B536C2049059}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{583EBDD9-C96D-4153-89A1-2EE0F77B0543}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{46FC487A-25D5-45F3-BE11-28911B7FEE1D}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{85850670-2C36-44BE-A2D4-A231B9B1DFDA}] => (Allow) C:\Users\Ilona\AppData\Local\Temp\7zS929A.tmp\SymNRT.exe
FirewallRules: [{E29132DF-16F3-4DF6-AC22-4AFD14F1B22F}] => (Allow) C:\Users\Ilona\AppData\Local\Temp\7zS929A.tmp\SymNRT.exe
FirewallRules: [{784CCF4F-8442-48E3-AE8C-3A76B34CF501}] => (Allow) C:\Program Files (x86)\SplitMediaLabs\XSplit\XSplit.Core.exe
FirewallRules: [{03039D27-3E27-4AEC-91EE-7EA05F3AB2A7}] => (Allow) C:\Program Files (x86)\SplitMediaLabs\XSplit\XSplit.cam.exe
FirewallRules: [{DB3C8388-4CB5-4867-80DC-81438C293597}] => (Allow) C:\Program Files (x86)\SplitMediaLabs\XSplit\XSplit.Core.exe
FirewallRules: [{59FF47F8-27D0-4A1A-96CB-77C18DA92BC6}] => (Allow) C:\Program Files (x86)\SplitMediaLabs\XSplit\XSplit.cam.exe
FirewallRules: [{FCC8CA05-3FA0-4AAC-8932-B710681816EE}] => (Allow) C:\Program Files (x86)\PaintToolSAI\sai.exe
FirewallRules: [{8530BF9C-2A18-4902-8C1B-52C73AFE66E2}] => (Allow) C:\Program Files (x86)\PaintToolSAI\sai.exe
FirewallRules: [{7C1A2D67-89F6-4CEF-B554-6758EEF1BDA7}] => (Allow) C:\Program Files (x86)\PaintToolSAI\sai.exe
FirewallRules: [{BD33DEAE-86DB-4E79-82C5-604791E53742}] => (Allow) C:\Program Files (x86)\PaintToolSAI\sai.exe
FirewallRules: [{76E2A98A-6F4F-4BC4-820E-8322CCD7B90F}] => (Allow) C:\Program Files (x86)\PaintToolSAI\start-sai.exe
FirewallRules: [{DFC1E05C-576D-44DE-AC62-97E897CA7183}] => (Allow) C:\Program Files (x86)\PaintToolSAI\start-sai.exe
FirewallRules: [{BF835732-EAB0-4458-9FC7-D37992F24658}] => (Allow) C:\Program Files (x86)\PaintToolSAI\start-sai.exe
FirewallRules: [{C7300D46-2CE3-49CE-9664-101A85E0EFE5}] => (Allow) C:\Program Files (x86)\PaintToolSAI\start-sai.exe
FirewallRules: [{A0EF2136-751E-49D4-BF8D-AE05BD35186D}] => (Allow) C:\Program Files (x86)\Antanna\Application\chrome.exe
FirewallRules: [{C0F59CA0-64D6-4DE0-AF89-3A02526414E6}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe
FirewallRules: [{B79FFF21-76BC-4B2F-BBB3-2A14C415976E}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{F1CBB7FF-AEFF-4081-8F52-35EDB8FED82E}] => (Allow) LPort=1723
FirewallRules: [{70DC6DD4-509D-459B-82C9-4324BDACA5C5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D7840803-5FB6-4EE1-B42B-88EE30FC20E3}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{3814309B-6F5D-4B9D-AEEF-293D67DE911C}] => (Allow) C:\Windows\System32\rundll32.exe
 
==================== Restore Points =========================
 
19-06-2017 02:12:58 Windows Update
20-06-2017 10:00:19 Intel® Driver Update Utility
28-06-2017 09:46:34 Ajoitettu tarkistuspiste
01-07-2017 20:13:18 Removed Online Application
01-07-2017 20:19:54 Removed Online Application
01-07-2017 21:58:19 Malwarebytes Anti-Rootkit Restore Point
02-07-2017 16:07:32 Malwarebytes Anti-Rootkit Restore Point
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/03/2017 12:36:07 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Open-komento palvelulle WmiApRpl DLL-tiedostossa C:\WINDOWS\system32\wbem\wmiaprpl.dll epäonnistui. Tämän palvelun resurssitiedot eivät ole käytettävissä. Dataosan ensimmäiset neljä tavua (DWORD) sisältävät virhekoodin.
 
Error: (07/03/2017 12:36:07 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows ei voi ladata laajennettavan laskurin DLL-tiedostoa rdyboost. Dataosan ensimmäiset neljä tavua (DWORD) sisältävät Windows-virhekoodin.
 
Error: (07/03/2017 12:36:07 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Palvelinpalvelun resurssiobjektia ei voi avata. Dataosan ensimmäiset neljä tavua (DWORD) sisältävät tilakoodin.
 
Error: (07/03/2017 12:36:07 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Open-komento palvelulle MSDTC DLL-tiedostossa C:\WINDOWS\system32\msdtcuiu.DLL epäonnistui. Tämän palvelun resurssitiedot eivät ole käytettävissä. Dataosan ensimmäiset neljä tavua (DWORD) sisältävät virhekoodin.
 
Error: (07/03/2017 12:36:07 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Open-komento palvelulle Lsa DLL-tiedostossa C:\Windows\System32\Secur32.dll epäonnistui. Tämän palvelun resurssitiedot eivät ole käytettävissä. Dataosan ensimmäiset neljä tavua (DWORD) sisältävät virhekoodin.
 
Error: (07/03/2017 12:36:07 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Open-komento palvelulle ESENT DLL-tiedostossa C:\WINDOWS\system32\esentprf.dll epäonnistui. Tämän palvelun resurssitiedot eivät ole käytettävissä. Dataosan ensimmäiset neljä tavua (DWORD) sisältävät virhekoodin.
 
Error: (07/03/2017 12:36:07 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Open-komento palvelulle BITS DLL-tiedostossa C:\Windows\System32\bitsperf.dll epäonnistui. Tämän palvelun resurssitiedot eivät ole käytettävissä. Dataosan ensimmäiset neljä tavua (DWORD) sisältävät virhekoodin.
 
Error: (07/03/2017 12:36:06 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Open-komento palvelulle WmiApRpl DLL-tiedostossa C:\WINDOWS\system32\wbem\wmiaprpl.dll epäonnistui. Tämän palvelun resurssitiedot eivät ole käytettävissä. Dataosan ensimmäiset neljä tavua (DWORD) sisältävät virhekoodin.
 
Error: (07/03/2017 12:36:04 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows ei voi ladata laajennettavan laskurin DLL-tiedostoa rdyboost. Dataosan ensimmäiset neljä tavua (DWORD) sisältävät Windows-virhekoodin.
 
Error: (07/03/2017 12:36:04 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Palvelinpalvelun resurssiobjektia ei voi avata. Dataosan ensimmäiset neljä tavua (DWORD) sisältävät tilakoodin.
 
 
System errors:
=============
Error: (07/04/2017 11:59:08 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-hallinta)
Description: Ilmeni virhe yritettäessä lukea paikallista isäntätiedostoa.
 
Error: (07/04/2017 09:57:32 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Aikakatkaisu (30000 millisekuntia) odotettaessa tapahtuman vastausta NcdAutoSetup-palvelusta.
 
Error: (07/04/2017 08:37:58 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-hallinta)
Description: Ilmeni virhe yritettäessä lukea paikallista isäntätiedostoa.
 
Error: (07/04/2017 08:16:02 AM) (Source: DCOM) (EventID: 10010) (User: haiyentran)
Description: Palvelin {1B1F472E-3221-4826-97DB-2C2324D389AE} ei rekisteröitynyt DCOM:n  kanssa annetun ajan sisällä.
 
Error: (07/04/2017 08:15:31 AM) (Source: DCOM) (EventID: 10010) (User: haiyentran)
Description: Palvelin {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} ei rekisteröitynyt DCOM:n  kanssa annetun ajan sisällä.
 
Error: (07/04/2017 07:56:55 AM) (Source: DCOM) (EventID: 10010) (User: haiyentran)
Description: Palvelin {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} ei rekisteröitynyt DCOM:n  kanssa annetun ajan sisällä.
 
Error: (07/04/2017 07:56:25 AM) (Source: DCOM) (EventID: 10010) (User: haiyentran)
Description: Palvelin {1B1F472E-3221-4826-97DB-2C2324D389AE} ei rekisteröitynyt DCOM:n  kanssa annetun ajan sisällä.
 
Error: (07/04/2017 07:33:48 AM) (Source: DCOM) (EventID: 10010) (User: haiyentran)
Description: Palvelin {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} ei rekisteröitynyt DCOM:n  kanssa annetun ajan sisällä.
 
Error: (07/04/2017 07:33:18 AM) (Source: DCOM) (EventID: 10010) (User: haiyentran)
Description: Palvelin {1B1F472E-3221-4826-97DB-2C2324D389AE} ei rekisteröitynyt DCOM:n  kanssa annetun ajan sisällä.
 
Error: (07/04/2017 07:11:58 AM) (Source: DCOM) (EventID: 10010) (User: haiyentran)
Description: Palvelin {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} ei rekisteröitynyt DCOM:n  kanssa annetun ajan sisällä.
 
 
CodeIntegrity:
===================================
  Date: 2017-03-14 17:58:53.601
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-03-14 16:57:46.549
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-03-14 16:20:27.067
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-03-14 11:45:13.010
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-03-14 06:01:11.193
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-03-14 06:01:10.958
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-03-14 06:01:10.907
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-03-14 06:01:10.904
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-03-14 05:52:01.213
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-03-14 05:52:00.924
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU B830 @ 1.80GHz
Percentage of memory in use: 48%
Total physical RAM: 3909.28 MB
Available physical RAM: 2005.02 MB
Total Virtual: 6725.28 MB
Available Virtual: 4001.42 MB
 
==================== Drives ================================
 
Drive c: (Packard Bell) (Fixed) (Total:278.75 GB) (Free:105.89 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 8B044F1D)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:08 AM

Posted 04 July 2017 - 10:47 AM

Greetings llona.

No problem on the delay (which it really wasn't). It is a little more cumbersome when we are different time zones but we will manage! :)

Your computer is infected.

Do you recognize these?

FirewallRules: [{39B70A48-6DCC-40C8-AE16-60C4D682A7B5}] => (Allow) 㩃啜敳獲䥜潬慮䅜灰慄慴剜慯業杮獜湳獜湳攮數
FirewallRules: [{59B46603-D21D-4E17-BDDF-077A2D456C7D}] => (Allow) 㩃啜敳獲䥜潬慮䅜灰慄慴剜慯業杮獜湳獜癡略⹰硥e

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\...\MountPoints2: E - "E:\Startup.exe" 
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\...\MountPoints2: {03f39816-5320-11e2-be82-b888e35cb298} - "E:\Startup.exe" 
GroupPolicy: Restriction - Chrome <==== ATTENTION
SearchScopes: HKU\S-1-5-21-404751162-3923029424-1761788839-1001 -> {3F51A905-FDFD-4E98-AF17-17CB29BF1EF8} URL = 
CHR Extension: (Chrome Media Router) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-01]
S1 gfizbnxuv.sys; C:\WINDOWS\system32\drivers\gfizbnxuv.sys [15424 2017-07-01] () [File not signed]
R1 gfyadmrpp.sys; C:\WINDOWS\system32\drivers\gfyadmrpp.sys [121200 2017-07-03] () [File not signed]
S1 hrdbgwggw.sys; C:\WINDOWS\system32\drivers\hrdbgwggw.sys [15424 2017-07-03] () [File not signed]
Task: {B7AD51D8-380C-45BE-8E3A-9E95042BC77F} - System32\Tasks\{B5F19B29-C680-48C0-AB93-D9A4B6063141} => pcalua.exe -a "C:\Program Files (x86)\zdaplmYOSe\uninstall.exe"
Task: {BD81893D-771B-47F3-BBE1-FB8C55256D3F} - System32\Tasks\279784d93b11843bfd275b27395e6580 => sc start 279784d93b11843bfd275b27395e6580 <==== ATTENTION
Task: {13E414BB-46C9-4793-950C-E3E15E47DA9D} - System32\Tasks\{F43A7692-3A77-4A24-8D07-A121C632C189} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Rankstrong\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Rankstrong\uninstall.dat" -a uninstallme 7574F464-F14A-4123-887F-2BA437321078 DeviceId=e2ad04cc-7fbd-2278-1f11-bb9e84a22d76 BarcodeId=51557003 ChannelId=3 DistributerName=APSFWemonetize
Task: {DC2B5180-C70E-483B-802C-DF161FCA12F6} - System32\Tasks\{C2D1D880-07AB-4CE3-85D5-6F2BD95830B1} => pcalua.exe -a "C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\20.2.0.19\InstStub.exe" -c /X /ARP
FirewallRules: [{85850670-2C36-44BE-A2D4-A231B9B1DFDA}] => (Allow) C:\Users\Ilona\AppData\Local\Temp\7zS929A.tmp\SymNRT.exe
FirewallRules: [{E29132DF-16F3-4DF6-AC22-4AFD14F1B22F}] => (Allow) C:\Users\Ilona\AppData\Local\Temp\7zS929A.tmp\SymNRT.exe
C:\WINDOWS\isRS-000.tmp
C:\Program Files (x86)\NortonInstaller
C:\Program Files (x86)\Common Files\Rankstrong
C:\WINDOWS\system32\drivers\gfizbnxuv.sys
C:\WINDOWS\system32\drivers\gfyadmrpp.sys
C:\WINDOWS\system32\drivers\hrdbgwggw.sys
C:\Program Files (x86)\zdaplmYOSe
C:\WINDOWS\System32\Tasks\279784d93b11843bfd275b27395e6580
2017-07-01 19:59 - 2017-07-03 12:31 - 00020384 _____ C:\pagefile_bak.$$$
2017-07-01 19:59 - 2017-07-03 12:31 - 00000584 _____ C:\pagefile_bak3.$$$
2017-07-01 19:59 - 2017-07-03 12:31 - 00000048 _____ C:\pagefile_bak2.$$$
2017-07-01 19:59 - 2017-07-01 19:59 - 00000032 _____ C:\pagefile.$$$
2017-06-20 10:00 - 2017-06-20 10:00 - 00000000 ____D C:\Users\Ilona\Downloads\Temp
C:\WINDOWS\System32\Tasks\ALU_SelfUpgrade
2017-06-19 02:32 - 2012-07-26 10:59 - 00000000 ____D C:\WINDOWS\CbsTemp
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA}
ContextMenuHandlers04: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA}
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA}
cmd: del /f /s /q "C:\WINDOWS\system32\default_error_stack*.*"
Folder: C:\WINDOWS\ToastData
cmd: gpresult /Scope User /v
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Recognize entries?
  • Fixlog
  • Update on computer/browser behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 shainess

shainess
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  

Posted 04 July 2017 - 11:19 AM

I don't recognize the firewall rules on your previous message. I don't think I even understand what they mean..

 

It restarted my laptop but once I opened Google Chrome and tried few sites, the pop-up ads came back. [here is an example link]

 

And here is the Fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 03-07-2017 01

Ran by Ilona (04-07-2017 19:02:23) Run:2
Running from C:\Users\Ilona\Desktop
Loaded Profiles: Ilona (Available Profiles: Ilona & Vieras)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\...\MountPoints2: E - "E:\Startup.exe" 
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\...\MountPoints2: {03f39816-5320-11e2-be82-b888e35cb298} - "E:\Startup.exe" 
GroupPolicy: Restriction - Chrome <==== ATTENTION
SearchScopes: HKU\S-1-5-21-404751162-3923029424-1761788839-1001 -> {3F51A905-FDFD-4E98-AF17-17CB29BF1EF8} URL = 
CHR Extension: (Chrome Media Router) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-01]
S1 gfizbnxuv.sys; C:\WINDOWS\system32\drivers\gfizbnxuv.sys [15424 2017-07-01] () [File not signed]
R1 gfyadmrpp.sys; C:\WINDOWS\system32\drivers\gfyadmrpp.sys [121200 2017-07-03] () [File not signed]
S1 hrdbgwggw.sys; C:\WINDOWS\system32\drivers\hrdbgwggw.sys [15424 2017-07-03] () [File not signed]
Task: {B7AD51D8-380C-45BE-8E3A-9E95042BC77F} - System32\Tasks\{B5F19B29-C680-48C0-AB93-D9A4B6063141} => pcalua.exe -a "C:\Program Files (x86)\zdaplmYOSe\uninstall.exe"
Task: {BD81893D-771B-47F3-BBE1-FB8C55256D3F} - System32\Tasks\279784d93b11843bfd275b27395e6580 => sc start 279784d93b11843bfd275b27395e6580 <==== ATTENTION
Task: {13E414BB-46C9-4793-950C-E3E15E47DA9D} - System32\Tasks\{F43A7692-3A77-4A24-8D07-A121C632C189} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Rankstrong\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Rankstrong\uninstall.dat" -a uninstallme 7574F464-F14A-4123-887F-2BA437321078 DeviceId=e2ad04cc-7fbd-2278-1f11-bb9e84a22d76 BarcodeId=51557003 ChannelId=3 DistributerName=APSFWemonetize
Task: {DC2B5180-C70E-483B-802C-DF161FCA12F6} - System32\Tasks\{C2D1D880-07AB-4CE3-85D5-6F2BD95830B1} => pcalua.exe -a "C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\20.2.0.19\InstStub.exe" -c /X /ARP
FirewallRules: [{85850670-2C36-44BE-A2D4-A231B9B1DFDA}] => (Allow) C:\Users\Ilona\AppData\Local\Temp\7zS929A.tmp\SymNRT.exe
FirewallRules: [{E29132DF-16F3-4DF6-AC22-4AFD14F1B22F}] => (Allow) C:\Users\Ilona\AppData\Local\Temp\7zS929A.tmp\SymNRT.exe
C:\WINDOWS\isRS-000.tmp
C:\Program Files (x86)\NortonInstaller
C:\Program Files (x86)\Common Files\Rankstrong
C:\WINDOWS\system32\drivers\gfizbnxuv.sys
C:\WINDOWS\system32\drivers\gfyadmrpp.sys
C:\WINDOWS\system32\drivers\hrdbgwggw.sys
C:\Program Files (x86)\zdaplmYOSe
C:\WINDOWS\System32\Tasks\279784d93b11843bfd275b27395e6580
2017-07-01 19:59 - 2017-07-03 12:31 - 00020384 _____ C:\pagefile_bak.$$$
2017-07-01 19:59 - 2017-07-03 12:31 - 00000584 _____ C:\pagefile_bak3.$$$
2017-07-01 19:59 - 2017-07-03 12:31 - 00000048 _____ C:\pagefile_bak2.$$$
2017-07-01 19:59 - 2017-07-01 19:59 - 00000032 _____ C:\pagefile.$$$
2017-06-20 10:00 - 2017-06-20 10:00 - 00000000 ____D C:\Users\Ilona\Downloads\Temp
C:\WINDOWS\System32\Tasks\ALU_SelfUpgrade
2017-06-19 02:32 - 2012-07-26 10:59 - 00000000 ____D C:\WINDOWS\CbsTemp
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA}
ContextMenuHandlers04: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA}
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA}
cmd: del /f /s /q "C:\WINDOWS\system32\default_error_stack*.*"
Folder: C:\WINDOWS\ToastData
cmd: gpresult /Scope User /v
emptytemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E => key removed successfully
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03f39816-5320-11e2-be82-b888e35cb298} => key removed successfully
HKLM\Software\Classes\CLSID\{03f39816-5320-11e2-be82-b888e35cb298} => key not found. 
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKU\S-1-5-21-404751162-3923029424-1761788839-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3F51A905-FDFD-4E98-AF17-17CB29BF1EF8} => key removed successfully
HKLM\Software\Classes\CLSID\{3F51A905-FDFD-4E98-AF17-17CB29BF1EF8} => key not found. 
HKLM\System\CurrentControlSet\Services\gfizbnxuv.sys => key removed successfully
gfizbnxuv.sys => service removed successfully
gfyadmrpp.sys => Unable to stop service.
HKLM\System\CurrentControlSet\Services\gfyadmrpp.sys => key removed successfully
gfyadmrpp.sys => service removed successfully
HKLM\System\CurrentControlSet\Services\hrdbgwggw.sys => key removed successfully
hrdbgwggw.sys => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7AD51D8-380C-45BE-8E3A-9E95042BC77F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7AD51D8-380C-45BE-8E3A-9E95042BC77F} => key removed successfully
C:\WINDOWS\System32\Tasks\{B5F19B29-C680-48C0-AB93-D9A4B6063141} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B5F19B29-C680-48C0-AB93-D9A4B6063141} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{BD81893D-771B-47F3-BBE1-FB8C55256D3F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD81893D-771B-47F3-BBE1-FB8C55256D3F} => key removed successfully
C:\WINDOWS\System32\Tasks\279784d93b11843bfd275b27395e6580 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\279784d93b11843bfd275b27395e6580 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{13E414BB-46C9-4793-950C-E3E15E47DA9D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13E414BB-46C9-4793-950C-E3E15E47DA9D} => key removed successfully
C:\WINDOWS\System32\Tasks\{F43A7692-3A77-4A24-8D07-A121C632C189} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F43A7692-3A77-4A24-8D07-A121C632C189} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC2B5180-C70E-483B-802C-DF161FCA12F6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC2B5180-C70E-483B-802C-DF161FCA12F6} => key removed successfully
C:\WINDOWS\System32\Tasks\{C2D1D880-07AB-4CE3-85D5-6F2BD95830B1} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C2D1D880-07AB-4CE3-85D5-6F2BD95830B1} => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{85850670-2C36-44BE-A2D4-A231B9B1DFDA} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E29132DF-16F3-4DF6-AC22-4AFD14F1B22F} => value removed successfully
C:\WINDOWS\isRS-000.tmp => moved successfully
"C:\Program Files (x86)\NortonInstaller" => not found.
"C:\Program Files (x86)\Common Files\Rankstrong" => not found.
C:\WINDOWS\system32\drivers\gfizbnxuv.sys => moved successfully
C:\WINDOWS\system32\drivers\gfyadmrpp.sys => moved successfully
C:\WINDOWS\system32\drivers\hrdbgwggw.sys => moved successfully
"C:\Program Files (x86)\zdaplmYOSe" => not found.
"C:\WINDOWS\System32\Tasks\279784d93b11843bfd275b27395e6580" => not found.
C:\pagefile_bak.$$$ => moved successfully
C:\pagefile_bak3.$$$ => moved successfully
C:\pagefile_bak2.$$$ => moved successfully
C:\pagefile.$$$ => moved successfully
C:\Users\Ilona\Downloads\Temp => moved successfully
C:\WINDOWS\System32\Tasks\ALU_SelfUpgrade => moved successfully
C:\WINDOWS\CbsTemp => moved successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found. 
HKLM\Software\Classes\CLSID\ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found. 
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ContextMenuHandlers04: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found. 
HKLM\Software\Classes\CLSID\ContextMenuHandlers04: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found. 
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found. 
HKLM\Software\Classes\CLSID\ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => key not found. 
 
========= del /f /s /q "C:\WINDOWS\system32\default_error_stack*.*" =========
 
Deleted file - C:\WINDOWS\system32\default_error_stack-000000-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000001-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000002-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000003-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000004-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000005-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000006-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000007-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000008-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000009-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000010-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000011-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000012-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000013-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000014-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000015-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000016-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000017-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000018-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000019-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000020-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000021-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000022-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000023-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000024-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000025-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000026-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000027-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000028-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000029-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000030-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000031-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000032-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000033-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000034-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000035-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000036-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000037-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000038-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000039-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000040-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000041-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000042-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000043-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000044-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000045-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000046-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000047-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000048-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000049-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000050-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000051-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000052-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000053-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000054-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000055-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000056-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000057-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000058-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000059-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000060-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000061-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000062-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000063-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000064-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000065-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000066-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000067-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000068-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000069-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000070-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000071-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000072-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000073-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000074-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000075-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000076-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000077-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000078-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000079-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000080-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000081-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000082-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000083-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000084-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000085-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000086-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000087-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000088-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000089-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000090-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000091-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000092-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000093-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000094-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000095-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000096-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000097-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000098-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000099-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000100-000000.txt
Deleted file - C:\WINDOWS\system32\default_error_stack-000101-000000.txt
 
========= End of CMD: =========
 
 
========================= Folder: C:\WINDOWS\ToastData ========================
 
2013-08-22 18:36 - 2017-06-13 22:52 - 0000992 ___SH () C:\WINDOWS\ToastData\desktop.ini
2013-08-22 09:57 - 2013-08-22 09:57 - 0001535 _____ () C:\WINDOWS\ToastData\Microsoft.Windows.ParentalControls.lnk
2013-08-22 09:43 - 2013-08-22 09:43 - 0001454 _____ () C:\WINDOWS\ToastData\Windows.SystemToast.AutoPlay.lnk
2013-08-22 09:52 - 2013-08-22 09:52 - 0001458 _____ () C:\WINDOWS\ToastData\Windows.SystemToast.BdeUnlock.lnk
2013-08-22 09:56 - 2013-08-22 09:56 - 0001558 _____ () C:\WINDOWS\ToastData\Windows.SystemToast.Bthprops.lnk
2013-08-22 09:43 - 2013-08-22 09:43 - 0001446 _____ () C:\WINDOWS\ToastData\Windows.SystemToast.Devices.lnk
2013-08-22 09:54 - 2013-08-22 09:54 - 0001450 _____ () C:\WINDOWS\ToastData\Windows.SystemToast.Explorer.lnk
2013-08-22 09:52 - 2013-08-22 09:52 - 0001526 _____ () C:\WINDOWS\ToastData\Windows.SystemToast.NfpAppAcquire.lnk
2013-08-22 09:52 - 2013-08-22 09:52 - 0001526 _____ () C:\WINDOWS\ToastData\Windows.SystemToast.NfpAppLaunch.lnk
2013-08-22 09:52 - 2013-08-22 09:52 - 0001534 _____ () C:\WINDOWS\ToastData\Windows.SystemToast.NfpDevicePairing.lnk
2013-08-22 09:52 - 2013-08-22 09:52 - 0001534 _____ () C:\WINDOWS\ToastData\Windows.SystemToast.NfpReceiveContent.lnk
2013-08-22 09:47 - 2013-08-22 09:47 - 0001578 _____ () C:\WINDOWS\ToastData\Windows.SystemToast.OpenWith.lnk
2013-08-22 09:44 - 2013-08-22 09:44 - 0001515 _____ () C:\WINDOWS\ToastData\Windows.SystemToast.Print.Notification.lnk
2013-08-22 09:44 - 2013-08-22 09:44 - 0001498 _____ () C:\WINDOWS\ToastData\Windows.SystemToast.RasToastNotifier.lnk
2013-08-22 09:43 - 2013-08-22 09:43 - 0001547 _____ () C:\WINDOWS\ToastData\Windows.SystemToast.Share.lnk
 
====== End of Folder: ======
 
 
========= gpresult /Scope User /v =========
 
 
Microsoft ® Windows ® Operating System Group Policy Result tool v2.0
c 2013 Microsoft Corporation. All rights reserved.
 
Created on 2017/07/04 at 19:04:35
 
 
 
RSOP data for haiyentran\Ilona on HAIYENTRAN : Logging Mode
------------------------------------------------------------
 
OS Configuration:            Standalone Workstation
OS Version:                  6.3.9600
Site Name:                   N/A
Roaming Profile:             N/A
Local Profile:               C:\Users\Ilona
Connected over a slow link?: No
 
 
USER SETTINGS
--------------
    
    Last time Group Policy was applied: 2017/07/03 at 12:35:06
    Group Policy was applied from:      N/A
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        haiyentran
    Domain Type:                        <Local Computer>
    
    Applied Group Policy Objects
    -----------------------------
        Paikallinen ryhmakaytanto
 
    The user is a part of the following security groups
    ---------------------------------------------------
        Ei mitaan
        Kaikki
        Paikallinen tili ja Jarjestelmanvalvojat-ryhman jasen
        HomeUsers
        Jarjestelmanvalvojat
        Kayttajat
        Vuorovaikutteinen
        KONSOLIKIRJAUTUMINEN
        Todennetut kayttajat
        Tama organisaatio
        Paikallinen tili
        Paikallinen
        ntlm-todennus
        Korkea pakollinen taso
        
    The user has the following security privileges
    ----------------------------------------------
 
        Lapikulun tarkistuksen ohitus
        Todennus- ja suojauslokin hallinta
        Tiedostojen ja kansioiden varmuuskopioiminen
        Tiedostojen ja kansioiden palauttaminen
        Jarjestelmaajan muuttaminen
        Jarjestelman sammuttaminen
        Sammutuksen pakotus etajarjestelmasta
        Tiedostojen tai muiden objektien ottaminen omistukseen
        Ohjelmien virheenkorjaus
        Laitteisto-ohjelmiston ymparistoarvojen muokkaaminen
        Jarjestelman suorituskyvyn profiloiminen
        Yksittaisen prosessin profiloiminen
        Ajoitusprioriteetin lisaaminen
        Laiteohjaimien lataaminen ja poistaminen
        Sivutustiedoston luominen
        Prosessin muistikiintioiden muuttaminen
        Tietokoneen poistaminen telakointiasemasta
        Aseman yllapitotehtavien suorittaminen
        Asiakkaaksi tekeytyminen todennuksen jalkeen
        Yleisten objektien luominen
        Aikavyohykkeen muuttaminen
        Symbolisten linkkien luominen
        Prosessin tyoskentelysarjan kasvattaminen
 
    Resultant Set Of Policies for User
    -----------------------------------
 
        Software Installations
        ----------------------
            N/A
 
        Logon Scripts
        -------------
            N/A
 
        Logoff Scripts
        --------------
            N/A
 
        Public Key Policies
        -------------------
            N/A
 
        Administrative Templates
        ------------------------
            N/A
 
        Folder Redirection
        ------------------
            N/A
 
        Internet Explorer Browser User Interface
        ----------------------------------------
            N/A
 
        Internet Explorer Connection
        ----------------------------
            N/A
 
        Internet Explorer URLs
        ----------------------
            N/A
 
        Internet Explorer Security
        --------------------------
            N/A
 
        Internet Explorer Programs
        --------------------------
            N/A
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17034802 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 27429806 B
Edge => 0 B
Chrome => 388388602 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 2024 B
NetworkService => 3966 B
Ilona => 8639775 B
Vieras => 0 B
 
RecycleBin => 0 B
EmptyTemp: => 429 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 19:04:55 ====


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:08 AM

Posted 04 July 2017 - 12:15 PM

Thank you. I am not surprised.

Are you currently having issues with any other browsers?

Please do these things.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
FirewallRules: [{39B70A48-6DCC-40C8-AE16-60C4D682A7B5}] => (Allow) 㩃啜敳獲䥜潬慮䅜灰慄慴剜慯業杮獜湳獜湳攮數
FirewallRules: [{59B46603-D21D-4E17-BDDF-077A2D456C7D}] => (Allow) 㩃啜敳獲䥜潬慮䅜灰慄慴剜慯業杮獜湳獜癡略⹰硥e
CHR Extension: (Chrome Media Router) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-01]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Chrome Cleanup Tool

--------------------
  • Download Chrome Cleanup Tool and save it to your Desktop
  • Double click the Desktop icon, click Run, then click Yes
  • If programs are found click Remove suspicious programs
  • If presented with a Reset screen, click Reset
  • Close Chrome, reopen, and check the browser behavior
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Other browswer(s)?
  • Fixlog
  • Chrome Cleanup Tool results
  • Chrome behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 shainess

shainess
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  

Posted 04 July 2017 - 12:55 PM

I tried Internet Explorer and I didn't get any annoying pop-up ads!
 
Chrome Cleanup Tool didn't find anything suspicious.
 
New fixlog is below but I still seem to have the same problem around? It didn't restart my laptop this time so I reopened Google Chrome and hopped around sites and my MalwareBytes keeps reporting about them.
 
Should I try restarting my laptop?
 
Fixlog.txt
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 03-07-2017 01
Ran by Ilona (04-07-2017 20:42:53) Run:3
Running from C:\Users\Ilona\Desktop
Loaded Profiles: Ilona (Available Profiles: Ilona & Vieras)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
FirewallRules: [{39B70A48-6DCC-40C8-AE16-60C4D682A7B5}] => (Allow) 㩃啜敳獲䥜潬慮䅜灰慄慴剜慯業杮獜湳獜湳攮數
FirewallRules: [{59B46603-D21D-4E17-BDDF-077A2D456C7D}] => (Allow) 㩃啜敳獲䥜潬慮䅜灰慄慴剜慯業杮獜湳獜癡略⹰硥e
CHR Extension: (Chrome Media Router) - C:\Users\Ilona\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-01]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
*****************
 
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{39B70A48-6DCC-40C8-AE16-60C4D682A7B5} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{59B46603-D21D-4E17-BDDF-077A2D456C7D} => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => key removed successfully
 
==== End of Fixlog 20:42:55 ====


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:08 AM

Posted 04 July 2017 - 01:14 PM

Yes, please restart your laptop.

I would like to gather some information about your Chrome.

Are you getting pop ups and also Malwarebytes notifications it is blocking something? Please open Malwarebytes, Click Reports, and copy/paste the top 2 entries in your reply.

===================================================

Checking Chrome Sync Status

--------------------
  • Launch Chrome web browser
  • Type chrome://settings in the address bar and hit Enter
  • Under Sign in click Advanced sync settings...
  • Is Sync everything selected on the drop down list and are all 9 items underneath checked? If not, please describe
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Malwarebytes information
  • Sync?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 shainess

shainess
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  

Posted 04 July 2017 - 01:57 PM

Hi Gary, I restarted my laptop but nothing changed. 
 
It seems to be pretty random when I get pop-up ads and how I get them. Sometimes it either happens when I open a new tab and the older one changes into an ad and so far this (bleepingcomputer) site has been the only one that turns into an ad without me opening any new tabs. 
 
I get a notification every time an ad tries to pop-up and MalwareBytes manages to block it, turning it into a site called "https://block.malwarebytes.com/" including their logo, name and a text that says "blocked a suspected URL or an unwanted program" and below "See more". There was also cases where it didn't manage to block it in time so it would lead to the ad site.
 
I went to my Chrome setting and it was set on "sync everything" and all nine there were properly checked.
 
I copy pasted the two most recent MalwareBytes reports and also included a link with a picture since it seemed to have more information compared to the Export -> Copy to Clipboard section.
 
First report
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Protection Event Date: 7/4/17
Protection Event Time: 9:40 PM
Log File: 
Administrator: Yes
 
-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2291
License: Trial
 
-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: System
 
-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0
 
-Website Data-
Domain: addonmonetiz.top
IP Address: 104.31.65.101
Port: [49450]
Type: Outbound
File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
 
(end)
 
Second report
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Protection Event Date: 7/4/17
Protection Event Time: 9:40 PM
Log File: 
Administrator: Yes
 
-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2291
License: Trial
 
-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: System
 
-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0
 
-Website Data-
Domain: addonmonetiz.top
IP Address: 104.31.65.101
Port: [49449]
Type: Outbound
File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
 
(end)

 



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:08 AM

Posted 04 July 2017 - 04:59 PM

Thank you llona.

Log out of the BleepingComputer site then log back in. See if you get ads.

Please do this.

===================================================

Launching Chrome Without Plugins or Extensions

--------------------
  • Go into your Chrome Settings and disconnect from Sync
  • Close the Chrome Browser
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type in chrome --disable-extensions and press Enter
  • Check the browser behavior
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 shainess

shainess
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  

Posted 04 July 2017 - 11:00 PM

Sorry Gary I kinda fell asleep there! I also have to apologize because when I fell asleep, somehow my MalwareBytes had started a scan on its own and when I woke up there was a report? MalwareBytes found two threats, put them in quarantine and this happened before I could try if disabling extensions would work.

 

But I still tested out Google Chrome without and with disabling extensions after these two threats were placed in quarantine. Both results didn't give me anymore pop-up ads, but I'm not sure if they'll return once I restart my laptop. Should I do that?

 

Also I'll copy paste mystery report below, I'm kind of confused HOW it happened and I apologize if it caused any problems!

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 7/5/17
Scan Time: 2:00 AM
Log File: 
Administrator: Yes
 
-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2292
License: Trial
 
-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: System
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 426241
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 54 min, 35 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 1
Adware.Ghokswa.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{A0EF2136-751E-49D4-BF8D-AE05BD35186D}, Delete-on-Reboot, [872], [413111],1.0.2292
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 1
Adware.Agent.E, C:\WINDOWS\SYSTEM32\R6LSTMP4.DAT, Delete-on-Reboot, [4261], [412507],1.0.2292
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:08 AM

Posted 05 July 2017 - 09:39 AM

No problem at all.

I would like to monitor your computer and while doing so take these steps.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 shainess

shainess
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  

Posted 06 July 2017 - 01:16 AM

Thanks for waiting, I'm finally back after 10 hours and here are the results! My computer hasn't shown any pop-up ads for a while now and works faster than it did when the malwares were more present. I still haven't tried restarting my laptop though.
 
ESET.txt
 
C:\AdwCleaner\quarantine\files\jmyygeffyectbhdafbixwdmipooyqcul\rzf.8v0 a variant of Win32/Adware.ELEX.NL application cleaned by deleting
C:\FRST\Quarantine\C\Users\Ilona\AppData\Local\SNARE\Snare.dll a variant of Win64/Snarasite.A trojan cleaned by deleting
C:\Users\Ilona\AppData\LocalLow\Sun\Java\jre1.7.0_71\java_sp.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\Users\Ilona\AppData\LocalLow\Sun\Java\jre1.8.0_31\java_sp.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\Windows\Installer\43de892.msi multiple threats deleted
 
Security Check
 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 131  
 Java version 32-bit out of Date! 
 Adobe Flash Player 26.0.0.131  
 Mozilla Firefox (49.0.2) 
 Google Chrome (59.0.3071.115) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamtray.exe  
 Windows Defender MpCmdRun.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 

 



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:08 AM

Posted 06 July 2017 - 08:34 AM

Please restart and let me know what happens.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 shainess

shainess
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  

Posted 06 July 2017 - 10:06 AM

Good news Gary! The pop-up ads didn't come back!

Thank you so much for helping me so far.

 

What do I do next?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users