Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

some programs dosnt work cant detect virus or trojan


  • This topic is locked This topic is locked
17 replies to this topic

#1 yoelr

yoelr

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 14 August 2017 - 12:59 AM

why i think its a Trojan? superantispywhere detected 

Trojan.Agent/Gen-MulDrop

it suposdly removed it with a few hundred coockie files...

 

after that melwerbyts or sas didnt detect anything (exept for more cookies...).

 

avest didnt find anything.

 

since yeserday some programs stoped working like eclipse(crushes after few actions) and langover 5 (but both work fine in safe mode).

also premmitions were changed all over my computer. and i cant open imeges using windows media viewer.

 

also everything became slow outside of safe mode.

 

what sort of scans do you want me to do? with what softwere?

 

(can i send the results as pastebin links?).

 

the combofix logfile:

https://pastebin.com/CcC6pFc5

 

hijackthis logfile:

 

https://pastebin.com/ptZuRFEj

 

thank you for your help. 


Edited by yoelr, 14 August 2017 - 03:33 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:24 AM

Posted 15 August 2017 - 02:28 PM

Greetings yoelr and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your Desktop. <<< Important
  • Right click on the icon and select Rename
  • Rename the icon frstenglish.exe or frst64english.exe depending on your operating system
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 yoelr

yoelr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 15 August 2017 - 03:51 PM

thank you for your fast response and help.

 

i placed both files on pastbin for your continence (pasting itt all here will be so messy).

 

FRST:

 

https://pastebin.com/WLp47633

 

addition:

 

https://pastebin.com/iVMKudiy

 

again thank you for youre help i read all you wrote and will follow your instruction .

you may call me yoel.


Edited by yoelr, 15 August 2017 - 03:53 PM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:24 AM

Posted 15 August 2017 - 05:28 PM

Greetings Yoel.

Please copy and paste the reports in your reply.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 yoelr

yoelr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 15 August 2017 - 06:16 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-08-2017 01
Ran by -bora (administrator) on -BORA-PC (15-08-2017 23:39:35)
Running from C:\Users\-bora\Downloads
Loaded Profiles: -bora (Available Profiles: -bora)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: עברית (ישראל)‏
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Apache Software Foundation) C:\Bitnami\WAMPST~1.30-\apache2\bin\httpd.exe
() C:\Bitnami\wampstack-5.6.30-0\mysql\bin\mysqld.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apache Software Foundation) C:\Bitnami\WAMPST~1.30-\apache2\bin\httpd.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Sysinternals - www.sysinternals.com) C:\Users\-bora\Desktop\softwere\procexp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(dotPDN LLC) C:\Program Files\paint.net\PaintDotNet.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\-bora\Downloads\frstenglish.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicy: Restriction - Chrome <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.100.102.1
Tcpip\..\Interfaces\{65B0AB8E-A9D2-4467-9DEF-9E468AFA2B6F}: [DhcpNameServer] 10.100.102.1
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-124123957-3465755313-2965481238-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-124123957-3465755313-2965481238-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES007&pc=UE06
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-12-22] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-22] (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
 
FireFox:
========
FF DefaultProfile: m2mhjriz.default
FF ProfilePath: C:\Users\-bora\AppData\Roaming\Mozilla\Firefox\Profiles\m2mhjriz.default [2017-08-15]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon => not found
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-08] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-08] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)
 
Chrome: 
=======
CHR Profile: C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default [2017-08-15]
CHR Extension: (Google מצגות) - C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-21]
CHR Extension: (Google Docs) - C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-21]
CHR Extension: (כונן Google) - C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-21]
CHR Extension: (YouTube) - C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-21]
CHR Extension: (Session Buddy) - C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2017-07-03]
CHR Extension: (Google Sheets) - C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-21]
CHR Extension: (Google Docs Offline) - C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-22]
CHR Extension: (AdBlock) - C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-06]
CHR Extension: (Video Downloader GetThemAll) - C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2017-08-14]
CHR Extension: (Ears: Bass Boost, EQ Any Audio!) - C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfdfiepdkbnoanddpianalelglmfooik [2017-01-24]
CHR Extension: (Adblocker for Youtube™) - C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgokgcnplbfnkjpejjgafogeecgaini [2017-08-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-27]
CHR Extension: (Gmail) - C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-21]
CHR Extension: (Chrome Media Router) - C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-09]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-01-31] (SUPERAntiSpyware.com)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
S3 VSStandardCollectorService140; C:\Program Files\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [86760 2016-09-06] (Microsoft Corporation)
R2 wampstackApache; C:\Bitnami\WAMPST~1.30-\apache2\bin\httpd.exe [23040 2016-07-07] (Apache Software Foundation) [File not signed]
R2 wampstackMySQL; C:\Bitnami\wampstack-5.6.30-0\mysql\bin\mysqld.exe [11088384 2016-11-28] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 osppsvc; "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [239168 2016-12-21] (DT Soft Ltd)
R3 ETDSMBus; C:\Windows\System32\DRIVERS\ETDSMBus.sys [28744 2017-08-02] (ELAN Microelectronic Corp.)
R2 giveio; C:\Windows\system32\giveio.sys [5248 1996-04-03] () [File not signed]
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2017-01-06] (REALiX™)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x86.sys [110280 2017-08-02] (Qualcomm Atheros Co., Ltd.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [221600 2017-08-15] (Malwarebytes)
R3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [308192 2017-08-02] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 speedfan; C:\Windows\system32\speedfan.sys [24184 2012-12-29] (Almico Software)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-15 23:39 - 2017-08-15 23:39 - 000012215 _____ C:\Users\-bora\Downloads\FRST.txt
2017-08-15 23:39 - 2017-08-15 23:39 - 000000000 ____D C:\FRST
2017-08-15 23:38 - 2017-08-15 23:38 - 001792512 _____ (Farbar) C:\Users\-bora\Downloads\frstenglish.exe
2017-08-15 20:23 - 2017-08-15 20:21 - 007659720 _____ (Tim Kosse) C:\Users\-bora\Downloads\FileZilla_3.27.1_win32-setup.exe
2017-08-15 20:20 - 2017-08-15 20:20 - 000230706 _____ C:\Users\-bora\Downloads\optimizilla (4).zip
2017-08-15 19:57 - 2017-08-15 20:02 - 170218995 _____ C:\Users\-bora\Downloads\6026442_hd.mp4
2017-08-15 02:22 - 2017-08-15 02:55 - 000000000 ____D C:\Users\-bora\Doctor Web
2017-08-15 02:22 - 2017-08-15 02:22 - 000000000 ____D C:\ProgramData\Doctor Web
2017-08-15 00:47 - 2017-08-15 01:04 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-08-15 00:46 - 2017-08-15 01:04 - 000000000 ____D C:\Users\-bora\Desktop\mbar
2017-08-15 00:45 - 2017-08-15 00:46 - 016563352 _____ (Malwarebytes Corp.) C:\Users\-bora\Downloads\mbar-1.09.3.1001.exe
2017-08-14 23:26 - 2017-08-14 23:28 - 156594936 _____ C:\Users\-bora\Downloads\2fsny9cl.exe
2017-08-14 23:01 - 2017-08-14 23:01 - 000019473 _____ C:\ComboFix.txt
2017-08-14 22:48 - 2017-08-14 23:01 - 000000000 ____D C:\Qoobox
2017-08-14 22:48 - 2017-08-14 23:00 - 000000000 ____D C:\Windows\erdnt
2017-08-14 22:48 - 2011-06-26 09:45 - 000256000 _____ C:\Windows\PEV.exe
2017-08-14 22:48 - 2010-11-07 20:20 - 000208896 _____ C:\Windows\MBR.exe
2017-08-14 22:48 - 2009-04-20 07:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-08-14 22:48 - 2000-08-31 03:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-08-14 22:48 - 2000-08-31 03:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-08-14 22:48 - 2000-08-31 03:00 - 000098816 _____ C:\Windows\sed.exe
2017-08-14 22:48 - 2000-08-31 03:00 - 000080412 _____ C:\Windows\grep.exe
2017-08-14 22:48 - 2000-08-31 03:00 - 000068096 _____ C:\Windows\zip.exe
2017-08-14 22:47 - 2017-08-14 22:47 - 005659788 ____R (Swearware) C:\Users\-bora\Downloads\ComboFix.exe
2017-08-14 21:37 - 2017-07-01 18:35 - 000001688 _____ C:\Windows\system32\Drivers\etc\hosts.20170814-213755.backup
2017-08-14 19:52 - 2017-08-14 19:52 - 001931969 _____ C:\Users\-bora\Downloads\ProcessExplorer.zip
2017-08-14 16:34 - 2017-08-14 16:34 - 000000000 ____D C:\Users\-bora\Documents\ProcAlyzer Dumps
2017-08-14 16:33 - 2017-08-14 23:07 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-08-14 16:33 - 2017-08-14 16:35 - 000000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2017-08-14 16:33 - 2017-08-14 16:33 - 000002131 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-08-14 16:33 - 2017-08-14 16:33 - 000002119 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-08-14 16:33 - 2017-08-14 16:33 - 000000644 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2017-08-14 16:33 - 2017-08-14 16:33 - 000000616 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2017-08-14 16:33 - 2017-08-14 16:33 - 000000446 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2017-08-14 16:33 - 2017-08-14 16:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-08-14 16:33 - 2017-05-23 09:22 - 000030128 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean.exe
2017-08-14 16:26 - 2017-08-14 16:29 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\-bora\Downloads\spybotsd-2.6.46.exe
2017-08-14 16:18 - 2017-08-14 16:18 - 208700680 _____ C:\Users\-bora\Downloads\httpsestream.toembed-oumhk80uzpwx.html.mp4
2017-08-14 16:09 - 2017-08-14 16:09 - 000042332 _____ C:\Users\-bora\Downloads\index-v1-a1.m3u8
2017-08-14 16:04 - 2017-08-14 16:04 - 000000008 _____ C:\Users\-bora\Downloads\v.mp4
2017-08-14 16:04 - 2017-08-14 16:04 - 000000008 _____ C:\Users\-bora\Downloads\v (1).mp4
2017-08-14 15:29 - 2017-08-14 15:29 - 000000292 _____ C:\Windows\Tasks\Driver Booster Scheduler.job
2017-08-14 15:29 - 2017-08-14 15:29 - 000000248 _____ C:\Windows\Tasks\Driver Booster SkipUAC (-bora).job
2017-08-14 15:29 - 2017-08-14 15:29 - 000000000 ____D C:\ProgramData\ProductData
2017-08-14 09:36 - 2017-08-14 09:38 - 148682520 _____ (Microsoft Corporation) C:\Users\-bora\Downloads\msert.exe
2017-08-14 07:45 - 2017-08-14 07:45 - 000000000 ____D C:\Users\-bora\AppData\Local\ElevatedDiagnostics
2017-08-14 06:15 - 2017-08-15 09:18 - 000344874 _____ C:\Windows\ntbtlog.txt
2017-08-14 01:01 - 2017-08-14 01:01 - 000000000 ____D C:\Users\-bora\AppData\Roaming\SUPERAntiSpyware.com
2017-08-14 00:59 - 2017-08-14 02:05 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2017-08-14 00:59 - 2017-08-14 00:59 - 000001961 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-08-14 00:59 - 2017-08-14 00:59 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-08-14 00:59 - 2017-08-14 00:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-08-14 00:58 - 2017-08-14 00:59 - 030435656 _____ (SUPERAntiSpyware) C:\Users\-bora\Downloads\SUPERAntiSpyware.exe
2017-08-14 00:56 - 2017-08-14 00:56 - 000005457 _____ C:\Users\-bora\Desktop\JRT.txt
2017-08-14 00:53 - 2017-08-14 00:53 - 001790024 _____ (Malwarebytes) C:\Users\-bora\Downloads\JRT.exe
2017-08-13 22:29 - 2017-08-13 22:30 - 048699256 _____ C:\Users\-bora\Downloads\eclipse-inst-win32.exe
2017-08-13 19:33 - 2017-08-13 19:33 - 000000000 ___RD C:\Program Files\Skype
2017-08-13 19:33 - 2017-08-13 19:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-08-13 19:33 - 2017-08-13 19:33 - 000000000 ____D C:\Program Files\Common Files\Skype
2017-08-13 19:25 - 2017-08-13 19:25 - 000000000 ____D C:\$AV_ASW
2017-08-13 19:22 - 2017-08-13 19:22 - 000000000 ____D C:\Users\-bora\AppData\Local\CEF
2017-08-13 19:21 - 2017-08-13 19:21 - 000921280 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
2017-08-13 19:18 - 2017-08-13 20:26 - 000000000 ____D C:\ProgramData\AVAST Software
2017-08-13 19:18 - 2017-08-13 19:18 - 006948656 _____ (AVAST Software) C:\Users\-bora\Downloads\avast_free_antivirus_setup_online.exe
2017-08-13 19:10 - 2017-08-13 19:10 - 000000000 ____D C:\ProgramData\CheckPoint
2017-08-13 18:58 - 2017-08-13 20:26 - 000000000 ____D C:\Users\-bora\AppData\Local\FSDART
2017-08-13 18:58 - 2017-08-13 18:58 - 000000000 ____D C:\ProgramData\F-Secure
2017-08-13 18:08 - 2017-08-13 18:19 - 000388608 _____ (Trend Micro Inc.) C:\Users\-bora\Downloads\HijackThis.exe
2017-08-12 19:08 - 2017-08-12 19:08 - 001067259 _____ C:\Users\-bora\Downloads\20824bff-95bc-4bb2-ac56-deab3600c17b.tmp
2017-08-12 19:08 - 2017-08-12 19:08 - 000948078 _____ C:\Users\-bora\Downloads\80e8a044-6197-4aa0-a639-d4e223d4fa1b.tmp
2017-08-12 19:07 - 2017-08-12 19:08 - 000962983 _____ C:\Users\-bora\Downloads\8dbb940b-f984-4083-ac47-0d5e95538997.tmp
2017-08-12 19:07 - 2017-08-12 19:08 - 000860267 _____ C:\Users\-bora\Downloads\9b97e86f-eee7-4a0b-9a3d-1a2b60264e4b.tmp
2017-08-12 19:07 - 2017-08-12 19:07 - 000000000 _____ C:\Users\-bora\Downloads\f3966518-cf94-47b1-9aa6-6ce6dc4df4e7.tmp
2017-08-12 19:07 - 2017-08-12 19:07 - 000000000 _____ C:\Users\-bora\Downloads\f033e430-1c98-475e-b107-b45e40047ac5.tmp
2017-08-12 19:07 - 2017-08-12 19:07 - 000000000 _____ C:\Users\-bora\Downloads\d72c4e42-6f10-4ef9-98ce-bd1c67c10e4e.tmp
2017-08-12 19:07 - 2017-08-12 19:07 - 000000000 _____ C:\Users\-bora\Downloads\4f05b336-63bf-4e87-8f02-10ed03cc327a.tmp
2017-08-12 02:33 - 2017-08-12 02:34 - 000115925 _____ C:\Users\-bora\Downloads\optimizilla (3).zip
2017-08-11 23:09 - 2017-08-11 23:11 - 023846912 _____ C:\Users\-bora\Downloads\TexturePacker-4.4.0-x86.msi
2017-08-11 20:10 - 2017-08-11 20:28 - 000952360 _____ C:\Users\-bora\Downloads\xvideos.com_f6c638555f2797240d9dbeb602b6dd91.mp4.sfk
2017-08-11 19:37 - 2017-08-11 19:37 - 003365141 _____ C:\Users\-bora\Downloads\blank_project.zip
2017-08-11 19:16 - 2017-08-15 19:47 - 000009274 _____ C:\Users\-bora\Desktop\y_engine.jar
2017-08-11 13:04 - 2017-08-11 13:04 - 006459716 _____ C:\Users\-bora\Downloads\CHOICES_a.m4v
2017-08-11 03:01 - 2017-08-11 03:01 - 000010151 _____ C:\Users\-bora\Downloads\BeepBox-Song.json
2017-08-11 02:57 - 2017-08-11 02:57 - 004485164 _____ C:\Users\-bora\Downloads\BeepBox-Song.wav
2017-08-10 18:00 - 2017-08-10 19:32 - 000999456 _____ C:\Users\-bora\Downloads\473367.mp4.sfk
2017-08-10 16:44 - 2017-08-10 16:44 - 000003415 _____ C:\Users\-bora\Downloads\zachwlewis-FlashPunk-Platform-Tutorial-episode12-0-gd08a815.zip
2017-08-09 20:00 - 2017-08-09 20:00 - 000135170 _____ C:\Users\-bora\Downloads\1743069720.pdf
2017-08-09 14:53 - 2017-08-09 14:57 - 000000000 ____D C:\Users\-bora\AppData\Roaming\audacity
2017-08-09 14:53 - 2017-08-09 14:53 - 000000000 ____D C:\Users\-bora\AppData\Local\Audacity
2017-08-09 14:50 - 2017-07-29 17:50 - 000074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-08-09 14:50 - 2017-07-21 17:26 - 000518144 _____ C:\Windows\system32\msjetoledb40.dll
2017-08-09 14:50 - 2017-07-21 17:26 - 000409600 _____ (Microsoft Corporation) C:\Windows\system32\msexch40.dll
2017-08-09 14:50 - 2017-07-21 17:26 - 000290816 _____ (Microsoft Corporation) C:\Windows\system32\msjtes40.dll
2017-08-09 14:50 - 2017-07-21 17:26 - 000282624 _____ (Microsoft Corporation) C:\Windows\system32\mstext40.dll
2017-08-09 14:50 - 2017-07-15 20:52 - 000346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-08-09 14:50 - 2017-07-14 18:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-08-09 14:50 - 2017-07-14 18:10 - 001400320 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-08-09 14:50 - 2017-07-14 18:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-08-09 14:50 - 2017-07-14 18:10 - 000666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-08-09 14:50 - 2017-07-14 18:10 - 000382976 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2017-08-09 14:50 - 2017-07-14 18:10 - 000337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-08-09 14:50 - 2017-07-14 18:10 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-08-09 14:50 - 2017-07-14 18:10 - 000104448 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-08-09 14:50 - 2017-07-14 18:10 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-08-09 14:50 - 2017-07-14 18:10 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-08-09 14:50 - 2017-07-14 18:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-08-09 14:50 - 2017-07-14 18:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-08-09 14:50 - 2017-07-14 17:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-08-09 14:50 - 2017-07-14 17:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-08-09 14:50 - 2017-07-14 17:50 - 000054272 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2017-08-09 14:50 - 2017-07-14 17:50 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2017-08-09 14:50 - 2017-07-14 06:01 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-08-09 14:50 - 2017-07-14 06:00 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-08-09 14:50 - 2017-07-14 05:54 - 020270080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-08-09 14:50 - 2017-07-14 05:48 - 000499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-08-09 14:50 - 2017-07-14 05:48 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-08-09 14:50 - 2017-07-14 05:48 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-08-09 14:50 - 2017-07-14 05:48 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-08-09 14:50 - 2017-07-14 05:47 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-08-09 14:50 - 2017-07-14 05:44 - 002290176 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-08-09 14:50 - 2017-07-14 05:42 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-08-09 14:50 - 2017-07-14 05:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-08-09 14:50 - 2017-07-14 05:39 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-08-09 14:50 - 2017-07-14 05:38 - 000663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-08-09 14:50 - 2017-07-14 05:38 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-08-09 14:50 - 2017-07-14 05:38 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-08-09 14:50 - 2017-07-14 05:38 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-08-09 14:50 - 2017-07-14 05:33 - 000667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-08-09 14:50 - 2017-07-14 05:30 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-08-09 14:50 - 2017-07-14 05:26 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-08-09 14:50 - 2017-07-14 05:25 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-08-09 14:50 - 2017-07-14 05:25 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-08-09 14:50 - 2017-07-14 05:23 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-08-09 14:50 - 2017-07-14 05:22 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-08-09 14:50 - 2017-07-14 05:21 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-08-09 14:50 - 2017-07-14 05:20 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-08-09 14:50 - 2017-07-14 05:17 - 004546048 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-08-09 14:50 - 2017-07-14 05:13 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-08-09 14:50 - 2017-07-14 05:12 - 000693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-08-09 14:50 - 2017-07-14 05:12 - 000689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-08-09 14:50 - 2017-07-14 05:11 - 002057216 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-08-09 14:50 - 2017-07-14 05:11 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-08-09 14:50 - 2017-07-14 05:09 - 013663744 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-08-09 14:50 - 2017-07-14 04:53 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-08-09 14:50 - 2017-07-14 04:50 - 001314816 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-08-09 14:50 - 2017-07-14 04:48 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-08-09 14:50 - 2017-07-08 18:19 - 000250600 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-08-09 14:50 - 2017-07-08 17:51 - 002402816 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-08-09 14:50 - 2017-07-07 18:15 - 004001000 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2017-08-09 14:50 - 2017-07-07 18:15 - 003945192 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-08-09 14:50 - 2017-07-07 18:15 - 000296680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
2017-08-09 14:50 - 2017-07-07 18:15 - 000137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-08-09 14:50 - 2017-07-07 18:15 - 000067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-08-09 14:50 - 2017-07-07 18:13 - 001310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-08-09 14:50 - 2017-07-07 18:11 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-08-09 14:50 - 2017-07-07 18:11 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-08-09 14:50 - 2017-07-07 18:11 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-08-09 14:50 - 2017-07-07 18:11 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-08-09 14:50 - 2017-07-07 18:11 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-08-09 14:50 - 2017-07-07 18:11 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-08-09 14:50 - 2017-07-07 18:11 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-08-09 14:50 - 2017-07-07 18:11 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-08-09 14:50 - 2017-07-07 18:11 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-08-09 14:50 - 2017-07-07 18:11 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-08-09 14:50 - 2017-07-07 18:11 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-08-09 14:50 - 2017-07-07 18:11 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-08-09 14:50 - 2017-07-07 18:11 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-08-09 14:50 - 2017-07-07 18:10 - 001062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-08-09 14:50 - 2017-07-07 18:10 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-08-09 14:50 - 2017-07-07 18:10 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-08-09 14:50 - 2017-07-07 18:10 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-08-09 14:50 - 2017-07-07 18:10 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-08-09 14:50 - 2017-07-07 18:10 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-08-09 14:50 - 2017-07-07 18:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-08-09 14:50 - 2017-07-07 18:10 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-08-09 14:50 - 2017-07-07 18:10 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-08-09 14:50 - 2017-07-07 18:10 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-08-09 14:50 - 2017-07-07 18:10 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-08-09 14:50 - 2017-07-07 17:52 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-08-09 14:50 - 2017-07-07 17:52 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-08-09 14:50 - 2017-07-07 17:52 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-08-09 14:50 - 2017-07-07 17:52 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-08-09 14:50 - 2017-07-07 17:51 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-08-09 14:50 - 2017-07-07 17:50 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-08-09 14:50 - 2017-07-07 17:48 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-08-09 14:50 - 2017-07-07 17:48 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-08-09 14:50 - 2017-07-07 17:48 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-08-09 14:50 - 2017-07-07 17:47 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-08-09 14:50 - 2017-07-07 17:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-08-09 14:50 - 2017-07-07 17:47 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-08-09 14:50 - 2017-07-07 17:47 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-08-09 14:50 - 2017-07-01 16:05 - 001311744 _____ (Microsoft Corporation) C:\Windows\system32\msjet40.dll
2017-08-09 14:50 - 2017-07-01 16:05 - 000866816 _____ (Microsoft Corporation) C:\Windows\system32\mswdat10.dll
2017-08-09 14:50 - 2017-07-01 16:05 - 000641536 _____ (Microsoft Corporation) C:\Windows\system32\mswstr10.dll
2017-08-09 14:50 - 2017-07-01 16:05 - 000616448 _____ (Microsoft Corporation) C:\Windows\system32\msrepl40.dll
2017-08-09 14:50 - 2017-07-01 16:05 - 000475648 _____ (Microsoft Corporation) C:\Windows\system32\msxbde40.dll
2017-08-09 14:50 - 2017-07-01 16:05 - 000375808 _____ (Microsoft Corporation) C:\Windows\system32\mspbde40.dll
2017-08-09 14:50 - 2017-07-01 16:05 - 000343552 _____ (Microsoft Corporation) C:\Windows\system32\msrd3x40.dll
2017-08-09 14:50 - 2017-07-01 16:05 - 000339968 _____ (Microsoft Corporation) C:\Windows\system32\msexcl40.dll
2017-08-09 14:50 - 2017-07-01 16:05 - 000310272 _____ (Microsoft Corporation) C:\Windows\system32\msrd2x40.dll
2017-08-09 14:50 - 2017-07-01 16:05 - 000240640 _____ (Microsoft Corporation) C:\Windows\system32\msltus40.dll
2017-08-09 14:50 - 2017-07-01 16:05 - 000144896 _____ (Microsoft Corporation) C:\Windows\system32\msjint40.dll
2017-08-09 14:50 - 2017-07-01 16:05 - 000083968 _____ (Microsoft Corporation) C:\Windows\system32\msjter40.dll
2017-08-08 23:38 - 2017-08-12 02:04 - 000005488 _____ C:\Users\-bora\Downloads\CHOICES_a.m4v.sfk
2017-08-08 20:53 - 2017-08-08 20:55 - 001174664 _____ C:\Users\-bora\Downloads\xvideos.com_c05cc969a292d1163ac8d9c1d1da5633.mp4.sfk
2017-08-08 19:50 - 2017-08-08 19:50 - 000000672 _____ C:\Users\-bora\Downloads\jacksmith_backup_1.papa
2017-08-07 20:49 - 2017-08-07 20:50 - 061971801 _____ C:\Users\-bora\Downloads\https---openload.co-embed-Aacc8gqkqWc-[via torchbrowser.com].aac
2017-08-07 20:40 - 2017-08-07 20:49 - 402853333 _____ C:\Users\-bora\Downloads\https---openload.co-embed-Aacc8gqkqWc-[via torchbrowser.com].mp4
2017-08-06 20:30 - 2017-08-06 20:30 - 000132100 _____ C:\Users\-bora\Downloads\optimizilla (2).zip
2017-08-06 15:58 - 2017-08-06 15:58 - 027453061 _____ C:\Users\-bora\Downloads\oh_PMeyetv.zip
2017-08-06 03:05 - 2017-08-06 03:05 - 001202160 _____ (Adobe Systems Incorporated) C:\Users\-bora\Downloads\flashplayer26pp_xa_install.exe
2017-08-05 19:39 - 2017-08-05 19:39 - 000155289 _____ C:\Users\-bora\Downloads\babefox-4.jpeg
2017-08-05 18:37 - 2017-08-05 18:37 - 000193235 _____ C:\Users\-bora\Downloads\optimizilla (1).zip
2017-08-05 16:15 - 2017-08-05 16:15 - 000777276 _____ C:\Users\-bora\Downloads\highlight.zip
2017-08-05 15:38 - 2017-08-05 15:38 - 000258595 _____ C:\Users\-bora\Downloads\ebook.zip
2017-08-05 15:36 - 2017-08-05 15:36 - 000000000 ____D C:\Users\-bora\AppData\Roaming\MiKTeX
2017-08-05 14:56 - 2017-08-05 14:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9
2017-08-05 14:53 - 2017-08-05 14:53 - 000000000 ____D C:\Users\-bora\AppData\Local\MiKTeX
2017-08-05 14:53 - 2017-08-05 14:53 - 000000000 ____D C:\ProgramData\MiKTeX
2017-08-05 14:51 - 2017-08-05 14:52 - 000000000 ____D C:\Program Files\MiKTeX 2.9
2017-08-05 14:49 - 2017-08-06 01:28 - 000000000 ____D C:\Users\-bora\AppData\Roaming\TeXstudio
2017-08-05 14:49 - 2017-08-05 14:49 - 000000989 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeXstudio.lnk
2017-08-05 14:49 - 2017-08-05 14:49 - 000000000 ____D C:\Program Files\TeXstudio
2017-08-05 14:47 - 2017-08-05 14:47 - 033390184 _____ (Benito van der Zander ) C:\Users\-bora\Downloads\texstudio-2.12.6-win-qt5.9.1.exe
2017-08-05 01:06 - 2017-08-05 01:08 - 187743496 _____ (MiKTeX.org) C:\Users\-bora\Downloads\basic-miktex-2.9.6361.exe
2017-08-04 20:40 - 2017-08-04 20:40 - 005785814 _____ C:\Users\-bora\Downloads\Ebooks-the-Smart-Way_2nd-Edition.pdf
2017-08-04 20:40 - 2017-08-04 20:40 - 001117945 _____ C:\Users\-bora\Downloads\Affiliate-Marketing-the-Smart-Way_2nd-Edition.pdf
2017-08-04 18:44 - 2017-08-04 18:45 - 000708974 _____ C:\Users\-bora\Downloads\si-captcha-for-wordpress.3.0.2.zip
2017-08-04 01:26 - 2017-08-04 01:46 - 000000728 _____ C:\Users\-bora\Documents\Default.sfvidcap
2017-08-03 23:04 - 2017-08-03 23:05 - 003694521 _____ C:\Users\-bora\Downloads\yoel-html5-game-engine-tutorials-master.zip
2017-08-03 21:46 - 2017-08-03 21:46 - 018558575 _____ C:\Users\-bora\Downloads\GettingStarted07-master.zip
2017-08-03 20:05 - 2017-08-03 20:05 - 000115218 _____ C:\Users\-bora\Downloads\optimizilla.zip
2017-08-03 16:29 - 2017-08-03 16:30 - 012878251 _____ C:\Users\-bora\Downloads\4075487.mp4
2017-08-03 16:27 - 2017-08-03 16:28 - 010012448 _____ C:\Users\-bora\Downloads\4075487.mp4.crdownload
2017-08-03 01:32 - 2017-08-03 01:32 - 001172606 _____ C:\Users\-bora\Downloads\custom-banners.zip
2017-08-02 22:14 - 2017-08-02 22:14 - 005189869 _____ C:\Users\-bora\Downloads\js_composer.zip
2017-08-02 22:12 - 2017-08-02 22:14 - 000000000 ____D C:\Users\-bora\Downloads\js_composer
2017-08-02 21:33 - 2017-08-02 21:33 - 000000000 ____D C:\Users\-bora\AppData\Roaming\Corona Labs
2017-08-02 21:33 - 2017-08-02 21:33 - 000000000 ____D C:\Users\-bora\AppData\Local\Corona Labs
2017-08-02 21:29 - 2017-08-02 21:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corona SDK
2017-08-02 21:29 - 2017-08-02 21:29 - 000000000 ____D C:\Program Files\Corona Labs
2017-08-02 21:22 - 2017-08-02 21:24 - 064888832 _____ C:\Users\-bora\Downloads\CoronaSDK-2017.3068.msi
2017-08-02 16:27 - 2017-08-02 16:27 - 000020079 _____ C:\Users\-bora\Downloads\downloadFrom (1).htm
2017-08-02 16:24 - 2017-08-02 16:27 - 025505154 _____ C:\Users\-bora\Downloads\1008729.mp4.crdownload
2017-08-02 15:23 - 2017-08-02 15:23 - 000000000 ____D C:\Windows\system32\sda
2017-08-02 15:22 - 2017-08-02 15:22 - 009890816 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RsCRIcon.dll
2017-08-02 15:22 - 2017-08-02 15:22 - 003570176 _____ (Realtek Semiconductor Corp.) C:\Windows\RtCRU32.exe
2017-08-02 15:22 - 2017-08-02 15:22 - 000308192 _____ (Realsil Semiconductor Corporation) C:\Windows\system32\Drivers\RtsUer.sys
2017-08-02 15:22 - 2017-08-02 15:22 - 000074752 _____ (Realtek Semiconductor.) C:\Windows\system32\RtCRX.dll
2017-08-02 15:17 - 2017-08-02 15:17 - 000110280 _____ (Qualcomm Atheros Co., Ltd.) C:\Windows\system32\Drivers\L1C62x86.sys
2017-08-02 15:16 - 2017-08-02 15:16 - 013913600 _____ C:\Windows\system32\ig4icd32.dll
2017-08-02 15:16 - 2017-08-02 15:16 - 010861056 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd32.sys
2017-08-02 15:16 - 2017-08-02 15:16 - 008196080 _____ (Intel® Corporation) C:\Windows\system32\TVWSetup.exe
2017-08-02 15:16 - 2017-08-02 15:16 - 004701168 _____ (Intel Corporation) C:\Windows\system32\GfxUI.exe
2017-08-02 15:16 - 2017-08-02 15:16 - 002191872 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit32.dll
2017-08-02 15:16 - 2017-08-02 15:16 - 001637784 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2017-08-02 15:16 - 2017-08-02 15:16 - 000293888 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
2017-08-02 15:16 - 2017-08-02 15:16 - 000285184 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
2017-08-02 15:16 - 2017-08-02 15:16 - 000285184 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc
2017-08-02 15:16 - 2017-08-02 15:16 - 000285184 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc
2017-08-02 15:16 - 2017-08-02 15:16 - 000284672 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc
2017-08-02 15:16 - 2017-08-02 15:16 - 000284672 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc
2017-08-02 15:16 - 2017-08-02 15:16 - 000284672 _____ (Intel Corporation) C:\Windows\system32\igfxrrom.lrc
2017-08-02 15:16 - 2017-08-02 15:16 - 000284672 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc
2017-08-02 15:16 - 2017-08-02 15:16 - 000284672 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc
2017-08-02 15:16 - 2017-08-02 15:16 - 000284672 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc
2017-08-02 15:16 - 2017-08-02 15:16 - 000284672 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
2017-08-02 15:16 - 2017-08-02 15:16 - 000284672 _____ (Intel Corporation) C:\Windows\system32\igfxrhrv.lrc
2017-08-02 15:16 - 2017-08-02 15:16 - 000284672 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
2017-08-02 15:16 - 2017-08-02 15:16 - 000284672 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc
2017-08-02 15:16 - 2017-08-02 15:16 - 000284160 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc
2017-08-02 15:16 - 2017-08-02 15:16 - 000284160 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc
2017-08-02 15:16 - 2017-08-02 15:16 - 000284160 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc
2017-08-02 15:16 - 2017-08-02 15:16 - 000284160 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
2017-08-02 15:16 - 2017-08-02 15:16 - 000284160 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc
2017-08-02 15:16 - 2017-08-02 15:16 - 000284160 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc
2017-08-02 15:16 - 2017-08-02 15:16 - 000284160 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc
2017-08-02 15:16 - 2017-08-02 15:16 - 000283648 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc
2017-08-02 15:16 - 2017-08-02 15:16 - 000283648 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc
2017-08-02 15:16 - 2017-08-02 15:16 - 000283648 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc
2017-08-02 15:16 - 2017-08-02 15:16 - 000283136 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc
2017-08-02 15:16 - 2017-08-02 15:16 - 000283136 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc
2017-08-02 15:16 - 2017-08-02 15:16 - 000281600 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
2017-08-02 15:16 - 2017-08-02 15:16 - 000281088 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
2017-08-02 15:16 - 2017-08-02 15:16 - 000280576 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
2017-08-02 15:16 - 2017-08-02 15:16 - 000280576 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
2017-08-02 15:16 - 2017-08-02 15:16 - 000268272 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
2017-08-02 15:16 - 2017-08-02 15:16 - 000260608 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
2017-08-02 15:16 - 2017-08-02 15:16 - 000246784 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt32.dll
2017-08-02 15:16 - 2017-08-02 15:16 - 000189424 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2017-08-02 15:16 - 2017-08-02 15:16 - 000179184 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe
2017-08-02 15:16 - 2017-08-02 15:16 - 000178672 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe
2017-08-02 15:16 - 2017-08-02 15:16 - 000147456 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll
2017-08-02 15:16 - 2017-08-02 15:16 - 000143856 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
2017-08-02 15:16 - 2017-08-02 15:16 - 000130048 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
2017-08-02 15:16 - 2017-08-02 15:16 - 000124052 _____ C:\Windows\system32\Gfxres.en-US.resources
2017-08-02 15:16 - 2017-08-02 15:16 - 000120320 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl
2017-08-02 15:16 - 2017-08-02 15:16 - 000081920 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v2993.dll
2017-08-02 15:16 - 2017-08-02 15:16 - 000076472 _____ C:\Windows\system32\iglhxs32.vp
2017-08-02 15:16 - 2017-08-02 15:16 - 000028744 _____ (ELAN Microelectronic Corp.) C:\Windows\system32\Drivers\ETDSMBus.sys
2017-08-02 15:16 - 2017-08-02 15:16 - 000024576 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2017-08-02 15:16 - 2017-08-02 15:16 - 000004096 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll
2017-08-02 15:16 - 2017-08-02 15:16 - 000000146 _____ C:\Windows\system32\GfxUI.exe.config
2017-08-02 15:16 - 2017-08-02 15:16 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ETDSMBus_01011.Wdf
2017-08-02 15:00 - 2017-08-02 15:00 - 000132480 _____ (Intel Corporation) C:\Windows\system32\Drivers\Impcd.sys
2017-08-02 14:10 - 2017-08-02 14:11 - 008682859 _____ C:\Users\-bora\Downloads\latest_usb_driver_windows.zip
2017-08-02 14:00 - 2017-08-12 15:30 - 000000000 ____D C:\Program Files\Uni-Android Tool
2017-08-02 14:00 - 2017-08-02 14:00 - 000001073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uni-Android Tool.lnk
2017-08-02 13:59 - 2017-08-02 13:59 - 001994478 _____ C:\Users\-bora\Downloads\Uni-Android Tool V-5.0.rar
2017-07-31 20:00 - 2017-07-31 20:00 - 052709681 _____ C:\Users\-bora\Downloads\הכס[via torchbrowser.com].aac
2017-07-31 19:56 - 2017-07-31 20:00 - 233270312 _____ C:\Users\-bora\Downloads\הכס[via torchbrowser.com].mp4
2017-07-31 16:39 - 2017-07-31 16:39 - 000018454 _____ C:\Users\-bora\Desktop\Army_of_Two_Mask.pdf
2017-07-31 16:21 - 2017-07-31 16:21 - 001639944 _____ (Acro Software Inc. ) C:\Users\-bora\Downloads\CuteWriter (1).exe
2017-07-31 16:21 - 2017-05-26 06:47 - 000090096 _____ C:\Windows\system32\cpwmon2k_v32.dll
2017-07-31 16:19 - 2017-07-31 16:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pepakura Designer 4
2017-07-31 16:19 - 2017-07-31 16:19 - 000000000 ____D C:\Program Files\tamasoftware
2017-07-31 16:18 - 2017-07-31 16:19 - 015420808 _____ C:\Users\-bora\Downloads\setup_pepakura404_en.exe
2017-07-31 16:18 - 2017-07-31 16:18 - 000224613 _____ C:\Users\-bora\Downloads\Army_of_Two_Mask.pdo
2017-07-30 22:25 - 2017-07-30 22:25 - 000040900 _____ C:\Users\-bora\Downloads\CB_asian-banner-300x250_5.webp
2017-07-30 20:01 - 2017-07-30 20:01 - 000115000 _____ C:\Users\-bora\Downloads\optimizilla (12).zip
2017-07-29 23:23 - 2017-07-29 23:45 - 001115304 _____ C:\Users\-bora\Downloads\xvideos.com_f000af94c1c82bfe61cbf25243cc6867.mp4.sfk
2017-07-29 22:43 - 2017-07-29 22:48 - 000810848 _____ C:\Users\-bora\Downloads\xvideos.com_4cf853f5d19ab16d6e62225433fd36cc.mp4.sfk
2017-07-29 17:50 - 2017-07-29 17:50 - 000281983 _____ C:\Users\-bora\Downloads\optimizilla (11).zip
2017-07-27 23:21 - 2017-07-27 23:24 - 015433728 _____ C:\Users\-bora\Downloads\xvideos.com_4cf853f5d19ab16d6e62225433fd36cc.mp4.crdownload
2017-07-27 18:36 - 2017-07-27 18:36 - 000000000 ____D C:\ProgramData\Steam
2017-07-27 18:18 - 2010-06-02 04:55 - 000527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2017-07-27 18:18 - 2010-06-02 04:55 - 000239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2017-07-27 18:18 - 2010-06-02 04:55 - 000074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2017-07-27 18:18 - 2010-05-26 11:41 - 002106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2017-07-27 18:18 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2017-07-27 18:18 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2017-07-27 18:18 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2017-07-27 18:18 - 2010-05-26 11:41 - 000248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2017-07-27 18:18 - 2010-02-04 10:01 - 000528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2017-07-27 18:18 - 2010-02-04 10:01 - 000238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2017-07-27 18:18 - 2010-02-04 10:01 - 000074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2017-07-27 18:18 - 2010-02-04 10:01 - 000022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2017-07-27 18:18 - 2009-09-04 17:44 - 000515416 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2017-07-27 18:18 - 2009-09-04 17:44 - 000238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2017-07-27 18:18 - 2009-09-04 17:44 - 000069464 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2017-07-27 18:18 - 2009-09-04 17:29 - 005501792 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2017-07-27 18:18 - 2009-09-04 17:29 - 001974616 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2017-07-27 18:18 - 2009-09-04 17:29 - 001892184 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2017-07-27 18:18 - 2009-09-04 17:29 - 000453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2017-07-27 18:18 - 2009-09-04 17:29 - 000235344 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2017-07-27 18:18 - 2009-03-16 14:18 - 000517448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2017-07-27 18:18 - 2009-03-16 14:18 - 000235352 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2017-07-27 18:18 - 2009-03-16 14:18 - 000022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2017-07-27 18:18 - 2009-03-09 15:27 - 004178264 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2017-07-27 18:18 - 2009-03-09 15:27 - 001846632 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2017-07-27 18:18 - 2009-03-09 15:27 - 000453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2017-07-27 18:18 - 2008-10-27 10:04 - 000514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2017-07-27 18:18 - 2008-10-27 10:04 - 000235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2017-07-27 18:18 - 2008-10-27 10:04 - 000070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2017-07-27 18:18 - 2008-10-27 10:04 - 000023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2017-07-27 18:18 - 2008-10-15 06:22 - 004379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2017-07-27 18:18 - 2008-10-15 06:22 - 002036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2017-07-27 18:18 - 2008-07-31 10:41 - 000238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2017-07-27 18:18 - 2008-07-31 10:41 - 000068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2017-07-27 18:18 - 2008-07-31 10:40 - 000509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2017-07-27 18:18 - 2008-07-10 11:01 - 000467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2017-07-27 18:18 - 2008-07-10 11:00 - 003851784 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2017-07-27 18:18 - 2008-07-10 11:00 - 001493528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2017-07-27 18:18 - 2008-05-30 14:19 - 000507400 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2017-07-27 18:18 - 2008-05-30 14:18 - 000238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2017-07-27 18:18 - 2008-05-30 14:17 - 000065032 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2017-07-27 18:18 - 2008-05-30 14:17 - 000025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2017-07-27 18:18 - 2008-05-30 14:11 - 003850760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2017-07-27 18:18 - 2008-05-30 14:11 - 001491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2017-07-27 18:18 - 2008-05-30 14:11 - 000467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2017-07-27 18:18 - 2008-03-05 16:03 - 000479752 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2017-07-27 18:18 - 2008-03-05 16:03 - 000238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2017-07-27 18:18 - 2008-03-05 16:00 - 000025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2017-07-27 18:18 - 2008-03-05 15:56 - 003786760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2017-07-27 18:18 - 2008-03-05 15:56 - 001420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2017-07-27 18:18 - 2008-02-05 23:07 - 000462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2017-07-27 18:18 - 2007-10-22 03:39 - 000267272 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2017-07-27 18:18 - 2007-10-22 03:37 - 000017928 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2017-07-27 18:18 - 2007-10-12 15:14 - 003734536 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2017-07-27 18:18 - 2007-10-12 15:14 - 001374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2017-07-27 18:18 - 2007-10-02 09:56 - 000444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2017-07-27 18:18 - 2007-07-20 00:57 - 000267112 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2017-07-27 18:18 - 2007-07-19 18:14 - 003727720 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2017-07-27 18:18 - 2007-07-19 18:14 - 001358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2017-07-27 18:18 - 2007-07-19 18:14 - 000444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2017-07-27 18:18 - 2007-06-20 20:46 - 000266088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2017-07-27 18:18 - 2007-05-16 16:45 - 003497832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2017-07-27 18:18 - 2007-05-16 16:45 - 001124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2017-07-27 18:18 - 2007-05-16 16:45 - 000443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2017-07-27 18:18 - 2007-04-04 18:55 - 000261480 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2017-07-27 18:18 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2017-07-27 18:18 - 2007-03-15 16:57 - 000443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2017-07-27 18:18 - 2007-03-12 16:42 - 003495784 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2017-07-27 18:18 - 2007-03-12 16:42 - 001123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2017-07-27 18:18 - 2007-03-05 12:42 - 000015128 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2017-07-27 18:18 - 2007-01-24 15:27 - 000255848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2017-07-27 18:18 - 2006-12-08 12:02 - 000251672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2017-07-27 18:18 - 2006-11-29 13:06 - 003426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2017-07-27 18:18 - 2006-11-29 13:06 - 000440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2017-07-27 18:18 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2017-07-27 18:18 - 2006-09-28 16:05 - 000237848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2017-07-27 18:18 - 2006-07-28 09:30 - 000236824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2017-07-27 18:18 - 2006-07-28 09:30 - 000062744 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2017-07-27 18:18 - 2006-05-31 07:24 - 000230168 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2017-07-27 18:18 - 2006-03-31 12:40 - 002388176 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2017-07-27 18:18 - 2006-03-31 12:39 - 000229584 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2017-07-27 18:18 - 2006-03-31 12:39 - 000062672 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2017-07-27 18:18 - 2006-02-03 08:43 - 002332368 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2017-07-27 18:18 - 2006-02-03 08:42 - 000230096 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2017-07-27 18:18 - 2006-02-03 08:41 - 000014032 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2017-07-27 18:18 - 2005-12-05 18:09 - 002323664 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2017-07-27 18:18 - 2005-07-22 19:59 - 002319568 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2017-07-27 18:18 - 2005-05-26 15:34 - 002297552 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2017-07-27 18:18 - 2005-03-18 17:19 - 002337488 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2017-07-27 18:18 - 2005-02-05 19:45 - 002222800 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2017-07-27 17:51 - 2017-07-27 17:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Klei Entertainment
2017-07-27 17:46 - 2017-07-27 17:46 - 000000000 ____D C:\Program Files\Klei Entertainment
2017-07-27 16:14 - 2017-07-27 17:13 - 000000000 ____D C:\Users\-bora\Downloads\Crypt.of.the.NecroDancer.MULTi6-PROPHET
2017-07-27 15:59 - 2017-07-27 16:14 - 000000000 ____D C:\Users\-bora\AppData\LocalLow\BitTorrent
2017-07-27 15:59 - 2017-07-27 15:59 - 000029664 _____ C:\Users\-bora\Downloads\Crypt.of.the.NecroDancer.MULTi6-PROPHET-[rarbg.com].torrent
2017-07-25 19:53 - 2017-07-25 19:53 - 000126505 _____ C:\Users\-bora\Downloads\optimizilla (10).zip
2017-07-25 13:06 - 2017-07-25 13:09 - 027803064 _____ C:\Users\-bora\Downloads\3766912.flv.crdownload
2017-07-24 22:59 - 2017-07-24 23:01 - 228712099 _____ C:\Users\-bora\Downloads\sOfOwVi0g[via torchbrowser.com].mp4
2017-07-24 21:14 - 2017-07-24 21:14 - 000339505 _____ C:\Users\-bora\Downloads\Android Multi Tools v1.02b FAISAL JEE.rar
2017-07-24 16:28 - 2017-07-24 16:28 - 000117819 _____ C:\Users\-bora\Downloads\optimizilla (9).zip
2017-07-24 15:13 - 2017-07-24 15:13 - 000002248 _____ C:\Users\-bora\Downloads\Hoda_ice_cream.mov.sfk
2017-07-24 15:11 - 2017-07-24 15:11 - 001072534 _____ C:\Users\-bora\Downloads\Hoda_ice_cream.mov
2017-07-23 17:46 - 2017-07-23 17:47 - 007628896 _____ (Tim Kosse) C:\Users\-bora\Downloads\FileZilla_3.27.0.1_win32-setup.exe
2017-07-22 02:20 - 2017-07-22 02:20 - 000001520 _____ C:\Users\-bora\Downloads\20170721232041-pornhub-videos.csv
2017-07-21 14:44 - 2017-07-21 14:45 - 092645428 _____ C:\Users\-bora\Downloads\xvideos.com_bb07ef15e69b19c280e968da6bdb6689.mp4
2017-07-18 22:45 - 2017-07-18 23:10 - 509705530 _____ C:\Users\-bora\Downloads\got7e1.mp4
2017-07-18 21:05 - 2017-07-18 21:14 - 154978963 _____ C:\Users\-bora\Downloads\792661935.mp4.crdownload
2017-07-18 21:04 - 2017-07-18 21:04 - 000685228 _____ C:\Users\-bora\Downloads\dAvN8m6qykbAgFs.mkv from olam hamedia on Vimeo[via torchbrowser.com].mp4
2017-07-18 16:04 - 2017-07-18 16:05 - 000006608 _____ C:\Users\-bora\Downloads\Nathan_gif_FINAL.mov.sfk
2017-07-18 16:03 - 2017-07-18 16:03 - 008009351 _____ C:\Users\-bora\Downloads\Nathan_gif_FINAL.mov
2017-07-18 00:53 - 2017-07-18 00:53 - 002393588 _____ C:\Users\-bora\Downloads\Full Size Cricket SMG Submachine Gun Paper Model.rar
2017-07-18 00:45 - 2017-07-18 00:46 - 000414243 _____ C:\Users\-bora\Downloads\Army of Two Mask(smooth)_a1td_mks81.pdo
2017-07-17 22:28 - 2017-07-17 22:28 - 000020077 _____ C:\Users\-bora\Downloads\downloadFrom.htm
2017-07-17 22:27 - 2017-07-17 22:27 - 000213093 _____ C:\Users\-bora\Downloads\webmFlipbook_225k_847118.webm
2017-07-17 22:22 - 2017-07-17 22:26 - 289684055 _____ C:\Users\-bora\Downloads\480p_600k_2034496.mp4.crdownload
2017-07-17 22:22 - 2017-07-17 22:22 - 000013025 _____ C:\Users\-bora\Downloads\error.htm
2017-07-17 18:52 - 2017-07-17 18:55 - 018037778 _____ C:\Users\-bora\Downloads\piwik.zip
2017-07-17 17:57 - 2017-07-17 17:57 - 000000829 _____ C:\Users\-bora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2017-07-17 17:57 - 2017-07-17 17:57 - 000000781 _____ C:\Users\-bora\Desktop\Start Tor Browser.lnk
2017-07-17 17:42 - 2017-07-17 17:42 - 000000000 ____D C:\Users\-bora\Desktop\Tor Browser
2017-07-17 17:40 - 2017-07-17 17:42 - 054279480 _____ C:\Users\-bora\Downloads\torbrowser-install-7.0.2_en-US.exe
2017-07-17 14:43 - 2017-07-17 14:44 - 002382484 _____ C:\Users\-bora\Downloads\Open-Web-Analytics-1.6.0.zip
2017-07-16 17:38 - 2017-07-16 17:38 - 003064686 _____ C:\Users\-bora\Downloads\gramblr2_win32.zip
2017-07-16 17:35 - 2017-07-16 17:35 - 000188510 _____ C:\Users\-bora\Downloads\#stockphotos • Instagram photos and videos.html
2017-07-16 17:35 - 2017-07-16 17:35 - 000000000 ____D C:\Users\-bora\Downloads\#stockphotos • Instagram photos and videos_files
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-15 23:01 - 2009-07-14 07:34 - 000021056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-15 23:01 - 2009-07-14 07:34 - 000021056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-15 21:00 - 2016-12-21 17:42 - 000000000 ____D C:\Users\-bora\AppData\Roaming\vlc
2017-08-15 20:21 - 2017-06-28 18:13 - 000000000 ____D C:\Users\-bora\AppData\Roaming\FileZilla
2017-08-15 20:20 - 2017-07-10 23:05 - 000000000 ____D C:\Users\-bora\AppData\Local\Mozilla
2017-08-15 20:15 - 2017-07-11 15:17 - 000000000 ____D C:\Users\-bora\AppData\Roaming\HandBrake
2017-08-15 16:19 - 2016-12-22 16:41 - 000000000 ____D C:\Users\-bora\workspace
2017-08-15 12:18 - 2016-12-22 16:41 - 000000000 ____D C:\Users\-bora\AppData\Local\Eclipse
2017-08-15 12:18 - 2016-12-22 16:34 - 000000000 ____D C:\Users\-bora\.p2
2017-08-15 10:42 - 2016-12-21 17:53 - 000000000 ____D C:\Users\-bora\Documents\Visual Studio 2010
2017-08-15 10:00 - 2012-08-07 23:06 - 000457168 _____ C:\Windows\system32\perfh00D.dat
2017-08-15 10:00 - 2012-08-07 23:06 - 000108734 _____ C:\Windows\system32\perfc00D.dat
2017-08-15 10:00 - 2010-11-21 00:01 - 001430172 _____ C:\Windows\system32\PerfStringBackup.INI
2017-08-15 10:00 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\inf
2017-08-15 09:56 - 2017-06-27 20:54 - 000221600 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-15 09:55 - 2009-07-14 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-08-15 09:18 - 2016-12-21 13:17 - 000000000 ____D C:\Users\-bora
2017-08-15 00:47 - 2017-06-27 20:52 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-15 00:46 - 2017-06-27 20:55 - 000094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-08-14 23:23 - 2009-07-14 05:37 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-08-14 23:17 - 2017-01-30 13:32 - 000000000 ____D C:\Program Files\Microsoft Office
2017-08-14 23:16 - 2016-12-21 21:31 - 000000000 ____D C:\Program Files\Common Files\Designer
2017-08-14 23:16 - 2016-12-21 21:18 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-08-14 23:01 - 2010-11-20 23:57 - 000000000 ____D C:\Users\Administrator
2017-08-14 22:59 - 2009-07-14 05:04 - 000000215 _____ C:\Windows\system.ini
2017-08-14 21:40 - 2017-06-28 01:03 - 000000000 ____D C:\Users\-bora\AppData\Local\CrashDumps
2017-08-14 20:37 - 2016-12-21 13:18 - 000001114 _____ C:\Users\-bora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-08-14 20:36 - 2017-07-01 18:34 - 000000000 ____D C:\Program Files\KMSPico
2017-08-14 19:53 - 2016-12-21 19:18 - 000000000 ____D C:\Users\-bora\Desktop\softwere
2017-08-14 09:28 - 2017-01-30 13:16 - 000000000 ____D C:\Users\-bora\Desktop\office
2017-08-14 00:55 - 2017-07-12 16:44 - 000000000 ____D C:\Users\-bora\AppData\Local\Torch
2017-08-13 23:57 - 2016-12-22 16:35 - 000000000 ____D C:\Users\-bora\eclipse
2017-08-13 23:14 - 2016-12-22 16:39 - 000000000 ____D C:\Users\-bora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eclipse
2017-08-13 22:06 - 2017-06-27 20:50 - 000000000 ____D C:\Users\-bora\AppData\Local\paint.net
2017-08-13 20:26 - 2016-12-22 17:04 - 000000000 ____D C:\Users\-bora\AppData\Roaming\Skype
2017-08-13 20:25 - 2016-12-21 21:27 - 000000408 _____ C:\Users\-bora\AppData\Roaming\CamShapes.ini
2017-08-13 20:25 - 2016-12-21 21:27 - 000000408 _____ C:\Users\-bora\AppData\Roaming\CamLayout.ini
2017-08-13 20:25 - 2016-12-21 21:27 - 000000117 _____ C:\Users\-bora\AppData\Roaming\Camdata.ini
2017-08-13 20:07 - 2016-12-21 21:27 - 000004520 _____ C:\Users\-bora\AppData\Roaming\CamStudio.cfg
2017-08-13 20:06 - 2016-12-21 21:27 - 000000000 ____D C:\Program Files\CamStudio 2.7
2017-08-13 19:34 - 2016-12-22 17:03 - 000000000 ____D C:\ProgramData\Skype
2017-08-13 16:48 - 2017-01-16 18:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2017-08-13 16:48 - 2017-01-16 18:07 - 000000000 ____D C:\GOG Games
2017-08-13 16:48 - 2009-07-14 07:52 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-08-11 09:55 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\rescache
2017-08-10 20:09 - 2017-07-01 18:35 - 000003924 __RSH C:\ProgramData\ntuser.pol
2017-08-10 11:30 - 2009-07-14 07:33 - 000452296 _____ C:\Windows\system32\FNTCACHE.DAT
2017-08-08 22:26 - 2017-06-27 13:48 - 000000000 ____D C:\Windows\system32\Macromed
2017-08-08 11:39 - 2016-12-21 21:14 - 000002139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-08 11:39 - 2016-12-21 21:14 - 000002127 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-07 00:25 - 2017-07-10 23:17 - 000000000 ____D C:\Users\-bora\AppData\LocalLow\Mozilla
2017-08-06 03:05 - 2017-06-27 20:44 - 000000000 ____D C:\Users\-bora\AppData\Local\Adobe
2017-08-04 01:19 - 2016-12-21 13:17 - 000000000 ____D C:\Users\-bora\AppData\Local\VirtualStore
2017-08-03 15:30 - 2016-12-22 19:46 - 000004118 _____ C:\Users\-bora\AppData\Roaming\ZeroBraneStudio.ini
2017-08-02 15:16 - 2012-01-10 23:18 - 006324224 _____ (Intel Corporation) C:\Windows\system32\igdumd32.dll
2017-08-02 15:16 - 2012-01-10 23:12 - 000581120 _____ (Intel Corporation) C:\Windows\system32\igdumdx32.dll
2017-08-02 15:16 - 2012-01-10 22:55 - 007988224 _____ (Intel Corporation) C:\Windows\system32\igd10umd32.dll
2017-08-02 15:16 - 2012-01-10 22:15 - 000306688 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
2017-08-02 15:16 - 2012-01-10 22:15 - 000057856 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
2017-08-02 15:16 - 2012-01-10 22:14 - 009030656 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll
2017-08-02 15:16 - 2012-01-10 22:14 - 000096256 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll
2017-07-31 16:39 - 2017-01-22 20:50 - 000000000 ____D C:\Users\-bora\AppData\Local\CutePDF Writer
2017-07-28 20:17 - 2017-01-16 12:04 - 000000000 ____D C:\Users\-bora\Desktop\games
2017-07-27 18:24 - 2017-01-05 20:51 - 000000000 ____D C:\Users\-bora\AppData\Roaming\BitTorrent
2017-07-26 23:30 - 2017-01-05 19:23 - 000000000 ____D C:\Program Files\TeamViewer
2017-07-22 21:59 - 2016-12-21 17:25 - 000000000 ____D C:\Bitnami
2017-07-16 22:58 - 2017-06-28 18:13 - 000000000 ____D C:\Users\-bora\AppData\Local\FileZilla
2017-07-16 18:36 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\NDF
2017-07-16 17:09 - 2017-07-08 13:45 - 000000000 ____D C:\Users\-bora\Downloads\affiliate
 
==================== Files in the root of some directories =======
 
2016-12-21 21:27 - 2017-08-13 20:25 - 000000117 _____ () C:\Users\-bora\AppData\Roaming\Camdata.ini
2016-12-21 21:27 - 2017-08-13 20:25 - 000000408 _____ () C:\Users\-bora\AppData\Roaming\CamLayout.ini
2016-12-21 21:27 - 2017-08-13 20:25 - 000000408 _____ () C:\Users\-bora\AppData\Roaming\CamShapes.ini
2016-12-21 21:27 - 2017-08-13 20:07 - 000004520 _____ () C:\Users\-bora\AppData\Roaming\CamStudio.cfg
2016-12-22 19:46 - 2017-08-03 15:30 - 000004118 _____ () C:\Users\-bora\AppData\Roaming\ZeroBraneStudio.ini
2017-07-01 18:35 - 2017-07-01 18:36 - 000016176 _____ () C:\Users\-bora\AppData\Local\InstallationConfiguration.xml
2017-07-01 18:35 - 2017-07-01 18:35 - 000140800 _____ () C:\Users\-bora\AppData\Local\installer.dat
2017-07-01 18:37 - 2017-07-01 18:37 - 000018432 _____ () C:\Users\-bora\AppData\Local\Main.dat
2017-06-28 18:25 - 2017-06-28 18:25 - 000000600 _____ () C:\Users\-bora\AppData\Local\PUTTY.RND
2017-07-04 16:19 - 2017-07-04 16:19 - 000001260 _____ () C:\Users\-bora\AppData\Local\recently-used.xbel
2017-01-06 19:49 - 2017-01-06 19:49 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
 
Files to move or delete:
====================
C:\Users\-bora\tmp72B.tmp.vbs
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-08-11 09:48
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-08-2017 01
Ran by -bora (15-08-2017 23:40:28)
Running from C:\Users\-bora\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2016-12-21 10:17:41)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
-bora (S-1-5-21-124123957-3465755313-2965481238-1000 - Administrator - Enabled) => C:\Users\-bora
Administrator (S-1-5-21-124123957-3465755313-2965481238-500 - Administrator - Disabled)
Guest (S-1-5-21-124123957-3465755313-2965481238-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-124123957-3465755313-2965481238-1007 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Spybot - Search and Destroy (Disabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Active Directory Authentication Library for SQL Server (x86) (HKLM\...\{F40FA676-46B1-4609-85EF-D2F1F79E0C0E}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Adobe Flash Player 26 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.35 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)
Azure AD Authentication Connected Service (HKLM\...\{8A1AD070-269F-4A15-AAB5-76AB896EF195}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Bitnami WAMP Stack (HKLM\...\Bitnami WAMP Stack 5.6.30-0) (Version: 5.6.30-0 - Bitnami)
BitTorrent (HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\BitTorrent) (Version: 7.10.0.43917 - BitTorrent Inc.)
Blend for Visual Studio SDK for .NET 4.5 (HKLM\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
CamStudio 2.7 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source)
Corona SDK (HKLM\...\{35A09B28-BCA9-4EE7-9ABF-145231889BA6}) (Version: 17.0.3068 - Corona Labs Inc.)
Crypt of the NecroDancer (HKLM\...\Crypt of the NecroDancer_is1) (Version:  - )
CutePDF Writer 3.2 (HKLM\...\CutePDF Writer Installation) (Version:  3.2 - Acro Software Inc.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.45.1.0236 - DT Soft Ltd)
Dirrect X11Beta (HKLM\...\{AF52AC44-8AE8-44C4-83A4-F9921AB72B83}_is1) (Version:  - Creatormaster Dev)
Dotfuscator and Analytics Community Edition 5.22.0 (HKLM\...\{60018889-9E0F-43E8-9B89-29E8C828B40A}) (Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
Driver Booster 4.1 (HKLM\...\Driver Booster_is1) (Version: 4.1.0 - IObit)
EasySketchPro version 1.0.7 (HKLM\...\{90BB7D95-EBCA-4276-B15E-156F85E8B1DA}_is1) (Version: 1.0.7 - Inner Cirle Riches)
EasySketchPro3 version 3.0.0 (HKLM\...\{2C96454E-7152-449D-8FE9-4A32D2171165}_is1) (Version: 3.0.0 - My Dot Com Business)
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
FileZilla Client 3.26.2 (HKLM\...\FileZilla Client) (Version: 3.26.2 - Tim Kosse)
GimpShop 2.8 (HKLM\...\{3F1C9552-58E0-4AAC-A616-AE3A28720EC6}) (Version: 2.8 - GimpShop)
Google Chrome (HKLM\...\Google Chrome) (Version: 60.0.3112.90 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HandBrake 1.0.7 (HKLM\...\HandBrake) (Version: 1.0.7 - )
IIS 10.0 Express (HKLM\...\{61F97EA0-3E4D-47E9-90FF-B75C16735DEE}) (Version: 10.0.1736 - Microsoft Corporation)
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Inkscape 0.92.1 (HKLM\...\Inkscape) (Version: 0.92.1 - Inkscape Project)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
Java 8 Update 111 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Kingdom Rush Frontiers (HKLM\...\1195536024_is1) (Version: 2.4.0.6 - GOG.com)
LangOver 5 (HKLM\...\LangOver 5) (Version: 5.0 - LangOver.com)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x86) 1.0.0-beta5 (HKLM\...\{2a375a89-9d97-35b7-917d-92f1ea73080d}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{45A8F8FF-ED9B-40B2-B923-94F46FCF6135}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{83C7F964-AC58-4104-B613-B4D0F61DA8CD}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{C340BAB2-9A21-41B9-A465-7AC7B1DF773E}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (HKLM\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service  (HKLM\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom  (HKLM\...\{5FC4C5FD-75D0-43D5-B9A5-6FE208D12F7D}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 ENU (HKLM\...\{773AC1E4-5F27-4DF6-A932-7FDDE35C069D}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Updates (HKLM\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{4B604E42-B6D7-4957-B5A5-CC7450D8E1EB}) (Version: 3.1238.1962 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 54.0.1 (x86 he) (HKLM\...\Mozilla Firefox 54.0.1 (x86 he)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (HKLM\...\{128C1654-3B9E-4959-8BFB-CE6F09C0A01D}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Notepad++ (32-bit x86) (HKLM\...\Notepad++) (Version: 7.2.2 - Notepad++ Team)
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-0000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-040D-0000-0000000FF1CE}) (Version: 16.0.8229.2045 - Microsoft Corporation) Hidden
OpenAL (HKLM\...\OpenAL) (Version:  - )
paint.net (HKLM\...\{1F895C18-6A2F-4A9E-BBE9-246783070F36}) (Version: 4.0.16 - dotPDN LLC)
Pepakura Designer 4 (HKLM\...\pepakura_designer4en) (Version:  - TamaSoftware)
PreEmptive Analytics Visual Studio Components (HKLM\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Card Reader (HKLM\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31233 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8004 - Realtek Semiconductor Corp.)
Roslyn Language Services - x86 (HKLM\...\{6970C7E1-F99D-388D-8903-DF8FCE677FED}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Runesword 2.5.0 (HKLM\...\Runesword) (Version: 2.5.0 - CrossCut Games, Inc.)
Service Pack 1 for SQL Server 2008 (KB968369) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Skype™ 7.39 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.39.102 - Skype Technologies S.A.)
Sparkol VideoScribe (HKLM\...\{EF81CFBA-B642-4ED4-8FBF-71663622762C}) (Version: 2.2.4001 - Sparkol) Hidden
Sparkol VideoScribe (HKLM\...\Sparkol VideoScribe 2.2.4001) (Version: 2.2.4001 - Sparkol)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
Sql Server Customer Experience Improvement Program (HKLM\...\{C965F01C-76EA-4BD7-973E-46236AE312D7}) (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1244 - SUPERAntiSpyware.com)
Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (HKLM\...\{7A95671A-759E-3B83-B763-4289D1D24D73}) (Version: 14.102.25619 - Microsoft) Hidden
TeamViewer 12 (HKLM\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
Test Tools for Microsoft Visual Studio 2015 (HKLM\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
TeXstudio 2.12.6 (HKLM\...\TeXstudio_is1) (Version: 2.12.6 - Benito van der Zander)
TypeScript Power Tool (HKLM\...\{465ACA24-B8D6-4FEC-A42D-9EFCB92CD560}) (Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM\...\{BA5762C7-D35F-4725-A4BD-525854127018}) (Version: 1.8.36.0 - Microsoft Corporation) Hidden
Uni-Android Tool (HKLM\...\Uni-Android Tool) (Version:  - )
Vegas Pro 10.0 (HKLM\...\{6D592E30-11EC-11E0-859C-0013D3D69929}) (Version: 10.0.469 - Sony)
Visual Studio 2015 Update 3 (KB3022398) (HKLM\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VLC media player 2.0.3 (HKLM\...\VLC media player) (Version: 2.0.3 - VideoLAN)
VS Update core components (HKLM\...\{B2918D01-1D89-34D3-87EF-A28121BC6EB7}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
vs_update3notification (HKLM\...\{AB3DF932-C990-34D4-BF43-970F760DA3CD}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 Runtime (HKLM\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Win32DiskImager version 0.9.5 (HKLM\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
WinHTTrack Website Copier 3.48-22 (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.22 - HTTrack)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++] -> {00F3C2EC-A6EE-11DE-A03A-EF8F55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2016-11-27] ()
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2017-08-02] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2017-05-23] (Safer-Networking Ltd.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {32305A2B-92CE-40D0-9FC2-1755128C22DD} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {8F0951A1-38F5-4607-812E-FEFDFE75CEC9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-12-21] (Google Inc.)
Task: {9789D9A0-30BA-4BDF-A091-45F90E8591CE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9F5AA355-FC08-43FA-B22B-20D3F1911C05} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-08] (Adobe Systems Incorporated)
Task: {A45032AF-4363-46A2-9A02-EEECB908339E} - System32\Tasks\{8FB9065D-2B9A-4445-91DB-99EDDFD9303E} => "c:\program files\google\chrome\application\chrome.exe" hxxps://ui.skype.com/ui/0/7.30.0.105/he/go/help.faq.installer?LastError=1603
Task: {C4F0FB19-851D-4894-9905-A6A9668BB6F1} - System32\Tasks\Costian Launcher => C:\Windows\system32\rundll32.exe "C:\Program Files\Costian Launcher\Costian Launcher.dll",TfEFDXS <==== ATTENTION
Task: {DEBE704F-1904-495A-B45B-EAE157A19A7B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-12-21] (Google Inc.)
Task: {E0F169A4-1A15-4FEB-AC5F-E55FA2FD72A6} - \{0F080D47-7904-0809-0F11-0B087A7D1104} -> No File <==== ATTENTION
Task: {E20D3E1B-BD08-43D1-B765-3F7ED15BDECB} - System32\Tasks\{3E8F4DEF-4A67-40E1-8B3D-542B8D068629} => C:\Windows\system32\pcalua.exe -a C:\Users\-bora\Desktop\softwere\AdobePhotoshopCS6Portable.exe -d C:\Users\-bora\Desktop\softwere
Task: {F7EEC939-0CA5-4929-813C-3553465C1F9C} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2016-01-06] (Symantec Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Driver Booster Scheduler.job => C:\Program Files\IObit\Driver Booster\4.1.0\Scheduler.exe
Task: C:\Windows\Tasks\Driver Booster SkipUAC (-bora).job => C:\Program Files\IObit\Driver Booster\4.1.0\DriverBooster.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\-bora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  
ShortcutWithArgument: C:\Users\-bora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-01-22 20:42 - 2016-01-22 18:56 - 000089008 _____ () C:\Windows\System32\cpwmon2k.dll
2017-07-31 16:21 - 2017-05-26 06:47 - 000090096 _____ () C:\Windows\System32\cpwmon2k_v32.dll
2017-08-14 16:33 - 2016-09-13 14:00 - 000109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-08-14 16:33 - 2016-09-13 14:00 - 000416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2017-08-14 16:33 - 2016-09-13 14:00 - 000167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-01-27 00:16 - 2016-07-06 14:58 - 000414720 _____ () C:\Bitnami\WAMPST~1.30-\apache2\bin\pcre.dll
2017-01-27 00:16 - 2013-07-08 15:17 - 000068608 _____ () C:\Bitnami\WAMPST~1.30-\apache2\bin\zlib1.dll
2017-01-27 00:17 - 2017-01-19 07:10 - 000145408 _____ () C:\Bitnami\wampstack-5.6.30-0\php\libpq.dll
2017-01-27 00:28 - 2017-01-19 07:10 - 000176128 _____ () C:\Bitnami\WAMPST~1.30-\apache2\bin\libssh2.dll
2017-01-27 00:16 - 2016-11-28 21:00 - 011088384 _____ () C:\Bitnami\wampstack-5.6.30-0\mysql\bin\mysqld.exe
2017-06-12 20:51 - 2017-06-12 20:51 - 000048296 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2016-11-27 20:55 - 2016-11-27 20:55 - 000267952 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2017-08-08 11:39 - 2017-08-02 09:24 - 002881368 _____ () C:\Program Files\Google\Chrome\Application\60.0.3112.90\libglesv2.dll
2017-08-08 11:39 - 2017-08-02 09:24 - 000086360 _____ () C:\Program Files\Google\Chrome\Application\60.0.3112.90\libegl.dll
2017-06-27 20:52 - 2017-06-27 20:52 - 002336256 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PaintDotNetc8826738#\72d5957195e3c49b5a7ccaf1383a3271\PaintDotNet.SystemLayer.Native.x86.ni.dll
2017-04-16 14:24 - 2017-04-16 14:24 - 000989904 _____ () C:\Program Files\paint.net\PaintDotNet.SystemLayer.Native.x86.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Audiosrv => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HDAudBus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MMCSS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="[6cFgE][Şοûпđ, νìδ℮ô άήδ ğªмè ¢őήťřόℓŀèґš !!! !!! !]"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{640167b4-59b0-47a6-b335-a6b3c0695aea} => ""="Portable Media Devices"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Audiosrv => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HDAudBus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MMCSS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="[6cFgE][Şοûпđ, νìδ℮ô άήδ ğªмè ¢őήťřόℓŀèґš !!! !!! !]"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{640167b4-59b0-47a6-b335-a6b3c0695aea} => ""="Portable Media Devices"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7936 more sites.
 
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\123simsen.com -> www.123simsen.com
 
There are 7934 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 05:04 - 2017-08-14 22:59 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-124123957-3465755313-2965481238-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 10.100.102.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: LangOver => C:\Program Files\LangOver\LangOver.exe
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{9AC0F673-0E7D-4BFD-8233-C4A2E5B9D491}C:\bitnami\wampstack-5.6.29-0\apache2\bin\httpd.exe] => (Allow) C:\bitnami\wampstack-5.6.29-0\apache2\bin\httpd.exe
FirewallRules: [UDP Query User{A100049C-9429-432C-AAFB-DB6291F8E9EF}C:\bitnami\wampstack-5.6.29-0\apache2\bin\httpd.exe] => (Allow) C:\bitnami\wampstack-5.6.29-0\apache2\bin\httpd.exe
FirewallRules: [{3994ADDF-A993-4CC5-B32B-D33DF7F0E18A}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{94EE66C7-2B75-4E82-A319-BF89F110C8DC}] => (Allow) C:\Program Files\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{BF89A215-D535-4B87-85E6-27934BB187FF}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{61A77592-BCEF-4F53-8E24-3A76E50B5E71}C:\users\-bora\downloads\zerobranestudio\zbstudio.exe] => (Allow) C:\users\-bora\downloads\zerobranestudio\zbstudio.exe
FirewallRules: [UDP Query User{B7D0C9CD-CF12-4CB9-BB25-2C530D598F96}C:\users\-bora\downloads\zerobranestudio\zbstudio.exe] => (Allow) C:\users\-bora\downloads\zerobranestudio\zbstudio.exe
FirewallRules: [{3DC71B07-856F-47B8-A538-FB36236956C5}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{6DE94EB8-8C0A-48B7-B457-849D38160705}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{B9FB4B7C-A778-4EB0-B004-38DD36A4A29C}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8007BD8D-2352-4ADA-B5FB-E372DB3ABE99}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A2143E0E-D59E-4F39-ABE4-26FC06BB2F52}] => (Allow) C:\Program Files\IObit\Driver Booster\4.1.0\DriverBooster.exe
FirewallRules: [{38D60036-1011-4A8E-A5D4-F6B31631F63E}] => (Allow) C:\Program Files\IObit\Driver Booster\4.1.0\DriverBooster.exe
FirewallRules: [{9CF4DC91-8BE4-4461-8B99-79818FBAB830}] => (Allow) C:\Program Files\IObit\Driver Booster\4.1.0\DBDownloader.exe
FirewallRules: [{81751F39-2EE5-4ED6-914D-A461D906B729}] => (Allow) C:\Program Files\IObit\Driver Booster\4.1.0\DBDownloader.exe
FirewallRules: [{A81F29BC-63BA-4A3F-9F72-FE9E1C617A19}] => (Allow) C:\Program Files\IObit\Driver Booster\4.1.0\AutoUpdate.exe
FirewallRules: [{1EFC8FAD-5121-42AB-ABA0-D1DC686259C2}] => (Allow) C:\Program Files\IObit\Driver Booster\4.1.0\AutoUpdate.exe
FirewallRules: [{97BFA784-1617-4C95-B214-C19B1445021B}] => (Allow) C:\Users\-bora\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{69A4B24E-232C-49B9-9279-56F82895EA4F}] => (Allow) C:\Users\-bora\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{B6720F11-87B0-45B8-9D66-2AD3B4523CF7}] => (Allow) C:\Users\-bora\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{1542C101-F40B-4885-B8E0-AA62D0F0D87E}] => (Allow) C:\Users\-bora\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{6ED6241C-2F5E-4C5B-9512-7285FEA66474}] => (Allow) C:\Users\-bora\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{FE8E01E1-32F5-4314-9B3E-249FD8CC852C}] => (Allow) C:\Users\-bora\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{D337A756-3FBB-4D9C-A493-71272EBC0B71}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{1C16E280-4AF8-495F-914F-0F550EEE06D5}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{1EAC3036-D348-48AC-B3AE-0E045950DAF3}] => (Allow) C:\Users\-bora\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{6F5D6B85-538E-4AB4-9EBB-65D783E4E094}] => (Block) LPort=445
FirewallRules: [{99C8ED6D-2F41-4341-9B78-7C5ED0F3189A}] => (Block) LPort=445
FirewallRules: [{8F477FEE-EB41-4099-8B77-6A172812601B}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{2B7C492F-7B5D-4B18-83C7-17AD39D6C2F5}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{97DB3018-8CFB-4628-8511-925882B8ECD5}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{13672ACE-F463-40FB-A401-93EC5DE64F74}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{D82AB8DC-7A39-4901-B5FF-EC453769F82C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AC2A16CA-67B4-43EC-9D07-E18EB9EC72CC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{428536B2-5FE7-4D56-99E3-588632157D45}] => (Allow) C:\Users\-bora\AppData\Local\Torch\Application\torch.exe
FirewallRules: [{E3D8697A-E90E-4C5D-BDE7-447377B6B326}] => (Allow) C:\Users\-bora\AppData\Local\Torch\Plugins\Hola\hola_plugin.exe
FirewallRules: [{9BB5214B-7681-48C7-A212-B886C7E06877}] => (Allow) C:\Users\-bora\AppData\Local\Torch\Plugins\Hola\hola_plugin_x64.exe
FirewallRules: [TCP Query User{2A19DD75-013B-4925-BC46-FD2F8F7EFE6D}C:\users\-bora\desktop\games\nazi zombies!!!\nazi zombies portable.exe] => (Allow) C:\users\-bora\desktop\games\nazi zombies!!!\nazi zombies portable.exe
FirewallRules: [UDP Query User{0BEB27C4-5801-4FC9-B542-9723F0DE7D57}C:\users\-bora\desktop\games\nazi zombies!!!\nazi zombies portable.exe] => (Allow) C:\users\-bora\desktop\games\nazi zombies!!!\nazi zombies portable.exe
FirewallRules: [TCP Query User{63905DAE-3F92-488F-8801-3B35A618BE37}C:\users\-bora\desktop\games\nazi zombies!!!\nazi zombies portable.exe] => (Block) C:\users\-bora\desktop\games\nazi zombies!!!\nazi zombies portable.exe
FirewallRules: [UDP Query User{B91B9E48-B738-46E2-889F-40729E75C191}C:\users\-bora\desktop\games\nazi zombies!!!\nazi zombies portable.exe] => (Block) C:\users\-bora\desktop\games\nazi zombies!!!\nazi zombies portable.exe
FirewallRules: [TCP Query User{23DD5293-0381-414A-8927-95392E92ED61}C:\users\-bora\downloads\zerobranestudio\zbstudio.exe] => (Allow) C:\users\-bora\downloads\zerobranestudio\zbstudio.exe
FirewallRules: [UDP Query User{D4571661-49E1-42F2-9C1A-D241F991C20C}C:\users\-bora\downloads\zerobranestudio\zbstudio.exe] => (Allow) C:\users\-bora\downloads\zerobranestudio\zbstudio.exe
FirewallRules: [{AC2E5225-62C0-49DA-920C-E701649DDF20}] => (Allow) C:\Program Files\Corona Labs\Corona SDK\Corona.LiveServer.exe
FirewallRules: [{45AC955C-4437-47C1-94D4-369FCA0C3AF2}] => (Allow) C:\Program Files\Corona Labs\Corona SDK\Corona.Debugger.exe
FirewallRules: [{A5941FAD-6DAD-4D76-9BF3-F1E1B1206C6D}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{74285B7D-9FC0-4CBC-B2F4-46B446E2C247}C:\users\-bora\eclipse\java-neon\eclipse\eclipse.exe] => (Allow) C:\users\-bora\eclipse\java-neon\eclipse\eclipse.exe
FirewallRules: [UDP Query User{C2A78777-871C-43EC-99ED-8526FF265908}C:\users\-bora\eclipse\java-neon\eclipse\eclipse.exe] => (Allow) C:\users\-bora\eclipse\java-neon\eclipse\eclipse.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
14-08-2017 00:54:26 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/15/2017 09:56:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/15/2017 09:31:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/15/2017 09:30:33 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: ‏‏מתזמן הפעלת הרשיונות (sppuinotify.dll) נכשל עם קוד השגיאה הבא:
0x800706BF
 
Error: (08/15/2017 09:24:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/15/2017 09:20:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/15/2017 09:18:57 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: ‏‏הפעלת רשיון Windows נכשלה. שגיאה 0x00000000.
 
Error: (08/15/2017 09:18:57 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: ‏‏הפעלת רשיון (slui.exe) נכשלה עם קוד השגיאה הבא:
0x8007043C
 
Error: (08/15/2017 08:04:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/14/2017 11:21:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/14/2017 11:21:06 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: ‏‏הפעלת רשיון Windows נכשלה. שגיאה 0x00000000.
 
 
System errors:
=============
Error: (08/15/2017 09:56:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: ‏‏הפעלת השירות Spybot-S&D 2 Scanner Service נכשלה בשל השגיאה הבאה: 
‏‏השירות לא הגיב לבקשת ההפעלה או לבקשת השליטה בזמן.
 
Error: (08/15/2017 09:56:44 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: ‏‏המערכת הגיעה לפרק זמן קצוב (30000 אלפיות שניה) במהלך המתנה לחיבור של שירות Spybot-S&D 2 Scanner Service.
 
Error: (08/15/2017 09:56:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: ‏‏הפעלת השירות Spybot-S&D 2 Scanner Service נכשלה בשל השגיאה הבאה: 
‏‏השירות לא הגיב לבקשת ההפעלה או לבקשת השליטה בזמן.
 
Error: (08/15/2017 09:56:08 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: ‏‏המערכת הגיעה לפרק זמן קצוב (30000 אלפיות שניה) במהלך המתנה לחיבור של שירות Spybot-S&D 2 Scanner Service.
 
Error: (08/15/2017 09:55:37 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: ‏‏הפעלת מודול יכולת ההרחבה של WLAN נכשלה.
 
נתיב מודול: C:\Windows\system32\athExt.dll
קוד שגיאה: 126
 
Error: (08/15/2017 09:32:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: ‏‏הפעלת השירות Spybot-S&D 2 Scanner Service נכשלה בשל השגיאה הבאה: 
‏‏השירות לא הגיב לבקשת ההפעלה או לבקשת השליטה בזמן.
 
Error: (08/15/2017 09:32:30 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: ‏‏המערכת הגיעה לפרק זמן קצוב (30000 אלפיות שניה) במהלך המתנה לחיבור של שירות Spybot-S&D 2 Scanner Service.
 
Error: (08/15/2017 09:31:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: ‏‏הפעלת השירות Spybot-S&D 2 Scanner Service נכשלה בשל השגיאה הבאה: 
‏‏השירות לא הגיב לבקשת ההפעלה או לבקשת השליטה בזמן.
 
Error: (08/15/2017 09:31:54 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: ‏‏המערכת הגיעה לפרק זמן קצוב (30000 אלפיות שניה) במהלך המתנה לחיבור של שירות Spybot-S&D 2 Scanner Service.
 
Error: (08/15/2017 09:31:23 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: ‏‏הפעלת מודול יכולת ההרחבה של WLAN נכשלה.
 
נתיב מודול: C:\Windows\system32\athExt.dll
קוד שגיאה: 126
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU U3600 @ 1.20GHz
Percentage of memory in use: 89%
Total physical RAM: 1781.86 MB
Available physical RAM: 184.84 MB
Total Virtual: 5876.86 MB
Available Virtual: 720.22 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.69 GB) (Free:31.93 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 7CFC04B9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:24 AM

Posted 16 August 2017 - 10:12 AM

Thank you for your patience.

Please do this.

===================================================

MGADiag Tool

-------------------
  • Download MGADiag Tool and save it to your desktop
  • Double click the icon then if necessary click OK on the Executable File warning
  • Click Run, then Continue
  • Once completed a screen will open and be populated with system information
  • Click Copy
  • Press the Windows Key + R at the same time
  • Type Notepad and press Enter
  • Right click inside the Notepad document and select Paste
  • Save the file on your Desktop as WGA.txt
  • Upload the file here
  • Let me know when the file has been uploaded
===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Uploaded file
  • CKScanner log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 yoelr

yoelr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 16 August 2017 - 11:39 AM

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
 
Validation Code: 50
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-J8D7P-XQJJ2-GPDD4
Windows Product Key Hash: xgsndMkYdJsYmUng0qIJ/thx+HI=
Windows Product ID: 00371-868-0000007-85333
Windows Product ID Type: 1
Windows License Type: KMS Client
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {CF5D0903-A7AF-4591-9FD0-03928EE1E7D4}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000000
Build lab: 7601.win7sp1_ldr.170707-0600
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A
 
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
 
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
 
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
 
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3
 
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
 
File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]
 
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{CF5D0903-A7AF-4591-9FD0-03928EE1E7D4}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-GPDD4</PKey><PID>00371-868-0000007-85333</PID><PIDType>1</PIDType><SID>S-1-5-21-124123957-3465755313-2965481238</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>Aspire One 753</Model></SYSTEM><BIOS><Manufacturer>INSYDE</Manufacturer><Version>V1.20</Version><SMBIOSVersion major="2" minor="6"/><Date>20100928000000.000000+000</Date></BIOS><HWID>A4663907018400FC</HWID><UserLCID>040D</UserLCID><SystemLCID>040D</SystemLCID><TimeZone>שעון רגיל ירושלים(GMT+02:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  
 
Spsys.log Content: 0x80070002
 
Licensing Data-->
Software licensing service version: 6.1.7601.17514
 
Name: Windows® 7, Professional edition
Description: Windows Operating System - Windows® 7, VOLUME_KMSCLIENT channel
Activation ID: b92e9980-b9d5-4821-9c94-140f632f6312
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00170-868-000000-03-1037-7601.0000-0302017
Installation ID: 007285231276420093379501343306937322804432245140511701
Partial Product Key: GPDD4
License Status: Notification
Notification Reason: 0xC004F056.
Remaining Windows rearm count: 2
Trusted time: 16/08/2017 19:30:54
Please use slmgr.vbs /ato to activate and update KMS client information in order to update values.
 
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Not Registered - 0x80040154
Admin Service: Not Registered - 0x80040154
HealthStatus Bitmask Output:
 
 
HWID Data-->
HWID Hash Current: MAAAAAEAAgABAAEAAAACAAAAAgABAAEAJJR8BXcW1gKaUSiPSn9qY2RBilkWwFxd
 
OEM Activation 1.0 Data-->
N/A
 
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information: 
  ACPI Table Name OEMID Value OEMTableID Value
  APIC ACRSYS ACRPRDCT
  FACP ACRSYS ACRPRDCT
  HPET ACRSYS ACRPRDCT
  BOOT ACRSYS ACRPRDCT
  MCFG ACRSYS ACRPRDCT
  WDAT ACRSYS ACRPRDCT
  ASF! ACRSYS ACRPRDCT
  SLIC ACRSYS ACRPRDCT
  ASPT ACRSYS ACRPRDCT
  SSDT PmRef CpuPm
 
 
 
 
 
 
 
 
 
 
 
 
 
CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\bitnami\wampstack-5.6.30-0\frameworks\laravel\vendor\laravel\framework\src\illuminate\foundation\console\keygeneratecommand.php
c:\bitnami\wampstack-5.6.30-0\git\usr\bin\ssh-keygen.exe
c:\program files\gimpshop\share\gimp\2.0\patterns\cracked.pat
c:\program files\inkscape\python\lib\site-packages\numpy\f2py\crackfortran.py
c:\programdata\kmsauto\bin\tunmirror.exe
c:\programdata\kmsauto\bin\tunmirror2.exe
c:\programdata\kmsauto\bin\driver\x86tap1\devcon.exe
c:\programdata\kmsauto\bin\driver\x86tap2\devcon.exe
c:\programdata\kmsauto\bin\driver\x86wdv\fakeclient.exe
c:\programdata\kmsauto\bin\driver\x86wdv\windivert.dll
c:\programdata\kmsauto\bin\driver\x86wdv\windivert.inf
c:\programdata\kmsauto\bin\driver\x86wdv\windivert.sys
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords.html
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\10463907430992435402
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\1240234406-postmessagerelay.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\14604553502338145012
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\4wlciv7lnpg.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\abg.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\ads(1).html
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\ads(2).html
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\ads.html
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\adsbygoogle.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\all.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\analytics.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\api.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\button.3943c052be33b5e812dac6838df9cb3d.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\ca-pub-5733891632538561.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\cb=gapi(1).loaded_0
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\cb=gapi.loaded_0
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\cb=gapi.loaded_1
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\comment-reply.min.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\common.bundle.5d1b3b33fcf537ecc7587e210810d00c.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\config.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\count-data.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\count.js(1).הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\count.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\css
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\css(1)
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\css(2)
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\css(3)
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\customscript.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\devicepx-jetpack.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\disqus.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\e-201701.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\embed.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\expansion_publ.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\fastbutton.html
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\font-awesome.min.css
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\ga.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\gv8vmviotf7.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\iproy23sgap.html
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\jetpack.css
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\jquery-migrate.min.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\jquery.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\jquery.prettyphoto.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\jquery.tipsy.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\l
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\l(1)
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\l(2)
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\layout_engine.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\like.html
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\likebox.html
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\lounge.1bfd72b002b4d15a0f042489ea1dcc44.css
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\lounge.bundle.c61407ceda8875555b41f987a6a45ee1.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\lounge.load.39da9935b8e721435fb53d2b400c41c2.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\m_js_controller.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\nftrg9t1wlz.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\osd.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\photon.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\pinit_main.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\plusone.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\postmessagerelay.html
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\prettyphoto.css
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\push(1).html
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\push(2).html
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\push.html
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\ratbk4_-1l_.css
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\recaptcha__en.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\responsive.css
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\rpc-shindig_random.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\saved_resource
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\saved_resource(1).html
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\saved_resource(10).html
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\saved_resource(11).html
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\saved_resource(2).html
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\saved_resource(3).html
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\saved_resource(4).html
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\saved_resource(5).html
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\saved_resource(6).html
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\saved_resource(7).html
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\saved_resource(8).html
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\saved_resource(9).html
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\saved_resource.html
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\scream_logo_eta_v2.css
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\scream_logo_eta_v2.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\show_ads_impl.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\sticky.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\style.css
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\tfna0mvjvh_.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\theme-my-login.css
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\themed-profiles.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\tipsy.css
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\tpaxziz6geija0nhne598d1ux2rqjrdrxdvhauyoses.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\tweet_button.3748f7cda49448f6c6f7854238570ba0.en.html
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\widgets.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\wp-embed.min.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\wp-emoji-release.min.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\wp-shortcode.css
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\wp-shortcode.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\wp-tab-widget.css
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\wp-tab-widget.js.הורד
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\xuflz_z4nsf.css
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\y.css
c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files\zrt_lookup.html
c:\users\-bora\downloads\sony vegas pro [10] [32bit - 64bit] [with crack] [by krushed18].zip
c:\users\-bora\downloads\vagas pro\sony vegas pro [10] [32bit - 64bit] [with crack] [by krushed18].r00
c:\users\-bora\downloads\vagas pro\sony vegas pro [10] [32bit - 64bit] [with crack] [by krushed18].r01
c:\users\-bora\downloads\vagas pro\sony vegas pro [10] [32bit - 64bit] [with crack] [by krushed18].r02
c:\users\-bora\downloads\vagas pro\sony vegas pro [10] [32bit - 64bit] [with crack] [by krushed18].r03
c:\users\-bora\downloads\vagas pro\sony vegas pro [10] [32bit - 64bit] [with crack] [by krushed18].r04
c:\users\-bora\downloads\vagas pro\sony vegas pro [10] [32bit - 64bit] [with crack] [by krushed18].r05
c:\users\-bora\downloads\vagas pro\sony vegas pro [10] [32bit - 64bit] [with crack] [by krushed18].r06
c:\users\-bora\downloads\vagas pro\sony vegas pro [10] [32bit - 64bit] [with crack] [by krushed18].r07
c:\users\-bora\downloads\vagas pro\sony vegas pro [10] [32bit - 64bit] [with crack] [by krushed18].r08
c:\users\-bora\downloads\vagas pro\sony vegas pro [10] [32bit - 64bit] [with crack] [by krushed18].r09
c:\users\-bora\downloads\vagas pro\sony vegas pro [10] [32bit - 64bit] [with crack] [by krushed18].r10
c:\users\-bora\downloads\vagas pro\sony vegas pro [10] [32bit - 64bit] [with crack] [by krushed18].r11
c:\users\-bora\downloads\vagas pro\sony vegas pro [10] [32bit - 64bit] [with crack] [by krushed18].r13
c:\users\-bora\downloads\vagas pro\sony vegas pro [10] [32bit - 64bit] [with crack] [by krushed18].r14
c:\users\-bora\downloads\vagas pro\sony vegas pro [10] [32bit - 64bit] [with crack] [by krushed18].r15
c:\users\-bora\downloads\vagas pro\sony vegas pro [10] [32bit - 64bit] [with crack] [by krushed18].r16
c:\users\-bora\downloads\vagas pro\sony vegas pro [10] [32bit - 64bit] [with crack] [by krushed18].r17
c:\users\-bora\downloads\vagas pro\sony vegas pro [10] [32bit - 64bit] [with crack] [by krushed18].r18
c:\users\-bora\downloads\vagas pro\sony vegas pro [10] [32bit - 64bit] [with crack] [by krushed18].r19
c:\users\-bora\downloads\vagas pro\sony vegas pro [10] [32bit - 64bit] [with crack] [by krushed18].r20
c:\users\-bora\downloads\vagas pro\sony vegas pro [10] [32bit - 64bit] [with crack] [by krushed18].r21
c:\users\-bora\downloads\vagas pro\sony vegas pro [10] [32bit - 64bit] [with crack] [by krushed18].r22
c:\users\-bora\downloads\vagas pro\sony vegas pro [10] [32bit - 64bit] [with crack] [by krushed18].r23
c:\users\-bora\downloads\vagas pro\sony vegas pro [10] [32bit - 64bit] [with crack] [by krushed18].r24
c:\users\-bora\downloads\vagas pro\sony vegas pro [10] [32bit - 64bit] [with crack] [by krushed18].r25
c:\users\-bora\downloads\vagas pro\sony vegas pro [10] [32bit - 64bit] [with crack] [by krushed18].r26
c:\users\-bora\downloads\vagas pro\sony vegas pro [10] [32bit - 64bit] [with crack] [by krushed18].rar
c:\users\-bora\downloads\vagas pro\sony vegas pro [10] [32bit - 64bit] [with crack] [by krushed18].sfv
c:\users\-bora\downloads\vagas pro\crack\crack.zip
c:\users\-bora\downloads\vagas pro\crack\crack\sound forge 10 bugfix.reg
scanner sequence 3.ZZ.11.NDAPIZ
 ----- EOF ----- 
 


#8 yoelr

yoelr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 16 August 2017 - 11:41 AM

and i uploaded the file wouldn't it be more comfortable to see the file at pastebin? or another way?

 

awaiting further instructions.

 

edit:

 

c:\users\-bora\desktop\תיקיה חדשה\crack wpa and wpa passwords_files

 

​these are just a few html files i downloaded instractions for how to use kali linux wpa crack tools (linux is installed on my other laptop) .

----------------

c:\bitnami\wampstack-5.6.30-0\git\usr\bin\ssh-keygen.exe

 

most likely part of wamp server.

 

----------------------

 

c:\users\-bora\downloads\vagas pro\sony vegas pro

 

torrent downloaded sony vegas, with crack. i will delete it if necessary .


Edited by yoelr, 16 August 2017 - 11:50 AM.


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:24 AM

Posted 16 August 2017 - 12:21 PM

Thank you, if you could remove that program I would appreciate it.
 

and i uploaded the file wouldn't it be more comfortable to see the file at pastebin? or another way?

There are potential privacy issues so I don't want to make the information public.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------

  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction - Chrome
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon
2017-08-12 19:08 - 2017-08-12 19:08 - 001067259 _____ C:\Users\-bora\Downloads\20824bff-95bc-4bb2-ac56-deab3600c17b.tmp
2017-08-12 19:08 - 2017-08-12 19:08 - 000948078 _____ C:\Users\-bora\Downloads\80e8a044-6197-4aa0-a639-d4e223d4fa1b.tmp
2017-08-12 19:07 - 2017-08-12 19:08 - 000962983 _____ C:\Users\-bora\Downloads\8dbb940b-f984-4083-ac47-0d5e95538997.tmp
2017-08-12 19:07 - 2017-08-12 19:08 - 000860267 _____ C:\Users\-bora\Downloads\9b97e86f-eee7-4a0b-9a3d-1a2b60264e4b.tmp
2017-08-12 19:07 - 2017-08-12 19:07 - 000000000 _____ C:\Users\-bora\Downloads\f3966518-cf94-47b1-9aa6-6ce6dc4df4e7.tmp
2017-08-12 19:07 - 2017-08-12 19:07 - 000000000 _____ C:\Users\-bora\Downloads\f033e430-1c98-475e-b107-b45e40047ac5.tmp
2017-08-12 19:07 - 2017-08-12 19:07 - 000000000 _____ C:\Users\-bora\Downloads\d72c4e42-6f10-4ef9-98ce-bd1c67c10e4e.tmp
2017-08-12 19:07 - 2017-08-12 19:07 - 000000000 _____ C:\Users\-bora\Downloads\4f05b336-63bf-4e87-8f02-10ed03cc327a.tmp
C:\Program Files\KMSPico
C:\Users\-bora\tmp72B.tmp.vbs
Task: {C4F0FB19-851D-4894-9905-A6A9668BB6F1} - System32\Tasks\Costian Launcher => C:\Windows\system32\rundll32.exe "C:\Program Files\Costian Launcher\Costian Launcher.dll",TfEFDXS
C:\Program Files\Costian Launcher
Task: {E0F169A4-1A15-4FEB-AC5F-E55FA2FD72A6} - \{0F080D47-7904-0809-0F11-0B087A7D1104}
File: C:\Users\-bora\Downloads\2fsny9cl.exe
File: C:\Windows\System32\cpwmon2k.dll
File: C:\Windows\System32\cpwmon2k_v32.dll
emptytemp:
End::
  • Click Fix
  • Copy and paste the contents of the Fixlog.txt file in your reply.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

  • Fixlog
  • Update on computer performance

Edited by Oh My!, 16 August 2017 - 12:22 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 yoelr

yoelr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 16 August 2017 - 03:21 PM

the only performance problems i have is with ellipse (freezes rendomly,it never did that before) and somtimes when i watch youtube (or streaming) it has hiccups and the sound gets clicks and distorted (like when thers alot of stuff running). the windows imege viewer dosnt let me view any img, whatever it was changed permissions of everything.

 

when i try to update java it says “Failed to download required installation files.”

-------------------------------------------------------------

the fixlog:

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 15-08-2017 01
Ran by -bora (16-08-2017 23:05:36) Run:1
Running from C:\Users\-bora\Downloads
Loaded Profiles: -bora (Available Profiles: -bora)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
 
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction - Chrome
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon
2017-08-12 19:08 - 2017-08-12 19:08 - 001067259 _____ C:\Users\-bora\Downloads\20824bff-95bc-4bb2-ac56-deab3600c17b.tmp
2017-08-12 19:08 - 2017-08-12 19:08 - 000948078 _____ C:\Users\-bora\Downloads\80e8a044-6197-4aa0-a639-d4e223d4fa1b.tmp
2017-08-12 19:07 - 2017-08-12 19:08 - 000962983 _____ C:\Users\-bora\Downloads\8dbb940b-f984-4083-ac47-0d5e95538997.tmp
2017-08-12 19:07 - 2017-08-12 19:08 - 000860267 _____ C:\Users\-bora\Downloads\9b97e86f-eee7-4a0b-9a3d-1a2b60264e4b.tmp
2017-08-12 19:07 - 2017-08-12 19:07 - 000000000 _____ C:\Users\-bora\Downloads\f3966518-cf94-47b1-9aa6-6ce6dc4df4e7.tmp
2017-08-12 19:07 - 2017-08-12 19:07 - 000000000 _____ C:\Users\-bora\Downloads\f033e430-1c98-475e-b107-b45e40047ac5.tmp
2017-08-12 19:07 - 2017-08-12 19:07 - 000000000 _____ C:\Users\-bora\Downloads\d72c4e42-6f10-4ef9-98ce-bd1c67c10e4e.tmp
2017-08-12 19:07 - 2017-08-12 19:07 - 000000000 _____ C:\Users\-bora\Downloads\4f05b336-63bf-4e87-8f02-10ed03cc327a.tmp
C:\Program Files\KMSPico
C:\Users\-bora\tmp72B.tmp.vbs
Task: {C4F0FB19-851D-4894-9905-A6A9668BB6F1} - System32\Tasks\Costian Launcher => C:\Windows\system32\rundll32.exe "C:\Program Files\Costian Launcher\Costian Launcher.dll",TfEFDXS
C:\Program Files\Costian Launcher
Task: {E0F169A4-1A15-4FEB-AC5F-E55FA2FD72A6} - \{0F080D47-7904-0809-0F11-0B087A7D1104}
File: C:\Users\-bora\Downloads\2fsny9cl.exe
File: C:\Windows\System32\cpwmon2k.dll
File: C:\Windows\System32\cpwmon2k_v32.dll
emptytemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\Software\Mozilla\Firefox\Extensions\\{C1A2A613-35F1-4FCF-B27F-2840527B6556} => value removed successfully.
C:\Users\-bora\Downloads\20824bff-95bc-4bb2-ac56-deab3600c17b.tmp => moved successfully
C:\Users\-bora\Downloads\80e8a044-6197-4aa0-a639-d4e223d4fa1b.tmp => moved successfully
C:\Users\-bora\Downloads\8dbb940b-f984-4083-ac47-0d5e95538997.tmp => moved successfully
C:\Users\-bora\Downloads\9b97e86f-eee7-4a0b-9a3d-1a2b60264e4b.tmp => moved successfully
C:\Users\-bora\Downloads\f3966518-cf94-47b1-9aa6-6ce6dc4df4e7.tmp => moved successfully
C:\Users\-bora\Downloads\f033e430-1c98-475e-b107-b45e40047ac5.tmp => moved successfully
C:\Users\-bora\Downloads\d72c4e42-6f10-4ef9-98ce-bd1c67c10e4e.tmp => moved successfully
C:\Users\-bora\Downloads\4f05b336-63bf-4e87-8f02-10ed03cc327a.tmp => moved successfully
C:\Program Files\KMSPico => moved successfully
C:\Users\-bora\tmp72B.tmp.vbs => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{C4F0FB19-851D-4894-9905-A6A9668BB6F1} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4F0FB19-851D-4894-9905-A6A9668BB6F1} => key removed successfully.
C:\Windows\System32\Tasks\Costian Launcher => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Costian Launcher => key removed successfully.
C:\Program Files\Costian Launcher => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F169A4-1A15-4FEB-AC5F-E55FA2FD72A6} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F169A4-1A15-4FEB-AC5F-E55FA2FD72A6} => key removed successfully.
 
========================= File: C:\Users\-bora\Downloads\2fsny9cl.exe ========================
 
File is digitally signed
MD5: 3AA8F2948CA651D45EC18E59BAB23A90
Creation and modification date: 2017-08-14 23:26 - 2017-08-14 23:28
Size: 156594936
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
VirusTotal: 0
 
====== End of File: ======
 
 
========================= File: C:\Windows\System32\cpwmon2k.dll ========================
 
File is digitally signed
MD5: 8E946803F6808BD0C35CA138D92F50D0
Creation and modification date: 2017-01-22 20:42 - 2016-01-22 18:56
Size: 000089008
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
 
====== End of File: ======
 
 
========================= File: C:\Windows\System32\cpwmon2k_v32.dll ========================
 
File is digitally signed
MD5: D89874693A974056698D10E7FAA3C667
Creation and modification date: 2017-07-31 16:21 - 2017-05-26 06:47
Size: 000090096
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
 
====== End of File: ======
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 61856423 B
Java, Flash, Steam htmlcache => 6070 B
Windows/system/drivers => 172828 B
Edge => 0 B
Chrome => 912853807 B
Firefox => 7745991 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33125 B
Public => 0 B
ProgramData => 0 B
systemprofile => 68844 B
LocalService => 132244 B
NetworkService => 176872 B
-bora => 735263602 B
 
RecycleBin => 918491173 B
EmptyTemp: => 2.5 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 23:06:41 ====
 

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:24 AM

Posted 16 August 2017 - 07:23 PM

Greetings,
 

i have is with ellipse

What is "ellipse"?

Please do not attempt to do anything other than what is instructed, i.e. Java update. Updates should be done when the computer is clean and working properly.

Are you having Youtube problems with all web browsers?

Do you recognize C:\Users\-bora\Downloads\2fsny9cl.exe

Please see here to check you Photo Viewer settings.


Edited by Oh My!, 16 August 2017 - 07:26 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 yoelr

yoelr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 17 August 2017 - 12:11 AM

eclipce is a java ide i have used it on this computer for a long time with no problem:

 

http://www.eclipse.org/downloads/packages/eclipse-ide-java-developers/marsr

 

the reason it freeze and crushes its becuse its trying to get to documentation files but all the permissions have changed so it cant.

i have noticed this happening when i try to use auto compleate or featurs related.

i also have problems with windows image viewer, it says i have no permissions , even when i change permissions it still claims i dont have permissions .

 

when i open chrom witout "run as admin" it cant load session buddy (again it dosnt have permissions to access the session files).

 

somthing have changed all permissions . i dont know how and i dont know how to reset it. i dont understand windows system to these finer details.

 

2fsny9cl.exe is the installer for cure it, i downloaded it afer everything happend, i also have spybot, melwerbyts and superantispywer. none of these found the real culprit. they found one trojen and deleted it (i hope).

 

its not only youtube but any streaming or vedio when the system is busy with alot of stuff the sound get glittery. as if somthing is using resources. it dosnt happen all the time.

 

edit:

in safe mode i dont have problems with eclipse or chrome browser.


Edited by yoelr, 17 August 2017 - 12:18 AM.


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:24 AM

Posted 17 August 2017 - 09:12 AM

Thank you for the detailed information.

Please do this.

===================================================

Clean Boot

--------------------
  • Press the Windows Key + R on your keyboard at the same time.
  • Type msconfig and press Enter
  • If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
  • Click the General tab then click Selective Startup
  • Check Load system services
  • Uncheck Load Startup Items
  • Click the Services tab
  • Click to select the Hide All Microsoft Services check box
  • Click Disable All, and then click OK
  • When you are prompted, click Restart and boot into Normal Mode
  • Check your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Computer performance?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 yoelr

yoelr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 17 August 2017 - 10:55 AM

i did this before i even posted this post.

 

ok i reset all permissions using: Windows Repair All-In-One tool

 

from:    tweaking.com

                                                           |  |  |  |

which i learned about from this post: \/ \/ \/ \/

 

https://www.bleepingcomputer.com/forums/t/483448/all-my-files-have-been-encrypted-by-a-virus-ransom-malware-i-think/page-3

 

i only checked the permissions  related (first 3 checkboxes). although the software interface was changed i found it .

 

it solved the windows image viewer not showing img. and eclipse random freeze crush bug problem (as i suspected it didnt have permissions to the doc files so it started freezing and crushing, will be reported to eclipse dev team).

 

about if my computer is clean, after all these scans (i did alot before these post with recommended av anti malware software from this forum ). i realy have no idea.

i found a window~1 entry in  run in the registry and deleted it a few days ago, deleted vbs files with scans help.

superantimalware found a trojan and deleted it, Microsoft safety scanner also found a trojen and malware installer, and spybot helped too.

 

again i have no idea if my computer is clean or if somthing will pop up soon with a bigger bang, if you want me to run more system checks im in.

 

anyway i hope this will help someone some day.

 

im buying malwarebytes pro the trial version helped me and i fought infractions with it for years. that shod make it harder for the simple malicious software to infect me.

 

thank you for your help.



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:24 AM

Posted 17 August 2017 - 12:05 PM

I think we are done. Any questions before I close the topic?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users