Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection using Administrator privileges to block Malwarebytes running


  • This topic is locked This topic is locked
3 replies to this topic

#1 julianreiss

julianreiss

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 28 September 2017 - 08:32 AM

I get a RED notification saying an ADMINISTRATOR has blocked this program from running. Applies to Malwarebytes Malware which installed ok and which i have renamed the exe. file to ieexplorer.exe (and a couple of other names,with no success).Also Kaspersky online recovery tool is blocked installing (same RED BLOCKED BY ADMINISTATOR msg).

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-09-2017 01
Ran by jul (administrator) on JUJUJUJU-PC (28-09-2017 14:18:02)
Running from G:\Users\jul\Desktop
Loaded Profiles: jul (Available Profiles: jujujuju & jul)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) G:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) G:\Windows\System32\atiesrxx.exe
(Intel) G:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe
(AMD) G:\Windows\System32\atieclxx.exe
(Intel Corporation) G:\Windows\System32\IPROSetMonitor.exe
(Safer-Networking Ltd.) G:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) G:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Advanced Micro Devices, Inc.) G:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Microsoft Corporation) G:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Realtek Semiconductor) G:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) G:\Program Files\Microsoft Security Client\msseces.exe
(Piriform Ltd) G:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) G:\Program Files (x86)\Intel\Intel® USB 3.0 3.1 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) G:\Windows\SysWOW64\svchost.exe
() G:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\TrayTipAgentE.exe
(Intel) G:\Program Files (x86)\Intel Driver Update Utility\DSATray.exe
(Safer-Networking Ltd.) G:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Copyright 2017.) G:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Safer-Networking Ltd.) G:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) G:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) G:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) G:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) G:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) G:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) G:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) G:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) G:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) G:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) G:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) G:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) G:\Users\jul\Desktop\FRST64 .exe
(Microsoft Corporation) G:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [XboxStat] => G:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => G:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9068040 2016-11-09] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => G:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => G:\Program Files (x86)\Intel\Intel® USB 3.0 3.1 eXtensible Host Controller Driver\Application\iusb3mon.exe [299520 2017-03-28] (Intel Corporation)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => G:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
HKLM-x32\...\Run: [DSATray] => G:\Program Files (x86)\Intel Driver Update Utility\DsaTray.exe [137976 2017-08-10] (Intel)
HKLM-x32\...\Run: [SDTray] => G:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4019728806-3470335272-1452950246-1003\...\Run: [CCleaner Monitoring] => G:\Program Files\CCleaner\CCleaner64.exe [9856176 2017-09-20] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [KSS] => "G:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
GroupPolicy: Restriction - Chrome <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{47ED58C4-FD2F-4C6E-841E-42C3409063DD}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{BBD0AFEF-F425-4079-BBC1-5E8FBCBA5F78}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4019728806-3470335272-1452950246-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4019728806-3470335272-1452950246-1003\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-4019728806-3470335272-1452950246-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope value is missing
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> G:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> G:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> G:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
 
Chrome: 
=======
CHR HomePage: Default -> searchassist.net
CHR StartupUrls: Default -> "","hxxps://www.google.co.uk/"
CHR DefaultSearchURL: Default -> hxxps://www.searchassist.net/search?q={searchTerms}
CHR DefaultSearchKeyword: Default -> www.searchassist.net
CHR Profile: G:\Users\jul\AppData\Local\Google\Chrome\User Data\Default [2017-09-28]
CHR Extension: (Google Translate) - G:\Users\jul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-09-02]
CHR Extension: (Google Slides) - G:\Users\jul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-09-02]
CHR Extension: (Incident Map & Police, Fire Scanner) - G:\Users\jul\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajbhihklbjcpiddeeeoafmlhlbacfinn [2017-09-15]
CHR Extension: (Dr.Web Anti-Virus Link Checker) - G:\Users\jul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aleggpabliehgbeagmfhnodcijcmbonb [2017-09-02]
CHR Extension: (Google Docs) - G:\Users\jul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-09-02]
CHR Extension: (Google Drive) - G:\Users\jul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-02]
CHR Extension: (Weather (extension)) - G:\Users\jul\AppData\Local\Google\Chrome\User Data\Default\Extensions\beapnbfmjmjhhfpaoajfhjbbfnnlfpnc [2017-09-19]
CHR Extension: (YouTube) - G:\Users\jul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-02]
CHR Extension: (Speed Test For Chrome - Boost Your Chrome) - G:\Users\jul\AppData\Local\Google\Chrome\User Data\Default\Extensions\chdbcmiaadcdenlkholflhjipfgogjdd [2017-09-15]
CHR Extension: (Google Sheets) - G:\Users\jul\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-09-02]
CHR Extension: (Google Docs Offline) - G:\Users\jul\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-02]
CHR Extension: (Click&Clean) - G:\Users\jul\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2017-09-08]
CHR Extension: (Application Launcher for Drive (by Google)) - G:\Users\jul\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-09-03]
CHR Extension: (Google Mail Checker) - G:\Users\jul\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2017-09-02]
CHR Extension: (SA) - G:\Users\jul\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiclfpfaoipjpnmadgokpflgcdnabjjk [2017-09-15]
CHR Extension: (Gmail) - G:\Users\jul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-02]
CHR Extension: (Chrome Media Router) - G:\Users\jul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-02]
CHR Profile: G:\Users\jul\AppData\Local\Google\Chrome\User Data\System Profile [2017-09-23]
CHR HKU\S-1-5-21-4019728806-3470335272-1452950246-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 !SASCORE; G:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com) [File not signed]
S4 Apple Mobile Device Service; G:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 DSAService; G:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe [22264 2017-08-10] (Intel)
S3 Intel® Capability Licensing Service TCP IP Interface; G:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [732448 2017-02-24] (Intel® Corporation)
S2 Intel® TPM Provisioning Service; G:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [548648 2017-02-24] (Intel® Corporation)
R2 jhi_service; G:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [197264 2017-06-06] (Intel Corporation)
R2 MsMpSvc; G:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; G:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 SDScannerService; G:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; G:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; G:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
S3 WinDefend; G:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wtmhdintus; G:\Windows\SysWow64\wtmhdinus.dll [471336 2017-09-01] ()
R2 ZAMSvc; G:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; G:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R3 e1dexpress; G:\Windows\System32\DRIVERS\e1d62x64.sys [537080 2017-07-19] (Intel Corporation)
S3 epmntdrv; G:\Windows\system32\epmntdrv.sys [24056 2016-01-14] ()
S3 epmntdrv; G:\Windows\SysWOW64\epmntdrv.sys [21496 2016-01-14] ()
S3 EuGdiDrv; G:\Windows\system32\EuGdiDrv.sys [10848 2016-07-11] ()
S3 EuGdiDrv; G:\Windows\SysWOW64\EuGdiDrv.sys [10208 2016-07-11] ()
R1 HWiNFO32; G:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2017-09-14] (REALiX™)
R2 inpoutx64; G:\Windows\System32\Drivers\inpoutx64.sys [15008 2017-09-10] (Highresolution Enterprises [www.highrez.co.uk])
R3 MEIx64; G:\Windows\System32\DRIVERS\TeeDriverx64.sys [200272 2017-04-10] (Intel Corporation)
R0 MpFilter; G:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R1 MpKsl53deb38e; G:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{36E943D7-AB6B-4666-BB96-C5F569A0F814}\MpKsl53deb38e.sys [58120 2017-09-28] (Microsoft Corporation)
R3 NisDrv; G:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R1 SASDIFSV; G:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; G:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 semav6msr64; G:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
S3 SIVDriver; G:\Windows\system32\Drivers\SIVX64.sys [152824 2014-05-14] (Ray Hinchliffe)
S3 WIMMount; G:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\wimmount.sys [40392 2012-07-25] (Microsoft Corporation)
S3 xb1usb; G:\Windows\System32\DRIVERS\xb1usb.sys [42760 2016-02-21] (Microsoft Corporation)
R1 ZAM; G:\Windows\System32\drivers\zam64.sys [203680 2017-09-20] (Zemana Ltd.)
R1 ZAM_Guard; G:\Windows\System32\drivers\zamguard64.sys [203680 2017-09-20] (Zemana Ltd.)
S3 catchme; \??\G:\ComboFix\catchme.sys [X]
S1 mjbqdgqe; \??\G:\Windows\system32\drivers\mjbqdgqe.sys [X]
S1 vsxpqsek; \??\G:\Windows\system32\drivers\vsxpqsek.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-28 14:18 - 2017-09-28 14:18 - 000019339 _____ G:\Users\jul\Desktop\FRST.txt
2017-09-28 14:12 - 2017-09-28 14:12 - 002399744 _____ (Farbar) G:\Users\jul\Desktop\FRST64 .exe
2017-09-27 13:46 - 2017-09-27 13:46 - 000000064 _____ G:\Users\jul\Downloads\ssssxxx.txt
2017-09-27 13:07 - 2017-09-27 13:07 - 000000000 ____D G:\Users\jul\Downloads\ipTtKRKy (1)
2017-09-27 10:09 - 2017-09-27 10:10 - 204472320 _____ G:\Users\jul\Downloads\JP_toslteial.rar.001
2017-09-27 10:09 - 2017-09-27 10:10 - 069019226 _____ G:\Users\jul\Downloads\JP_toslteial.rar.002
2017-09-27 09:51 - 2017-09-27 10:56 - 595238051 _____ G:\Users\jul\Downloads\DP Rebecca Volpetti - goes hardcore 3on1 anal  SZ1298.mp4
2017-09-27 09:45 - 2017-09-27 12:32 - 1537966053 _____ G:\Users\jul\Downloads\blanche_bella_sz500_lp.mp4
2017-09-27 08:46 - 2017-09-27 08:46 - 000000000 ____D G:\Users\jul\Downloads\lvnlx
2017-09-27 08:46 - 2017-09-27 08:46 - 000000000 ____D G:\Users\jul\Downloads\75eTwSj2VA8BhSRF9sOOIpsZggKqIBYfceM
2017-09-27 08:37 - 2017-09-27 13:05 - 821020703 _____ G:\Users\jul\Downloads\ipTtKRKy (1).rar
2017-09-27 04:39 - 2017-09-27 08:29 - 283049270 _____ G:\Users\jul\Downloads\Be216584214a.mp4.crdownload
2017-09-27 04:24 - 2017-09-27 05:28 - 989189972 _____ G:\Users\jul\Downloads\75eTwSj2VA8BhSRF9sOOIpsZggKqIBYfceM.rar
2017-09-27 04:05 - 2017-09-27 07:04 - 551910683 _____ G:\Users\jul\Downloads\lvnlx.rar
2017-09-27 01:34 - 2017-09-27 01:34 - 007710676 _____ G:\Users\jul\Downloads\[JUJUJUJU-PC]__2017-09-27__00-57-15__e1112e_TSF.sdbz
2017-09-27 01:11 - 2017-09-27 01:11 - 000019352 _____ G:\Windows\fidpcidrv64.sys
2017-09-27 01:11 - 2017-09-27 01:11 - 000012184 _____ G:\Windows\fiddrv64.sys
2017-09-27 01:10 - 2017-09-27 01:10 - 004210688 _____ G:\Users\jul\Downloads\pidenu46.msi
2017-09-27 01:10 - 2017-09-27 01:10 - 000001243 _____ G:\Users\Public\Desktop\Intel® Processor Identification Utility.lnk
2017-09-27 01:10 - 2017-09-27 01:10 - 000000000 ___DC G:\Program Files (x86)\Intel Corporation
2017-09-27 01:10 - 2017-09-27 01:10 - 000000000 ____D G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Processor Identification Utility
2017-09-27 01:09 - 2017-09-27 01:10 - 240549888 _____ G:\Users\jul\Downloads\IPDT_Installer_4.0.0.29.exe
2017-09-27 00:55 - 2017-09-27 00:55 - 000012872 _____ (SurfRight B.V.) G:\Windows\system32\bootdelete.exe
2017-09-27 00:45 - 2017-09-27 00:45 - 039130668 _____ G:\Users\jul\Downloads\[Guru3D]-MSIAfterburner-beta.zip
2017-09-27 00:42 - 2017-09-27 00:42 - 034576696 _____ G:\Users\jul\Downloads\The_Big_Book_of_Buds_Volume_3_More_Marijuana_Varie.pdf
2017-09-27 00:42 - 2017-09-27 00:42 - 017825668 _____ G:\Users\jul\Downloads\_S_T_Oner_The_Rev_Cannabis_Indica_Volume_3_Th_b-ok.pdf
2017-09-27 00:32 - 2017-09-27 00:32 - 000000000 ____D G:\Users\jul\AppData\Roaming\JAM Software
2017-09-27 00:30 - 2017-09-27 00:30 - 006438041 _____ G:\Users\jul\Downloads\Issue 8 May.pdf
2017-09-27 00:29 - 2017-09-27 00:29 - 004337854 _____ G:\Users\jul\Downloads\Issue 7 April.pdf
2017-09-27 00:28 - 2017-09-27 00:28 - 008836849 _____ G:\Users\jul\Downloads\The Cannabis Grow Bible .pdf
2017-09-27 00:27 - 2017-09-27 00:28 - 099791824 _____ G:\Users\jul\Downloads\Dan Michaels%2C Erik Christiansen Green%2C a field guide to marijuana-ilovepdf-compressed.pdf
2017-09-26 23:19 - 2017-09-26 23:19 - 002083546 _____ G:\Users\jul\Downloads\Re-Loader.3.0.Beta.3.rar
2017-09-26 23:19 - 2017-09-26 23:19 - 000000000 ____D G:\Users\jul\Downloads\Re-Loader.3.0.Beta.3
2017-09-26 23:02 - 2017-09-26 23:22 - 000003621 _____ G:\Users\Public\Desktop\R@1n.txt
2017-09-26 23:00 - 2017-09-26 23:15 - 000000000 ____D G:\Users\jul\Downloads\Re-Loader_1.3_RC-8
2017-09-26 22:59 - 2017-09-26 22:59 - 001950495 _____ G:\Users\jul\Downloads\Re-Loader_1.3_RC-8.rar
2017-09-26 16:56 - 2017-09-27 00:56 - 000000000 ____D G:\ProgramData\HitmanPro
2017-09-26 16:54 - 2017-09-26 16:56 - 011584088 _____ (SurfRight B.V.) G:\Users\jul\Downloads\HitmanPro_x64.exe
2017-09-26 16:54 - 2017-09-26 16:54 - 001792640 _____ (Bleeping Computer, LLC) G:\Users\jul\Downloads\iExplore.exe
2017-09-26 16:42 - 2017-09-26 17:03 - 653456557 _____ G:\Users\jul\Downloads\thbll.wb72_300mbfilms.com.mkv
2017-09-25 21:49 - 2017-09-25 21:49 - 000017975 _____ G:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2017-09-25 21:49 - 2017-09-25 21:49 - 000002215 _____ G:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2017-09-25 21:49 - 2017-09-25 21:49 - 000000207 _____ G:\Windows\tweaking.com-regbackup-JUJUJUJU-PC-Windows-7-Home-Premium-(64-bit).dat
2017-09-25 21:49 - 2017-09-25 21:49 - 000000000 ___DC G:\RegBackup
2017-09-25 21:49 - 2017-09-25 21:49 - 000000000 ___DC G:\Program Files (x86)\Tweaking.com
2017-09-25 21:49 - 2017-09-25 21:49 - 000000000 ____D G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-09-25 21:48 - 2017-09-25 21:49 - 005766144 _____ (Tweaking.com) G:\Users\jul\Downloads\tweaking.com_registry_backup_setup.exe
2017-09-25 21:45 - 2017-09-25 21:45 - 000002612 _____ G:\Users\jul\Downloads\aswMBR.txt
2017-09-25 21:45 - 2017-09-25 21:45 - 000000512 _____ G:\Users\jul\Downloads\MBR.dat
2017-09-25 21:39 - 2017-09-25 21:39 - 005198336 _____ (AVAST Software) G:\Users\jul\Downloads\aswMBR.exe
2017-09-25 21:39 - 2017-09-25 21:39 - 002399744 _____ (Farbar) G:\Users\jul\Downloads\FRST64 (2).exe
2017-09-25 20:42 - 2017-09-25 20:42 - 000000000 ____D G:\Users\jul\Downloads\amrssa.hdts
2017-09-25 20:41 - 2017-09-25 20:41 - 000000000 ____D G:\Users\jul\Downloads\lthrfcc.wbrp_300mbfilms.com
2017-09-25 18:42 - 2017-09-25 18:43 - 128989025 _____ G:\Users\jul\Downloads\lthrfcc.wbrp_300mbfilms.com.part3.rar
2017-09-25 18:41 - 2017-09-25 18:43 - 131072000 _____ G:\Users\jul\Downloads\lthrfcc.wbrp_300mbfilms.com.part2.rar
2017-09-25 18:41 - 2017-09-25 18:43 - 131072000 _____ G:\Users\jul\Downloads\lthrfcc.wbrp_300mbfilms.com.part1.rar
2017-09-25 18:40 - 2017-09-25 18:47 - 887897968 _____ G:\Users\jul\Downloads\thbtsgpp.hdpr72_300mbfilms.com.mkv
2017-09-25 18:37 - 2017-09-25 18:52 - 443478077 _____ G:\Users\jul\Downloads\snprki.dd_300mbfilms.com.mkv
2017-09-25 18:33 - 2017-09-25 18:33 - 000002703 _____ G:\Users\jul\Downloads\legitcheck.hta
2017-09-25 18:21 - 2017-09-28 14:18 - 000049210 _____ G:\Windows\ZAM.krnl.trace
2017-09-25 18:21 - 2017-09-28 14:18 - 000021959 _____ G:\Windows\ZAM_Guard.krnl.trace
2017-09-23 22:21 - 2017-09-23 22:21 - 000001051 _____ G:\Users\jul\Desktop\New Playlis-;kljt.wpl - Shortcut.lnk
2017-09-23 22:15 - 2017-09-23 22:15 - 001685458 _____ G:\Users\jul\Downloads\SNIPER.ELITE.V2.V1.13.PLUS5TRN.HOG.ZIP
2017-09-23 22:15 - 2017-09-23 22:15 - 000000000 ____D G:\Users\jul\Downloads\SNIPER.ELITE.V2.V1.13.PLUS5TRN.HOG
2017-09-23 20:58 - 2017-09-23 20:58 - 001360244 _____ G:\Users\jul\Downloads\Unconfirmed 696341.crdownload
2017-09-23 14:09 - 2017-08-19 16:28 - 004121600 _____ (Microsoft Corporation) G:\Windows\system32\mf.dll
2017-09-23 14:09 - 2017-08-19 16:28 - 000206848 _____ (Microsoft Corporation) G:\Windows\system32\mfps.dll
2017-09-23 14:09 - 2017-08-19 16:28 - 000002048 _____ (Microsoft Corporation) G:\Windows\system32\mferror.dll
2017-09-23 14:09 - 2017-08-19 16:10 - 003209216 _____ (Microsoft Corporation) G:\Windows\SysWOW64\mf.dll
2017-09-23 14:09 - 2017-08-19 16:10 - 000103424 _____ (Microsoft Corporation) G:\Windows\SysWOW64\mfps.dll
2017-09-23 14:09 - 2017-08-19 16:10 - 000002048 _____ (Microsoft Corporation) G:\Windows\SysWOW64\mferror.dll
2017-09-23 14:09 - 2017-08-19 16:08 - 000055808 _____ (Microsoft Corporation) G:\Windows\system32\rrinstaller.exe
2017-09-23 14:09 - 2017-08-19 16:08 - 000024576 _____ (Microsoft Corporation) G:\Windows\system32\mfpmp.exe
2017-09-23 14:09 - 2017-08-19 15:57 - 000050176 _____ (Microsoft Corporation) G:\Windows\SysWOW64\rrinstaller.exe
2017-09-23 14:09 - 2017-08-19 15:57 - 000023040 _____ (Microsoft Corporation) G:\Windows\SysWOW64\mfpmp.exe
2017-09-23 14:09 - 2017-08-14 18:38 - 000154856 _____ (Microsoft Corporation) G:\Windows\system32\Drivers\ksecpkg.sys
2017-09-23 14:09 - 2017-08-14 18:38 - 000095464 _____ (Microsoft Corporation) G:\Windows\system32\Drivers\ksecdd.sys
2017-09-23 14:09 - 2017-08-14 18:35 - 001460736 _____ (Microsoft Corporation) G:\Windows\system32\lsasrv.dll
2017-09-23 14:09 - 2017-08-14 18:35 - 001212928 _____ (Microsoft Corporation) G:\Windows\system32\rpcrt4.dll
2017-09-23 14:09 - 2017-08-14 18:35 - 001032192 _____ (Microsoft Corporation) G:\Windows\system32\rdpcore.dll
2017-09-23 14:09 - 2017-08-14 18:35 - 000827904 _____ (Microsoft Corporation) G:\Windows\SysWOW64\rdpcore.dll
2017-09-23 14:09 - 2017-08-14 18:35 - 000731648 _____ (Microsoft Corporation) G:\Windows\system32\kerberos.dll
2017-09-23 14:09 - 2017-08-14 18:35 - 000690688 _____ (Microsoft Corporation) G:\Windows\SysWOW64\adtschema.dll
2017-09-23 14:09 - 2017-08-14 18:35 - 000666112 _____ (Microsoft Corporation) G:\Windows\SysWOW64\rpcrt4.dll
2017-09-23 14:09 - 2017-08-14 18:35 - 000554496 _____ (Microsoft Corporation) G:\Windows\SysWOW64\kerberos.dll
2017-09-23 14:09 - 2017-08-14 18:35 - 000345600 _____ (Microsoft Corporation) G:\Windows\system32\schannel.dll
2017-09-23 14:09 - 2017-08-14 18:35 - 000342528 _____ (Microsoft Corporation) G:\Windows\SysWOW64\certcli.dll
2017-09-23 14:09 - 2017-08-14 18:35 - 000316928 _____ (Microsoft Corporation) G:\Windows\system32\msv1_0.dll
2017-09-23 14:09 - 2017-08-14 18:35 - 000312320 _____ (Microsoft Corporation) G:\Windows\system32\ncrypt.dll
2017-09-23 14:09 - 2017-08-14 18:35 - 000261120 _____ (Microsoft Corporation) G:\Windows\SysWOW64\msv1_0.dll
2017-09-23 14:09 - 2017-08-14 18:35 - 000254464 _____ (Microsoft Corporation) G:\Windows\SysWOW64\schannel.dll
2017-09-23 14:09 - 2017-08-14 18:35 - 000223232 _____ (Microsoft Corporation) G:\Windows\SysWOW64\ncrypt.dll
2017-09-23 14:09 - 2017-08-14 18:35 - 000210432 _____ (Microsoft Corporation) G:\Windows\system32\wdigest.dll
2017-09-23 14:09 - 2017-08-14 18:35 - 000190464 _____ (Microsoft Corporation) G:\Windows\system32\rpchttp.dll
2017-09-23 14:09 - 2017-08-14 18:35 - 000172032 _____ (Microsoft Corporation) G:\Windows\SysWOW64\wdigest.dll
2017-09-23 14:09 - 2017-08-14 18:35 - 000146432 _____ (Microsoft Corporation) G:\Windows\SysWOW64\msaudite.dll
2017-09-23 14:09 - 2017-08-14 18:35 - 000146432 _____ (Microsoft Corporation) G:\Windows\system32\msaudite.dll
2017-09-23 14:09 - 2017-08-14 18:35 - 000141312 _____ (Microsoft Corporation) G:\Windows\SysWOW64\rpchttp.dll
2017-09-23 14:09 - 2017-08-14 18:35 - 000135680 _____ (Microsoft Corporation) G:\Windows\system32\sspicli.dll
2017-09-23 14:09 - 2017-08-14 18:35 - 000096768 _____ (Microsoft Corporation) G:\Windows\SysWOW64\sspicli.dll
2017-09-23 14:09 - 2017-08-14 18:35 - 000086528 _____ (Microsoft Corporation) G:\Windows\system32\TSpkg.dll
2017-09-23 14:09 - 2017-08-14 18:35 - 000082944 _____ (Microsoft Corporation) G:\Windows\SysWOW64\bcrypt.dll
2017-09-23 14:09 - 2017-08-14 18:35 - 000065536 _____ (Microsoft Corporation) G:\Windows\SysWOW64\TSpkg.dll
2017-09-23 14:09 - 2017-08-14 18:35 - 000060416 _____ (Microsoft Corporation) G:\Windows\SysWOW64\msobjs.dll
2017-09-23 14:09 - 2017-08-14 18:35 - 000060416 _____ (Microsoft Corporation) G:\Windows\system32\msobjs.dll
2017-09-23 14:09 - 2017-08-14 18:35 - 000043520 _____ (Microsoft Corporation) G:\Windows\system32\cryptbase.dll
2017-09-23 14:09 - 2017-08-14 18:35 - 000028672 _____ (Microsoft Corporation) G:\Windows\system32\sspisrv.dll
2017-09-23 14:09 - 2017-08-14 18:35 - 000028160 _____ (Microsoft Corporation) G:\Windows\system32\secur32.dll
2017-09-23 14:09 - 2017-08-14 18:35 - 000022528 _____ (Microsoft Corporation) G:\Windows\system32\icaapi.dll
2017-09-23 14:09 - 2017-08-14 18:35 - 000022016 _____ (Microsoft Corporation) G:\Windows\SysWOW64\secur32.dll
2017-09-23 14:09 - 2017-08-14 18:35 - 000022016 _____ (Microsoft Corporation) G:\Windows\system32\credssp.dll
2017-09-23 14:09 - 2017-08-14 18:35 - 000017408 _____ (Microsoft Corporation) G:\Windows\SysWOW64\credssp.dll
2017-09-23 14:09 - 2017-08-14 18:34 - 000690688 _____ (Microsoft Corporation) G:\Windows\system32\adtschema.dll
2017-09-23 14:09 - 2017-08-14 18:34 - 000463872 _____ (Microsoft Corporation) G:\Windows\system32\certcli.dll
2017-09-23 14:09 - 2017-08-14 18:34 - 000123904 _____ (Microsoft Corporation) G:\Windows\system32\bcrypt.dll
2017-09-23 14:09 - 2017-08-13 22:45 - 000040448 _____ (Microsoft Corporation) G:\Windows\system32\Drivers\tssecsrv.sys
2017-09-23 14:09 - 2017-08-13 22:37 - 000064000 _____ (Microsoft Corporation) G:\Windows\system32\auditpol.exe
2017-09-23 14:09 - 2017-08-13 22:31 - 000159744 _____ (Microsoft Corporation) G:\Windows\system32\Drivers\mrxsmb.sys
2017-09-23 14:09 - 2017-08-13 22:30 - 000291328 _____ (Microsoft Corporation) G:\Windows\system32\Drivers\mrxsmb10.sys
2017-09-23 14:09 - 2017-08-13 22:30 - 000129536 _____ (Microsoft Corporation) G:\Windows\system32\Drivers\mrxsmb20.sys
2017-09-23 14:09 - 2017-08-13 22:30 - 000050176 _____ (Microsoft Corporation) G:\Windows\SysWOW64\auditpol.exe
2017-09-23 14:09 - 2017-08-13 22:30 - 000030720 _____ (Microsoft Corporation) G:\Windows\system32\lsass.exe
2017-09-23 14:09 - 2017-08-13 22:26 - 000036352 _____ (Microsoft Corporation) G:\Windows\SysWOW64\cryptbase.dll
2017-09-23 12:53 - 2017-09-23 12:53 - 000017398 _____ G:\Users\jul\Downloads\Untitled
2017-09-23 12:52 - 2017-09-23 14:02 - 000000923 _____ G:\Users\jul\Desktop\WEEEDWOOOORLD.txt
2017-09-23 08:01 - 2017-09-23 10:09 - 000000945 _____ G:\Users\jul\Desktop\AtTitude2.txt
2017-09-23 07:27 - 2017-09-23 07:43 - 000001131 _____ G:\Users\jul\Desktop\AtTitude.txt
2017-09-22 23:28 - 2017-09-22 23:28 - 009809688 _____ (Piriform Ltd) G:\Users\jul\Downloads\ccsetup535.exe
2017-09-22 22:54 - 2017-09-27 20:08 - 000065536 _____ G:\Windows\system32\spu_storage.bin
2017-09-22 22:52 - 2017-09-22 22:52 - 000000000 ____D G:\Users\jul\Downloads\klnggntrh.wb72 (1)
2017-09-22 22:48 - 2017-09-20 09:05 - 000000824 _____ G:\Windows\system32\Drivers\etc\hosts.20170922-224844.backup
2017-09-22 22:40 - 2017-09-22 22:40 - 000000000 ____D G:\Users\jul\Documents\ProcAlyzer Dumps
2017-09-22 22:11 - 2017-09-22 22:11 - 000000000 ____D G:\Users\jul\Downloads\bgbrr.wb72
2017-09-22 21:27 - 2017-09-22 21:37 - 574048515 _____ G:\Users\jul\Downloads\thlthrss.wb72_300mbfilms.com.mkv
2017-09-22 21:24 - 2017-09-22 21:33 - 574974475 _____ G:\Users\jul\Downloads\hphntg.wb72_300mbfilms.com.mkv
2017-09-22 20:11 - 2017-09-22 20:11 - 000000000 ____D G:\Users\jul\AppData\LocalLow\AMD
2017-09-22 20:09 - 2017-09-22 20:09 - 000003146 _____ G:\Windows\System32\Tasks\StartCN
2017-09-22 20:09 - 2017-09-22 20:09 - 000000000 ___DC G:\Program Files (x86)\AMD
2017-09-22 20:09 - 2017-09-22 20:09 - 000000000 ____D G:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2017-09-22 20:06 - 2017-09-22 20:06 - 034895000 _____ (AMD Inc.) G:\Users\jul\Downloads\radeon-crimson-relive-17.9.2-minimalsetup-170921_64bit.exe
2017-09-22 20:06 - 2017-09-22 20:06 - 000000060 _____ G:\ProgramData\SoftwareUpdateTemp.xml
2017-09-22 12:21 - 2017-09-22 12:21 - 000000595 _____ G:\Users\jul\Desktop\MO.txt.lnk
2017-09-22 12:21 - 2017-09-22 12:21 - 000000204 _____ G:\Users\jul\Downloads\MO2.txt
2017-09-21 17:44 - 2017-09-21 17:44 - 000000000 ____D G:\Users\jul\Downloads\thrtnr.wb72
2017-09-21 16:09 - 2017-09-21 16:09 - 000000000 ____D G:\Users\jul\Downloads\brlystydrm.br_300mbfilms.com
2017-09-21 16:06 - 2017-09-21 16:06 - 000000000 ____D G:\Users\jul\Downloads\thlsdrmm.br_300mbfilms.com
2017-09-21 16:04 - 2017-09-21 16:25 - 861621272 _____ G:\Users\jul\Downloads\thlvv.br_300mbfilms.com.mkv
2017-09-21 16:02 - 2017-09-21 16:06 - 652887510 _____ G:\Users\jul\Downloads\gnlsenfr.br_300mbfilms.com.mkv
2017-09-21 15:42 - 2017-09-21 15:53 - 652477121 _____ G:\Users\jul\Downloads\sntnn.br_300mbfilms.com.mkv
2017-09-21 15:13 - 2017-09-25 21:37 - 000000243 _____ G:\Users\jul\Downloads\MO.txt
2017-09-20 22:10 - 2017-09-20 22:15 - 756365855 _____ G:\Users\jul\Downloads\thbdbtchh.br_300mbfilms.com.mkv
2017-09-20 22:07 - 2017-09-20 22:16 - 598096095 _____ G:\Users\jul\Downloads\aghstry.br_300mbfilms.com.mkv
2017-09-20 14:25 - 2017-09-20 14:25 - 000001729 _____ G:\Users\jul\Desktop\SVRTgui.exe - Shortcut.lnk
2017-09-20 14:24 - 2017-09-20 14:24 - 000002759 _____ G:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-09-20 14:24 - 2017-09-20 14:24 - 000000000 ____D G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-09-20 14:23 - 2017-09-20 14:23 - 000003002 _____ G:\Windows\System32\Tasks\{B7F239E5-9E4F-4367-8CE7-4BE6E65CB805}
2017-09-20 14:22 - 2017-09-20 14:22 - 000003002 _____ G:\Windows\System32\Tasks\{E6E1D0DF-885B-413D-B264-768F7862DBDC}
2017-09-20 09:20 - 2017-09-20 09:20 - 000000000 ____D G:\ProgramData\Sophos
2017-09-20 09:19 - 2017-09-20 09:19 - 000000000 ___DC G:\Program Files (x86)\Sophos
2017-09-20 09:17 - 2017-09-20 09:18 - 176827064 _____ (Sophos Limited) G:\Users\jul\Downloads\Sophos Virus Removal Tool.exe
2017-09-20 09:03 - 2017-09-20 09:03 - 000203680 _____ (Zemana Ltd.) G:\Windows\system32\Drivers\zamguard64.sys
2017-09-20 09:03 - 2017-09-20 09:03 - 000203680 _____ (Zemana Ltd.) G:\Windows\system32\Drivers\zam64.sys
2017-09-20 09:03 - 2017-09-20 09:03 - 000001128 _____ G:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-09-20 09:03 - 2017-09-20 09:03 - 000000000 ___DC G:\Program Files (x86)\Zemana AntiMalware
2017-09-20 09:03 - 2017-09-20 09:03 - 000000000 ____D G:\Users\jul\AppData\Local\Zemana
2017-09-20 09:03 - 2017-09-20 09:03 - 000000000 ____D G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-09-20 09:01 - 2017-09-20 09:01 - 000003812 _____ G:\Users\jul\Downloads\Rkill.txt
2017-09-20 08:58 - 2017-09-20 08:58 - 001792640 _____ (Bleeping Computer, LLC) G:\Users\jul\Downloads\uSeRiNiT.exe
2017-09-20 08:48 - 2017-09-22 23:28 - 000002792 _____ G:\Windows\System32\Tasks\CCleanerSkipUAC
2017-09-20 05:48 - 2017-09-20 05:48 - 000000000 ____D G:\Users\jul\Downloads\lizfever
2017-09-20 05:26 - 2017-09-26 23:29 - 000000000 ____D G:\Users\jul\Downloads\Tina-Kay-Sara-K
2017-09-20 05:24 - 2017-09-20 05:24 - 000042874 _____ G:\Users\jul\Documents\KSC_JUJUJUJU-PC_09_20_2017_05_24.html
2017-09-20 04:37 - 2017-09-20 04:37 - 000000000 ____D G:\Users\jul\Downloads\CkK9dztxRtyhRcO
2017-09-20 03:40 - 2017-09-20 06:03 - 000000000 ____D G:\Users\jul\Downloads\ksc
2017-09-20 03:40 - 2017-09-20 03:40 - 000000000 ____D G:\ProgramData\Kaspersky Lab
2017-09-20 03:39 - 2017-09-20 03:40 - 055430208 _____ (Kaspersky Lab AO) G:\Users\jul\Downloads\ksc_launcher.exe
2017-09-20 03:30 - 2017-09-22 23:28 - 000000838 _____ G:\Users\Public\Desktop\CCleaner.lnk
2017-09-20 03:30 - 2017-09-22 23:28 - 000000000 ___DC G:\Program Files\CCleaner
2017-09-20 03:30 - 2017-09-20 03:30 - 000000000 ____D G:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-09-20 03:25 - 2017-09-20 03:25 - 009826968 _____ (Piriform Ltd) G:\Users\jul\Downloads\ccsetup534 (1).exe
2017-09-20 03:00 - 2017-09-20 03:00 - 000000000 ____D G:\Users\jul\Downloads\Goldie_Sofy_Mira_BBC_Orgy
2017-09-20 01:52 - 2017-09-20 02:24 - 286338646 _____ G:\Users\jul\Downloads\Crystal_Greenvelle_-_Nice_Pussy_and_bleep.mp4
2017-09-20 01:40 - 2017-09-20 02:07 - 330971691 _____ G:\Users\jul\Downloads\Scene%202%20From%20Au%20Pair%20Girls%20-%20480p.mp4
2017-09-20 01:23 - 2017-09-20 01:53 - 450469579 _____ G:\Users\jul\Downloads\double_donged_big.mp4
2017-09-20 01:01 - 2017-09-20 01:01 - 121563220 _____ G:\Users\jul\Downloads\123LunaR1v4lG3tt1ngR34dyF0rEx4m$ (1).mp4
2017-09-20 00:36 - 2017-09-20 03:08 - 1402934738 _____ G:\Users\jul\Downloads\Henessy_Julia_Red_IV095_720.mp4
2017-09-19 21:01 - 2017-09-19 21:01 - 000000000 ____H G:\Windows\system32\Drivers\Msft_Kernel_xb1usb_01011.Wdf
2017-09-19 17:01 - 2017-09-19 17:01 - 002539881 _____ G:\Users\jul\Downloads\[JUJUJUJU-PC]__2017-09-19__16-58-43__6f580e.sdbz
2017-09-19 16:58 - 2017-09-19 16:58 - 010532320 _____ (Symantec Corporation) G:\Users\jul\Downloads\SymDiag.exe
2017-09-19 16:30 - 2017-09-19 16:30 - 000000000 ____D G:\Users\jul\Downloads\LS_bgtsal.rar
2017-09-19 15:07 - 2017-09-19 15:07 - 000000000 ____D G:\Users\jul\Downloads\thwdd.hdrp_300mbfilms.com
2017-09-19 15:07 - 2017-09-19 15:07 - 000000000 ____D G:\Users\jul\Downloads\ngtbtv.hdrp
2017-09-19 13:47 - 2017-09-19 13:47 - 000014422 _____ G:\Windows\System32\Tasks\wincore
2017-09-19 13:47 - 2017-09-19 13:47 - 000014418 _____ G:\Windows\System32\Tasks\max
2017-09-19 13:47 - 2017-09-19 13:47 - 000000000 ____D G:\Users\jul\AppData\Roaming\Windows
2017-09-19 13:43 - 2017-09-19 13:55 - 757619434 _____ G:\Users\jul\Downloads\thbkhnry.wb72_300mbfilms.com.mkv
2017-09-19 01:36 - 2017-09-19 01:36 - 015000552 _____ (Advanced Micro Devices, Inc. ) G:\Windows\system32\atidxx64.dll
2017-09-19 01:36 - 2017-09-19 01:36 - 012448736 _____ (Advanced Micro Devices, Inc. ) G:\Windows\SysWOW64\atidxx32.dll
2017-09-19 01:36 - 2017-09-19 01:36 - 011578952 _____ (Advanced Micro Devices, Inc. ) G:\Windows\system32\atiumd64.dll
2017-09-19 01:36 - 2017-09-19 01:36 - 009412328 _____ (Advanced Micro Devices, Inc. ) G:\Windows\SysWOW64\atiumdag.dll
2017-09-19 01:36 - 2017-09-19 01:36 - 000543624 _____ G:\Windows\system32\dgtrayicon.exe
2017-09-19 01:36 - 2017-09-19 01:36 - 000522632 _____ G:\Windows\system32\GameManager64.dll
2017-09-19 01:36 - 2017-09-19 01:36 - 000360840 _____ G:\Windows\system32\clinfo.exe
2017-09-19 01:36 - 2017-09-19 01:36 - 000356744 _____ G:\Windows\SysWOW64\GameManager32.dll
2017-09-19 01:36 - 2017-09-19 01:36 - 000208272 _____ (Advanced Micro Devices, Inc. ) G:\Windows\system32\atiuxp64.dll
2017-09-19 01:36 - 2017-09-19 01:36 - 000185088 _____ (Advanced Micro Devices, Inc. ) G:\Windows\system32\atiu9p64.dll
2017-09-19 01:36 - 2017-09-19 01:36 - 000161344 _____ (Advanced Micro Devices, Inc. ) G:\Windows\SysWOW64\atiuxpag.dll
2017-09-19 01:36 - 2017-09-19 01:36 - 000127368 _____ (Khronos Group) G:\Windows\system32\OpenCL.dll
2017-09-19 01:36 - 2017-09-19 01:36 - 000105864 _____ (Khronos Group) G:\Windows\SysWOW64\OpenCL.dll
2017-09-19 01:35 - 2017-09-19 01:35 - 061592456 _____ (Advanced Micro Devices Inc.) G:\Windows\system32\amdocl64.dll
2017-09-19 01:35 - 2017-09-19 01:35 - 031068040 _____ (Advanced Micro Devices Inc.) G:\Windows\system32\amdocl12cl64.dll
2017-09-19 01:35 - 2017-09-19 01:35 - 015728520 _____ (Advanced Micro Devices Inc.) G:\Windows\system32\aticaldd64.dll
2017-09-19 01:35 - 2017-09-19 01:35 - 014318984 _____ (Advanced Micro Devices Inc.) G:\Windows\SysWOW64\aticaldd.dll
2017-09-19 01:35 - 2017-09-19 01:35 - 012749080 _____ (Advanced Micro Devices, Inc. ) G:\Windows\system32\atiumd6a.dll
2017-09-19 01:35 - 2017-09-19 01:35 - 012067208 _____ (Advanced Micro Devices, Inc. ) G:\Windows\system32\amdmantle64.dll
2017-09-19 01:35 - 2017-09-19 01:35 - 011650040 _____ (Advanced Micro Devices, Inc. ) G:\Windows\SysWOW64\atiumdva.dll
2017-09-19 01:35 - 2017-09-19 01:35 - 009752456 _____ (Advanced Micro Devices, Inc. ) G:\Windows\SysWOW64\amdmantle32.dll
2017-09-19 01:35 - 2017-09-19 01:35 - 001921120 _____ (Advanced Micro Devices, Inc. ) G:\Windows\system32\aticfx64.dll
2017-09-19 01:35 - 2017-09-19 01:35 - 001530760 _____ (Advanced Micro Devices, Inc.) G:\Windows\system32\atiadlxx.dll
2017-09-19 01:35 - 2017-09-19 01:35 - 001048456 _____ (Advanced Micro Devices, Inc.) G:\Windows\SysWOW64\atiadlxy.dll
2017-09-19 01:35 - 2017-09-19 01:35 - 001048456 _____ (Advanced Micro Devices, Inc.) G:\Windows\SysWOW64\atiadlxx.dll
2017-09-19 01:35 - 2017-09-19 01:35 - 000772488 _____ (AMD) G:\Windows\system32\atieclxx.exe
2017-09-19 01:35 - 2017-09-19 01:35 - 000657288 _____ (Advanced Micro Devices, Inc.) G:\Windows\system32\atiapfxx.exe
2017-09-19 01:35 - 2017-09-19 01:35 - 000544136 _____ (AMD) G:\Windows\system32\atitmm64.dll
2017-09-19 01:35 - 2017-09-19 01:35 - 000543112 _____ (AMD) G:\Windows\system32\atiesrxx.exe
2017-09-19 01:35 - 2017-09-19 01:35 - 000543112 _____ (Advanced Micro Devices, Inc.) G:\Windows\system32\Rapidfire64.dll
2017-09-19 01:35 - 2017-09-19 01:35 - 000532360 _____ (Advanced Micro Devices, Inc.) G:\Windows\system32\Drivers\atikmpag.sys
2017-09-19 01:35 - 2017-09-19 01:35 - 000475016 _____ G:\Windows\system32\atieah64.exe
2017-09-19 01:35 - 2017-09-19 01:35 - 000475016 _____ (Advanced Micro Devices, Inc.) G:\Windows\SysWOW64\Rapidfire.dll
2017-09-19 01:35 - 2017-09-19 01:35 - 000458632 _____ (Advanced Micro Devices, Inc.) G:\Windows\system32\atidemgy.dll
2017-09-19 01:35 - 2017-09-19 01:35 - 000349064 _____ (Advanced Micro Devices, Inc.) G:\Windows\system32\ATIODE.exe
2017-09-19 01:35 - 2017-09-19 01:35 - 000325512 _____ G:\Windows\SysWOW64\atieah32.exe
2017-09-19 01:35 - 2017-09-19 01:35 - 000194952 _____ (Advanced Micro Devices, Inc. ) G:\Windows\SysWOW64\atigktxx.dll
2017-09-19 01:35 - 2017-09-19 01:35 - 000185600 _____ (Advanced Micro Devices, Inc.) G:\Windows\system32\amdhcp64.dll
2017-09-19 01:35 - 2017-09-19 01:35 - 000182664 _____ (Advanced Micro Devices, Inc. ) G:\Windows\system32\mantle64.dll
2017-09-19 01:35 - 2017-09-19 01:35 - 000161160 _____ (Advanced Micro Devices, Inc. ) G:\Windows\system32\mantleaxl64.dll
2017-09-19 01:35 - 2017-09-19 01:35 - 000154152 _____ (Advanced Micro Devices, Inc.) G:\Windows\SysWOW64\amdhcp32.dll
2017-09-19 01:35 - 2017-09-19 01:35 - 000142216 _____ (Advanced Micro Devices, Inc. ) G:\Windows\SysWOW64\mantle32.dll
2017-09-19 01:35 - 2017-09-19 01:35 - 000128968 _____ (Advanced Micro Devices, Inc. ) G:\Windows\system32\amdave64.dll
2017-09-19 01:35 - 2017-09-19 01:35 - 000126856 _____ (Advanced Micro Devices, Inc. ) G:\Windows\SysWOW64\mantleaxl32.dll
2017-09-19 01:35 - 2017-09-19 01:35 - 000124808 _____ (Advanced Micro Devices, Inc. ) G:\Windows\SysWOW64\atiglpxx.dll
2017-09-19 01:35 - 2017-09-19 01:35 - 000124808 _____ (Advanced Micro Devices, Inc. ) G:\Windows\system32\atiglpxx.dll
2017-09-19 01:35 - 2017-09-19 01:35 - 000121240 _____ (Advanced Micro Devices, Inc. ) G:\Windows\system32\atimpc64.dll
2017-09-19 01:35 - 2017-09-19 01:35 - 000121240 _____ (Advanced Micro Devices, Inc. ) G:\Windows\system32\amdpcom64.dll
2017-09-19 01:35 - 2017-09-19 01:35 - 000115592 _____ (AMD) G:\Windows\system32\atimuixx.dll
2017-09-19 01:35 - 2017-09-19 01:35 - 000106248 _____ (Advanced Micro Devices, Inc. ) G:\Windows\SysWOW64\amdave32.dll
2017-09-19 01:35 - 2017-09-19 01:35 - 000092840 _____ (Advanced Micro Devices, Inc. ) G:\Windows\SysWOW64\atimpc32.dll
2017-09-19 01:35 - 2017-09-19 01:35 - 000092840 _____ (Advanced Micro Devices, Inc. ) G:\Windows\SysWOW64\amdpcom32.dll
2017-09-19 01:35 - 2017-09-19 01:35 - 000078728 _____ (Advanced Micro Devices Inc.) G:\Windows\system32\aticalrt64.dll
2017-09-19 01:35 - 2017-09-19 01:35 - 000072072 _____ (Advanced Micro Devices Inc.) G:\Windows\system32\aticalcl64.dll
2017-09-19 01:35 - 2017-09-19 01:35 - 000068488 _____ (Advanced Micro Devices Inc.) G:\Windows\SysWOW64\aticalrt.dll
2017-09-19 01:35 - 2017-09-19 01:35 - 000067464 _____ (Advanced Micro Devices, Inc.) G:\Windows\system32\ATIODCLI.exe
2017-09-19 01:35 - 2017-09-19 01:35 - 000065416 _____ (Advanced Micro Devices Inc.) G:\Windows\SysWOW64\aticalcl.dll
2017-09-19 01:35 - 2017-09-19 01:35 - 000060296 _____ (Advanced Micro Devices, Inc.) G:\Windows\system32\Drivers\ati2erec.dll
2017-09-19 01:35 - 2017-09-19 01:35 - 000036232 _____ (Advanced Micro Devices, Inc.) G:\Windows\system32\RapidFireServer64.dll
2017-09-19 01:35 - 2017-09-19 01:35 - 000033672 _____ (Advanced Micro Devices, Inc.) G:\Windows\SysWOW64\RapidFireServer.dll
2017-09-19 01:35 - 2017-09-19 01:35 - 000020360 _____ (Microsoft Corporation) G:\Windows\SysWOW64\detoured.dll
2017-09-19 01:35 - 2017-09-19 01:35 - 000020360 _____ (Microsoft Corporation) G:\Windows\system32\detoured.dll
2017-09-19 01:34 - 2017-09-19 01:34 - 047846792 _____ (Advanced Micro Devices Inc.) G:\Windows\SysWOW64\amdocl.dll
2017-09-19 01:34 - 2017-09-19 01:34 - 038756744 _____ (Advanced Micro Devices, Inc.) G:\Windows\system32\Drivers\atikmdag.sys
2017-09-19 01:34 - 2017-09-19 01:34 - 035210120 _____ (Advanced Micro Devices, Inc.) G:\Windows\system32\atio6axx.dll
2017-09-19 01:34 - 2017-09-19 01:34 - 028875144 _____ (Advanced Micro Devices, Inc.) G:\Windows\SysWOW64\atioglxx.dll
2017-09-19 01:34 - 2017-09-19 01:34 - 024973192 _____ (Advanced Micro Devices Inc.) G:\Windows\SysWOW64\amdocl12cl.dll
2017-09-19 01:34 - 2017-09-19 01:34 - 012505992 _____ (Advanced Micro Devices, Inc. ) G:\Windows\system32\amdvlk64.dll
2017-09-19 01:34 - 2017-09-19 01:34 - 010285448 _____ (Advanced Micro Devices, Inc. ) G:\Windows\SysWOW64\amdvlk32.dll
2017-09-19 01:34 - 2017-09-19 01:34 - 002906504 _____ (Advanced Micro Devices, Inc.) G:\Windows\system32\amfrt64.dll
2017-09-19 01:34 - 2017-09-19 01:34 - 002521480 _____ (Advanced Micro Devices, Inc.) G:\Windows\SysWOW64\amfrt32.dll
2017-09-19 01:34 - 2017-09-19 01:34 - 000855432 _____ (Advanced Micro Devices, Inc.) G:\Windows\system32\amdlvr64.dll
2017-09-19 01:34 - 2017-09-19 01:34 - 000687496 _____ (Advanced Micro Devices, Inc.) G:\Windows\SysWOW64\amdlvr32.dll
2017-09-19 01:34 - 2017-09-19 01:34 - 000505736 _____ G:\Windows\system32\amdgfxinfo64.dll
2017-09-19 01:34 - 2017-09-19 01:34 - 000351624 _____ G:\Windows\SysWOW64\amdgfxinfo32.dll
2017-09-19 01:34 - 2017-09-19 01:34 - 000305544 _____ (Advanced Micro Devices) G:\Windows\system32\Drivers\amdacpksd.sys
2017-09-19 01:34 - 2017-09-19 01:34 - 000166792 _____ (Advanced Micro Devices, Inc. ) G:\Windows\system32\amduve64.dll
2017-09-19 01:34 - 2017-09-19 01:34 - 000159112 _____ (Advanced Micro Devices, Inc. ) G:\Windows\system32\atisamu64.dll
2017-09-19 01:34 - 2017-09-19 01:34 - 000135560 _____ (Advanced Micro Devices, Inc. ) G:\Windows\SysWOW64\amduve32.dll
2017-09-19 01:34 - 2017-09-19 01:34 - 000124808 _____ (Advanced Micro Devices, Inc. ) G:\Windows\SysWOW64\atisamu32.dll
2017-09-19 01:34 - 2017-09-19 01:34 - 000082824 _____ (Advanced Micro Devices, Inc. ) G:\Windows\system32\amdmcl64.dll
2017-09-19 01:34 - 2017-09-19 01:34 - 000066952 _____ (Advanced Micro Devices, Inc. ) G:\Windows\system32\amdmmcl6.dll
2017-09-19 01:34 - 2017-09-19 01:34 - 000066440 _____ (Advanced Micro Devices, Inc. ) G:\Windows\SysWOW64\amdmcl32.dll
2017-09-19 01:34 - 2017-09-19 01:34 - 000054664 _____ (Advanced Micro Devices, Inc. ) G:\Windows\SysWOW64\amdmmcl.dll
2017-09-19 00:59 - 2017-09-19 00:59 - 003437632 _____ G:\Windows\system32\atiumd6a.cap
2017-09-19 00:57 - 2017-09-19 00:57 - 000204952 _____ G:\Windows\SysWOW64\ativvsvl.dat
2017-09-19 00:57 - 2017-09-19 00:57 - 000204952 _____ G:\Windows\system32\ativvsvl.dat
2017-09-19 00:57 - 2017-09-19 00:57 - 000157144 _____ G:\Windows\SysWOW64\ativvsva.dat
2017-09-19 00:57 - 2017-09-19 00:57 - 000157144 _____ G:\Windows\system32\ativvsva.dat
2017-09-19 00:53 - 2017-09-19 00:53 - 003471376 _____ G:\Windows\SysWOW64\atiumdva.cap
2017-09-19 00:13 - 2017-09-19 00:13 - 000824064 _____ G:\Windows\SysWOW64\atiapfxx.blb
2017-09-19 00:13 - 2017-09-19 00:13 - 000824064 _____ G:\Windows\system32\atiapfxx.blb
2017-09-16 16:16 - 2017-09-16 16:25 - 732675563 _____ G:\Users\jul\Downloads\R07gh.N1ght.17.cm.sdm0v13sp01nt.c0m.mkv
2017-09-16 11:33 - 2017-09-16 11:33 - 000000000 ____D G:\Users\jul\Downloads\jstcc.wb72_300mbfilms.com
2017-09-16 10:59 - 2017-09-16 11:22 - 731139494 _____ G:\Users\jul\Downloads\thisurdthh.wb72_300mbfilms.com.mkv
2017-09-16 08:03 - 2017-09-16 08:03 - 000000000 ____D G:\Users\jul\Downloads\Autoruns
2017-09-16 08:02 - 2017-09-16 08:02 - 001306150 _____ G:\Users\jul\Downloads\Autoruns.zip
2017-09-16 07:54 - 2017-09-16 07:55 - 000406144 ____C G:\TDSSKiller.3.1.0.15_16.09.2017_07.54.11_log.txt
2017-09-16 07:48 - 2017-09-16 07:48 - 000003773 _____ G:\Users\jul\Documents\JRT.txt
2017-09-16 07:47 - 2017-09-20 02:06 - 000003832 _____ G:\Users\jul\Desktop\JRT.txt
2017-09-16 07:42 - 2017-09-22 22:12 - 000000000 ____D G:\ProgramData\Malwarebytes
2017-09-16 07:39 - 2017-09-16 07:41 - 001271956 ____C G:\TDSSKiller.3.1.0.15_16.09.2017_07.39.43_log.txt
2017-09-16 07:37 - 2017-09-16 07:37 - 000010558 ____C G:\TDSSKiller.3.1.0.15_16.09.2017_07.37.09_log.txt
2017-09-16 07:35 - 2017-09-20 03:37 - 000001144 _____ G:\Users\jul\Desktop\Install Kaspersky Security Scan version 16.0.0.1344.lnk
2017-09-16 07:33 - 2017-09-16 07:35 - 000000000 ____D G:\ProgramData\Kaspersky Lab Setup Files
2017-09-16 07:33 - 2017-09-16 07:33 - 002623496 _____ (Kaspersky Lab) G:\Users\jul\Downloads\kss16.0.0.1344mlg_10004.exe
2017-09-16 07:32 - 2017-09-16 07:32 - 004922400 _____ (AO Kaspersky Lab) G:\Users\jul\Downloads\tdsskiller (2).exe
2017-09-16 07:28 - 2017-09-16 07:28 - 008182736 _____ (Malwarebytes) G:\Users\jul\Downloads\adwcleaner_7.0.2.1.exe
2017-09-16 07:28 - 2017-09-16 07:28 - 001790024 _____ (Malwarebytes) G:\Users\jul\Downloads\JRT.exe
2017-09-16 07:27 - 2017-09-16 07:27 - 016563352 _____ (Malwarebytes Corp.) G:\Users\jul\Downloads\mbar-1.09.3.1001.exe
2017-09-16 07:27 - 2017-09-16 07:27 - 016563352 _____ (Malwarebytes Corp.) G:\Users\jul\Downloads\7b3a2e30-f162-4a99-9017-eca9e9ee1fc2.tmp
2017-09-15 18:44 - 2017-09-15 18:44 - 000000000 ____D G:\Users\jul\Downloads\cisisirhcl.br_300mbfilms.com
2017-09-15 16:32 - 2017-09-15 16:32 - 000000000 ____D G:\Users\jul\Downloads\crtnwmn.br_300mbfilms.com
2017-09-15 16:25 - 2017-09-15 16:32 - 626213953 _____ G:\Users\jul\Downloads\vyyttmm.br_300mbfilms.com.mkv
2017-09-15 16:20 - 2017-09-15 16:42 - 678848976 _____ G:\Users\jul\Downloads\tharhh.wb72_300mbfilms.com.mkv
2017-09-15 12:47 - 2017-09-15 12:47 - 000005444 ____R G:\Windows\system32\Drivers\etc\hosts.20170915-124713.backup
2017-09-14 00:44 - 2017-09-14 00:44 - 000064654 _____ G:\Users\jul\Documents\Scan Results.170914-0044.txt
2017-09-14 00:43 - 2017-09-14 00:43 - 000012823 ____R G:\Windows\system32\Drivers\etc\hosts.20170914-004349.backup
2017-09-14 00:43 - 2017-09-14 00:43 - 000012221 ____R G:\Windows\system32\Drivers\etc\hosts.20170914-004350.backup
2017-09-14 00:24 - 2017-09-14 00:45 - 000000000 ____D G:\ProgramData\Spybot - Search & Destroy
2017-09-14 00:24 - 2017-09-14 00:25 - 000000000 ___DC G:\Program Files (x86)\Spybot - Search & Destroy 2
2017-09-14 00:24 - 2017-09-14 00:24 - 000001371 _____ G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-09-14 00:24 - 2017-09-14 00:24 - 000001359 _____ G:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-09-14 00:24 - 2017-09-14 00:24 - 000000000 ____D G:\Windows\System32\Tasks\Safer-Networking
2017-09-14 00:24 - 2017-09-14 00:24 - 000000000 ____D G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-09-14 00:24 - 2017-05-23 09:22 - 000032240 _____ (Safer-Networking Ltd.) G:\Windows\system32\sdnclean64.exe
2017-09-14 00:23 - 2017-09-14 00:23 - 051725936 _____ (Safer-Networking Ltd. ) G:\Users\jul\Downloads\spybotsd-2.6.46.exe
2017-09-14 00:17 - 2017-09-14 00:17 - 027340297 _____ G:\Users\jul\Downloads\[Guru3D.com]-MPC-HCx64.zip
2017-09-14 00:17 - 2017-09-14 00:17 - 000001398 _____ G:\Users\jul\Desktop\SIV64X.exe - Shortcut.lnk
2017-09-14 00:14 - 2017-09-14 00:14 - 000000000 ____D G:\Users\jul\Downloads\siv-[Guru3D.com]
2017-09-14 00:14 - 2014-05-14 18:21 - 000152824 _____ (Ray Hinchliffe) G:\Windows\system32\Drivers\SIVX64.sys
2017-09-14 00:11 - 2017-09-14 00:11 - 005185101 _____ G:\Users\jul\Downloads\siv-[Guru3D.com].zip
2017-09-14 00:08 - 2017-09-14 00:08 - 008518645 _____ G:\Users\jul\Downloads\[Guru3D.com]-hwinfo.zip
2017-09-14 00:08 - 2017-09-14 00:08 - 000027552 _____ (REALiX™) G:\Windows\system32\Drivers\HWiNFO64A.SYS
2017-09-14 00:08 - 2017-09-14 00:08 - 000000000 ___DC G:\Program Files\HWiNFO64
2017-09-14 00:08 - 2017-09-14 00:08 - 000000000 ____D G:\Users\jul\Downloads\[Guru3D.com]-hwinfo
2017-09-14 00:08 - 2017-09-14 00:08 - 000000000 ____D G:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
2017-09-13 18:17 - 2017-09-13 18:17 - 000000000 ____H G:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2017-09-13 18:12 - 2017-09-13 18:12 - 000053530 _____ G:\Users\jul\Downloads\SUPERAntiSpyware Scan Log - 09-13-2017 - 16-08-35.log5.txt
2017-09-13 12:34 - 2017-09-13 12:34 - 009826968 _____ (Piriform Ltd) G:\Users\jul\Downloads\ccsetup534.exe
2017-09-13 06:20 - 2017-09-13 06:35 - 652548397 _____ G:\Users\jul\Downloads\waa.wb72_300mbfilms.com.mkv
2017-09-13 06:16 - 2017-09-13 06:16 - 000000000 ____D G:\Users\jul\Downloads\thlmglm.wb72_300mbfilms.com
2017-09-13 06:15 - 2017-09-13 06:20 - 835933379 _____ G:\Users\jul\Downloads\thbgsck.br_300mbfilms.com.mkv
2017-09-13 05:58 - 2017-09-13 06:19 - 652936192 _____ G:\Users\jul\Downloads\ththrr.br_300mbfilms.com.mkv
2017-09-13 05:58 - 2017-08-19 16:28 - 000197120 _____ (Microsoft Corporation) G:\Windows\system32\shdocvw.dll
2017-09-13 05:58 - 2017-08-19 16:10 - 000180224 _____ (Microsoft Corporation) G:\Windows\SysWOW64\shdocvw.dll
2017-09-13 05:58 - 2017-08-16 16:29 - 000806912 _____ (Microsoft Corporation) G:\Windows\system32\usp10.dll
2017-09-13 05:58 - 2017-08-16 16:10 - 000629760 _____ (Microsoft Corporation) G:\Windows\SysWOW64\usp10.dll
2017-09-13 05:58 - 2017-08-16 15:57 - 003224576 _____ (Microsoft Corporation) G:\Windows\system32\win32k.sys
2017-09-13 05:58 - 2017-08-16 02:10 - 000395976 _____ (Microsoft Corporation) G:\Windows\system32\iedkcs32.dll
2017-09-13 05:58 - 2017-08-16 01:25 - 000347336 _____ (Microsoft Corporation) G:\Windows\SysWOW64\iedkcs32.dll
2017-09-13 05:58 - 2017-08-15 16:29 - 014182400 _____ (Microsoft Corporation) G:\Windows\system32\shell32.dll
2017-09-13 05:58 - 2017-08-15 16:29 - 001867264 _____ (Microsoft Corporation) G:\Windows\system32\ExplorerFrame.dll
2017-09-13 05:58 - 2017-08-15 16:10 - 012880896 _____ (Microsoft Corporation) G:\Windows\SysWOW64\shell32.dll
2017-09-13 05:58 - 2017-08-15 16:10 - 001499648 _____ (Microsoft Corporation) G:\Windows\SysWOW64\ExplorerFrame.dll
2017-09-13 05:58 - 2017-08-15 15:06 - 015260160 _____ (Microsoft Corporation) G:\Windows\system32\ieframe.dll
2017-09-13 05:58 - 2017-08-15 15:01 - 000416256 _____ (Microsoft Corporation) G:\Windows\SysWOW64\dxtmsft.dll
2017-09-13 05:58 - 2017-08-15 15:01 - 000279040 _____ (Microsoft Corporation) G:\Windows\SysWOW64\dxtrans.dll
2017-09-13 05:58 - 2017-08-15 15:01 - 000076288 _____ (Microsoft Corporation) G:\Windows\SysWOW64\mshtmled.dll
2017-09-13 05:58 - 2017-08-15 14:58 - 013673984 _____ (Microsoft Corporation) G:\Windows\SysWOW64\ieframe.dll
2017-09-13 05:58 - 2017-08-14 18:35 - 003203584 _____ (Microsoft Corporation) G:\Windows\system32\mmcndmgr.dll
2017-09-13 05:58 - 2017-08-14 18:35 - 002150912 _____ (Microsoft Corporation) G:\Windows\SysWOW64\mmcndmgr.dll
2017-09-13 05:58 - 2017-08-14 18:35 - 000355328 _____ (Microsoft Corporation) G:\Windows\system32\mmcbase.dll
2017-09-13 05:58 - 2017-08-14 18:35 - 000303104 _____ (Microsoft Corporation) G:\Windows\SysWOW64\mmcbase.dll
2017-09-13 05:58 - 2017-08-14 18:35 - 000172544 _____ (Microsoft Corporation) G:\Windows\SysWOW64\cic.dll
2017-09-13 05:58 - 2017-08-14 18:35 - 000131072 _____ (Microsoft Corporation) G:\Windows\system32\mmcshext.dll
2017-09-13 05:58 - 2017-08-14 18:35 - 000128512 _____ (Microsoft Corporation) G:\Windows\SysWOW64\mmcshext.dll
2017-09-13 05:58 - 2017-08-14 18:34 - 000211968 _____ (Microsoft Corporation) G:\Windows\system32\cic.dll
2017-09-13 05:58 - 2017-08-13 22:37 - 002144256 _____ (Microsoft Corporation) G:\Windows\system32\mmc.exe
2017-09-13 05:58 - 2017-08-13 22:30 - 001401344 _____ (Microsoft Corporation) G:\Windows\SysWOW64\mmc.exe
2017-09-13 05:58 - 2017-08-13 19:58 - 025730560 _____ (Microsoft Corporation) G:\Windows\system32\mshtml.dll
2017-09-13 05:58 - 2017-08-13 18:24 - 002724864 _____ (Microsoft Corporation) G:\Windows\system32\mshtml.tlb
2017-09-13 05:58 - 2017-08-13 18:24 - 000004096 _____ (Microsoft Corporation) G:\Windows\system32\ieetwcollectorres.dll
2017-09-13 05:58 - 2017-08-13 18:06 - 000066560 _____ (Microsoft Corporation) G:\Windows\system32\iesetup.dll
2017-09-13 05:58 - 2017-08-13 18:05 - 000576512 _____ (Microsoft Corporation) G:\Windows\system32\vbscript.dll
2017-09-13 05:58 - 2017-08-13 18:05 - 000417792 _____ (Microsoft Corporation) G:\Windows\system32\html.iec
2017-09-13 05:58 - 2017-08-13 18:05 - 000088064 _____ (Microsoft Corporation) G:\Windows\system32\MshtmlDac.dll
2017-09-13 05:58 - 2017-08-13 18:05 - 000048640 _____ (Microsoft Corporation) G:\Windows\system32\ieetwproxystub.dll
2017-09-13 05:58 - 2017-08-13 18:04 - 002899968 _____ (Microsoft Corporation) G:\Windows\system32\iertutil.dll
2017-09-13 05:58 - 2017-08-13 17:56 - 000054784 _____ (Microsoft Corporation) G:\Windows\system32\jsproxy.dll
2017-09-13 05:58 - 2017-08-13 17:55 - 000034304 _____ (Microsoft Corporation) G:\Windows\system32\iernonce.dll
2017-09-13 05:58 - 2017-08-13 17:54 - 020269056 _____ (Microsoft Corporation) G:\Windows\SysWOW64\mshtml.dll
2017-09-13 05:58 - 2017-08-13 17:52 - 000615936 _____ (Microsoft Corporation) G:\Windows\system32\ieui.dll
2017-09-13 05:58 - 2017-08-13 17:51 - 005981696 _____ (Microsoft Corporation) G:\Windows\system32\jscript9.dll
2017-09-13 05:58 - 2017-08-13 17:51 - 000144384 _____ (Microsoft Corporation) G:\Windows\system32\ieUnatt.exe
2017-09-13 05:58 - 2017-08-13 17:51 - 000116224 _____ (Microsoft Corporation) G:\Windows\system32\ieetwcollector.exe
2017-09-13 05:58 - 2017-08-13 17:50 - 000817664 _____ (Microsoft Corporation) G:\Windows\system32\jscript.dll
2017-09-13 05:58 - 2017-08-13 17:50 - 000814080 _____ (Microsoft Corporation) G:\Windows\system32\jscript9diag.dll
2017-09-13 05:58 - 2017-08-13 17:46 - 002724864 _____ (Microsoft Corporation) G:\Windows\SysWOW64\mshtml.tlb
2017-09-13 05:58 - 2017-08-13 17:41 - 000968704 _____ (Microsoft Corporation) G:\Windows\system32\MsSpellCheckingFacility.exe
2017-09-13 05:58 - 2017-08-13 17:38 - 000489984 _____ (Microsoft Corporation) G:\Windows\system32\dxtmsft.dll
2017-09-13 05:58 - 2017-08-13 17:30 - 000062464 _____ (Microsoft Corporation) G:\Windows\SysWOW64\iesetup.dll
2017-09-13 05:58 - 2017-08-13 17:29 - 000499200 _____ (Microsoft Corporation) G:\Windows\SysWOW64\vbscript.dll
2017-09-13 05:58 - 2017-08-13 17:29 - 000341504 _____ (Microsoft Corporation) G:\Windows\SysWOW64\html.iec
2017-09-13 05:58 - 2017-08-13 17:29 - 000087552 _____ (Microsoft Corporation) G:\Windows\system32\tdc.ocx
2017-09-13 05:58 - 2017-08-13 17:29 - 000077824 _____ (Microsoft Corporation) G:\Windows\system32\JavaScriptCollectionAgent.dll
2017-09-13 05:58 - 2017-08-13 17:29 - 000047616 _____ (Microsoft Corporation) G:\Windows\SysWOW64\ieetwproxystub.dll
2017-09-13 05:58 - 2017-08-13 17:28 - 000064000 _____ (Microsoft Corporation) G:\Windows\SysWOW64\MshtmlDac.dll
2017-09-13 05:58 - 2017-08-13 17:27 - 000107520 _____ (Microsoft Corporation) G:\Windows\system32\inseng.dll
2017-09-13 05:58 - 2017-08-13 17:24 - 002291200 _____ (Microsoft Corporation) G:\Windows\SysWOW64\iertutil.dll
2017-09-13 05:58 - 2017-08-13 17:24 - 000199680 _____ (Microsoft Corporation) G:\Windows\system32\msrating.dll
2017-09-13 05:58 - 2017-08-13 17:23 - 000092160 _____ (Microsoft Corporation) G:\Windows\system32\mshtmled.dll
2017-09-13 05:58 - 2017-08-13 17:22 - 000047104 _____ (Microsoft Corporation) G:\Windows\SysWOW64\jsproxy.dll
2017-09-13 05:58 - 2017-08-13 17:21 - 000030720 _____ (Microsoft Corporation) G:\Windows\SysWOW64\iernonce.dll
2017-09-13 05:58 - 2017-08-13 17:20 - 000315392 _____ (Microsoft Corporation) G:\Windows\system32\dxtrans.dll
2017-09-13 05:58 - 2017-08-13 17:19 - 000476160 _____ (Microsoft Corporation) G:\Windows\SysWOW64\ieui.dll
2017-09-13 05:58 - 2017-08-13 17:18 - 000152064 _____ (Microsoft Corporation) G:\Windows\system32\occache.dll
2017-09-13 05:58 - 2017-08-13 17:17 - 000663552 _____ (Microsoft Corporation) G:\Windows\SysWOW64\jscript.dll
2017-09-13 05:58 - 2017-08-13 17:17 - 000620032 _____ (Microsoft Corporation) G:\Windows\SysWOW64\jscript9diag.dll
2017-09-13 05:58 - 2017-08-13 17:17 - 000115712 _____ (Microsoft Corporation) G:\Windows\SysWOW64\ieUnatt.exe
2017-09-13 05:58 - 2017-08-13 17:07 - 000262144 _____ (Microsoft Corporation) G:\Windows\system32\webcheck.dll
2017-09-13 05:58 - 2017-08-13 17:04 - 000807936 _____ (Microsoft Corporation) G:\Windows\system32\msfeeds.dll
2017-09-13 05:58 - 2017-08-13 17:04 - 000726528 _____ (Microsoft Corporation) G:\Windows\system32\ie4uinit.exe
2017-09-13 05:58 - 2017-08-13 17:02 - 001359360 _____ (Microsoft Corporation) G:\Windows\system32\mshtmlmedia.dll
2017-09-13 05:58 - 2017-08-13 17:01 - 002134528 _____ (Microsoft Corporation) G:\Windows\system32\inetcpl.cpl
2017-09-13 05:58 - 2017-08-13 17:01 - 000073216 _____ (Microsoft Corporation) G:\Windows\SysWOW64\tdc.ocx
2017-09-13 05:58 - 2017-08-13 17:01 - 000060416 _____ (Microsoft Corporation) G:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-09-13 05:58 - 2017-08-13 17:00 - 000091136 _____ (Microsoft Corporation) G:\Windows\SysWOW64\inseng.dll
2017-09-13 05:58 - 2017-08-13 16:57 - 000168960 _____ (Microsoft Corporation) G:\Windows\SysWOW64\msrating.dll
2017-09-13 05:58 - 2017-08-13 16:53 - 000130048 _____ (Microsoft Corporation) G:\Windows\SysWOW64\occache.dll
2017-09-13 05:58 - 2017-08-13 16:48 - 004547072 _____ (Microsoft Corporation) G:\Windows\SysWOW64\jscript9.dll
2017-09-13 05:58 - 2017-08-13 16:46 - 000230400 _____ (Microsoft Corporation) G:\Windows\SysWOW64\webcheck.dll
2017-09-13 05:58 - 2017-08-13 16:44 - 000694784 _____ (Microsoft Corporation) G:\Windows\SysWOW64\msfeeds.dll
2017-09-13 05:58 - 2017-08-13 16:43 - 002058752 _____ (Microsoft Corporation) G:\Windows\SysWOW64\inetcpl.cpl
2017-09-13 05:58 - 2017-08-13 16:43 - 001155072 _____ (Microsoft Corporation) G:\Windows\SysWOW64\mshtmlmedia.dll
2017-09-13 05:58 - 2017-08-13 16:40 - 003241472 _____ (Microsoft Corporation) G:\Windows\system32\wininet.dll
2017-09-13 05:58 - 2017-08-13 16:27 - 001544704 _____ (Microsoft Corporation) G:\Windows\system32\urlmon.dll
2017-09-13 05:58 - 2017-08-13 16:18 - 000800768 _____ (Microsoft Corporation) G:\Windows\system32\ieapfltr.dll
2017-09-13 05:58 - 2017-08-13 16:17 - 002767872 _____ (Microsoft Corporation) G:\Windows\SysWOW64\wininet.dll
2017-09-13 05:58 - 2017-08-13 16:14 - 000710144 _____ (Microsoft Corporation) G:\Windows\SysWOW64\ieapfltr.dll
2017-09-13 05:58 - 2017-08-13 16:13 - 001314816 _____ (Microsoft Corporation) G:\Windows\SysWOW64\urlmon.dll
2017-09-13 05:58 - 2017-08-11 07:42 - 000631176 _____ (Microsoft Corporation) G:\Windows\system32\winresume.efi
2017-09-13 05:58 - 2017-08-11 07:38 - 005547752 _____ (Microsoft Corporation) G:\Windows\system32\ntoskrnl.exe
2017-09-13 05:58 - 2017-08-11 07:38 - 000706792 _____ (Microsoft Corporation) G:\Windows\system32\winload.efi
2017-09-13 05:58 - 2017-08-11 07:36 - 001732864 _____ (Microsoft Corporation) G:\Windows\system32\ntdll.dll
2017-09-13 05:58 - 2017-08-11 07:35 - 002065408 _____ (Microsoft Corporation) G:\Windows\system32\ole32.dll
2017-09-13 05:58 - 2017-08-11 07:35 - 000757248 _____ (Microsoft Corporation) G:\Windows\system32\win32spl.dll
2017-09-13 05:58 - 2017-08-11 07:35 - 000512000 _____ (Microsoft Corporation) G:\Windows\system32\rpcss.dll
2017-09-13 05:58 - 2017-08-11 07:35 - 000503808 _____ (Microsoft Corporation) G:\Windows\system32\srcore.dll
2017-09-13 05:58 - 2017-08-11 07:35 - 000362496 _____ (Microsoft Corporation) G:\Windows\system32\wow64win.dll
2017-09-13 05:58 - 2017-08-11 07:35 - 000346112 _____ (Microsoft Corporation) G:\Windows\system32\ntprint.dll
2017-09-13 05:58 - 2017-08-11 07:35 - 000313856 _____ (Microsoft Corporation) G:\Windows\system32\Wldap32.dll
2017-09-13 05:58 - 2017-08-11 07:35 - 000243712 _____ (Microsoft Corporation) G:\Windows\system32\wow64.dll
2017-09-13 05:58 - 2017-08-11 07:35 - 000215552 _____ (Microsoft Corporation) G:\Windows\system32\winsrv.dll
2017-09-13 05:58 - 2017-08-11 07:35 - 000063488 _____ (Microsoft Corporation) G:\Windows\system32\setbcdlocale.dll
2017-09-13 05:58 - 2017-08-11 07:35 - 000050176 _____ (Microsoft Corporation) G:\Windows\system32\srclient.dll
2017-09-13 05:58 - 2017-08-11 07:35 - 000026112 _____ (Microsoft Corporation) G:\Windows\system32\oleres.dll
2017-09-13 05:58 - 2017-08-11 07:35 - 000026112 _____ (Microsoft Corporation) G:\Windows\system32\nsisvc.dll
2017-09-13 05:58 - 2017-08-11 07:35 - 000025600 _____ (Microsoft Corporation) G:\Windows\system32\winnsi.dll
2017-09-13 05:58 - 2017-08-11 07:35 - 000016384 _____ (Microsoft Corporation) G:\Windows\system32\ntvdm64.dll
2017-09-13 05:58 - 2017-08-11 07:35 - 000013312 _____ (Microsoft Corporation) G:\Windows\system32\wow64cpu.dll
2017-09-13 05:58 - 2017-08-11 07:35 - 000013312 _____ (Microsoft Corporation) G:\Windows\system32\nsi.dll
2017-09-13 05:58 - 2017-08-11 07:34 - 001163264 _____ (Microsoft Corporation) G:\Windows\system32\kernel32.dll
2017-09-13 05:58 - 2017-08-11 07:34 - 000971776 _____ (Microsoft Corporation) G:\Windows\system32\localspl.dll
2017-09-13 05:58 - 2017-08-11 07:34 - 000880640 _____ (Microsoft Corporation) G:\Windows\system32\advapi32.dll
2017-09-13 05:58 - 2017-08-11 07:34 - 000419840 _____ (Microsoft Corporation) G:\Windows\system32\KernelBase.dll
2017-09-13 05:58 - 2017-08-11 07:34 - 000166400 _____ (Microsoft Corporation) G:\Windows\system32\inetpp.dll
2017-09-13 05:58 - 2017-08-11 07:34 - 000059904 _____ (Microsoft Corporation) G:\Windows\system32\appidapi.dll
2017-09-13 05:58 - 2017-08-11 07:34 - 000044032 _____ (Microsoft Corporation) G:\Windows\system32\csrsrv.dll
2017-09-13 05:58 - 2017-08-11 07:34 - 000034816 _____ (Microsoft Corporation) G:\Windows\system32\appidsvc.dll
2017-09-13 05:58 - 2017-08-11 07:34 - 000022528 _____ (Microsoft Corporation) G:\Windows\system32\inetppui.dll
2017-09-13 05:58 - 2017-08-11 07:34 - 000008704 _____ (Microsoft Corporation) G:\Windows\system32\comcat.dll
2017-09-13 05:58 - 2017-08-11 07:34 - 000006656 _____ (Microsoft Corporation) G:\Windows\system32\apisetschema.dll
2017-09-13 05:58 - 2017-08-11 07:34 - 000006144 ____H (Microsoft Corporation) G:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:34 - 000005120 ____H (Microsoft Corporation) G:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:34 - 000004608 ____H (Microsoft Corporation) G:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:34 - 000004608 ____H (Microsoft Corporation) G:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:34 - 000004096 ____H (Microsoft Corporation) G:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:34 - 000004096 ____H (Microsoft Corporation) G:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:34 - 000004096 ____H (Microsoft Corporation) G:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:34 - 000004096 ____H (Microsoft Corporation) G:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:34 - 000003584 ____H (Microsoft Corporation) G:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:34 - 000003584 ____H (Microsoft Corporation) G:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:34 - 000003584 ____H (Microsoft Corporation) G:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:34 - 000003584 ____H (Microsoft Corporation) G:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:34 - 000003584 ____H (Microsoft Corporation) G:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:34 - 000003584 ____H (Microsoft Corporation) G:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:34 - 000003584 ____H (Microsoft Corporation) G:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:34 - 000003072 ____H (Microsoft Corporation) G:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:34 - 000003072 ____H (Microsoft Corporation) G:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:34 - 000003072 ____H (Microsoft Corporation) G:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:34 - 000003072 ____H (Microsoft Corporation) G:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:34 - 000003072 ____H (Microsoft Corporation) G:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:34 - 000003072 ____H (Microsoft Corporation) G:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:34 - 000003072 ____H (Microsoft Corporation) G:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:34 - 000003072 ____H (Microsoft Corporation) G:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:34 - 000003072 ____H (Microsoft Corporation) G:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:34 - 000003072 ____H (Microsoft Corporation) G:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:34 - 000003072 ____H (Microsoft Corporation) G:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:34 - 000003072 ____H (Microsoft Corporation) G:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:34 - 000003072 ____H (Microsoft Corporation) G:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:24 - 004001000 _____ (Microsoft Corporation) G:\Windows\SysWOW64\ntkrnlpa.exe
2017-09-13 05:58 - 2017-08-11 07:24 - 003945704 _____ (Microsoft Corporation) G:\Windows\SysWOW64\ntoskrnl.exe
2017-09-13 05:58 - 2017-08-11 07:21 - 001314112 _____ (Microsoft Corporation) G:\Windows\SysWOW64\ntdll.dll
2017-09-13 05:58 - 2017-08-11 07:20 - 000061952 _____ (Microsoft Corporation) G:\Windows\system32\ntprint.exe
2017-09-13 05:58 - 2017-08-11 07:20 - 000048640 _____ (Microsoft Corporation) G:\Windows\system32\wpnpinst.exe
2017-09-13 05:58 - 2017-08-11 07:19 - 001417728 _____ (Microsoft Corporation) G:\Windows\SysWOW64\ole32.dll
2017-09-13 05:58 - 2017-08-11 07:19 - 001114112 _____ (Microsoft Corporation) G:\Windows\SysWOW64\kernel32.dll
2017-09-13 05:58 - 2017-08-11 07:19 - 000644096 _____ (Microsoft Corporation) G:\Windows\SysWOW64\advapi32.dll
2017-09-13 05:58 - 2017-08-11 07:19 - 000497664 _____ (Microsoft Corporation) G:\Windows\SysWOW64\win32spl.dll
2017-09-13 05:58 - 2017-08-11 07:19 - 000299008 _____ (Microsoft Corporation) G:\Windows\SysWOW64\ntprint.dll
2017-09-13 05:58 - 2017-08-11 07:19 - 000275456 _____ (Microsoft Corporation) G:\Windows\SysWOW64\KernelBase.dll
2017-09-13 05:58 - 2017-08-11 07:19 - 000271360 _____ (Microsoft Corporation) G:\Windows\SysWOW64\Wldap32.dll
2017-09-13 05:58 - 2017-08-11 07:19 - 000050688 _____ (Microsoft Corporation) G:\Windows\SysWOW64\appidapi.dll
2017-09-13 05:58 - 2017-08-11 07:19 - 000043008 _____ (Microsoft Corporation) G:\Windows\SysWOW64\srclient.dll
2017-09-13 05:58 - 2017-08-11 07:19 - 000026112 _____ (Microsoft Corporation) G:\Windows\SysWOW64\oleres.dll
2017-09-13 05:58 - 2017-08-11 07:19 - 000016384 _____ (Microsoft Corporation) G:\Windows\SysWOW64\winnsi.dll
2017-09-13 05:58 - 2017-08-11 07:19 - 000008704 _____ (Microsoft Corporation) G:\Windows\SysWOW64\nsi.dll
2017-09-13 05:58 - 2017-08-11 07:19 - 000006656 _____ (Microsoft Corporation) G:\Windows\SysWOW64\apisetschema.dll
2017-09-13 05:58 - 2017-08-11 07:19 - 000005120 ____H (Microsoft Corporation) G:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:19 - 000005120 _____ (Microsoft Corporation) G:\Windows\SysWOW64\wow32.dll
2017-09-13 05:58 - 2017-08-11 07:19 - 000004608 ____H (Microsoft Corporation) G:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:19 - 000004096 ____H (Microsoft Corporation) G:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:19 - 000004096 ____H (Microsoft Corporation) G:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:19 - 000004096 ____H (Microsoft Corporation) G:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:19 - 000004096 ____H (Microsoft Corporation) G:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:19 - 000004096 ____H (Microsoft Corporation) G:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:19 - 000003584 ____H (Microsoft Corporation) G:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:19 - 000003584 ____H (Microsoft Corporation) G:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:19 - 000003584 ____H (Microsoft Corporation) G:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:19 - 000003584 ____H (Microsoft Corporation) G:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:19 - 000003584 ____H (Microsoft Corporation) G:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:19 - 000003584 ____H (Microsoft Corporation) G:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) G:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) G:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) G:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) G:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) G:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) G:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) G:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) G:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) G:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) G:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:19 - 000003072 ____H (Microsoft Corporation) G:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 07:12 - 000025088 _____ (Microsoft Corporation) G:\Windows\system32\netbtugc.exe
2017-09-13 05:58 - 2017-08-11 07:09 - 000061952 _____ (Microsoft Corporation) G:\Windows\SysWOW64\ntprint.exe
2017-09-13 05:58 - 2017-08-11 07:07 - 000148480 _____ (Microsoft Corporation) G:\Windows\system32\appidpolicyconverter.exe
2017-09-13 05:58 - 2017-08-11 07:07 - 000062464 _____ (Microsoft Corporation) G:\Windows\system32\Drivers\appid.sys
2017-09-13 05:58 - 2017-08-11 07:07 - 000017920 _____ (Microsoft Corporation) G:\Windows\system32\appidcertstorecheck.exe
2017-09-13 05:58 - 2017-08-11 07:03 - 000338432 _____ (Microsoft Corporation) G:\Windows\system32\conhost.exe
2017-09-13 05:58 - 2017-08-11 07:03 - 000026624 _____ (Microsoft Corporation) G:\Windows\SysWOW64\netbtugc.exe
2017-09-13 05:58 - 2017-08-11 07:02 - 000296960 _____ (Microsoft Corporation) G:\Windows\system32\rstrui.exe
2017-09-13 05:58 - 2017-08-11 07:01 - 000007168 _____ (Microsoft Corporation) G:\Windows\SysWOW64\comcat.dll
2017-09-13 05:58 - 2017-08-11 07:00 - 000262656 _____ (Microsoft Corporation) G:\Windows\system32\Drivers\netbt.sys
2017-09-13 05:58 - 2017-08-11 06:59 - 000460800 _____ (Microsoft Corporation) G:\Windows\system32\Drivers\srv.sys
2017-09-13 05:58 - 2017-08-11 06:59 - 000405504 _____ (Microsoft Corporation) G:\Windows\system32\Drivers\srv2.sys
2017-09-13 05:58 - 2017-08-11 06:59 - 000168448 _____ (Microsoft Corporation) G:\Windows\system32\Drivers\srvnet.sys
2017-09-13 05:58 - 2017-08-11 06:58 - 000112640 _____ (Microsoft Corporation) G:\Windows\system32\smss.exe
2017-09-13 05:58 - 2017-08-11 06:58 - 000026112 _____ (Microsoft Corporation) G:\Windows\system32\Drivers\nsiproxy.sys
2017-09-13 05:58 - 2017-08-11 06:56 - 000025600 _____ (Microsoft Corporation) G:\Windows\SysWOW64\setup16.exe
2017-09-13 05:58 - 2017-08-11 06:56 - 000014336 _____ (Microsoft Corporation) G:\Windows\SysWOW64\ntvdm64.dll
2017-09-13 05:58 - 2017-08-11 06:56 - 000007680 _____ (Microsoft Corporation) G:\Windows\SysWOW64\instnm.exe
2017-09-13 05:58 - 2017-08-11 06:56 - 000002048 _____ (Microsoft Corporation) G:\Windows\SysWOW64\user.exe
2017-09-13 05:58 - 2017-08-11 06:55 - 000006144 ____H (Microsoft Corporation) G:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 06:55 - 000004608 ____H (Microsoft Corporation) G:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 06:55 - 000003584 ____H (Microsoft Corporation) G:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-09-13 05:58 - 2017-08-11 06:55 - 000003072 ____H (Microsoft Corporation) G:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-09-13 02:30 - 2017-09-13 02:30 - 000000000 ____D G:\ProgramData\Steam
2017-09-13 02:30 - 2017-09-13 02:30 - 000000000 ____D G:\ProgramData\Socialclub
2017-09-13 02:27 - 2017-09-16 12:02 - 000001073 _____ G:\Users\jul\Desktop\Play Grand Theft Auto V.lnk
2017-09-13 02:27 - 2017-09-13 02:27 - 000000984 _____ G:\Users\jul\Desktop\visit www.nosteam.ro.lnk
2017-09-12 19:00 - 2017-09-12 19:00 - 000000000 ____D G:\Users\jul\Downloads\antmtrr.wb72
2017-09-12 18:59 - 2017-09-12 18:59 - 000000000 ____D G:\Users\jul\Downloads\thhssr.wb72_300mbfilms.com
2017-09-12 16:55 - 2017-09-12 17:00 - 911857597 _____ G:\Users\jul\Downloads\gdfwrssdusl.br_300mbfilms.com.mkv
2017-09-12 16:51 - 2017-09-12 17:14 - 731978762 _____ G:\Users\jul\Downloads\bybdrvr.wb72_300mbfilms.com.mkv
2017-09-12 14:13 - 2017-09-12 14:13 - 000000000 ____D G:\Users\jul\AppData\Local\gegl-0.2
2017-09-12 12:00 - 2017-09-12 12:00 - 000000000 ____D G:\Users\Default\AppData\Local\Google
2017-09-12 12:00 - 2017-09-12 12:00 - 000000000 ____D G:\Users\Default User\AppData\Local\Google
2017-09-10 01:17 - 2017-09-10 01:17 - 000015008 _____ (Highresolution Enterprises [www.highrez.co.uk]) G:\Windows\system32\Drivers\inpoutx64.sys
2017-09-10 01:17 - 2017-09-10 01:17 - 000001093 _____ G:\Users\jul\Desktop\RealBench.exe - Shortcut.lnk
2017-09-10 01:16 - 2017-09-10 01:16 - 000000000 ____D G:\Users\jul\Downloads\RealBench_v2.54
2017-09-10 01:13 - 2017-09-10 01:16 - 326190572 _____ G:\Users\jul\Downloads\RealBench_v2.54.zip
2017-09-10 01:13 - 2017-09-10 01:15 - 332931310 _____ G:\Users\jul\Downloads\RealBench_v2.43.zip
2017-09-10 01:01 - 2017-09-10 01:01 - 011759256 _____ G:\Users\jul\Downloads\Prime95-[Guru3D.com].zip
2017-09-09 10:04 - 2017-09-09 10:04 - 000000222 _____ G:\Users\jul\Desktop\Grand Theft Auto V.url
2017-09-09 08:11 - 2017-09-13 02:20 - 000000068 _____ G:\Users\jul\Documents\GTA5 DVD CODE.txt
2017-09-09 07:38 - 2017-09-09 07:38 - 019607440 _____ (Rockstar Games.) G:\Users\jul\Downloads\GTA_V_Launcher_1_0_877_1.exe
2017-09-09 05:18 - 2017-09-09 05:18 - 066347240 _____ (Malwarebytes ) G:\Users\jul\Downloads\mb3-setup-consumer-3.2.2.2018 (1).exe
2017-09-09 00:05 - 2017-09-09 00:18 - 391322864 _____ G:\Users\jul\Downloads\atmociaa.dd_300mbfilms.com.mkv
2017-09-08 19:37 - 2017-09-08 19:38 - 000001256 _____ G:\Users\jujujuju\Desktop\New Playlis-;kljt - Shortcut.lnk
2017-09-08 18:38 - 2017-09-08 18:38 - 002636664 _____ (Piston Software ) G:\Users\jujujuju\Downloads\mp3splitter_setup.exe
2017-09-08 18:37 - 2017-09-08 18:37 - 000566414 _____ G:\Users\jujujuju\Downloads\mp3split.zip
2017-09-08 18:37 - 2017-09-08 18:37 - 000000000 ____D G:\Users\jujujuju\Downloads\mp3split
2017-09-08 18:36 - 2017-09-08 18:36 - 000854558 _____ (zxt2007.com ) G:\Users\jujujuju\Downloads\mymp3splitter_setup.exe
2017-09-08 18:35 - 2017-09-08 18:35 - 001761337 _____ G:\Users\jujujuju\Downloads\mp3splt_2.6.2_i386.exe
2017-09-08 18:11 - 2017-09-08 18:11 - 000000000 ____D G:\Users\jujujuju\AppData\Roaming\WinRAR
2017-09-08 18:05 - 2017-09-08 19:16 - 000000000 ____D G:\Users\jujujuju\AppData\Roaming\vlc
2017-09-08 12:53 - 2017-09-08 12:53 - 000000000 ___DC G:\AMD
2017-09-08 12:53 - 2017-09-08 12:53 - 000000000 ____D G:\Users\jul\AppData\Roaming\ATI
2017-09-08 12:53 - 2017-09-08 12:53 - 000000000 ____D G:\Users\jul\AppData\Local\ATI
2017-09-08 12:53 - 2017-09-08 12:53 - 000000000 ____D G:\ProgramData\ATI
2017-09-08 12:51 - 2017-09-08 12:52 - 051963944 _____ (AMD Inc.) G:\Users\jul\Downloads\radeon-crimson-relive-17.9.1-minimalsetup-170907_web.exe
2017-09-07 02:13 - 2017-09-07 02:13 - 000001240 _____ G:\Users\jul\Desktop\ConvertXtoDVD 4.lnk
2017-09-07 02:11 - 2017-09-07 02:11 - 000194885 _____ G:\Users\jul\Downloads\hjsplit.zip
2017-09-07 02:11 - 2017-09-07 02:11 - 000000000 ____D G:\Users\jul\Downloads\hjsplit
2017-09-07 02:00 - 2017-09-27 18:00 - 000000506 _____ G:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 23c8ff20-7701-45ca-8157-1e498e968c1a.job
2017-09-07 02:00 - 2017-09-27 02:00 - 000000506 _____ G:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 618e06ab-3f52-4b5c-bdea-aec771945115.job
2017-09-07 02:00 - 2017-09-07 02:00 - 000003586 _____ G:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 618e06ab-3f52-4b5c-bdea-aec771945115
2017-09-07 02:00 - 2017-09-07 02:00 - 000003512 _____ G:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 23c8ff20-7701-45ca-8157-1e498e968c1a
2017-09-07 02:00 - 2017-09-07 02:00 - 000000000 ____D G:\Users\jul\AppData\Roaming\SUPERAntiSpyware.com
2017-09-07 01:59 - 2017-09-07 02:00 - 000000000 ___DC G:\Program Files\SUPERAntiSpyware
2017-09-07 01:59 - 2017-09-07 01:59 - 000001824 _____ G:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-09-07 01:59 - 2017-09-07 01:59 - 000000000 ____D G:\ProgramData\SUPERAntiSpyware.com
2017-09-07 01:59 - 2017-09-07 01:59 - 000000000 ____D G:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-09-07 01:46 - 2017-09-07 01:46 - 000000000 ___DC G:\Program Files\Malwarebytes
2017-09-07 01:33 - 2017-09-07 01:35 - 000646440 ____C G:\TDSSKiller.3.1.0.15_07.09.2017_01.33.27_log.txt
2017-09-07 01:23 - 2017-09-07 01:23 - 000000071 _____ G:\Users\jul\Downloads\';nih.txt
2017-09-06 23:24 - 2017-09-06 23:25 - 253383016 _____ (Emsisoft Ltd. ) G:\Users\jul\Downloads\EmsisoftAntiMalwareSetup_bc.exe
2017-09-06 23:24 - 2017-09-06 23:24 - 006625600 _____ (Zemana Ltd. ) G:\Users\jul\Downloads\Zemana.AntiMalware.Setup.exe
2017-09-06 23:21 - 2017-09-06 23:21 - 002395648 _____ (Farbar) G:\Users\jul\Downloads\FRST64 (1).exe
2017-09-06 23:17 - 2017-09-06 23:17 - 000000000 ____D G:\Users\jul\Documents\SniperEliteV2_Benchmark
2017-09-06 22:57 - 2017-09-07 01:32 - 000622830 ____C G:\TDSSKiller.3.1.0.15_06.09.2017_22.57.50_log.txt
2017-09-06 22:55 - 2017-09-06 22:56 - 001266158 ____C G:\TDSSKiller.3.1.0.15_06.09.2017_22.55.03_log.txt
2017-09-06 22:52 - 2017-09-06 22:54 - 000626888 ____C G:\TDSSKiller.3.1.0.15_06.09.2017_22.52.50_log.txt
2017-09-06 22:50 - 2017-09-06 22:50 - 000085504 _____ G:\Users\jul\Downloads\Inherit.exe
2017-09-06 22:43 - 2017-09-06 22:51 - 000010558 ____C G:\TDSSKiller.3.1.0.15_06.09.2017_22.43.19_log.txt
2017-09-06 22:39 - 2017-09-06 22:39 - 004922400 _____ (AO Kaspersky Lab) G:\Users\jul\Downloads\tdsskiller (1).exe
2017-09-06 22:33 - 2017-09-27 01:03 - 000000000 ____D G:\Users\jul\AppData\Roaming\dvdcss
2017-09-06 21:49 - 2017-09-23 22:20 - 000000000 ____D G:\Users\jul\AppData\Roaming\MPC-HC
2017-09-06 21:48 - 2017-09-06 21:48 - 000000000 ____D G:\Users\jul\Downloads\eBJUCK0iCilD5OeMxLhmhZ6dJW1jSxO
2017-09-06 21:48 - 2017-09-06 21:48 - 000000000 ____D G:\Users\jul\Downloads\BOKyRWiX8XBJrZI4lKXd
2017-09-06 21:46 - 2017-09-27 13:34 - 000001057 _____ G:\Users\jul\AppData\Roaming\vso_ts_preview.xml
2017-09-06 21:45 - 2017-09-06 22:51 - 967535202 _____ G:\Users\jul\Downloads\tlgrmme.hdrp72r6_300mbfilms.com (1).mkv.crdownload
2017-09-06 21:35 - 2017-09-06 21:43 - 940921979 _____ G:\Users\jul\Downloads\prcbhtltl.wb72_300mbfilms.com (1).mkv
2017-09-06 09:43 - 2017-09-06 10:00 - 1074753612 _____ G:\Users\jul\Downloads\5853ef2aa5ee2.mp4
2017-09-06 09:29 - 2017-09-06 09:30 - 209715200 _____ G:\Users\jul\Downloads\LS_bgtsal.rar.001
2017-09-06 09:29 - 2017-09-06 09:29 - 048690600 _____ G:\Users\jul\Downloads\LS_bgtsal.rar.002
2017-09-06 09:25 - 2017-09-06 10:16 - 466323760 _____ G:\Users\jul\Downloads\51361613_hjt0p3qa.wmv
2017-09-06 09:01 - 2017-09-06 10:58 - 1077192035 _____ G:\Users\jul\Downloads\luna_rival_sz1228_lp.mp4
2017-09-06 08:38 - 2017-09-06 08:42 - 158333526 _____ G:\Users\jul\Downloads\p720.mp4
2017-09-06 08:36 - 2017-09-06 08:36 - 121563220 _____ G:\Users\jul\Downloads\123LunaR1v4lG3tt1ngR34dyF0rEx4m$.mp4
2017-09-06 08:23 - 2017-09-06 08:23 - 033765015 _____ G:\Users\jul\Downloads\xvideos.com_de95a0569c8b9a21de988356a8d9462a.mp4
2017-09-06 07:24 - 2017-09-16 07:46 - 000000000 ____D G:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-09-06 07:23 - 2017-09-16 07:46 - 000000000 ____D G:\Users\jul\Desktop\mbar
2017-09-06 07:22 - 2017-09-06 07:23 - 016564750 _____ (Malwarebytes Corp.) G:\Users\jul\Downloads\mbar-1.09.4.1001.exe
2017-09-06 07:13 - 2017-09-27 00:56 - 000003646 _____ G:\Users\jul\Desktop\Rkill.txt
2017-09-06 07:06 - 2017-09-15 12:52 - 000000000 ____D G:\Users\jul\AppData\Local\ZinioReader5
2017-09-06 07:05 - 2017-09-06 07:05 - 000002955 _____ G:\Users\jul\Desktop\Zinio Reader 5.lnk
2017-09-06 07:05 - 2017-09-06 07:05 - 000000000 ___DC G:\Program Files (x86)\Zinio
2017-09-06 07:05 - 2017-09-06 07:05 - 000000000 ____D G:\Users\jul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zinio Reader 5
2017-09-06 07:04 - 2017-09-06 07:04 - 101937152 _____ G:\Users\jul\Downloads\ZinioReader5_1.0.1_win64.msi
2017-09-06 05:12 - 2017-09-06 05:12 - 001687664 _____ G:\Users\jul\Downloads\Seidon_120V_Manual.pdf
2017-09-06 05:07 - 2017-09-06 05:07 - 000322696 _____ G:\Users\jul\Downloads\Seidon_120V_V3_Plus_-_Product_Sheet.pdf
2017-09-06 02:45 - 2017-09-06 03:18 - 000000498 _____ G:\Users\jul\Downloads\RocKstar Support.txt
2017-09-06 02:04 - 2017-09-06 03:16 - 000000000 ____D G:\Users\jul\Downloads\archive
2017-09-06 02:03 - 2017-09-06 02:03 - 014919440 _____ G:\Users\jul\Downloads\archive.zip
2017-09-05 17:17 - 2017-09-05 17:17 - 000000311 _____ G:\Users\jul\Downloads\coiin.txt
2017-09-05 12:20 - 2017-09-05 17:04 - 000000000 ____D G:\Users\Public\Documents\XMUpdate
2017-09-05 12:17 - 2017-09-05 12:19 - 000000000 ___DC G:\AdwCleaner
2017-09-05 12:15 - 2017-09-05 12:15 - 008182736 _____ (Malwarebytes) G:\Users\jul\Downloads\AdwCleaner.exe
2017-09-05 12:11 - 2017-09-05 12:11 - 066347240 _____ (Malwarebytes ) G:\Users\jul\Downloads\mb3-setup-consumer-3.2.2.2018.exe
2017-09-05 11:59 - 2017-09-05 11:59 - 000566128 _____ (Malwarebytes) G:\Users\jul\Downloads\mbam-clean-2.3.0.1001.exe
2017-09-05 11:58 - 2017-09-05 11:58 - 000059833 _____ G:\Users\jul\Downloads\FRST (1).txt
2017-09-05 11:49 - 2017-09-05 11:49 - 000026258 _____ G:\Users\jul\Documents\combo.txt
2017-09-05 11:48 - 2017-09-05 11:48 - 000026258 ____C G:\ComboFix.txt
2017-09-05 11:45 - 2017-09-05 12:47 - 000000000 ____D G:\ProgramData\Windows
2017-09-04 02:38 - 2011-06-26 07:45 - 000256000 _____ G:\Windows\PEV.exe
2017-09-04 02:38 - 2010-11-07 18:20 - 000208896 _____ G:\Windows\MBR.exe
2017-09-04 02:38 - 2009-04-20 05:56 - 000060416 _____ (NirSoft) G:\Windows\NIRCMD.exe
2017-09-04 02:38 - 2000-08-31 01:00 - 000518144 _____ (SteelWerX) G:\Windows\SWREG.exe
2017-09-04 02:38 - 2000-08-31 01:00 - 000406528 _____ (SteelWerX) G:\Windows\SWSC.exe
2017-09-04 02:38 - 2000-08-31 01:00 - 000098816 _____ G:\Windows\sed.exe
2017-09-04 02:38 - 2000-08-31 01:00 - 000080412 _____ G:\Windows\grep.exe
2017-09-04 02:38 - 2000-08-31 01:00 - 000068096 _____ G:\Windows\zip.exe
2017-09-04 02:34 - 2017-09-05 11:48 - 000000000 ___DC G:\Qoobox
2017-09-04 02:34 - 2017-09-05 11:47 - 000000000 ____D G:\Windows\erdnt
2017-09-04 02:31 - 2017-09-25 21:46 - 000055769 _____ G:\Users\jul\Downloads\Addition.txt
2017-09-04 02:30 - 2017-09-28 14:18 - 000000000 ___DC G:\FRST
2017-09-04 02:30 - 2017-09-25 21:46 - 000129258 _____ G:\Users\jul\Downloads\FRST.txt
2017-09-04 02:29 - 2017-09-04 02:29 - 002395648 _____ (Farbar) G:\Users\jul\Downloads\FRST64.exe
2017-09-04 02:25 - 2017-09-04 02:26 - 000010516 ____C G:\TDSSKiller.3.1.0.15_04.09.2017_02.25.58_log.txt
2017-09-04 02:24 - 2017-09-16 07:41 - 000000000 ___DC G:\TDSSKiller_Quarantine
2017-09-04 02:22 - 2017-09-04 02:24 - 000570300 ____C G:\TDSSKiller.3.1.0.15_04.09.2017_02.22.59_log.txt
2017-09-04 02:19 - 2017-09-04 02:19 - 004922400 _____ (AO Kaspersky Lab) G:\Users\jujujuju\Downloads\tdsskiller.exe
2017-09-04 02:14 - 2017-09-04 02:15 - 000010558 ____C G:\TDSSKiller.3.1.0.15_04.09.2017_02.14.47_log.txt
2017-09-04 02:11 - 2017-09-04 02:11 - 004922400 _____ (AO Kaspersky Lab) G:\Users\jul\Downloads\tdsskiller.exe
2017-09-04 02:11 - 2017-09-04 02:11 - 001792640 _____ (Bleeping Computer, LLC) G:\Users\jul\Downloads\rkill.exe
2017-09-04 01:01 - 2017-09-04 01:01 - 000684548 _____ G:\Users\jul\Downloads\socialclub.dll
2017-09-04 00:04 - 2017-09-05 11:50 - 000000000 ____D G:\Users\jujujuju\AppData\Roaming\Apple Computer
2017-09-03 21:53 - 2017-09-03 21:53 - 000000167 _____ G:\Users\jul\Documents\coiin.txt
2017-09-03 21:20 - 2017-09-03 21:20 - 000000842 _____ G:\Users\jul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2017-09-03 21:20 - 2017-09-03 21:20 - 000000794 _____ G:\Users\jul\Desktop\Start Tor Browser.lnk
2017-09-03 21:20 - 2017-09-03 21:20 - 000000000 ____D G:\Users\jul\Desktop\Tor Browser
2017-09-03 21:19 - 2017-09-03 21:20 - 054331872 _____ G:\Users\jul\Downloads\torbrowser-install-7.0.4_en-US.exe
2017-09-03 20:08 - 2017-09-03 20:08 - 014189720 _____ G:\Users\jul\Downloads\ƀread 0.6.9 (1).ipa
2017-09-03 19:59 - 2017-09-05 12:01 - 000000000 ___RD G:\Users\jul\Google Drive
2017-09-03 19:58 - 2017-09-12 12:00 - 000002018 _____ G:\Users\Public\Desktop\Google Slides.lnk
2017-09-03 19:58 - 2017-09-12 12:00 - 000002016 _____ G:\Users\Public\Desktop\Google Sheets.lnk
2017-09-03 19:58 - 2017-09-12 12:00 - 000002006 _____ G:\Users\Public\Desktop\Google Docs.lnk
2017-09-03 19:58 - 2017-09-12 12:00 - 000000000 ____D G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2017-09-03 19:57 - 2017-09-03 19:57 - 001130328 _____ (Google Inc.) G:\Users\jul\Downloads\installbackupandsync.exe
2017-09-03 19:55 - 2017-09-03 19:55 - 014189720 _____ G:\Users\jul\Downloads\ƀread 0.6.9.ipa
2017-09-03 19:42 - 2017-09-19 15:49 - 000000000 ____D G:\Users\jul\AppData\Roaming\Apple Computer
2017-09-03 19:42 - 2017-09-03 19:42 - 000002519 _____ G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-09-03 19:42 - 2017-09-03 19:42 - 000001769 _____ G:\Users\Public\Desktop\iTunes.lnk
2017-09-03 19:42 - 2017-09-03 19:42 - 000000000 ___DC G:\Program Files\iTunes
2017-09-03 19:42 - 2017-09-03 19:42 - 000000000 ___DC G:\Program Files\iPod
2017-09-03 19:42 - 2017-09-03 19:42 - 000000000 ___DC G:\Program Files\Bonjour
2017-09-03 19:42 - 2017-09-03 19:42 - 000000000 ___DC G:\Program Files (x86)\Bonjour
2017-09-03 19:42 - 2017-09-03 19:42 - 000000000 ___DC G:\Program Files (x86)\Apple Software Update
2017-09-03 19:42 - 2017-09-03 19:42 - 000000000 ____D G:\Users\jul\AppData\Local\Apple Computer
2017-09-03 19:42 - 2017-09-03 19:42 - 000000000 ____D G:\Users\jul\AppData\Local\Apple
2017-09-03 19:42 - 2017-09-03 19:42 - 000000000 ____D G:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-09-03 19:42 - 2017-09-03 19:42 - 000000000 ____D G:\ProgramData\Apple Computer
2017-09-03 19:41 - 2017-09-03 19:42 - 000000000 ___DC G:\Program Files\Common Files\Apple
2017-09-03 19:41 - 2017-09-03 19:42 - 000000000 ____D G:\ProgramData\Apple
2017-09-03 19:39 - 2017-09-03 19:40 - 261024072 _____ (Apple Inc.) G:\Users\jul\Downloads\iTunes64Setup.exe
2017-09-03 18:00 - 2017-09-03 18:00 - 000000000 ____D G:\Users\jul\Downloads\ltltelv.wbrp72_300mbfilms.com
2017-09-03 17:57 - 2017-09-27 13:34 - 000000000 ____D G:\Users\jul\AppData\Roaming\Vso
2017-09-03 17:49 - 2017-09-27 13:34 - 000000000 ____D G:\Users\jul\AppData\Roaming\vlc
2017-09-03 16:12 - 2017-09-03 16:21 - 600938563 _____ G:\Users\jul\Downloads\thvltt.wb72_300mbfilms.com.mkv
2017-09-03 16:11 - 2017-09-03 16:30 - 599839245 _____ G:\Users\jul\Downloads\dsmspmethr.hdrp72_300mbfilms.com.mkv
2017-09-03 15:09 - 2017-09-03 15:09 - 000000000 ____D G:\Users\jul\Downloads\mbam-chameleon-3.1.33.0
2017-09-03 15:09 - 2017-09-03 15:09 - 000000000 ____D G:\Users\jul\AppData\Roaming\WinRAR
2017-09-03 15:08 - 2017-09-03 15:08 - 006705178 _____ G:\Users\jul\Downloads\mbam-chameleon-3.1.33.0.zip
2017-09-03 14:35 - 2017-09-03 14:38 - 000002061 _____ G:\Users\jul\Desktop\Recovery.lnk
2017-09-03 14:18 - 2017-09-16 07:39 - 000000000 ____D G:\Users\jul\AppData\Local\ElevatedDiagnostics
2017-09-03 14:18 - 2017-09-03 14:18 - 000000000 ____D G:\Users\jul\Downloads\virus blocking malwarebytes, don't know what to do - Am I infected_ What do I do__files
2017-09-03 14:17 - 2017-09-03 14:18 - 000187712 _____ G:\Users\jul\Downloads\virus blocking malwarebytes, don't know what to do - Am I infected_ What do I do_.html
2017-09-03 14:16 - 2017-09-03 14:16 - 030472392 _____ (SUPERAntiSpyware) G:\Users\jul\Downloads\SUPERAntiSpyware.exe
2017-09-03 14:16 - 2017-09-03 14:16 - 000050688 _____ (Atribune.org) G:\Users\jul\Downloads\ATF-Cleaner.exe
2017-09-03 14:12 - 2017-09-03 14:12 - 002611632 _____ G:\Users\jul\Downloads\Adaware_Installer.exe
2017-09-03 11:51 - 2017-09-03 11:51 - 046661328 _____ (Microsoft Corporation) G:\Users\jul\Downloads\Windows-KB890830-x64-V5.51.exe
2017-09-03 11:42 - 2017-09-14 00:43 - 000005481 ____R G:\Windows\system32\Drivers\etc\hosts.20170915-124706.backup
2017-09-03 00:43 - 2017-09-03 21:16 - 000000000 ____D G:\Users\jul\AppData\Local\FSDART
2017-09-03 00:43 - 2017-09-03 00:43 - 000000000 ____D G:\Users\jul\AppData\Local\F-Secure
2017-09-03 00:42 - 2017-09-03 00:44 - 000000000 ____D G:\ProgramData\F-Secure
2017-09-03 00:42 - 2017-09-03 00:42 - 000524248 _____ (F-Secure Corporation) G:\Users\jujujuju\Downloads\F-SecureOnlineScanner.exe
2017-09-03 00:42 - 2017-09-03 00:42 - 000000000 ____D G:\Users\jujujuju\AppData\Local\F-Secure
2017-09-03 00:42 - 2017-09-03 00:42 - 000000000 ____D G:\Users\jujujuju\AppData\Local\FSDART
2017-09-03 00:39 - 2017-09-03 00:39 - 000000036 _____ G:\Users\jujujuju\AppData\Local\housecall.guid.cache
2017-09-03 00:39 - 2017-09-02 19:03 - 006754944 _____ (ESET spol. s r.o.) G:\Users\jujujuju\Downloads\esetonlinescanner_enu.exe
2017-09-03 00:38 - 2017-09-02 19:00 - 002526736 _____ (Trend Micro Inc.) G:\Users\jujujuju\Downloads\HousecallLauncher64.exe
2017-09-03 00:38 - 2017-09-02 18:48 - 065942208 _____ (Malwarebytes ) G:\Users\jujujuju\Downloads\mb3-setup-35891.35891-3.2.2.2018.exe
2017-09-03 00:36 - 2017-09-03 00:36 - 000000000 ____D G:\Users\jujujuju\AppData\Roaming\JAM Software
2017-09-03 00:13 - 2017-09-03 00:13 - 000000000 ____D G:\Users\jul\AppData\Local\VirtualStore
2017-09-02 19:03 - 2017-09-07 15:04 - 000000000 ____D G:\Users\jul\AppData\Local\ESET
2017-09-02 19:02 - 2017-09-02 19:03 - 006754944 _____ (ESET spol. s r.o.) G:\Users\jul\Downloads\esetonlinescanner_enu.exe
2017-09-02 19:00 - 2017-09-02 19:00 - 002526736 _____ (Trend Micro Inc.) G:\Users\jul\Downloads\HousecallLauncher64.exe
2017-09-02 19:00 - 2017-09-02 19:00 - 000000036 _____ G:\Users\jul\AppData\Local\housecall.guid.cache
2017-09-02 18:50 - 2017-09-02 18:50 - 000000000 ____D G:\Users\jul\Documents\Rockstar Games
2017-09-02 18:50 - 2017-09-02 18:50 - 000000000 ____D G:\Users\jul\AppData\Local\Rockstar Games
2017-09-02 18:47 - 2017-09-02 18:48 - 065942208 _____ (Malwarebytes ) G:\Users\jul\Downloads\mb3-setup-35891.35891-3.2.2.2018.exe
2017-09-02 18:37 - 2017-09-09 10:04 - 000000000 ____D G:\Users\jul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-09-02 18:37 - 2017-09-02 18:37 - 000000221 _____ G:\Users\jul\Desktop\Sniper Elite V2.url
2017-09-02 18:36 - 2017-09-02 19:13 - 000000000 ____D G:\Users\jul\AppData\Local\SniperV2
2017-09-02 18:31 - 2017-09-09 13:58 - 000000000 ____D G:\Users\jul\AppData\Local\Steam
2017-09-02 18:31 - 2017-09-02 18:31 - 000000000 ____D G:\Users\jul\AppData\Local\CEF
2017-09-02 18:28 - 2017-09-27 20:08 - 000000000 ___DC G:\Program Files (x86)\Steam
2017-09-02 18:24 - 2017-09-02 18:24 - 000000000 ____D G:\Users\jul\AppData\Roaming\Google
2017-09-02 18:14 - 2017-09-28 14:04 - 000000000 ____D G:\Users\jul\AppData\Local\CrashDumps
2017-09-02 18:13 - 2017-09-03 19:58 - 000000000 ____D G:\Users\jul\AppData\Local\Google
2017-09-02 18:13 - 2017-09-02 18:13 - 000058016 _____ G:\Users\jul\AppData\Local\GDIPFONTCACHEV1.DAT
2017-09-02 18:13 - 2017-09-02 18:13 - 000001433 _____ G:\Users\jul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-09-02 18:13 - 2017-09-02 18:13 - 000000000 ____D G:\Users\jul\AppData\Roaming\Adobe
2017-09-02 18:12 - 2017-09-27 17:32 - 000000000 ____D G:\Users\jul
2017-09-02 18:12 - 2017-09-22 21:04 - 000000000 ____D G:\Users\jul\AppData\Local\AMD
2017-09-02 18:12 - 2017-09-05 12:01 - 000000258 __RSH G:\Users\jul\ntuser.pol
2017-09-02 18:12 - 2017-09-02 18:12 - 000000020 ___SH G:\Users\jul\ntuser.ini
2017-09-02 18:12 - 2011-04-12 09:28 - 000000000 ____D G:\Users\jul\AppData\Roaming\Media Center Programs
2017-09-02 17:58 - 2017-09-08 18:04 - 000000000 ____D G:\Users\jujujuju\AppData\Local\CrashDumps
2017-09-02 17:48 - 2017-09-02 18:24 - 000000000 ____D G:\ProgramData\Cache
2017-09-02 17:33 - 2017-09-02 17:33 - 000000000 ____D G:\Users\jujujuju\AppData\Roaming\Adobe
2017-09-02 17:33 - 2017-09-02 17:33 - 000000000 ____D G:\Users\jujujuju\AppData\Local\Ashampoo
2017-09-02 17:24 - 2017-09-02 17:24 - 000058016 _____ G:\Users\jujujuju\AppData\Local\GDIPFONTCACHEV1.DAT
2017-09-02 17:24 - 2017-09-02 17:24 - 000001022 _____ G:\Users\jujujuju\Desktop\Autoruns64 - Shortcut.lnk
2017-09-02 17:24 - 2017-09-02 17:24 - 000000782 _____ G:\Users\jujujuju\Desktop\Autoruns (1) - Shortcut.lnk
2017-09-02 01:31 - 2017-09-02 01:31 - 009412328 _____ (Advanced Micro Devices, Inc. ) G:\Windows\SysWOW64\SETC213.tmp
2017-09-02 01:31 - 2017-09-02 01:31 - 000356744 _____ G:\Windows\SysWOW64\SETCCC9.tmp
2017-09-02 01:31 - 2017-09-02 01:31 - 000020360 _____ (Microsoft Corporation) G:\Windows\SysWOW64\SETCAEC.tmp
2017-09-02 01:30 - 2017-09-19 01:35 - 000236424 _____ (Advanced Micro Devices, Inc. ) G:\Windows\system32\atig6txx.dll
2017-09-02 01:30 - 2017-09-19 01:35 - 000155528 _____ (Advanced Micro Devices, Inc. ) G:\Windows\system32\atig6pxx.dll
2017-09-02 01:30 - 2017-09-02 01:30 - 011650040 _____ (Advanced Micro Devices, Inc. ) G:\Windows\SysWOW64\SETC2C1.tmp
2017-09-02 01:30 - 2017-09-02 01:30 - 000236424 _____ (Advanced Micro Devices, Inc. ) G:\Windows\system32\SETCE5F.tmp
2017-09-02 01:30 - 2017-09-02 01:30 - 000155528 _____ (Advanced Micro Devices, Inc. ) G:\Windows\system32\SETD3B8.tmp
2017-09-02 01:29 - 2017-09-19 01:34 - 000915848 _____ (AMD) G:\Windows\system32\coinst_17.30.dll
2017-09-02 01:29 - 2017-09-02 01:29 - 000915848 _____ (AMD) G:\Windows\system32\SETD943.tmp
2017-09-02 01:28 - 2017-09-02 01:28 - 035210120 _____ (Advanced Micro Devices, Inc.) G:\Windows\system32\SETBC6F.tmp
2017-09-01 19:50 - 2017-09-01 19:50 - 000003594 _____ G:\Windows\System32\Tasks\{EC1DE8B2-4986-4576-8DA8-6FEC34A695D7}
2017-09-01 19:48 - 2017-09-01 19:48 - 000000000 ____D G:\ProgramData\DataCache
2017-09-01 19:43 - 2017-09-06 04:21 - 000000000 ____D G:\Windows\pss
2017-09-01 19:36 - 2017-09-01 19:36 - 000471336 _____ G:\Windows\SysWOW64\wtmhdinus.dll
2017-09-01 19:16 - 2017-09-03 00:35 - 000000258 __RSH G:\Users\jujujuju\ntuser.pol
2017-09-01 19:13 - 2017-09-01 19:14 - 005547752 _____ (Microsoft Corporation) G:\Windows\system32\ntkrnlmp.exe
2017-09-01 19:13 - 2017-09-01 19:14 - 000633296 _____ (Microsoft Corporation) G:\Windows\system32\osloader.exe
2017-09-01 19:13 - 2017-09-01 19:13 - 000003326 _____ G:\Windows\System32\Tasks\AGProxyCheck
2017-09-01 19:12 - 2017-09-01 19:24 - 000003474 _____ G:\Windows\System32\Tasks\a63d825df76033fd168184803be07981
2017-09-01 19:12 - 2017-09-01 19:24 - 000003160 _____ G:\Windows\System32\Tasks\e39ad111a1d5c95c3dbc979c8774eec0
2017-09-01 19:03 - 2017-09-01 19:03 - 001466344 _____ G:\Users\jujujuju\Desktop\msinfo32 3.txt
2017-09-01 19:02 - 2017-09-01 19:02 - 002354630 _____ G:\Users\jujujuju\Desktop\msinfo32 1.nfo
2017-09-01 19:00 - 2017-09-01 19:00 - 000039680 _____ G:\Users\jujujuju\Desktop\DxDiag 64.txt
2017-09-01 19:00 - 2017-09-01 19:00 - 000023954 _____ G:\Users\jujujuju\Desktop\DxDiag 32.txt
2017-09-01 12:47 - 2017-09-01 12:54 - 000002685 _____ G:\Users\jujujuju\Desktop\win10 key2.txt
2017-09-01 12:13 - 2017-09-01 12:13 - 000000000 ____D G:\Users\jujujuju\Documents\Rockstar Games
2017-09-01 12:13 - 2017-09-01 12:13 - 000000000 ____D G:\Users\jujujuju\AppData\Local\Rockstar Games
2017-09-01 12:12 - 2017-09-13 00:32 - 000000000 ___DC G:\Program Files\Rockstar Games
2017-09-01 12:12 - 2017-09-13 00:32 - 000000000 ___DC G:\Program Files (x86)\Rockstar Games
2017-09-01 12:12 - 2017-09-01 12:12 - 000001043 _____ G:\Users\Public\Desktop\Grand Theft Auto V.lnk
2017-09-01 12:12 - 2017-09-01 12:12 - 000000000 ____D G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2017-09-01 11:31 - 2017-09-01 11:31 - 000000000 ____D G:\Users\jujujuju\Downloads\VA_-_Goa_Gil_Music_Baba_(www.PsyNation.com)
2017-09-01 11:31 - 2017-09-01 11:31 - 000000000 ____D G:\Users\jujujuju\Downloads\Pulse 1 - This Is Psychedelic Trance - 1996
2017-09-01 11:02 - 2017-09-01 11:02 - 000000000 ____D G:\Users\jujujuju\Downloads\itcmatnght.br_300mbfilms.com
2017-09-01 10:38 - 2017-09-01 10:38 - 373349470 _____ G:\Users\jujujuju\Downloads\Pulse 1 - This Is Psychedelic Trance - 1996.rar
2017-09-01 10:33 - 2017-09-01 10:33 - 000001430 _____ G:\Users\jujujuju\Downloads\Full_download_VA_-_Goa_Planet_Finest_Goa_Trance_From_Around_The_Globe_Vol_1_(2017).xht
2017-09-01 10:11 - 2017-09-01 10:11 - 178629327 _____ G:\Users\jujujuju\Downloads\VA_-_Goa_Gil_Music_Baba_(www.PsyNation.com).rar
2017-09-01 09:47 - 2017-09-01 09:49 - 618715089 _____ G:\Users\jujujuju\Downloads\itcmatnght.br_300mbfilms.com.rar
2017-09-01 09:36 - 2017-09-01 09:36 - 000001329 _____ G:\Users\jujujuju\Desktop\hjsplit - Shortcut.lnk
2017-09-01 09:36 - 2017-09-01 09:36 - 000000000 ____D G:\Users\jujujuju\Downloads\hjsplit
2017-09-01 09:35 - 2017-09-01 09:35 - 000194885 _____ G:\Users\jujujuju\Downloads\hjsplit.zip
2017-09-01 09:34 - 2017-09-01 09:36 - 286982558 _____ G:\Users\jujujuju\Downloads\Operation_Dunkirk_(2017)_HDRip_HD_(Mp4Moviez.name).avi
2017-09-01 09:33 - 2017-09-01 09:34 - 082739846 _____ G:\Users\jujujuju\Downloads\Operation_Dunkirk_(2017)_HDRip_Part_2_(Mp4Moviez.name).mp4
2017-09-01 09:33 - 2017-09-01 09:33 - 086538400 _____ G:\Users\jujujuju\Downloads\Operation_Dunkirk_(2017)_HDRip_Part_1_(Mp4Moviez.name).mp4
2017-09-01 06:58 - 2017-09-01 06:58 - 000000000 ____D G:\Users\jujujuju\AppData\Local\Sniper Elite Nazi Zombie Army 2
2017-09-01 04:57 - 2017-09-01 04:57 - 000001350 _____ G:\Users\Public\Desktop\EaseUS Partition Master 12.0.lnk
2017-09-01 04:57 - 2017-09-01 04:57 - 000000000 ____D G:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 12.0
2017-09-01 04:57 - 2017-04-26 15:37 - 003885248 _____ G:\Windows\system32\BootMan.exe
2017-09-01 04:57 - 2017-04-26 15:37 - 002953920 _____ G:\Windows\SysWOW64\BootMan.exe
2017-09-01 04:57 - 2016-07-11 10:01 - 000101984 _____ G:\Windows\system32\setupempdrvx64.exe
2017-09-01 04:57 - 2016-07-11 10:01 - 000088160 _____ G:\Windows\SysWOW64\setupempdrv03.exe
2017-09-01 04:57 - 2016-07-11 10:01 - 000010848 _____ G:\Windows\system32\EuGdiDrv.sys
2017-09-01 04:57 - 2016-07-11 10:01 - 000010208 _____ G:\Windows\SysWOW64\EuGdiDrv.sys
2017-09-01 04:57 - 2016-07-08 15:28 - 000248832 _____ G:\Windows\SysWOW64\epmntdrv.pdb
2017-09-01 04:57 - 2016-01-14 10:05 - 000024056 _____ G:\Windows\system32\epmntdrv.sys
2017-09-01 04:57 - 2016-01-14 10:05 - 000021496 _____ G:\Windows\SysWOW64\epmntdrv.sys
2017-09-01 04:57 - 2014-11-18 14:46 - 000021088 _____ G:\Windows\SysWOW64\EuEpmGdi.dll
2017-09-01 04:57 - 2014-11-18 14:46 - 000017504 _____ G:\Windows\system32\EuEpmGdi.dll
2017-09-01 04:38 - 2017-09-01 04:57 - 000000000 ___DC G:\Program Files (x86)\EaseUS
2017-09-01 04:13 - 2017-09-01 04:13 - 000001074 _____ G:\Users\Public\Desktop\CPUID ROG CPU-Z.lnk
2017-09-01 04:13 - 2017-09-01 04:13 - 000000000 ___DC G:\Program Files\CPUID
2017-09-01 04:13 - 2017-09-01 04:13 - 000000000 ____D G:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2017-09-01 02:06 - 2017-09-01 04:05 - 000000000 ___DC G:\ESD
2017-09-01 02:05 - 2017-09-01 02:05 - 000000000 ___DC G:\$Windows.~WS
2017-09-01 01:19 - 2017-09-01 01:19 - 018357776 _____ (Microsoft Corporation) G:\Users\jujujuju\Downloads\MediaCreationTool.exe
2017-08-31 22:20 - 2017-08-31 22:48 - 600714120 _____ G:\Users\jujujuju\Downloads\itcmstngg.wb72_300mbfilms.com.mkv
2017-08-31 20:29 - 2017-08-31 20:29 - 000037159 _____ G:\Windows\uninstaller.dat
2017-08-31 18:18 - 2002-08-13 06:55 - 000036864 ____R G:\Windows\SysWOW64\deluidrv.exe
2017-08-31 18:18 - 2002-08-13 06:55 - 000036864 ____R (General) G:\Windows\SysWOW64\usbmonit.exe
2017-08-31 18:18 - 2002-08-13 06:55 - 000032768 ____R G:\Windows\SysWOW64\delentry.exe
2017-08-31 18:17 - 2017-08-31 18:17 - 000003268 _____ G:\Windows\System32\Tasks\{58CF6823-0849-40FB-90E0-C0D649B56420}
2017-08-31 18:16 - 2017-08-31 18:16 - 000000000 ___DC G:\Program Files (x86)\Nero
2017-08-31 08:30 - 2017-08-31 08:30 - 000964180 _____ G:\Windows\system32\amdicdxx.dat
2017-08-29 16:56 - 2017-08-29 16:56 - 000001720 _____ G:\Users\Public\Desktop\MPC-HC x64.lnk
2017-08-29 16:56 - 2017-08-29 16:56 - 000000000 ___DC G:\Program Files\MPC-HC
2017-08-29 16:56 - 2017-08-29 16:56 - 000000000 ____D G:\Users\jujujuju\Downloads\MPC-HC_standalone_filters.1.7.13.x64
2017-08-29 16:56 - 2017-08-29 16:56 - 000000000 ____D G:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2017-08-29 16:55 - 2017-08-29 16:56 - 003888208 _____ G:\Users\jujujuju\Downloads\MPC-HC_standalone_filters.1.7.13.x64.zip
2017-08-29 16:55 - 2017-08-29 16:55 - 014185472 _____ (MPC-HC Team ) G:\Users\jujujuju\Downloads\MPC-HC.1.7.13.x64.exe
2017-08-29 02:44 - 2017-08-29 02:44 - 000001248 _____ G:\Users\jujujuju\Desktop\ConvertXtoDVD 4.lnk
2017-08-29 02:44 - 2010-02-09 16:37 - 001184984 _____ (Microsoft Corporation) G:\Windows\SysWOW64\wvc1dmod.dll
2017-08-29 02:44 - 2010-02-09 16:37 - 000626688 _____ (On2.com) G:\Windows\SysWOW64\vp7vfw.dll
2017-08-29 02:44 - 2010-02-09 16:37 - 000273408 _____ (RealNetworks, Inc.) G:\Windows\SysWOW64\Pncrt.dll
2017-08-29 02:44 - 2010-02-09 16:37 - 000217127 _____ (RealNetworks, Inc.) G:\Windows\SysWOW64\drv43260.dll
2017-08-29 02:44 - 2010-02-09 16:37 - 000208935 _____ (RealNetworks, Inc.) G:\Windows\SysWOW64\drv33260.dll
2017-08-29 02:44 - 2010-02-09 16:37 - 000176165 _____ (RealNetworks, Inc.) G:\Windows\SysWOW64\drv23260.dll
2017-08-29 02:44 - 2010-02-09 16:37 - 000102439 _____ (RealNetworks, Inc.) G:\Windows\SysWOW64\sipr3260.dll
2017-08-29 02:44 - 2010-02-09 16:37 - 000065602 _____ (RealNetworks, Inc.) G:\Windows\SysWOW64\cook3260.dll
2017-08-29 02:43 - 2017-08-29 02:43 - 018139128 _____ G:\Users\jujujuju\Downloads\ConverX_to_DVD 4.rar
2017-08-29 02:43 - 2017-08-29 02:43 - 000000000 ____D G:\Users\jujujuju\Downloads\ConverX_to_DVD 4
2017-08-29 02:37 - 2017-08-29 02:38 - 000000000 ____D G:\Users\jujujuju\Downloads\VSO.ConvertXtoDVD.7.0.0.40
2017-08-29 02:36 - 2017-08-29 02:36 - 000000233 _____ G:\Users\jujujuju\Downloads\PARAGON SOFT KEYS.txt
2017-08-29 02:24 - 2017-08-29 02:24 - 000702003 _____ G:\Users\jujujuju\Downloads\VSO ConvertXtoDVD 7.0.0.40 Patch.rar
2017-08-29 02:24 - 2017-08-29 02:24 - 000000000 ____D G:\Users\jujujuju\Downloads\VSO ConvertXtoDVD 7.0.0.40 Patch
2017-08-29 02:17 - 2017-08-29 02:17 - 000053532 _____ G:\Users\jujujuju\Downloads\Malwarebytes Premium Anti-Malware 3.2.2 Activation Keys plus Crack is here _ Activation Keys.html
2017-08-29 02:06 - 2017-08-29 02:27 - 038663088 _____ G:\Users\jujujuju\Downloads\VSO.ConvertXtoDVD.7.0.0.40.rar
2017-08-29 01:54 - 2017-08-30 02:13 - 000000000 ____D G:\ProgramData\VSO
2017-08-29 01:54 - 2017-08-29 02:44 - 000082816 _____ (VSO Software) G:\Windows\system32\Drivers\pcouffin.sys
2017-08-29 01:54 - 2017-08-29 02:44 - 000082816 _____ (VSO Software) G:\Users\jujujuju\AppData\Roaming\pcouffin.sys
2017-08-29 01:54 - 2017-08-29 02:44 - 000007859 _____ G:\Users\jujujuju\AppData\Roaming\pcouffin.cat
2017-08-29 01:54 - 2017-08-29 02:44 - 000000000 ____D G:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
2017-08-29 01:54 - 2017-08-29 01:54 - 000001248 _____ G:\Users\jujujuju\Desktop\ConvertXToDVD 7.lnk
2017-08-29 01:54 - 2017-08-29 01:54 - 000000000 ___DC G:\Program Files (x86)\VSO
2017-08-29 01:51 - 2017-08-29 01:51 - 036813536 _____ (VSO Software ) G:\Users\jujujuju\Downloads\vsoConvertXtoDVD7_setup.exe
2017-08-29 01:50 - 2017-08-29 02:36 - 000181707 _____ G:\Users\jujujuju\Downloads\ConvertXtoDVD 7.0.0.40 License Key Serial key full version.html
2017-08-29 01:50 - 2017-08-29 01:50 - 000000000 ____D G:\Users\jujujuju\Downloads\ConvertXtoDVD 7.0.0.40 License Key Serial key full version_files
2017-08-29 01:33 - 2017-08-29 01:33 - 000000000 ____D G:\Users\jujujuju\Downloads\ththtmbdyfgrd.wb72_300mbfilms.com
2017-08-29 01:33 - 2017-08-29 01:33 - 000000000 ____D G:\Users\jujujuju\Downloads\mncrooa.wbrp72_300mbfilms.com
2017-08-29 01:20 - 2017-08-29 01:23 - 600420127 _____ G:\Users\jujujuju\Downloads\bnadd.br_300mbfilms.com.mkv
2017-08-29 01:17 - 2017-08-29 01:17 - 000000202 _____ G:\Users\jujujuju\Documents\PARAGON SOFT KEYS.txt
2017-08-29 01:14 - 2017-08-29 01:14 - 000677809 _____ G:\Users\jujujuju\Downloads\WinPE_drivers.mp4
2017-08-29 00:59 - 2017-08-29 00:59 - 000000000 ____D G:\ProgramData\logsaver
2017-08-29 00:58 - 2017-08-29 00:58 - 000000000 ____D G:\ProgramData\launcher
2017-08-29 00:56 - 2017-08-29 00:56 - 000002359 _____ G:\Users\Public\Desktop\Paragon Partition Manager™ 14 Free.lnk
2017-08-29 00:56 - 2017-08-29 00:56 - 000000000 ___DC G:\Program Files\Paragon Software
2017-08-29 00:56 - 2017-08-29 00:56 - 000000000 ____D G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Partition Manager™ 14 Free
2017-08-29 00:55 - 2017-08-29 00:55 - 000000000 ____D G:\Users\jujujuju\AppData\Local\Downloaded Installations
2017-08-29 00:41 - 2017-08-29 00:41 - 001616569 _____ G:\Users\jujujuju\Downloads\PM2014Free.pdf
2017-08-29 00:38 - 2017-08-29 00:38 - 053091632 _____ (Paragon Software ) G:\Users\jujujuju\Downloads\pm14free_x64_eng.exe
2017-08-29 00:32 - 2017-08-29 01:08 - 537075638 _____ G:\Users\jujujuju\Downloads\mncrooa.wbrp72_300mbfilms.com.rar
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-28 14:16 - 2009-07-14 05:45 - 000056032 ____H G:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-28 14:16 - 2009-07-14 05:45 - 000056032 ____H G:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-28 14:04 - 2009-07-14 06:08 - 000000006 ____H G:\Windows\Tasks\SA.DAT
2017-09-27 06:00 - 2009-07-14 04:20 - 000000000 ____D G:\Windows\rescache
2017-09-27 01:05 - 2017-08-25 12:37 - 000000000 ___DC G:\Program Files (x86)\Intel Driver Update Utility
2017-09-26 23:30 - 2017-08-26 02:56 - 000000000 ____D G:\Users\jujujuju\Documents\ConvertXToDVD
2017-09-26 23:28 - 2017-08-26 09:28 - 000001235 _____ G:\Users\Public\Desktop\TreeSize Free.lnk
2017-09-25 18:21 - 2009-07-14 04:20 - 000000000 ____D G:\Windows\inf
2017-09-20 03:21 - 2017-08-25 12:37 - 000001363 _____ G:\Users\Public\Desktop\Intel® Driver Update Utility 2.9.lnk
2017-09-19 01:36 - 2017-08-22 05:23 - 000143864 _____ (Advanced Micro Devices, Inc. ) G:\Windows\SysWOW64\atiu9pag.dll
2017-09-19 01:35 - 2017-08-22 05:22 - 001533328 _____ (Advanced Micro Devices, Inc. ) G:\Windows\SysWOW64\aticfx32.dll
2017-09-14 00:12 - 2009-07-14 04:20 - 000000000 ____D G:\Windows\system32\NDF
2017-09-13 16:07 - 2009-07-14 06:13 - 000781790 _____ G:\Windows\system32\PerfStringBackup.INI
2017-09-13 16:00 - 2009-07-14 05:45 - 000267672 _____ G:\Windows\system32\FNTCACHE.DAT
2017-09-13 15:39 - 2017-08-25 12:34 - 000765656 _____ G:\Windows\SysWOW64\PerfStringBackup.INI
2017-09-10 01:01 - 2009-07-14 06:09 - 000000000 ____D G:\Windows\System32\Tasks\WPD
2017-09-08 18:02 - 2009-07-14 05:57 - 000001547 _____ G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-09-08 12:54 - 2017-08-25 12:16 - 000000000 ____D G:\ProgramData\Package Cache
2017-09-08 12:27 - 2009-07-14 04:20 - 000000000 ___DC G:\Program Files\Solar Synthenogment Converter
2017-09-06 02:48 - 2017-08-25 18:03 - 000000778 _____ G:\Users\jujujuju\Desktop\win - Shortcut.lnk
2017-09-05 12:19 - 2017-08-25 12:48 - 000002266 _____ G:\Users\Public\Desktop\Google Chrome.lnk
2017-09-05 12:19 - 2017-08-25 12:48 - 000002266 _____ G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-05 11:47 - 2009-07-14 03:34 - 000000215 ____C G:\Windows\system.ini
2017-09-04 02:43 - 2009-07-14 03:34 - 067633152 _____ G:\Windows\system32\config\SOFTWARE.bak
2017-09-04 02:43 - 2009-07-14 03:34 - 044302336 _____ G:\Windows\system32\config\COMPONENTS.bak
2017-09-04 02:43 - 2009-07-14 03:34 - 024903680 _____ G:\Windows\system32\config\SYSTEM.bak
2017-09-04 02:43 - 2009-07-14 03:34 - 000262144 _____ G:\Windows\system32\config\SECURITY.bak
2017-09-04 02:43 - 2009-07-14 03:34 - 000262144 _____ G:\Windows\system32\config\SAM.bak
2017-09-04 02:43 - 2009-07-14 03:34 - 000262144 _____ G:\Windows\system32\config\DEFAULT.bak
2017-09-04 00:04 - 2017-08-25 12:48 - 000000000 ____D G:\Users\jujujuju\AppData\Local\Google
2017-09-03 19:58 - 2017-08-25 12:48 - 000000000 ___DC G:\Program Files (x86)\Google
2017-09-03 19:57 - 2017-08-25 12:48 - 000003330 _____ G:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-09-03 19:57 - 2017-08-25 12:48 - 000003202 _____ G:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-09-03 11:51 - 2017-08-27 01:57 - 140394280 ____C (Microsoft Corporation) G:\Windows\system32\MRT.exe
2017-09-03 00:35 - 2017-08-25 00:42 - 000000000 ____D G:\Users\jujujuju
2017-09-02 18:28 - 2017-08-25 16:35 - 000000943 _____ G:\Users\Public\Desktop\Steam.lnk
2017-09-02 18:05 - 2017-08-25 12:12 - 000000000 ____D G:\Users\jujujuju\AppData\Local\ElevatedDiagnostics
2017-09-02 01:31 - 2017-08-22 05:23 - 000143864 _____ (Advanced Micro Devices, Inc. ) G:\Windows\SysWOW64\SETE0BE.tmp
2017-09-02 01:31 - 2017-08-22 05:23 - 000143864 _____ (Advanced Micro Devices, Inc. ) G:\Windows\SysWOW64\SETD3C9.tmp
2017-09-02 01:31 - 2017-08-22 05:22 - 001532280 _____ (Advanced Micro Devices, Inc. ) G:\Windows\SysWOW64\SETD3C7.tmp
2017-09-02 01:31 - 2017-08-22 05:22 - 001532280 _____ (Advanced Micro Devices, Inc. ) G:\Windows\SysWOW64\SETCEF0.tmp
2017-09-01 19:30 - 2017-08-25 00:42 - 000001082 _____ G:\Users\jujujuju\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-09-01 19:14 - 2017-08-25 19:17 - 000000000 ____D G:\Users\jujujuju\AppData\Local\AMD
2017-09-01 19:13 - 2009-07-14 04:20 - 000000000 ____D G:\Windows\system32\GroupPolicy
2017-09-01 01:17 - 2017-08-26 18:51 - 000001908 _____ G:\Windows\diagwrn.xml
2017-09-01 01:17 - 2017-08-26 18:51 - 000001908 _____ G:\Windows\diagerr.xml
2017-09-01 01:10 - 2017-08-25 09:35 - 000000000 ____D G:\Windows\Panther
2017-08-31 22:23 - 2017-08-25 20:55 - 000000222 _____ G:\Users\jujujuju\Desktop\Sniper Elite 4.url
 
==================== Files in the root of some directories =======
 
2017-09-06 21:46 - 2017-09-27 13:34 - 000001057 _____ () G:\Users\jul\AppData\Roaming\vso_ts_preview.xml
2017-09-02 19:00 - 2017-09-02 19:00 - 000000036 _____ () G:\Users\jul\AppData\Local\housecall.guid.cache
2017-09-22 20:06 - 2017-09-22 20:06 - 000000060 _____ () G:\ProgramData\SoftwareUpdateTemp.xml
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
G:\Windows\system32\winlogon.exe => File is digitally signed
G:\Windows\system32\wininit.exe => File is digitally signed
G:\Windows\SysWOW64\wininit.exe => File is digitally signed
G:\Windows\explorer.exe => File is digitally signed
G:\Windows\SysWOW64\explorer.exe => File is digitally signed
G:\Windows\system32\svchost.exe => File is digitally signed
G:\Windows\SysWOW64\svchost.exe => File is digitally signed
G:\Windows\system32\services.exe => File is digitally signed
G:\Windows\system32\User32.dll => File is digitally signed
G:\Windows\SysWOW64\User32.dll => File is digitally signed
G:\Windows\system32\userinit.exe => File is digitally signed
G:\Windows\SysWOW64\userinit.exe => File is digitally signed
G:\Windows\system32\rpcss.dll => File is digitally signed
G:\Windows\system32\dnsapi.dll => File is digitally signed
G:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
G:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
nointegritychecks: ==> "IntegrityChecks" is disabled. <==== ATTENTION
 
LastRegBack: 2017-09-20 05:07
 
==================== End of FRST.txt ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-09-2017 01
Ran by jul (28-09-2017 14:19:15)
Running from G:\Users\jul\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2017-08-24 23:42:32)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4019728806-3470335272-1452950246-500 - Administrator - Disabled)
Guest (S-1-5-21-4019728806-3470335272-1452950246-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4019728806-3470335272-1452950246-1002 - Limited - Enabled)
jujujuju (S-1-5-21-4019728806-3470335272-1452950246-1000 - Limited - Enabled) => G:\Users\jujujuju
jul (S-1-5-21-4019728806-3470335272-1452950246-1003 - Administrator - Enabled) => G:\Users\jul
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
. . (HKLM\...\{E99F3005-A18B-4BF7-B751-7E780C5E87F0}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{26ABF655-7062-4BBB-B954-F21DF44A1D76}) (Version: 2.9.0.2 - Intel) Hidden
Active@ ISO Burner 4 (HKLM-x32\...\{3B756F35-2504-429A-B36C-EA0961B6A2C0}_is1) (Version: 4 - LSoft Technologies Inc)
Active@ LiveCD 4 (HKLM-x32\...\{F09C52F9-660B-4FE3-8041-AFF6DB177FAA}_is1) (Version: 4 - LSoft Technologies Inc)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.24.0 - Asmedia Technology)
Assessment and Deployment Kit (HKLM-x32\...\{fc46d1b2-9557-4c1f-baac-04af4d2db7e4}) (Version: 8.59.25584 - Microsoft Corporation)
Backup and Sync from Google (HKLM-x32\...\{9AC75ED0-A54A-4AEA-9563-87572879D91C}) (Version: 3.36.6721.3394 - Google, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Catalyst Control Center Next Localization BR (HKLM\...\{92F658F1-7964-9C42-5DB7-CE8739C11551}) (Version: 2017.0918.1943.33661 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{01C63C59-D3FD-4788-010B-C9AD6FE523CB}) (Version: 2017.0918.1943.33661 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{713F7396-C5CD-631B-1FA1-3319D3969FF4}) (Version: 2017.0918.1943.33661 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{CD2CC58C-9479-1E62-7F89-06B08AFE9787}) (Version: 2017.0918.1943.33661 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{04C35169-F14B-2551-9F7A-E8237CEB1197}) (Version: 2017.0918.1943.33661 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{CEA93DFE-AFD1-486E-E4BA-22A556ABE003}) (Version: 2017.0918.1943.33661 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{EF57DAC1-34DF-AD05-390F-B403A198E071}) (Version: 2017.0918.1943.33661 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{8C27A37E-6672-34E1-EBBA-BD4A7910FCF3}) (Version: 2017.0918.1943.33661 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{5A68FBB4-F14C-0427-F0D6-029339EFF311}) (Version: 2017.0918.1943.33661 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{19DB60AB-B4CD-0FA1-6A89-113CFF12E9C9}) (Version: 2017.0918.1943.33661 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{DFD9DB64-A505-C9EA-E312-930F598EE96E}) (Version: 2017.0918.1943.33661 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{353AD1AD-300B-0FD4-EEF7-FC1FC6E64CED}) (Version: 2017.0918.1943.33661 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{5D65B418-AD08-8B6B-8E3F-7F949D630A67}) (Version: 2017.0918.1943.33661 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{3A92D69E-E3B0-45E0-494E-CFA19FEB29A5}) (Version: 2017.0918.1943.33661 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{2B5DC128-687E-5DBF-5CB0-BEB002C07A0D}) (Version: 2017.0918.1943.33661 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{A60AF0F5-6837-F7B2-35E4-610514B272FF}) (Version: 2017.0918.1943.33661 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{ABDE85CD-EABD-2AF6-12A6-B7CF427BA2E4}) (Version: 2017.0918.1943.33661 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{2D5E79A4-FC66-6845-55AF-F24E9553C977}) (Version: 2017.0918.1943.33661 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{F1625621-4D0C-112B-7EDA-D6B2B8CA4D6E}) (Version: 2017.0918.1943.33661 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{0CA7DE47-30F1-52E1-C72E-AB426A58F8D8}) (Version: 2017.0918.1943.33661 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{777C8247-338B-AE15-FC8F-3102A9D33591}) (Version: 2017.0918.1943.33661 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.35 - Piriform)
ConvertXtoDVD 4.0.12.327 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.0.12.327 - )
CPUID ROG CPU-Z 1.80.1 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.80.1 - CPUID, Inc.)
EaseUS Partition Master 12.0 Trial Edition (HKLM-x32\...\EaseUS Partition Master Trial Edition_is1) (Version:  - EaseUS)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM\...\Steam App 271590) (Version:  - Rockstar North)
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
HWiNFO64 Version 5.56 (HKLM\...\HWiNFO64_is1) (Version: 5.56 - Martin Malík - REALiX)
Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1028 - Intel Corporation)
Intel® Network Connections 22.3.108.0 (HKLM\...\PROSetDX) (Version: 22.3.108.0 - Intel)
Intel® Processor Identification Utility (HKLM-x32\...\{A92A4DB0-CD37-42D1-BE1D-603D53C24328}) (Version: 1.0.0.0 - Intel Corporation)
Intel® USB 3.0\3.1 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 5.0.3.42 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{e0c04d85-bdcb-4572-ac96-c3e248f87a87}) (Version: 2.9.0.2 - Intel)
iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.)
Kits Configuration Installer (HKLM-x32\...\{E14DDED2-919B-FCCB-84AC-5ABB6D182D46}) (Version: 8.59.25584 - Microsoft) Hidden
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
NTFS Data Recovery 9 (HKLM-x32\...\{E208650E-BC95-4331-965C-052D9EC59890}_is1) (Version: 9 - LSoft Technologies Inc)
Paragon Partition Manager™ 14 Free (HKLM\...\{47E5588F-C3A0-11DE-9857-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7982 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.2.0 - Rockstar Games)
Sniper Elite 4 (HKLM\...\Steam App 312660) (Version:  - Rebellion)
Sniper Elite V2 (HKLM\...\Steam App 63380) (Version:  - Rebellion)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.1 - Sophos Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1248 - SUPERAntiSpyware.com)
Toolkit Documentation (HKLM-x32\...\{AB1F3428-D2C6-895F-1966-BA55647B40D8}) (Version: 8.59.25584 - Microsoft) Hidden
TreeSize Free V4.0.3 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.0.3 - JAM Software)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VSO ConvertXToDVD 7 (HKLM-x32\...\{A021D003-6933-4EA4-B582-F1D0C3E52409}_is1) (Version: 7.0.0.40 - VSO Software)
Vulkan Run Time Libraries 1.0.54.0 (HKLM\...\VulkanRT1.0.54.0) (Version: 1.0.54.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.0 (HKLM\...\VulkanRT1.0.54.0-3) (Version: 1.0.54.0 - LunarG, Inc.)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
Zinio Reader 5 (HKLM-x32\...\{9F9C3D8E-72ED-40C5-D244-0309FDB70F77}) (Version: 1.0.1.100 - Zinio LLC)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => G:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-31] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => G:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-31] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => G:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-08-31] (Google)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => G:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-09-20] ()
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => G:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => G:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-08-31] (Google)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => G:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => G:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => G:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => G:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => G:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => G:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => G:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-08-31] (Google)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => G:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-09-18] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => G:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-09-20] ()
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => G:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => G:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => G:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => G:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {10062607-B413-4B28-A431-01627B3E571D} - System32\Tasks\CCleanerSkipUAC => G:\Program Files\CCleaner\CCleaner.exe [2017-09-20] (Piriform Ltd)
Task: {1DEDA3CD-AD64-483A-A4C4-C5A05554A27C} - System32\Tasks\a63d825df76033fd168184803be07981 => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File "G:\Windows\a63d825df76033fd168184803be07981.ps1" <==== ATTENTION
Task: {20E84F26-64AD-421C-9114-B219BDE9E568} - System32\Tasks\StartCN => G:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-09-18] (Advanced Micro Devices, Inc.)
Task: {3970ADA8-38CA-4FA7-96AA-7885D734B4F4} - System32\Tasks\SUPERAntiSpyware Scheduled Task 23c8ff20-7701-45ca-8157-1e498e968c1a => G:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {39AD593B-429C-47C1-B8CF-C46216F492C6} - System32\Tasks\SUPERAntiSpyware Scheduled Task 618e06ab-3f52-4b5c-bdea-aec771945115 => G:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {47B3206B-CE0E-4AE9-AA4B-27F1F88FDB51} - System32\Tasks\{58CF6823-0849-40FB-90E0-C0D649B56420} => G:\Windows\system32\pcalua.exe -a "J:\Nero Burning ROM Ultra Edition v6.6.0.6 Final 超强正式版\Nero 超强正式版.exe" -d "J:\Nero Burning ROM Ultra Edition v6.6.0.6 Final 超强正式版"
Task: {47CF04A0-CC45-4260-8996-8E891B700400} - \{F7BCD1CD-DBC1-4F1E-990E-F5371A5B5D06} -> No File <==== ATTENTION
Task: {482B9BDE-70C4-4DBC-BE94-3DE734C00AC2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => G:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {4DE3814E-A10E-4751-A56E-578870D76D13} - System32\Tasks\AGProxyCheck => G:\Program [Argument = Files (x86)\AnonymizerGadget\AGService.exe /recove]
Task: {50544E57-2931-4DBF-AEA1-2F309C82297C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => G:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {67DAC5F5-63E5-4148-8DBB-65EB7FA4F972} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => G:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {68F6EDFD-93A7-4D53-A6AA-BC7670F906F5} - System32\Tasks\{B7F239E5-9E4F-4367-8CE7-4BE6E65CB805} => G:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTgui.exe [2017-06-15] (Sophos Limited)
Task: {6A5C8124-3ED3-4673-8282-A2EA4442C19D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => G:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {73FCD1A5-B3F5-4B24-BFF5-1532ECBC8899} - System32\Tasks\Intel PTT EK Recertification => G:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2017-02-24] (Intel® Corporation)
Task: {926DEDBD-21C5-4FA8-9FA4-F27A4EABF09C} - System32\Tasks\{E6E1D0DF-885B-413D-B264-768F7862DBDC} => G:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTgui.exe [2017-06-15] (Sophos Limited)
Task: {AD75129E-831C-48D2-81EE-1680DF26674D} - System32\Tasks\e39ad111a1d5c95c3dbc979c8774eec0 => sc start e39ad111a1d5c95c3dbc979c8774eec0 <==== ATTENTION
Task: {B3E6BFD3-7DCF-455C-BBAB-36FFB4BDC90E} - System32\Tasks\GoogleUpdateTaskMachineCore => G:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-25] (Google Inc.)
Task: {CA4BC247-2704-4FF0-8B70-2B7EB2AD1714} - System32\Tasks\GoogleUpdateTaskMachineUA => G:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-25] (Google Inc.)
Task: {D6240E13-1EA5-4A4A-8AF9-C05700167B1F} - \{9A89716D-AB4E-439A-9D62-3D3E3B987114} -> No File <==== ATTENTION
Task: {E39B2D6B-D4D1-40B0-9A7E-DCE02608C44C} - \{097D0947-0F78-7979-0A11-78040B79110D} -> No File <==== ATTENTION
Task: {E3AC0D32-9CB5-454A-81AA-38C864D262CD} - System32\Tasks\wincore => G:\Windows\Max\wincore.exe
Task: {E3EE96F2-FA11-418C-B430-B8EB56E1FC29} - System32\Tasks\max => G:\Windows\Max\maxup.exe
Task: {E728BADA-D671-4A34-B019-5891B7C2F1B1} - \{03D00920-7C4B-4636-A08D-B6614BDA48C4} -> No File <==== ATTENTION
Task: {E7443C53-0DFD-44DA-93DD-5CEA88EEC8CA} - System32\Tasks\{EC1DE8B2-4986-4576-8DA8-6FEC34A695D7} => G:\Windows\system32\pcalua.exe -a "G:\Program Files (x86)\Common Files\X-runflex\uninstall.exe" -c shuz -f "G:\Program Files (x86)\Common Files\X-runflex\uninstall.dat" -a uninstallme D46174D8-86B8-4B8E-BC38-828FE5A9515D DeviceId=9aadd5cd-2238-fe77-941f-01cfc76ceddc BarcodeId=51557003 ChannelId=3 DistributerName=APSFWemonetize
Task: {FD98C73E-1C25-4973-9BD9-B9EDF2F009FE} - System32\Tasks\Intel\Intel Telemetry 2 => G:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: G:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 23c8ff20-7701-45ca-8157-1e498e968c1a.job => G:\Program Files\SUPERAntiSpyware\SASTask.exedG:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: G:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 618e06ab-3f52-4b5c-bdea-aec771945115.job => G:\Program Files\SUPERAntiSpyware\SASTask.exedG:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-20 09:03 - 2017-09-20 09:03 - 000155504 ____C () G:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000014336 ____C () G:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000739840 ____C () G:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000014336 ____C () G:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000071168 ____C () G:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 000011776 ____C () G:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-12 23:42 - 2016-09-12 23:42 - 002013696 ____C () G:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-12 23:43 - 2016-09-12 23:43 - 000191488 ____C () G:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2016-11-09 10:46 - 2016-11-09 10:46 - 000105312 _____ () G:\Windows\system32\audioLibVc.dll
2017-09-01 04:57 - 2014-11-18 14:44 - 000255072 ____C () G:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\TrayTipAgentE.exe
2017-08-25 12:48 - 2017-08-23 09:48 - 003824472 ____C () G:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll
2017-08-25 12:48 - 2017-08-23 09:48 - 000100184 ____C () G:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll
2017-09-14 00:24 - 2016-09-13 14:00 - 000109400 ____C () G:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-09-14 00:24 - 2016-09-13 14:00 - 000416600 ____C () G:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-09-14 00:24 - 2016-09-13 14:00 - 000167768 ____C () G:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-09-14 00:24 - 2017-05-12 11:36 - 000507464 ____C () G:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2017-09-01 19:36 - 2017-09-01 19:36 - 000471336 _____ () g:\windows\syswow64\wtmhdinus.dll
2017-09-01 04:57 - 2014-02-13 15:27 - 000222792 ____C () G:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\traynet.dll
2017-09-01 04:57 - 2014-02-13 15:27 - 000275528 ____C () G:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\libcurl.dll
2017-09-01 04:57 - 2014-02-13 15:27 - 000113166 ____C () G:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\zlib1.dll
2017-09-01 04:57 - 2014-02-13 15:27 - 000249928 ____C () G:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.0\bin\TrayPopupE\uexper.dll
2017-06-06 00:23 - 2017-06-06 00:23 - 001244304 ____C () G:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\20471468.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\29645003.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\38122476.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\57810527.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\61229929.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\20471468.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\29645003.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\38122476.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\57810527.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\61229929.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7936 more sites.
 
IE restricted site: HKU\S-1-5-21-4019728806-3470335272-1452950246-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4019728806-3470335272-1452950246-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4019728806-3470335272-1452950246-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4019728806-3470335272-1452950246-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4019728806-3470335272-1452950246-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4019728806-3470335272-1452950246-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4019728806-3470335272-1452950246-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4019728806-3470335272-1452950246-1003\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4019728806-3470335272-1452950246-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4019728806-3470335272-1452950246-1003\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4019728806-3470335272-1452950246-1003\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4019728806-3470335272-1452950246-1003\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4019728806-3470335272-1452950246-1003\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4019728806-3470335272-1452950246-1003\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4019728806-3470335272-1452950246-1003\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4019728806-3470335272-1452950246-1003\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4019728806-3470335272-1452950246-1003\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4019728806-3470335272-1452950246-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4019728806-3470335272-1452950246-1003\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4019728806-3470335272-1452950246-1003\...\123simsen.com -> www.123simsen.com
 
There are 7936 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-09-03 11:42 - 2017-09-22 22:48 - 000454512 ____R G:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 15600 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4019728806-3470335272-1452950246-1003\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AAMWService => 2
MSCONFIG\Services: AAMW_WSC_Service_Vista => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 3
MSCONFIG\Services: e39ad111a1d5c95c3dbc979c8774eec0 => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: ZAMSvc => 2
MSCONFIG\startupfolder: G:^Users^jujujuju^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^csrsswn.vbs => G:\Windows\pss\csrsswn.vbs.Startup
MSCONFIG\startupfolder: G:^Users^jujujuju^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^csrssws.vbs => G:\Windows\pss\csrssws.vbs.Startup
MSCONFIG\startupreg: 0vauicjgpbc => "G:\Users\jujujuju\AppData\Roaming\ebjwtl4f1na\h2plwh1e5li.exe"
MSCONFIG\startupreg: 1FCMOJ5WJI02DQ1 => "G:\Program Files\W55C0K9KTO\W55C0K9KT.exe"
MSCONFIG\startupreg: 3E78Y9G85E117NU => "G:\Program Files\U4EIPT79EY\U4EIPT79E.exe"
MSCONFIG\startupreg: 3oczqhvhlvo => "G:\Users\jujujuju\AppData\Roaming\gzwxnhyl0bc\xrs0fed45am.exe"
MSCONFIG\startupreg: 4f00hlssptt => "G:\Users\jujujuju\AppData\Roaming\gcrmprzqirq\1gjiolfs1x4.exe"
MSCONFIG\startupreg: 4pnqfzq2mko => "G:\Users\jujujuju\AppData\Roaming\tinm552jylc\0fwe2pwqscd.exe"
MSCONFIG\startupreg: A9BE9FGMAFEOU83 => "G:\Program Files\MAFA4P2RYD\MAFA4P2RY.exe"
MSCONFIG\startupreg: AnonymizerGadget => "G:\Users\jujujuju\AppData\Roaming\AGData\bin\AnonymizerLauncher.exe" /S /startup --ppapi-flash-path=./pepflashplayer.dll /source:1680 /subsource:2833
MSCONFIG\startupreg: AVBoost => "G:\Program Files (x86)\AVBoost\AVBoost.exe"
MSCONFIG\startupreg: BlueSurf => "G:\Windows\rss\csrss.exe"
MSCONFIG\startupreg: bsdy5o0ijwg => "G:\Users\jujujuju\AppData\Roaming\0rrkhc3day3\y2vtoo3xwmo.exe"
MSCONFIG\startupreg: co4vnxw2spo => "G:\Users\jujujuju\AppData\Roaming\grjagsepl3w\bv5xuu25mqx.exe"
MSCONFIG\startupreg: csrsswn => "%SystemRoot%\System32\WScript.exe" "G:\Users\jujujuju\AppData\Roaming\csrss store files\start64.vbs" //B "%1" %*
MSCONFIG\startupreg: csrssws => "%SystemRoot%\System32\WScript.exe" "G:\Users\jujujuju\AppData\Roaming\csrss local files\start.vbs" //B "%1" %*
MSCONFIG\startupreg: dinbql2wuhh => "G:\Users\jujujuju\AppData\Roaming\24veglf5eq3\foaxratmmf0.exe"
MSCONFIG\startupreg: FDJR8O2FUVVRFXO => "G:\Program Files\JU2MYILJAF\JU2MYILJA.exe"
MSCONFIG\startupreg: GoogleChromeAutoLaunch_FABA9AA0DBBE9B2AA1366F8B64089CAF => "G:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
MSCONFIG\startupreg: gplyra => G:\Users\jujujuju\AppData\Roaming\gplyra\gplyra.exe
MSCONFIG\startupreg: GYG47JIH8UNZVYW => "G:\Program Files\A7JPMG8CL9\A7JPMG8CL.exe"
MSCONFIG\startupreg: h3no2qld1i1 => "G:\Users\jujujuju\AppData\Roaming\0fe0cxt0whq\bgbc11ahzlk.exe"
MSCONFIG\startupreg: HW07R6TI5334A44 => "G:\Program Files\I5L8GWUW5U\I5L8GWUW5.exe"
MSCONFIG\startupreg: iTunesHelper => "G:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: jah4kczbvvf => "G:\Users\jujujuju\AppData\Roaming\3miefhu2sjc\dptgc2do3am.exe"
MSCONFIG\startupreg: kk2mvbyt3zn => "G:\Users\jujujuju\AppData\Roaming\jn0v2y1izzp\ometo3sce4h.exe"
MSCONFIG\startupreg: M0FJK9888MA0AO5 => "G:\Program Files\5L4HJYYE4X\5L4HJYYE4.exe"
MSCONFIG\startupreg: M2O16K9H3MCKCI3 => "G:\Program Files (x86)\ca3g2cxdugs\NFF9K.exe"
MSCONFIG\startupreg: m4ol5vs10pg => "G:\Users\jujujuju\AppData\Roaming\yxit1pxpncm\myg20h0zxfo.exe"
MSCONFIG\startupreg: MFSH4VQ8VODU2NQ => "G:\Program Files\M78P0D5I6G\M78P0D5I6.exe"
MSCONFIG\startupreg: msiql => G:\Users\jujujuju\AppData\Local\Temp\00032212\msiql.exe /RUNNING
MSCONFIG\startupreg: NMQSN0V1F7ECE41 => "G:\Program Files\VN88XS6J2J\VN88XS6J2.exe"
MSCONFIG\startupreg: qnewm3xv2fp => "G:\Users\jujujuju\AppData\Roaming\zydvyn5yh4n\y4p01sacxaw.exe"
MSCONFIG\startupreg: RMQATJRR0DY883L => "G:\Program Files\WI9TK9BWYS\WI9TK9BWY.exe"
MSCONFIG\startupreg: ShutdownTime => "G:\Program Files (x86)\ShutdownTime\ShutdownTime.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => G:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: TQTP5T9JEU5NUXW => "G:\Program Files\48U05F35HQ\48U05F35H.exe"
MSCONFIG\startupreg: vd0vtkzqlon => "G:\Users\jujujuju\AppData\Roaming\pdmhpzzttfo\audxezosxzv.exe"
MSCONFIG\startupreg: wzxoj5xvcq3 => "G:\Users\jujujuju\AppData\Roaming\vl5pnlstk4b\zfnioj0agou.exe"
MSCONFIG\startupreg: x1gzevymmfw => "G:\Users\jujujuju\AppData\Roaming\yn23imbqd25\hr5jvzm1uty.exe"
MSCONFIG\startupreg: ZAM => "G:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /minimized
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{ED17EAFC-7449-4455-AEBE-6DF8988C2363}] => (Allow) G:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3C0B6BE0-5BF1-4E40-8AD6-A400AA9D1964}] => (Allow) G:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C7AD2274-6548-42A2-AE47-37B30FB48858}] => (Allow) G:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4373505F-D338-48B5-B20D-668F527C55E8}] => (Allow) G:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{E0E19132-315A-4CCC-8D3B-FA9710E99295}] => (Allow) G:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{01EDE0C8-FA99-4D97-99BD-DC822F882E7C}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{E98B8DCE-6818-4A42-A105-9E2E560B4ACA}] => (Allow) G:\Program Files (x86)\Steam\steamapps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [TCP Query User{9B8602C9-79CC-4953-9C31-95696FBF5FDD}G:\program files (x86)\steam\steamapps\common\sniper elite v2\bin\sniperelitev2.exe] => (Block) G:\program files (x86)\steam\steamapps\common\sniper elite v2\bin\sniperelitev2.exe
FirewallRules: [UDP Query User{62297F97-6F0E-4165-8E3E-5ED54DDA20E9}G:\program files (x86)\steam\steamapps\common\sniper elite v2\bin\sniperelitev2.exe] => (Block) G:\program files (x86)\steam\steamapps\common\sniper elite v2\bin\sniperelitev2.exe
FirewallRules: [{86F6D7B0-06A6-4AD5-81A8-B6D970849DC4}] => (Allow) C:\Program Files (x86)\SteamLibrary\steamapps\common\Sniper Elite 4\Launcher\SniperElite4.exe
FirewallRules: [{64D67F46-3453-4182-A7BC-8FD0B83ACEC9}] => (Allow) C:\Program Files (x86)\SteamLibrary\steamapps\common\Sniper Elite 4\Launcher\SniperElite4.exe
FirewallRules: [{2F936FE6-BD1E-4A8E-B2D5-07DC77578398}] => (Block) G:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.0\bin\Main.exe
FirewallRules: [{EBDD9743-0311-4758-A918-23D1C5A07165}] => (Block) G:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.0\bin\Main.exe
FirewallRules: [{F490D672-AB2F-413D-BD79-4F83DFA15935}] => (Allow) G:\Windows\system32\rundll32.exe
FirewallRules: [{9E9D3F2A-372E-4041-9460-A0DACCDFC625}] => (Allow) G:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EB4CE780-1517-4ECE-A422-87DA2AC77282}] => (Allow) G:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C003397D-A8F5-4B62-91FD-BC5B56A2BB7F}] => (Allow) G:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D44F98E4-2653-48CF-8FCC-0D8525376E0A}] => (Allow) G:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A7835601-AB57-4F9B-8586-CDA563A7395C}] => (Allow) G:\Program Files\iTunes\iTunes.exe
FirewallRules: [{3CCEEF01-7C53-4E1A-9D06-7C4F33EDA516}] => (Allow) G:\Windows\System32\rundll32.exe
FirewallRules: [{1D5F725E-E063-42B6-806D-CE2EB95512FD}] => (Allow) G:\Windows\System32\rundll32.exe
FirewallRules: [{D1908ED8-CE62-42B9-9909-9EED073086DD}] => (Allow) G:\Windows\System32\rundll32.exe
FirewallRules: [{07A7BD8A-5E5E-40B2-A985-0856A96E2506}] => (Allow) G:\Windows\System32\rundll32.exe
FirewallRules: [{2B2CF1CE-0317-458F-82A5-C48D9BB86893}] => (Allow) K:\Program Files (x86)\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{43B37E16-C9B2-4035-B035-7B361A8B2E78}] => (Allow) K:\Program Files (x86)\SteamLibrary\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{DBDAAAEC-8E80-4118-A400-BC1ED0D3A323}] => (Allow) K:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe
FirewallRules: [{643BE838-2403-411B-88A8-2F3B92827515}] => (Allow) K:\Program Files\Rockstar Games\Grand Theft Auto V\GTA5.exe
StandardProfile\AuthorizedApplications: [G:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [G:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [G:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [G:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/28/2017 02:11:31 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "g:\program files (x86)\spybot - search & destroy 2\Tools.dll".Error in manifest or policy file "g:\program files (x86)\spybot - search & destroy 2\Tools.dll" on line 2.
The manifest file root element must be assembly.
 
Error: (09/28/2017 02:11:31 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "g:\program files (x86)\spybot - search & destroy 2\SDWinLogon.dll".Error in manifest or policy file "g:\program files (x86)\spybot - search & destroy 2\SDWinLogon.dll" on line 2.
The manifest file root element must be assembly.
 
Error: (09/28/2017 02:11:31 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "g:\program files (x86)\spybot - search & destroy 2\SDTasks.dll".Error in manifest or policy file "g:\program files (x86)\spybot - search & destroy 2\SDTasks.dll" on line 2.
The manifest file root element must be assembly.
 
Error: (09/28/2017 02:11:31 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "g:\program files (x86)\spybot - search & destroy 2\SDResources.dll".Error in manifest or policy file "g:\program files (x86)\spybot - search & destroy 2\SDResources.dll" on line 2.
The manifest file root element must be assembly.
 
Error: (09/28/2017 02:11:31 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "g:\program files (x86)\spybot - search & destroy 2\SDLists.dll".Error in manifest or policy file "g:\program files (x86)\spybot - search & destroy 2\SDLists.dll" on line 2.
The manifest file root element must be assembly.
 
Error: (09/28/2017 02:11:31 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "g:\program files (x86)\spybot - search & destroy 2\SDLicense.dll".Error in manifest or policy file "g:\program files (x86)\spybot - search & destroy 2\SDLicense.dll" on line 2.
The manifest file root element must be assembly.
 
Error: (09/28/2017 02:11:31 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "g:\program files (x86)\spybot - search & destroy 2\SDImmunizeLibrary.dll".Error in manifest or policy file "g:\program files (x86)\spybot - search & destroy 2\SDImmunizeLibrary.dll" on line 2.
The manifest file root element must be assembly.
 
Error: (09/28/2017 02:11:31 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "g:\program files (x86)\spybot - search & destroy 2\SDFileScanLibrary.dll".Error in manifest or policy file "g:\program files (x86)\spybot - search & destroy 2\SDFileScanLibrary.dll" on line 2.
The manifest file root element must be assembly.
 
Error: (09/28/2017 02:11:31 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "g:\program files (x86)\spybot - search & destroy 2\SDFileScanHelper.exe".Error in manifest or policy file "g:\program files (x86)\spybot - search & destroy 2\SDFileScanHelper.exe" on line 2.
The manifest file root element must be assembly.
 
Error: (09/28/2017 02:11:31 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "g:\program files (x86)\spybot - search & destroy 2\SDEvents.dll".Error in manifest or policy file "g:\program files (x86)\spybot - search & destroy 2\SDEvents.dll" on line 2.
The manifest file root element must be assembly.
 
 
System errors:
=============
Error: (09/28/2017 02:15:12 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.253.34.0).
 
Error: (09/28/2017 02:15:02 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.251.1500.0
 
Update Source: Microsoft Update Server
 
Update Stage: Install
 
 
Signature Type: AntiVirus
 
Update Type: Full
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: 
 
Previous Engine Version: 1.1.14104.0
 
Error code: 0x80070643
 
Error description: Fatal error during installation.
 
Error: (09/28/2017 02:03:44 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: Driver ACPI returned invalid ID for a child device (5).
 
Error: (09/27/2017 05:12:28 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: Driver ACPI returned invalid ID for a child device (5).
 
Error: (09/27/2017 08:46:30 AM) (Source: volsnap) (EventID: 35) (User: )
Description: The shadow copies of volume G: were aborted because the shadow copy storage failed to grow.
 
Error: (09/27/2017 01:17:48 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Type with the following error: 
Access is denied.
 
Error: (09/27/2017 01:11:18 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Type with the following error: 
Access is denied.
 
Error: (09/27/2017 01:11:18 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Type with the following error: 
Access is denied.
 
Error: (09/27/2017 12:58:45 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Type with the following error: 
Access is denied.
 
Error: (09/26/2017 11:23:42 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: Driver ACPI returned invalid ID for a child device (5).
 
 
CodeIntegrity:
===================================
  Date: 2017-08-26 19:33:45.119
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-08-26 19:33:45.084
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-08-26 19:33:45.049
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-08-26 19:33:45.019
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-08-26 19:33:44.984
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-08-26 19:33:44.949
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-08-26 19:33:44.919
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-08-26 19:33:44.884
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-08-26 19:33:44.849
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\Windows\explorer.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-08-26 03:20:31.896
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\Windows\PrintDialog\PrintDialog.exe because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-6700K CPU @ 4.00GHz
Percentage of memory in use: 21%
Total physical RAM: 16313.59 MB
Available physical RAM: 12824.63 MB
Total Virtual: 32625.37 MB
Available Virtual: 28417.51 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:1863.01 GB) (Free:29.03 GB) NTFS
Drive d: (Recovery) (Fixed) (Total:0.29 GB) (Free:0.05 GB) NTFS
Drive e: () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.02 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (CORSAIR WIN 7 64) (Fixed) (Total:119.14 GB) (Free:11.86 GB) NTFS
Drive h: () (Fixed) (Total:465.76 GB) (Free:102.54 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive i: (CCSA_X64FRE_EN-GB_DV5) (Removable) (Total:15 GB) (Free:9.45 GB) NTFS
Drive k: () (Fixed) (Total:465.25 GB) (Free:316.21 GB) NTFS
Drive l: (ESD-USB) (Removable) (Total:7.48 GB) (Free:4.09 GB) FAT32
Drive m: (HITACHI) (Fixed) (Total:465.76 GB) (Free:0.99 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 27A68E41)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: CBCCB6FD)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: 0BC5C78A)
Partition 1: (Not Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=99 MB) - (Type=0C)
Partition 3: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 1ADA2736)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 4 (Size: 15 GB) (Disk ID: 010DBC42)
Partition 1: (Active) - (Size=15 GB) - (Type=07 NTFS)
 
========================================================
Disk: 5 (MBR Code: Windows 7 or 8) (Size: 7.5 GB) (Disk ID: 9C704E38)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0B)
 
========================================================
Disk: 6 (Size: 465.8 GB) (Disk ID: ADA5F42E)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
I hope these files prove helpfull
Please don't hesitate in requesting any additional info
Regards
Julian.Reiss
 


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:46 PM

Posted 28 September 2017 - 09:48 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

ATTENTION: System Restore is disabled
Turn your System Restore ON - Windows Help
https://support.microsoft.com/en-us/help/17228/windows-protect-my-pc-from-viruses
<<<>>>


Do you know what this does?
If not and it was not installed by by you add the 2 lines in the code box below to Fixlist.txt file before saving it.
Task: C:\Windows\Tasks\Paverle Mapper.job => C:\Program Files\Atwudomstertersh\kuient.exe

 
C:\Windows\Tasks\Paverle Mapper.job
C:\Program Files\Atwudomstertersh

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

nointegritychecks: ==> "IntegrityChecks" is disabled. <==== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction - Chrome <==== ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope value is missing
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> G:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> G:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
CHR HomePage: Default -> searchassist.net
CHR DefaultSearchURL: Default -> hxxps://www.searchassist.net/search?q={searchTerms}
CHR DefaultSearchKeyword: Default -> www.searchassist.net
R2 wtmhdintus; G:\Windows\SysWow64\wtmhdinus.dll [471336 2017-09-01] ()
S3 catchme; \??\G:\ComboFix\catchme.sys [X]
S1 mjbqdgqe; \??\G:\Windows\system32\drivers\mjbqdgqe.sys [X]
S1 vsxpqsek; \??\G:\Windows\system32\drivers\vsxpqsek.sys [X]
C:\Windows\system32\drivers\sptd.sys

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

Task: {47CF04A0-CC45-4260-8996-8E891B700400} - \{F7BCD1CD-DBC1-4F1E-990E-F5371A5B5D06} -> No File <==== ATTENTION
Task: {4DE3814E-A10E-4751-A56E-578870D76D13} - System32\Tasks\AGProxyCheck => G:\Program [Argument = Files (x86)\AnonymizerGadget\AGService.exe /recove]
Task: {AD75129E-831C-48D2-81EE-1680DF26674D} - System32\Tasks\e39ad111a1d5c95c3dbc979c8774eec0 => sc start e39ad111a1d5c95c3dbc979c8774eec0 <==== ATTENTION
Task: {D6240E13-1EA5-4A4A-8AF9-C05700167B1F} - \{9A89716D-AB4E-439A-9D62-3D3E3B987114} -> No File <==== ATTENTION
Task: {E39B2D6B-D4D1-40B0-9A7E-DCE02608C44C} - \{097D0947-0F78-7979-0A11-78040B79110D} -> No File <==== ATTENTION
Task: {E3AC0D32-9CB5-454A-81AA-38C864D262CD} - System32\Tasks\wincore => G:\Windows\Max\wincore.exe
Task: {E3EE96F2-FA11-418C-B430-B8EB56E1FC29} - System32\Tasks\max => G:\Windows\Max\maxup.exe
Task: {E728BADA-D671-4A34-B019-5891B7C2F1B1} - \{03D00920-7C4B-4636-A08D-B6614BDA48C4} -> No File <==== ATTENTION
MSCONFIG\startupfolder: G:^Users^jujujuju^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^csrsswn.vbs => G:\Windows\pss\csrsswn.vbs.Startup
MSCONFIG\startupfolder: G:^Users^jujujuju^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^csrssws.vbs => G:\Windows\pss\csrssws.vbs.Startup
MSCONFIG\startupreg: 0vauicjgpbc => "G:\Users\jujujuju\AppData\Roaming\ebjwtl4f1na\h2plwh1e5li.exe"
MSCONFIG\startupreg: 1FCMOJ5WJI02DQ1 => "G:\Program Files\W55C0K9KTO\W55C0K9KT.exe"
MSCONFIG\startupreg: 3E78Y9G85E117NU => "G:\Program Files\U4EIPT79EY\U4EIPT79E.exe"
MSCONFIG\startupreg: 3oczqhvhlvo => "G:\Users\jujujuju\AppData\Roaming\gzwxnhyl0bc\xrs0fed45am.exe"
MSCONFIG\startupreg: 4f00hlssptt => "G:\Users\jujujuju\AppData\Roaming\gcrmprzqirq\1gjiolfs1x4.exe"
MSCONFIG\startupreg: 4pnqfzq2mko => "G:\Users\jujujuju\AppData\Roaming\tinm552jylc\0fwe2pwqscd.exe"
MSCONFIG\startupreg: AnonymizerGadget => "G:\Users\jujujuju\AppData\Roaming\AGData\bin\AnonymizerLauncher.exe" /S /startup --ppapi-flash-path=./pepflashplayer.dll /source:1680 /subsource:2833
MSCONFIG\startupreg: BlueSurf => "G:\Windows\rss\csrss.exe"
MSCONFIG\startupreg: bsdy5o0ijwg => "G:\Users\jujujuju\AppData\Roaming\0rrkhc3day3\y2vtoo3xwmo.exe"
MSCONFIG\startupreg: co4vnxw2spo => "G:\Users\jujujuju\AppData\Roaming\grjagsepl3w\bv5xuu25mqx.exe"
MSCONFIG\startupreg: csrsswn => "%SystemRoot%\System32\WScript.exe" "G:\Users\jujujuju\AppData\Roaming\csrss store files\start64.vbs" //B "%1" %*
MSCONFIG\startupreg: csrssws => "%SystemRoot%\System32\WScript.exe" "G:\Users\jujujuju\AppData\Roaming\csrss local files\start.vbs" //B "%1" %*
MSCONFIG\startupreg: dinbql2wuhh => "G:\Users\jujujuju\AppData\Roaming\24veglf5eq3\foaxratmmf0.exe"
MSCONFIG\startupreg: FDJR8O2FUVVRFXO => "G:\Program Files\JU2MYILJAF\JU2MYILJA.exe"
MSCONFIG\startupreg: gplyra => G:\Users\jujujuju\AppData\Roaming\gplyra\gplyra.exe
MSCONFIG\startupreg: GYG47JIH8UNZVYW => "G:\Program Files\A7JPMG8CL9\A7JPMG8CL.exe"
MSCONFIG\startupreg: h3no2qld1i1 => "G:\Users\jujujuju\AppData\Roaming\0fe0cxt0whq\bgbc11ahzlk.exe"
MSCONFIG\startupreg: HW07R6TI5334A44 => "G:\Program Files\I5L8GWUW5U\I5L8GWUW5.exe"
MSCONFIG\startupreg: iTunesHelper => "G:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: jah4kczbvvf => "G:\Users\jujujuju\AppData\Roaming\3miefhu2sjc\dptgc2do3am.exe"
MSCONFIG\startupreg: kk2mvbyt3zn => "G:\Users\jujujuju\AppData\Roaming\jn0v2y1izzp\ometo3sce4h.exe"
MSCONFIG\startupreg: M0FJK9888MA0AO5 => "G:\Program Files\5L4HJYYE4X\5L4HJYYE4.exe"
MSCONFIG\startupreg: M2O16K9H3MCKCI3 => "G:\Program Files (x86)\ca3g2cxdugs\NFF9K.exe"
MSCONFIG\startupreg: m4ol5vs10pg => "G:\Users\jujujuju\AppData\Roaming\yxit1pxpncm\myg20h0zxfo.exe"
MSCONFIG\startupreg: MFSH4VQ8VODU2NQ => "G:\Program Files\M78P0D5I6G\M78P0D5I6.exe"
MSCONFIG\startupreg: msiql => G:\Users\jujujuju\AppData\Local\Temp\00032212\msiql.exe /RUNNING
MSCONFIG\startupreg: NMQSN0V1F7ECE41 => "G:\Program Files\VN88XS6J2J\VN88XS6J2.exe"
MSCONFIG\startupreg: qnewm3xv2fp => "G:\Users\jujujuju\AppData\Roaming\zydvyn5yh4n\y4p01sacxaw.exe"
MSCONFIG\startupreg: RMQATJRR0DY883L => "G:\Program Files\WI9TK9BWYS\WI9TK9BWY.exe"
MSCONFIG\startupreg: ShutdownTime => "G:\Program Files (x86)\ShutdownTime\ShutdownTime.exe"
MSCONFIG\startupreg: TQTP5T9JEU5NUXW => "G:\Program Files\48U05F35HQ\48U05F35H.exe"
MSCONFIG\startupreg: vd0vtkzqlon => "G:\Users\jujujuju\AppData\Roaming\pdmhpzzttfo\audxezosxzv.exe"
MSCONFIG\startupreg: wzxoj5xvcq3 => "G:\Users\jujujuju\AppData\Roaming\vl5pnlstk4b\zfnioj0agou.exe"
MSCONFIG\startupreg: x1gzevymmfw => "G:\Users\jujujuju\AppData\Roaming\yn23imbqd25\hr5jvzm1uty.exe"

2017-09-26 13:09 - 2017-09-26 13:12 - 007649280 ____C () C:\Program Files\GUT3A14.tmp
2017-09-26 13:10 - 2017-09-26 13:12 - 007649280 ____C () C:\Program Files\GUTFFA4.tmp
2013-12-14 09:43 - 2013-12-14 09:43 - 000000000 _____ () C:\Users\teja\AppData\Local\{3A800570-C286-4EFB-9553-C83C9E4013DA}
2013-12-20 19:47 - 2013-12-20 19:47 - 000000000 _____ () C:\Users\teja\AppData\Local\{8906D520-381E-4CB1-A53A-13B40D9876DE}
2013-12-14 09:43 - 2013-12-14 09:43 - 000000000 _____ () C:\Users\teja\AppData\Local\{97CC91D3-50AD-49A1-93AE-A133B710855D}
2013-12-25 15:53 - 2013-12-25 15:53 - 000000000 _____ () C:\Users\teja\AppData\Local\{C2D2986C-58D3-4103-837E-B6B1F008D2AC}
2014-01-15 19:13 - 2014-01-15 19:15 - 000000000 _____ () C:\Users\teja\AppData\Local\{C816D3BA-546D-49E3-B246-9627F865D714}
2013-12-20 19:47 - 2013-12-20 19:48 - 000000000 _____ () C:\Users\teja\AppData\Local\{E16B8D95-C12C-454D-8E8E-966CA1A8BCF6}
C:\Windows\Tasks\{677ECD92-B63E-4276-B1B9-0F61A31A7FB4}.job
C:\Windows\Tasks\{C1B9B019-7D14-4886-ABA9-AB327C5295EE}.job

G:\Windows\System32\Tasks\AGProxyCheck
G:\Program [Argument = Files (x86)\AnonymizerGadget\AGService.exe
G:\Windows\System32\Tasks\e39ad111a1d5c95c3dbc979c8774eec0
G:\Windows\System32\Tasks\wincore
G:\Windows\Max
G:\Windows\System32\Tasks\max
G:^Users^jujujuju^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^csrsswn.vbs
G:\Windows\pss\csrsswn.vbs.Startup
G:^Users^jujujuju^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^csrssws.vbs
G:\Windows\pss\csrssws.vbs.Startup

End
[/code]

Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

#3 julianreiss

julianreiss
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 29 September 2017 - 07:56 AM

Hi Nasdaq thankyou very much for your advice,I can now run Malwarebytes without issue

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:46 PM

Posted 29 September 2017 - 08:54 AM

Hi,

Looking good.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users