Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Network infection.


  • This topic is locked This topic is locked
59 replies to this topic

#1 jbradvi9

jbradvi9

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:27 AM

Posted 20 December 2017 - 05:12 PM

(FRST)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2017
Ran by Bradvica (administrator) on BRADVICA-PC (20-12-2017 10:02:44)
Running from C:\Users\Bradvica\Downloads
Loaded Profiles: Bradvica (Available Profiles: Bradvica)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Hrvatski (Hrvatska)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(CounterPath) C:\Users\Bradvica\AppData\Local\CounterPath\X-Lite\Current\X-Lite.exe
() C:\Program Files (x86)\ScreenShot\ScreenShot.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
() C:\Program Files (x86)\DEKSI Network Inventory\DataCollector.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
(dotPDN LLC) C:\Program Files\paint.net\PaintDotNet.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Spencer Kimball, Peter Mattis and the GIMP Development Team) C:\Program Files\GIMP 2\bin\gimp-2.8.exe
(Spencer Kimball, Peter Mattis and the GIMP Development Team) C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\script-fu.exe
(NCH Software) C:\Program Files (x86)\NCH Software\Crescendo\crescendo.exe
(The CefSharp Authors) C:\Users\Bradvica\AppData\Local\CounterPath\X-Lite\Current\CefSharp.BrowserSubprocess.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Maxthon International ltd.) C:\Users\Bradvica\AppData\Roaming\Maxthon5\Public\MxUp\MxUp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [899680 2013-02-04] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2013-03-05] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2016-05-27] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6199128 2016-05-27] (Lenovo(beijing) Limited)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2016-06-02] (ActivIdentity)
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [491160 2016-06-02] (ActivIdentity)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [6346464 2013-01-04] (Realtek semiconductor)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508144 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291280 2012-12-21] (Intel Corporation)
HKLM-x32\...\Run: [gemstrmw] => C:\Windows\SysWOW64\gemstrmw.exe [24576 2016-06-02] (Gemplus)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2908530081-1728504943-2728732151-1000\...\Run: [X-Lite] => C:\Users\Bradvica\AppData\Local\CounterPath\X-Lite\Current\X-Lite.exe [5004680 2017-10-28] (CounterPath)
HKU\S-1-5-21-2908530081-1728504943-2728732151-1000\...\Run: [ScreenShot.exe] => C:\Program Files (x86)\ScreenShot\ScreenShot.exe [552960 2008-07-12] ()
HKU\S-1-5-21-2908530081-1728504943-2728732151-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27706840 2017-05-03] (Skype Technologies S.A.)
Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnk [2016-06-02]
ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2017-05-07]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Inventory Data Collector.lnk [2017-04-21]
ShortcutTarget: Inventory Data Collector.lnk -> C:\Program Files (x86)\DEKSI Network Inventory\DataCollector.exe ()
Startup: C:\Users\Bradvica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\osk - prečac.lnk [2016-05-29]
ShortcutTarget: osk - prečac.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Startup: C:\Users\Bradvica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Podaci2 - prečac.lnk [2016-05-29]
ShortcutTarget: Podaci2 - prečac.lnk -> C:\Users\Bradvica\Downloads\Podaci2.txt ()
Startup: C:\Users\Bradvica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wlmail - prečac.lnk [2016-06-02]
ShortcutTarget: wlmail - prečac.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{352B59C2-BD26-4D60-BA50-6D7BB3AD3164}: [NameServer] 4.4.4.4,8.8.8.8
Tcpip\..\Interfaces\{352B59C2-BD26-4D60-BA50-6D7BB3AD3164}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{AE73DA10-E484-4EDD-9997-D3A0224011E7}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2908530081-1728504943-2728732151-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2908530081-1728504943-2728732151-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.hr/?gws_rd=ssl
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-07-30] (Oracle Corporation)
BHO-x32: Pomoćnik za prijavu u Microsoftov račun -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-30] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: 2d4qto8s.default-1508256523625
FF ProfilePath: C:\Users\Bradvica\AppData\Roaming\Mozilla\Firefox\Profiles\2d4qto8s.default-1508256523625 [2017-12-20]
FF Homepage: Mozilla\Firefox\Profiles\2d4qto8s.default-1508256523625 -> google.hr
FF Extension: (Inline Audio Player) - C:\Users\Bradvica\AppData\Roaming\Mozilla\Firefox\Profiles\2d4qto8s.default-1508256523625\Extensions\jid1-FUBXJBBKIeigHQ@jetpack.xpi [2017-10-17] [Legacy]
FF Extension: (Right Click Translate) - C:\Users\Bradvica\AppData\Roaming\Mozilla\Firefox\Profiles\2d4qto8s.default-1508256523625\Extensions\jid1-hhBMO3ij7xRsEw@jetpack.xpi [2017-10-17] [Legacy]
FF Extension: (just speak this) - C:\Users\Bradvica\AppData\Roaming\Mozilla\Firefox\Profiles\2d4qto8s.default-1508256523625\Extensions\jid1-pn1eNmrYcIB6vw@jetpack.xpi [2017-10-17] [Legacy]
FF Extension: (fnGmail) - C:\Users\Bradvica\AppData\Roaming\Mozilla\Firefox\Profiles\2d4qto8s.default-1508256523625\Extensions\jid1-sqmEAwSoa3FZPc@jetpack.xpi [2017-10-17]
FF Extension: (Restart) - C:\Users\Bradvica\AppData\Roaming\Mozilla\Firefox\Profiles\2d4qto8s.default-1508256523625\Extensions\Restart@schuzak.jp.xpi [2017-10-17] [Legacy]
FF Extension: (S3.Translator) - C:\Users\Bradvica\AppData\Roaming\Mozilla\Firefox\Profiles\2d4qto8s.default-1508256523625\Extensions\s3google@translator.xpi [2017-12-03]
FF Extension: (Molimo unesite vašu lozinku) - C:\Users\Bradvica\AppData\Roaming\Mozilla\Firefox\Profiles\2d4qto8s.default-1508256523625\Extensions\stefanvandamme@stefanvd.net.xpi [2017-10-17]
FF Extension: (1-Click YouTube Video Downloader) - C:\Users\Bradvica\AppData\Roaming\Mozilla\Firefox\Profiles\2d4qto8s.default-1508256523625\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2017-11-30]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-15] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://google.hr/
CHR StartupUrls: Default -> "hxxp://google.hr/","hxxp://www.google.hr/","hxxp://www.google.com/","hxxps://www.google.hr/","hxxps://www.google.com/"
CHR Profile: C:\Users\Bradvica\AppData\Local\Google\Chrome\User Data\Default [2017-10-17]
CHR Extension: (Slides) - C:\Users\Bradvica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Bradvica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google disk) - C:\Users\Bradvica\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-26]
CHR Extension: (YouTube) - C:\Users\Bradvica\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-26]
CHR Extension: (Adblock Plus) - C:\Users\Bradvica\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-10-13]
CHR Extension: (Sheets) - C:\Users\Bradvica\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Avira Browser Safety) - C:\Users\Bradvica\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-06-26]
CHR Extension: (Google dokumenti izvanmrežno) - C:\Users\Bradvica\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-08]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Bradvica\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-10-17]
CHR Extension: (PrintEco) - C:\Users\Bradvica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbjelljbilbfjjolijmojaflnendjfem [2016-12-26]
CHR Extension: (Plaćanja u web-trgovini Chrome) - C:\Users\Bradvica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-15]
CHR Extension: (Docs PDF/PowerPoint Viewer (od Googlea)) - C:\Users\Bradvica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2016-12-26]
CHR Extension: (Online speech recognition) - C:\Users\Bradvica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pehlbpmpoabkgenppepoaihkacolpdcf [2017-10-17]
CHR Extension: (Gmail) - C:\Users\Bradvica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-26]
CHR Extension: (Chrome Media Router) - C:\Users\Bradvica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-13]
CHR Extension: (ePorezna) - C:\Users\Bradvica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pocgkidhafccnjhoklgelojcohpfgckn [2016-12-26]

Opera:
=======
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2016-06-02] (ActivIdentity)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [1008344 2013-02-19] (Broadcom Corporation.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273216 2017-02-14] (Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S2 MxService; C:\Program Files (x86)\Maxthon5\Bin\MxService.exe [143648 2017-11-01] (Maxthon International ltd.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-12-27] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S2 srvInventoryWebServer; C:\Program Files (x86)\DEKSI Network Inventory\InventoryWebServer.exe [7446528 2017-04-17] () [File not signed]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [23928 2017-08-16] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-12-27] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2012-09-25] (Broadcom Corporation.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [117912 2012-11-19] (Qualcomm Atheros Co., Ltd.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-12-12] (Malwarebytes)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8239456 2013-01-04] (Realtek Semiconductor Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-20 09:43 - 2017-12-20 10:02 - 000058720 _____ C:\Users\Bradvica\Downloads\Addition.txt
2017-12-20 09:40 - 2017-12-20 10:04 - 000020225 _____ C:\Users\Bradvica\Downloads\FRST.txt
2017-12-20 09:38 - 2017-12-20 10:02 - 000000000 ____D C:\FRST
2017-12-20 09:36 - 2017-12-20 09:36 - 002392064 _____ (Farbar) C:\Users\Bradvica\Downloads\FRST64.exe
2017-12-15 17:50 - 2017-12-15 17:50 - 000004117 _____ C:\Users\Bradvica\AppData\Local\recently-used.xbel
2017-12-15 15:10 - 2017-12-15 15:10 - 000000000 ____D C:\Users\Bradvica\.thumbnails
2017-12-06 18:19 - 2017-12-06 18:24 - 000000000 ____D C:\Program Files (x86)\DDSV2
2017-12-04 20:45 - 2017-12-04 20:45 - 000000135 _____ C:\Users\Bradvica\.mtpaint
2017-12-04 20:44 - 2017-12-04 20:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mtPaint
2017-12-04 20:44 - 2017-12-04 20:44 - 000000000 ____D C:\Program Files (x86)\mtPaint-3.40
2017-12-04 20:43 - 2017-12-04 20:44 - 006155802 _____ (Dmitry Groshev ) C:\Users\Bradvica\Downloads\mtpaint-3.40-setup.exe
2017-12-04 16:04 - 2017-12-04 16:04 - 000004713 _____ C:\Users\Bradvica\Downloads\S3Translator.2017.12.04.16.03.58.txt
2017-12-03 10:32 - 2017-12-15 17:50 - 000000000 ____D C:\Users\Bradvica\AppData\Local\gtk-2.0
2017-11-30 10:41 - 2017-11-30 10:42 - 000111260 _____ C:\Users\Bradvica\Downloads\Prijavi svoju ideju, izum ili inovaciju! _.htm
2017-11-30 10:41 - 2017-11-30 10:41 - 000000000 ____D C:\Users\Bradvica\Downloads\Prijavi svoju ideju, izum ili inovaciju! __datoteke
2017-11-30 00:30 - 2017-11-30 00:30 - 000006035 _____ C:\Users\Bradvica\Downloads\1000 Digits of Pi.htm
2017-11-30 00:30 - 2017-11-30 00:30 - 000000000 ____D C:\Users\Bradvica\Downloads\1000 Digits of Pi_datoteke
2017-11-29 16:43 - 2017-12-15 17:32 - 000000000 ____D C:\Users\Bradvica\.gimp-2.8
2017-11-29 16:43 - 2017-11-29 16:43 - 000000000 ____D C:\Users\Bradvica\AppData\Local\gegl-0.2
2017-11-29 16:43 - 2017-11-29 16:43 - 000000000 ____D C:\Users\Bradvica\AppData\Local\fontconfig
2017-11-29 16:39 - 2017-11-29 16:39 - 000000894 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2017-11-29 16:34 - 2017-11-29 16:38 - 000000000 ____D C:\Program Files\GIMP 2
2017-11-29 16:22 - 2017-11-29 16:24 - 026459645 _____ (Yasisoft, Inc. ) C:\Users\Bradvica\Downloads\Image_Editor_Setup.exe
2017-11-29 16:14 - 2017-11-29 16:24 - 089579672 _____ (The GIMP Team ) C:\Users\Bradvica\Downloads\gimp-2.8.22-setup.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-20 09:51 - 2016-08-03 01:24 - 000000000 ____D C:\Users\Bradvica\AppData\Roaming\Skype
2017-12-20 09:47 - 2017-04-21 17:35 - 000000000 ____D C:\Program Files (x86)\DEKSI Network Inventory
2017-12-20 07:09 - 2017-05-07 17:56 - 000000394 _____ C:\Windows\Tasks\update-sys.job
2017-12-20 06:22 - 2017-05-07 17:57 - 000000394 _____ C:\Windows\Tasks\update-S-1-5-21-2908530081-1728504943-2728732151-1000.job
2017-12-19 21:29 - 2009-07-14 05:45 - 000022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-19 21:29 - 2009-07-14 05:45 - 000022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-19 18:42 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF
2017-12-19 18:16 - 2017-05-07 17:52 - 000000214 _____ C:\ProgramData\gbufg.dll
2017-12-18 11:04 - 2016-11-23 00:19 - 000000000 ____D C:\Users\Bradvica\AppData\LocalLow\Mozilla
2017-12-17 18:56 - 2016-12-27 15:45 - 000000000 ____D C:\Users\Bradvica\AppData\Local\CrashDumps
2017-12-17 08:00 - 2017-03-30 14:16 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-12-17 08:00 - 2016-05-27 18:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-17 02:27 - 2017-04-08 09:55 - 000000000 ____D C:\Program Files\Opera
2017-12-17 01:27 - 2016-06-05 07:44 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-12-15 17:00 - 2016-08-30 20:56 - 000000000 ____D C:\Users\Bradvica\AppData\Roaming\vlc
2017-12-15 15:10 - 2016-05-27 17:07 - 000000000 ____D C:\Users\Bradvica
2017-12-15 01:44 - 2017-04-08 10:07 - 000004486 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-12-15 01:44 - 2016-06-05 07:44 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-12-15 01:44 - 2016-06-05 07:44 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-15 01:44 - 2016-06-05 07:44 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-12-15 01:44 - 2016-06-05 07:44 - 000000000 ____D C:\Windows\system32\Macromed
2017-12-12 18:14 - 2017-05-02 09:17 - 000251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-12-12 18:13 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-12 10:16 - 2016-12-26 14:31 - 000002191 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-12 10:15 - 2016-12-26 14:31 - 000002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-11 22:29 - 2017-04-20 07:57 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-12-06 18:31 - 2017-07-14 23:25 - 000000000 ____D C:\Users\Bradvica\Downloads\X-WaveShop_1.0.14.001_rev2
2017-12-04 20:46 - 2016-08-20 19:49 - 000000000 ____D C:\Program Files (x86)\project dogwaffle
2017-11-27 17:37 - 2016-06-19 15:43 - 000001188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2017-11-27 17:37 - 2016-06-19 15:43 - 000001176 _____ C:\Users\Public\Desktop\paint.net.lnk
2017-11-27 17:37 - 2016-06-19 15:43 - 000000000 ____D C:\Program Files\paint.net
2017-11-24 21:40 - 2016-05-28 14:52 - 000000000 ____D C:\Users\Bradvica\AppData\Local\ElevatedDiagnostics
2017-11-24 02:27 - 2017-04-08 11:05 - 000003860 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1491645896
2017-11-24 02:25 - 2009-07-14 06:13 - 000784286 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-24 02:25 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf

==================== Files in the root of some directories =======

2017-05-07 17:52 - 2017-12-19 18:16 - 000000214 _____ () C:\ProgramData\gbufg.dll
2016-10-11 14:04 - 2016-10-11 14:04 - 000000078 _____ () C:\Users\Bradvica\AppData\Roaming\Camdata.ini
2016-10-11 14:04 - 2016-10-11 14:04 - 000000408 _____ () C:\Users\Bradvica\AppData\Roaming\CamLayout.ini
2016-10-11 14:04 - 2016-10-11 14:04 - 000000408 _____ () C:\Users\Bradvica\AppData\Roaming\CamShapes.ini
2016-10-11 14:04 - 2016-10-11 14:04 - 000004548 _____ () C:\Users\Bradvica\AppData\Roaming\CamStudio.cfg
2017-03-25 12:48 - 2017-03-25 12:48 - 000007859 _____ () C:\Users\Bradvica\AppData\Roaming\pcouffin.cat
2017-03-25 12:48 - 2017-03-25 12:48 - 000001167 _____ () C:\Users\Bradvica\AppData\Roaming\pcouffin.inf
2017-03-25 12:50 - 2017-03-25 12:50 - 000000034 _____ () C:\Users\Bradvica\AppData\Roaming\pcouffin.log
2017-03-25 12:48 - 2017-03-25 12:48 - 000082816 _____ (VSO Software) C:\Users\Bradvica\AppData\Roaming\pcouffin.sys
2016-10-11 13:57 - 2016-10-11 13:57 - 000000096 _____ () C:\Users\Bradvica\AppData\Roaming\version2.xml
2017-12-15 17:50 - 2017-12-15 17:50 - 000004117 _____ () C:\Users\Bradvica\AppData\Local\recently-used.xbel
2016-05-30 13:56 - 2016-05-30 13:56 - 000007606 _____ () C:\Users\Bradvica\AppData\Local\Resmon.ResmonCfg
2017-05-07 17:56 - 2017-05-07 17:56 - 000000003 _____ () C:\Users\Bradvica\AppData\Local\updater.log
2017-05-07 17:57 - 2017-05-07 17:57 - 000000425 _____ () C:\Users\Bradvica\AppData\Local\UserProducts.xml

Some files in TEMP:
====================
2017-12-20 09:47 - 2017-12-20 09:47 - 000000000 ____D () C:\Users\Bradvica\AppData\Local\Temp\DEKSINetworkInventory.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-09 01:14

==================== End of FRST.txt ============================



BC AdBot (Login to Remove)

 


#2 jbradvi9

jbradvi9
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:27 AM

Posted 20 December 2017 - 05:18 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by Bradvica (20-12-2017 10:04:57)
Running from C:\Users\Bradvica\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2016-05-27 16:07:54)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2908530081-1728504943-2728732151-500 - Administrator - Disabled)
Bradvica (S-1-5-21-2908530081-1728504943-2728732151-1000 - Administrator - Enabled) => C:\Users\Bradvica
Guest (S-1-5-21-2908530081-1728504943-2728732151-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2908530081-1728504943-2728732151-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
ActivClient x64 (HKLM\...\{86E45973-5352-439F-A115-2E8EE4D40140}) (Version: 6.2 - ActivIdentity)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Amaya (HKLM-x32\...\Amaya) (Version: 11.4.4 - )
Any Audio Record (HKLM-x32\...\Any Audio Record_is1) (Version: 5.4.5.627 - Sorentio Systems Ltd.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ApplyIt! Network Tools (HKLM-x32\...\ApplyIt! Network Tools) (Version:  - )
CamStudio 2.7.4 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.4 - CamStudio Open Source)
Camtasia 9 (HKLM\...\{1D09B594-C8B5-4CF1-B927-41D9A487799C}) (Version: 9.0.5.2021 - TechSmith Corporation) Hidden
Camtasia 9 (HKLM-x32\...\{00ce4b8c-0138-4743-b0b8-379b2715eb44}) (Version: 9.0.5.2021 - TechSmith Corporation)
Caricature Studio Green 3.6 (HKLM-x32\...\{AC5019DA-5DC2-44E6-808A-1A68F3CCA79D}) (Version: 3.6 - Carnival Software)
CD/DVD Diagnostic 3.2 (HKU\S-1-5-21-2908530081-1728504943-2728732151-1000\...\Diagnostic) (Version: 3.2 - InfinaDyne)
CDBurnerXP (64 bit) (HKLM\...\{EC778343-FCC0-4AC5-AF37-D10EBECA7D2F}) (Version: 4.5.7.6521 - Canneverbe Limited)
Cent Browser (HKU\S-1-5-21-2908530081-1728504943-2728732151-1000\...\CentBrowser) (Version: 2.5.6.57 - Cent Studio)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.64.49.0 - Conexant)
CPUID CPU-Z 1.76 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Crescendo Music Notation Editor (HKLM-x32\...\Crescendo) (Version: 1.77 - NCH Software)
CTSCameraDetector 2.0.0 (HKLM-x32\...\{FFE3C7B2-C306-4a64-AD89-5D89BBBB2E10}}_is1) (Version:  - CameraTunerSoft.com)
Cute Screen Recorder Free Version 3.9.0.3 (HKLM-x32\...\Cute Screen Recorder Free Version_is1) (Version:  - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Decoder (HKLM-x32\...\{1BE321C4-6E17-4ECD-A6CB-3EF73791BE87}) (Version: 1.00.0000 - Cisco)
DEKSI Network Inventory (HKLM-x32\...\DEKSI Network Inventory_is1) (Version: 13.3 - DEK Software International)
DocX Viewer version 1.2 (HKLM-x32\...\DocX Viewer_is1) (Version: 1.2 - )
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
D-ViewCam NVR Pro (HKLM-x32\...\{E72CC7B9-CCCD-41D3-A132-2AE082E61574}) (Version: 1.2.0.8 - D-Link)
Energy Management (HKLM-x32\...\{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.3.4 - Lenovo) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.3.4 - Lenovo)
Essential NetTools (HKLM-x32\...\{F38ADD30-FB36-11E1-3D6C-0095FA964AE1}) (Version: 4.4 - TamoSoft)
Express Burn Disc Burning Software (HKLM-x32\...\ExpressBurn) (Version: 6.04 - NCH Software)
Express Zip File Compression (HKLM-x32\...\ExpressZip) (Version: 3.03 - NCH Software)
Gemplus Smart Card Reader Tools (HKLM-x32\...\Gemplus Smart Card Reader Tools) (Version:  - )
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GPlates 1.5.0 (HKLM-x32\...\{E4D4E4D3-6442-43E6-9C13-1AD93BF601A5}) (Version: 1.5.0 - GPlates)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2778 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.7.248 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{475ea806-cb2a-455b-bb1b-9f99342b2fe2}) (Version: 19.40.0 - Intel Corporation)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4000 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10206 - Realtek Semiconductor Corp.)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.14.1 - ELAN Microelectronic Corp.)
Lenovo Service Bridge (HKU\S-1-5-21-2908530081-1728504943-2728732151-1000\...\dda9ca0b023f4c56) (Version: 1.6.6.0 - Lenovo)
Lenovo Solution Center (HKLM\...\{7BB9AAFD-3350-49C8-92D1-833AAFF9E74E}) (Version: 3.4.003.013 - Lenovo)
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0065 - Lenovo)
Lenovo_Wireless_Driver (HKLM-x32\...\{36CE10BD-A076-4DE3-A8A7-2F61E3FB2E6A}) (Version: 6.20.55.14 - Lenovo)
Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains)
Malwarebytes verzija 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Maxidix Wifi Autoconnection version 15.3 (HKLM-x32\...\{1ED07DF2-2267-46AD-BDF5-15970E9C87D4}_is1) (Version: 15.3 - Maxidix s.r.o.)
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2908530081-1728504943-2728732151-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
MinGW 5.1.4 (HKLM-x32\...\MinGW) (Version: 5.1.4 - MinGW)
Mozilla Firefox 57.0.2 (x64 hr) (HKLM\...\Mozilla Firefox 57.0.2 (x64 hr)) (Version: 57.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.2.6549 - Mozilla)
mtPaint 3.40 (HKLM-x32\...\mtPaint_is1) (Version:  - Dmitry Groshev)
MX5 (HKLM-x32\...\Maxthon5) (Version: 5.0.2.2000 - Maxthon International Limited)
NetSpot (HKU\S-1-5-21-2908530081-1728504943-2728732151-1000\...\a6e43da6e76c5494) (Version: 2.0.1.485 - Etwok LLC)
NetTools 5.0 (HKLM-x32\...\NetTools_is1) (Version: 5.0 - Mohammad Ahmadi Bidakhvidi)
Nsauditor 3.0.18 (HKLM-x32\...\Nsauditor_is1) (Version:  - Nsasoft LLC.)
openElement 1.56 (HKLM-x32\...\{ABE22B00-305F-4182-A34E-F7CCCE3B4503}) (Version: 1.56.0 - BOOMBYTE Ltd) Hidden
openElement 1.56 (HKLM-x32\...\openElement 1.56 1.56.0) (Version: 1.56.0 - BOOMBYTE Ltd)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Opera Stable 49.0.2725.47 (HKLM-x32\...\Opera 49.0.2725.47) (Version: 49.0.2725.47 - Opera Software)
paint.net (HKLM\...\{F10AAD91-58DF-44EC-A647-810197141667}) (Version: 4.0.19 - dotPDN LLC)
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 2.63 - NCH Software)
project dogwaffle (HKLM-x32\...\ST5UNST #1) (Version:  - )
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.12 - Qualcomm Atheros Communications Inc.)
Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39041 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
ScoreCloud Studio (HKLM-x32\...\ScoreCloud) (Version: 3.5.4 - DoReMIR Music Research)
ScreenShot (HKLM-x32\...\ScreenShot) (Version: 1 - VapiSoft)
SecureCam2 (HKLM-x32\...\SecureCam2) (Version: 2.0.0.1 - 12oClocker Software)
Skype™ 7.36 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 7.36.101 - Skype Technologies S.A.)
Soft4Boost Ringtone Creator (HKLM-x32\...\Soft4Boost Ringtone Creator_is1) (Version: 6.0.5.681 - Sorentio Systems Ltd.)
Sport Video Player (HKLM-x32\...\ST6UNST #1) (Version:  - )
Sweet Home 3D version 5.2 (HKLM\...\Sweet Home 3D_is1) (Version: 5.2 - eTeks)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 5.20 - NCH Software)
TopSpice 8.69f Demo (HKLM-x32\...\TOPSPICE8DEMO_is1) (Version: 8.69.6 - Penzar Development)
Virtual Audio Capture Grabber uninstall (HKLM-x32\...\Virtual Audio Capture Grabber_is1) (Version:  - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VSO Inspector 2.0.2 (HKLM-x32\...\VSO Inspector_is1) (Version:  - VSO-Software SARL)
WhatsApp (HKU\S-1-5-21-2908530081-1728504943-2728732151-1000\...\WhatsApp) (Version: 0.2.3699 - WhatsApp)
Why Can't I Connect (HKLM-x32\...\WhyCantIConnect) (Version:  - )
Windows Driver Package - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 2.4.2 64-bit (HKLM-x32\...\Wireshark) (Version: 2.4.2 - The Wireshark developer community, hxxps://www.wireshark.org)
X-Lite (HKU\S-1-5-21-2908530081-1728504943-2728732151-1000\...\X-Lite) (Version: 5.0.3.88254 - CounterPath Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2908530081-1728504943-2728732151-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Bradvica\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2908530081-1728504943-2728732151-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Bradvica\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2908530081-1728504943-2728732151-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Bradvica\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2908530081-1728504943-2728732151-1000_Classes\CLSID\{d2ce678e-6b5f-4def-afa8-b7ecf865cc6f}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2908530081-1728504943-2728732151-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Bradvica\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2908530081-1728504943-2728732151-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Bradvica\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers1: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2017-02-14] ()
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-01-20] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-06-07] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers6: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2017-02-14] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-01-20] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1D8C4A7E-6B93-47CD-98B3-5BA78A90D722} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {2B6A39B9-F6BA-4CB6-8195-D0E3B9DCE04F} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {2BA4A710-0B59-41FD-A16C-FF50E50A0F8E} - System32\Tasks\Opera scheduled Autoupdate 1491645896 => C:\Program Files\Opera\launcher.exe [2017-11-23] (Opera Software)
Task: {32363646-4320-4337-8EAE-24068FAEBED5} - System32\Tasks\update-S-1-5-21-2908530081-1728504943-2728732151-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {35006E08-2F6D-4585-A773-E1F655A15EB4} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {35006E08-2F6D-4585-A773-E1F655A15EB4} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-05-20] (Microsoft Corporation)
Task: {466DAE0D-F656-458E-8A2C-236A1F05A0C6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-15] (Adobe Systems Incorporated)
Task: {48A91CA0-3981-44CA-B762-0C9B151E441D} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {4F4A0C59-4F9C-4653-A95E-252E04F6C9D5} - System32\Tasks\Maxthon5 Update => C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe [2017-11-01] (Maxthon International ltd.)
Task: {618E9DA1-60B9-4F27-AD98-B4697BEC7081} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2017-02-14] (Lenovo)
Task: {82EC92F7-E5BF-4644-B97B-A1E7C67B5ED7} - System32\Tasks\{B547C0A6-03D1-47D0-A171-11C2C15A1332} => C:\Users\Bradvica\Downloads\sx.exe [2017-05-08] (Conner Bernhard)
Task: {8DC1B688-B3F1-413E-A103-7AA78DAD28E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-23] (Google Inc.)
Task: {934CB070-B15E-4F97-8925-8A748DA7A4EC} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe [2017-02-14] ()
Task: {9658B2E9-09E2-41CE-B1CB-73C5EE97955B} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {9658B2E9-09E2-41CE-B1CB-73C5EE97955B} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-05-20] (Microsoft Corporation)
Task: {9BCB4076-0B42-450A-A8E0-0C6348BBA8A7} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-08-16] ()
Task: {A54752FB-E9DF-4E5C-93A3-32C8EFD65D47} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {A54752FB-E9DF-4E5C-93A3-32C8EFD65D47} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {A54752FB-E9DF-4E5C-93A3-32C8EFD65D47} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2016-05-20] (Microsoft Corporation)
Task: {AA7D3F7A-892A-40FD-BBC0-080322B6534B} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe [2017-12-15] (Adobe Systems Incorporated)
Task: {AAA24BA1-E661-483E-9CE5-5E4D6DBDF94B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-23] (Google Inc.)
Task: {C23C9A04-BC94-4086-85C6-DC97BA5CD3E2} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-07-21] (Oracle Corporation)
Task: {C2CCA775-8AC8-4D3B-B867-6A39C9055A4C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {CF243E97-7F95-4084-8FFF-4AA02BD5DD3D} - System32\Tasks\{9CFEBD3F-1D95-46B4-8844-F96DBE92EFFD} => C:\Users\Bradvica\Downloads\sx.exe [2017-05-08] (Conner Bernhard)
Task: {DEC8C422-D32A-4002-8987-1129FEA59A9D} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-08-16] ()
Task: {EB9A636A-039F-41ED-A0C6-DBC90569E017} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-2908530081-1728504943-2728732151-1000 => "C:\Windows\system32\rundll32.exe" dfshim.dll,ShOpenVerbShortcut C:\Users\Bradvica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
Task: {ED8A4084-7BAD-48D6-B0C3-DC4AD130B542} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {ED8A4084-7BAD-48D6-B0C3-DC4AD130B542} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-05-20] (Microsoft Corporation)
Task: {F4BEEA83-4463-4B4C-BF5E-605FE34AEE97} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2017-02-14] (Lenovo)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\update-S-1-5-21-2908530081-1728504943-2728732151-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Bradvica\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm

==================== Loaded Modules (Whitelisted) ==============

2017-02-14 19:07 - 2017-02-14 19:07 - 000105984 _____ () C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll
2016-05-27 17:13 - 2012-06-07 08:51 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2008-12-20 02:20 - 2016-05-27 18:00 - 000054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-03-10 15:30 - 2016-05-27 18:00 - 001509936 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2012-03-08 14:38 - 2016-05-27 18:00 - 000011096 _____ () C:\Program Files (x86)\Lenovo\Energy Management\hr-HR\EMWpfUI.resources.dll
2008-12-20 02:20 - 2016-05-27 18:00 - 000054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2017-05-07 17:52 - 2008-07-12 20:14 - 000552960 _____ () C:\Program Files (x86)\ScreenShot\ScreenShot.exe
2017-04-21 17:35 - 2017-04-17 11:31 - 001852416 _____ () C:\Program Files (x86)\DEKSI Network Inventory\DataCollector.exe
2017-05-02 08:44 - 2017-05-02 10:18 - 002271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-11-27 17:38 - 2017-11-27 17:38 - 003132928 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\PaintDotNetc8826574#\ad82c9174a72e7d5512a022c3b43d7c3\PaintDotNet.SystemLayer.Native.x64.ni.dll
2017-10-02 14:43 - 2017-10-02 14:43 - 001089752 _____ () C:\Program Files\paint.net\PaintDotNet.SystemLayer.Native.x64.dll
2017-11-29 16:36 - 2017-05-10 17:41 - 000042232 _____ () C:\Program Files\GIMP 2\bin\libgimpmodule-2.0-0.dll
2017-11-29 16:36 - 2017-05-10 17:40 - 000107928 _____ () C:\Program Files\GIMP 2\bin\libgimpbase-2.0-0.dll
2017-11-29 16:37 - 2017-05-06 19:40 - 000032655 _____ () C:\Program Files\GIMP 2\bin\libffi-6.dll
2017-11-29 16:37 - 2017-05-06 19:39 - 000091289 _____ () C:\Program Files\GIMP 2\bin\zlib1.dll
2017-11-29 16:36 - 2017-05-10 17:41 - 000058672 _____ () C:\Program Files\GIMP 2\bin\libgimpthumb-2.0-0.dll
2017-11-29 16:37 - 2017-05-06 19:41 - 000304869 _____ () C:\Program Files\GIMP 2\bin\libjasper-4.dll
2017-11-29 16:37 - 2017-05-06 19:39 - 000344118 _____ () C:\Program Files\GIMP 2\bin\libjpeg-8.dll
2017-11-29 16:37 - 2017-05-06 19:41 - 000219806 _____ () C:\Program Files\GIMP 2\bin\libpng16-16.dll
2017-11-29 16:37 - 2017-05-06 19:50 - 000435601 _____ () C:\Program Files\GIMP 2\bin\libtiff-5.dll
2017-11-29 16:36 - 2017-05-10 17:41 - 001249752 _____ () C:\Program Files\GIMP 2\bin\libgimpwidgets-2.0-0.dll
2017-11-29 16:36 - 2017-05-10 17:40 - 000075216 _____ () C:\Program Files\GIMP 2\bin\libgimpcolor-2.0-0.dll
2017-11-29 16:36 - 2017-05-06 19:54 - 000900199 _____ () C:\Program Files\GIMP 2\bin\libcairo-2.dll
2017-11-29 16:37 - 2017-05-06 20:16 - 000082221 _____ () C:\Program Files\GIMP 2\bin\libgcc_s_seh-1.dll
2017-11-29 16:37 - 2017-05-10 00:43 - 000290240 _____ () C:\Program Files\GIMP 2\bin\libfontconfig-1.dll
2017-11-29 16:37 - 2017-05-06 19:41 - 000516190 _____ () C:\Program Files\GIMP 2\bin\libfreetype-6.dll
2017-11-29 16:37 - 2017-05-06 19:42 - 001253806 _____ () C:\Program Files\GIMP 2\bin\libxml2-2.dll
2017-11-29 16:37 - 2017-05-06 19:39 - 000662600 _____ () C:\Program Files\GIMP 2\bin\libpixman-1-0.dll
2017-11-29 16:36 - 2017-05-10 17:40 - 000084928 _____ () C:\Program Files\GIMP 2\bin\libgimpconfig-2.0-0.dll
2017-11-29 16:36 - 2017-05-10 17:41 - 000047000 _____ () C:\Program Files\GIMP 2\bin\libgimpmath-2.0-0.dll
2017-11-29 16:37 - 2017-05-06 20:36 - 000384957 _____ () C:\Program Files\GIMP 2\bin\libharfbuzz-0.dll
2017-11-29 16:36 - 2017-05-06 19:56 - 000130244 _____ () C:\Program Files\GIMP 2\bin\libbabl-0.1-0.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000425279 _____ () C:\Program Files\GIMP 2\bin\libgegl-0.2-0.dll
2017-11-29 16:38 - 2017-05-06 20:43 - 000074543 _____ () C:\Program Files\GIMP 2\lib\gtk-2.0\2.10.0\engines\libwimp.dll
2017-11-29 16:36 - 2017-05-10 17:42 - 000043024 _____ () C:\Program Files\GIMP 2\lib\gimp\2.0\modules\libdisplay-filter-lcms.dll
2017-11-29 16:37 - 2017-05-06 19:53 - 000320117 _____ () C:\Program Files\GIMP 2\bin\liblcms2-2.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000023492 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\add.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000022282 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\clear.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000023359 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\color-burn.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000023359 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\color-dodge.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000023359 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\darken.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000023359 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\difference.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000023492 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\divide.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000022282 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\dst-atop.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000022282 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\dst-in.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000022282 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\dst-out.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000022282 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\dst-over.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000022282 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\dst.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000023359 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\exclusion.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000027180 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\gamma.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000023359 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\hard-light.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000023359 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\lighten.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000023492 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\multiply.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000027261 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\opacity.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000025477 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\over.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000023359 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\overlay.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000022847 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\plus.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000023359 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\screen.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000023871 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\soft-light.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000022282 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\src-atop.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000023369 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\src-in.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000022282 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\src-out.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000022282 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\src-over.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000022282 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\src.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000023492 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\subtract.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000022794 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\svg-multiply.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000026441 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\threshold.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000023492 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\weighted-blend.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000022794 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\xor.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000024966 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\map-absolute.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000025096 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\map-relative.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000030184 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\matting-global.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000033381 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\bilateral-filter.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000032283 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\box-blur.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000044426 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\c2g.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000039800 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\edge-laplace.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000031660 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\edge-sobel.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000041344 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\gaussian-blur.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000035832 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\motion-blur.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000035949 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\noise-reduction.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000031588 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\pixelize.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000027753 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\ripple.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000036477 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\snn-mean.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000028689 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\stress.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000027158 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\waves.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000025927 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\brightness-contrast.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000026500 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\color-temperature.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000024372 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\contrast-curve.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000023709 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\convert-format.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000023500 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\grey.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000023520 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\invert.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000025757 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\levels.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000022290 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\posterize.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000026433 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\svg-huerotate.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000024066 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\svg-luminancetoalpha.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000025817 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\svg-matrix.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000024793 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\svg-saturate.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000026250 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\value-invert.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000039338 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\vignette.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000023609 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\clone.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000024280 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\color-to-alpha.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000025457 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\crop.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000043957 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\exp-combine.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000043897 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\fattal02.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000031009 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\lens-distortion.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000040919 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\mantiuk06.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000024309 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\mblur.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000031416 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\mirrors.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000027387 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\mono-mixer.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000022866 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\nop.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000035971 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\path.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000030340 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\polar-coordinates.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000032603 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\reinhard05.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000024067 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\stretch-contrast.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000045912 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\transformops.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000030643 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\vector-fill.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000030699 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\vector-stroke.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000023544 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\buffer-sink.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000024234 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\display.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000023485 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\gegl-buffer-save-op.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000027016 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\jpg-save.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000027289 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\png-save.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000025598 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\ppm-save.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000034184 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\rgbe-save.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000023870 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\save-pixbuf.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000025433 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\save.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000025093 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\write-buffer.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000023688 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\buffer-source.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000024857 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\checkerboard.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000023681 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\color.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000025341 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\grid.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000027747 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\noise.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000032731 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\fractal-explorer.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000023683 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\gegl-buffer-load-op.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000024995 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\introspect.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000025626 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\jpg-load.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000024892 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\magick-load.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000024305 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\open-buffer.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000023809 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\pixbuf.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000028413 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\png-load.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000025983 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\ppm-load.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000025881 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\raw-load.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000034183 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\rgbe-load.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000026609 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\svg-load.dll
2017-11-29 16:37 - 2017-05-06 20:48 - 000234938 _____ () C:\Program Files\GIMP 2\bin\librsvg-2-2.dll
2017-11-29 16:36 - 2017-05-06 19:54 - 000215752 _____ () C:\Program Files\GIMP 2\bin\libcroco-0.6-3.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000030862 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\text.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000024189 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\difference-of-gaussians.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000024750 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\dropshadow.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000027284 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\layer.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000024872 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\load.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000024824 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\rectangle.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000024155 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\unsharp-mask.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000022795 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\remap.dll
2017-11-29 16:36 - 2017-05-10 17:41 - 000153280 _____ () C:\Program Files\GIMP 2\bin\libgimpui-2.0-0.dll
2017-11-29 16:36 - 2017-05-10 17:40 - 000248800 _____ () C:\Program Files\GIMP 2\bin\libgimp-2.0-0.dll
2017-10-28 08:55 - 2017-10-28 08:55 - 019175424 _____ () C:\Users\Bradvica\AppData\Local\CounterPath\X-Lite\Current\CPCLR.dll
2017-10-28 08:55 - 2017-10-28 08:55 - 000046592 _____ () C:\Users\Bradvica\AppData\Local\CounterPath\X-Lite\Current\boost_signals-vc120-mt-1_61.dll
2017-10-28 08:55 - 2017-10-28 08:55 - 000016896 _____ () C:\Users\Bradvica\AppData\Local\CounterPath\X-Lite\Current\boost_system-vc120-mt-1_61.dll
2017-10-28 08:55 - 2017-10-28 08:55 - 010196424 _____ () C:\Users\Bradvica\AppData\Local\CounterPath\X-Lite\Current\CPCAPI2_SharedLibrary.dll
2017-10-28 08:55 - 2017-10-28 08:55 - 000082944 _____ () C:\Users\Bradvica\AppData\Local\CounterPath\X-Lite\Current\boost_thread-vc120-mt-1_61.dll
2017-10-28 08:55 - 2017-10-28 08:55 - 000025600 _____ () C:\Users\Bradvica\AppData\Local\CounterPath\X-Lite\Current\boost_chrono-vc120-mt-1_61.dll
2017-10-28 08:55 - 2017-10-28 08:55 - 000654336 _____ () C:\Users\Bradvica\AppData\Local\CounterPath\X-Lite\Current\boost_regex-vc120-mt-1_61.dll
2017-10-28 08:55 - 2017-10-28 08:55 - 000107520 _____ () C:\Users\Bradvica\AppData\Local\CounterPath\X-Lite\Current\boost_filesystem-vc120-mt-1_61.dll
2017-10-28 08:55 - 2017-10-28 08:55 - 000040960 _____ () C:\Users\Bradvica\AppData\Local\CounterPath\X-Lite\Current\boost_date_time-vc120-mt-1_61.dll
2017-10-28 08:55 - 2017-10-28 08:55 - 001240576 _____ () C:\Users\Bradvica\AppData\Local\CounterPath\X-Lite\Current\CefSharp.Core.dll
2017-10-28 08:55 - 2017-10-28 08:55 - 066165760 _____ () C:\Users\Bradvica\AppData\Local\CounterPath\X-Lite\Current\libcef.dll
2017-05-07 17:52 - 2002-04-22 07:45 - 000663552 _____ () C:\Program Files (x86)\ScreenShot\FreeImage.dll
2017-05-07 17:52 - 2007-09-27 20:28 - 000024576 _____ () C:\Program Files (x86)\ScreenShot\SmdHook.dll0
2017-04-26 14:19 - 2017-04-26 14:19 - 002005976 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2014-03-31 20:35 - 2014-03-31 20:35 - 000274112 _____ () C:\Program Files (x86)\Windows Live\Writer\hr\WindowsLive.Writer.Localization.resources.dll
2017-10-28 08:55 - 2017-10-28 08:55 - 000822784 _____ () C:\Users\Bradvica\AppData\Local\CounterPath\X-Lite\Current\CefSharp.BrowserSubprocess.Core.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:F297470E [128]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Audiosrv => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MMCSS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="Sound, video and game controllers"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2017-05-05 23:33 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2908530081-1728504943-2728732151-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Bradvica\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 4.4.4.4 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{84373C29-AA51-4F6C-B22C-1BA45076258C}] => (Allow) C:\Users\Bradvica\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{5EAC8143-F550-4DEE-B3EB-23E7B6F201D2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{810B7C76-6753-450B-B539-495CB5299E23}] => (Allow) LPort=2869
FirewallRules: [{3C6B5F6B-D44E-4628-99FF-AB10373D82FA}] => (Allow) LPort=1900
FirewallRules: [{01858C03-0CD0-4DE9-AEC1-472FCCD216BF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{509E5850-AB3C-4320-8A1C-7626466A8999}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3D199255-9D00-4013-8156-85C0746C309A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{33AFE731-CFC2-4F5E-9B7B-567D32F9C350}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{48232B05-9262-43A7-810F-18E36A3A5DB3}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Allow) C:\program files (x86)\counterpath\x-lite\x-lite.exe
FirewallRules: [UDP Query User{1E8112DC-EF99-4EDC-8294-852ADC1E5E0A}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Allow) C:\program files (x86)\counterpath\x-lite\x-lite.exe
FirewallRules: [TCP Query User{999CA2FE-6E9B-4C99-B8ED-B1569A2D5DEB}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Allow) C:\program files (x86)\counterpath\x-lite\x-lite.exe
FirewallRules: [UDP Query User{92C2EF05-42E5-4CB7-AB8F-BBE7DCE0342B}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Allow) C:\program files (x86)\counterpath\x-lite\x-lite.exe
FirewallRules: [{634783B3-E82D-44C3-B5D2-17DA27596C29}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{90B132FA-2EC6-4829-A76E-3474A76BE3C6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{D029B343-B799-4E5F-8A0F-A5DC03B9AD14}] => (Allow) C:\Program Files (x86)\openElement\openElement 1.56\openElement.exe
FirewallRules: [{C22CC5E7-9447-47C9-B21D-BCD145190D3B}] => (Allow) C:\Program Files (x86)\openElement\openElement 1.56\SyncFTP.exe
FirewallRules: [{E3B83051-8554-4BD3-93B8-36A59A02B5D3}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
FirewallRules: [{2773DD02-2E52-487A-B635-DC2A8CB1A37A}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\MxUp.exe
FirewallRules: [{3D1F93CD-2A0A-4D25-A41A-E56187B044A0}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
FirewallRules: [{65F0B9E6-A5A4-4D0B-9EA2-1097DE6A2DF5}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\MxUp.exe
FirewallRules: [{C95EF36F-029D-4903-BA74-70603AAC2B27}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{5F80CB55-2900-47AD-AD3E-5C941C52F826}C:\users\bradvica\appdata\local\counterpath\x-lite\current\x-lite.exe] => (Allow) C:\users\bradvica\appdata\local\counterpath\x-lite\current\x-lite.exe
FirewallRules: [UDP Query User{6CC33E86-CC0A-45D1-B332-11DAFBA7F23F}C:\users\bradvica\appdata\local\counterpath\x-lite\current\x-lite.exe] => (Allow) C:\users\bradvica\appdata\local\counterpath\x-lite\current\x-lite.exe
FirewallRules: [TCP Query User{BE8FE07B-F6EF-4E0C-8715-3041E4BCFA5B}C:\users\bradvica\appdata\local\counterpath\x-lite\current\x-lite.exe] => (Allow) C:\users\bradvica\appdata\local\counterpath\x-lite\current\x-lite.exe
FirewallRules: [UDP Query User{B0381334-E095-4E45-9DBB-652EA5B031F8}C:\users\bradvica\appdata\local\counterpath\x-lite\current\x-lite.exe] => (Allow) C:\users\bradvica\appdata\local\counterpath\x-lite\current\x-lite.exe
FirewallRules: [{E8C1F33D-9192-42A1-891E-61B0D578B072}] => (Allow) C:\Program Files (x86)\Nsauditor\Nsauditor.exe
FirewallRules: [{952FB8D4-9261-4C74-8FDD-19CAC68AB399}] => (Allow) C:\Program Files (x86)\Nsauditor\Nsauditor.exe
FirewallRules: [{5752791F-709F-461A-98BA-1F0CE717466F}] => (Allow) LPort=8318
FirewallRules: [{1017A5C8-E607-4F56-9744-FB4215FC5146}] => (Allow) C:\Program Files (x86)\Cisco\Monitor.exe
FirewallRules: [{2A6CD9F9-688B-4530-B886-9109E67941E9}] => (Allow) C:\Program Files (x86)\Cisco\Monitor.exe
FirewallRules: [{4E3EFD93-B48B-4218-87E4-651A8A958C80}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{9659A3CF-2763-4B98-92C0-82706662568A}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{C7F440D9-DB7E-4E33-AB40-51DFBCEE1381}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [TCP Query User{F8618D14-CADD-4CFB-A68C-C141103C4C2A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{399E466A-F1AF-4EEE-B1BD-209FC6FCC457}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{5FF22510-4242-4645-A203-0820377B1BAD}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{DE47699E-E19F-468D-BF4B-88D9EEC53E94}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{D846F83E-663C-4768-BF1F-2CA6DD497776}] => (Allow) C:\Program Files\Opera\49.0.2725.39\opera.exe
FirewallRules: [{42E071BF-7DC7-465F-BBD5-8F8A3729EE21}] => (Allow) C:\Program Files\Opera\49.0.2725.47\opera.exe
FirewallRules: [{66FB490E-5C67-470F-9886-53EB24FC8DED}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

22-11-2017 13:41:01 Zakazana kontrolna točka
27-11-2017 17:33:47 paint.net 4.0.19
05-12-2017 17:21:14 Zakazana kontrolna točka
14-12-2017 10:23:59 Zakazana kontrolna točka

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/20/2017 09:56:20 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SoftwareUpdate.exe version 2.1.4.131 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 23cc

Start Time: 01d3790de483a3c9

Termination Time: 1228

Application Path: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe

Report Id: 87c76020-e563-11e7-98bf-201a062f4112

Error: (12/17/2017 06:56:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Aplikacija koja je prouzročila pogrešku: firefox.exe, verzija: 57.0.2.6549, vremenska oznaka: 0x5a2846ff
Modul koji je prouzročio pogrešku: xul.dll, verzija: 57.0.2.6549, vremenska oznaka: 0x5a284b56
Kôd iznimke: 0x80000003
Pomak pogreške 0x00000000015665a3
Id postupka: 0x984
Vrijeme pokretanja aplikacije koja je prouzročila pogrešku: 0x01d37704c738e677
Put aplikacije koja je prouzročila pogrešku: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Put modula koji je prouzročio pogrešku: C:\Program Files (x86)\Mozilla Firefox\xul.dll
Id izvješća: 94d15de6-e353-11e7-98bf-201a062f4112

Error: (12/12/2017 06:14:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/05/2017 09:55:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program PaintDotNet.exe version 4.19.6484.39094 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ff4

Start Time: 01d36c7fd12c268c

Termination Time: 23673

Application Path: C:\Program Files\paint.net\PaintDotNet.exe

Report Id: 7472eba8-d999-11e7-b158-201a062f4112

Error: (11/30/2017 01:33:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/29/2017 03:13:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SoftwareUpdate.exe version 2.1.4.131 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10e8

Start Time: 01d3688d6a8571e6

Termination Time: 366

Application Path: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe

Report Id: 70c82541-d50f-11e7-a4a1-201a062f4112

Error: (11/27/2017 05:33:40 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Pristup je odbijen.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {75519a25-4abe-404b-81ea-e415676e408f}

Error: (11/24/2017 02:25:19 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01A language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (11/24/2017 02:25:19 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01A language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (11/24/2017 02:19:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (12/18/2017 11:22:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Isteklo je vrijeme čekanja (30000 ms) tijekom povezivanja sa servisom Windows Error Reporting Service.

Error: (12/17/2017 10:05:52 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {752073A1-23F2-4396-85F0-8FDB879ED0ED} did not register with DCOM within the required timeout.

Error: (12/15/2017 04:21:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Servis Windows Modules Installer neočekivano je prekinut.  To se dogodilo 1 puta.  Za 120000 ms bit će poduzeta sljedeća akcija ispravljanja: Ponovno pokretanje servisa.

Error: (12/13/2017 08:16:27 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Isteklo je vrijeme čekanja (30000 ms) odgovora transakcije iz servisa btwdins.

Error: (12/12/2017 06:13:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Pokretanje servisa srvInventoryWebServer nije uspjelo zbog sljedeće pogreške:
Servis nije na vrijeme odgovorio na zahtjev za početak ili kontrolu.

Error: (12/12/2017 06:13:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Isteklo je vrijeme čekanja (30000 ms) tijekom povezivanja sa servisom srvInventoryWebServer.

Error: (12/12/2017 06:13:06 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 18:11:44 on ‎12.‎12.‎2017. was unexpected.

Error: (12/10/2017 07:17:01 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Isteklo je vrijeme čekanja (30000 ms) tijekom povezivanja sa servisom Windows Error Reporting Service.

Error: (12/10/2017 01:02:00 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Isteklo je vrijeme čekanja (30000 ms) odgovora transakcije iz servisa DiagTrack.

Error: (12/10/2017 01:02:00 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Isteklo je vrijeme čekanja (30000 ms) odgovora transakcije iz servisa btwdins.


CodeIntegrity:
===================================
  Date: 2017-05-06 00:26:45.084
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-06 00:26:45.013
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Celeron® CPU 1005M @ 1.90GHz
Percentage of memory in use: 88%
Total physical RAM: 3996.85 MB
Available physical RAM: 452.42 MB
Total Virtual: 9131.16 MB
Available Virtual: 1706.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:302.73 GB) (Free:228.57 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:140.4 GB) (Free:140.3 GB) NTFS
Drive e: () (Fixed) (Total:22.62 GB) (Free:11.67 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A514DBDC)
Partition 1: (Active) - (Size=302.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=163 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================



#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:27 AM

Posted 22 December 2017 - 08:16 PM

Greetings jbradvi9 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please describe why you think your network is compromised and what steps you have taken to address it, if any.

I would like to get the FRST reports in English so that it is easier for me to review. Please right click on the FRST64 icon, select Rename, and rename it to FRST64english. Be sure to copy and paste both documents in your reply using multiple posts if necessary.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#4 jbradvi9

jbradvi9
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:27 AM

Posted 23 December 2017 - 10:58 AM

Ok.As my name is strictly croatian You might not 'get' it (Krešo)so call me just by screen  name.Thanks.I can't immagine something other then network infection due to 4 new machines respectively infected in one year automaticaly the same days they were bought and connected to home network,two are androids,one is laptop windows 7,and one desktop with windows 7 too.The worst situation is with the desktop because if You connect it to internet it get infected and you cant use it at all the only way is to reinstall Os and absolutely not connect to internet at all except for a few minutes to register windows7.The laptop is less blocked but loses internet unbelievebly frequently and only on home network.Androids are less blocked still but typing text in search boxes or clicking links is extremely hard job.One old pc with windowsxp maybe was the vector of infecting all other devices router included.Now is 'dead'.The machine You get FRST- info from is the laptop.Sorry but addition.txt is always in croatian.....

-----------------------

-----------------------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-12-2017 01
Ran by Bradvica (administrator) on BRADVICA-PC (23-12-2017 16:05:31)
Running from C:\Users\Bradvica\Downloads
Loaded Profiles: Bradvica (Available Profiles: Bradvica)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Hrvatski (Hrvatska)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(CounterPath) C:\Users\Bradvica\AppData\Local\CounterPath\X-Lite\Current\X-Lite.exe
() C:\Program Files (x86)\ScreenShot\ScreenShot.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
() C:\Program Files (x86)\DEKSI Network Inventory\DataCollector.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
(dotPDN LLC) C:\Program Files\paint.net\PaintDotNet.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Spencer Kimball, Peter Mattis and the GIMP Development Team) C:\Program Files\GIMP 2\bin\gimp-2.8.exe
(Spencer Kimball, Peter Mattis and the GIMP Development Team) C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\script-fu.exe
(NCH Software) C:\Program Files (x86)\NCH Software\Crescendo\crescendo.exe
(The CefSharp Authors) C:\Users\Bradvica\AppData\Local\CounterPath\X-Lite\Current\CefSharp.BrowserSubprocess.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Farbar) C:\Users\Bradvica\Downloads\FRST64english.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [899680 2013-02-04] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2013-03-05] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2016-05-27] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6199128 2016-05-27] (Lenovo(beijing) Limited)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2016-06-02] (ActivIdentity)
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [491160 2016-06-02] (ActivIdentity)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [6346464 2013-01-04] (Realtek semiconductor)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508144 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291280 2012-12-21] (Intel Corporation)
HKLM-x32\...\Run: [gemstrmw] => C:\Windows\SysWOW64\gemstrmw.exe [24576 2016-06-02] (Gemplus)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2908530081-1728504943-2728732151-1000\...\Run: [X-Lite] => C:\Users\Bradvica\AppData\Local\CounterPath\X-Lite\Current\X-Lite.exe [5004680 2017-10-28] (CounterPath)
HKU\S-1-5-21-2908530081-1728504943-2728732151-1000\...\Run: [ScreenShot.exe] => C:\Program Files (x86)\ScreenShot\ScreenShot.exe [552960 2008-07-12] ()
HKU\S-1-5-21-2908530081-1728504943-2728732151-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27706840 2017-05-03] (Skype Technologies S.A.)
Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnk [2016-06-02]
ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2017-05-07]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Inventory Data Collector.lnk [2017-04-21]
ShortcutTarget: Inventory Data Collector.lnk -> C:\Program Files (x86)\DEKSI Network Inventory\DataCollector.exe ()
Startup: C:\Users\Bradvica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\osk - prečac.lnk [2016-05-29]
ShortcutTarget: osk - prečac.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Startup: C:\Users\Bradvica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Podaci2 - prečac.lnk [2016-05-29]
ShortcutTarget: Podaci2 - prečac.lnk -> C:\Users\Bradvica\Downloads\Podaci2.txt ()
Startup: C:\Users\Bradvica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wlmail - prečac.lnk [2016-06-02]
ShortcutTarget: wlmail - prečac.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{352B59C2-BD26-4D60-BA50-6D7BB3AD3164}: [NameServer] 4.4.4.4,8.8.8.8
Tcpip\..\Interfaces\{352B59C2-BD26-4D60-BA50-6D7BB3AD3164}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{AE73DA10-E484-4EDD-9997-D3A0224011E7}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2908530081-1728504943-2728732151-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2908530081-1728504943-2728732151-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.hr/?gws_rd=ssl
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-07-30] (Oracle Corporation)
BHO-x32: Pomoćnik za prijavu u Microsoftov račun -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-30] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: 2d4qto8s.default-1508256523625
FF ProfilePath: C:\Users\Bradvica\AppData\Roaming\Mozilla\Firefox\Profiles\2d4qto8s.default-1508256523625 [2017-12-23]
FF Homepage: Mozilla\Firefox\Profiles\2d4qto8s.default-1508256523625 -> google.hr
FF Extension: (Inline Audio Player) - C:\Users\Bradvica\AppData\Roaming\Mozilla\Firefox\Profiles\2d4qto8s.default-1508256523625\Extensions\jid1-FUBXJBBKIeigHQ@jetpack.xpi [2017-10-17] [Legacy]
FF Extension: (Right Click Translate) - C:\Users\Bradvica\AppData\Roaming\Mozilla\Firefox\Profiles\2d4qto8s.default-1508256523625\Extensions\jid1-hhBMO3ij7xRsEw@jetpack.xpi [2017-10-17] [Legacy]
FF Extension: (just speak this) - C:\Users\Bradvica\AppData\Roaming\Mozilla\Firefox\Profiles\2d4qto8s.default-1508256523625\Extensions\jid1-pn1eNmrYcIB6vw@jetpack.xpi [2017-10-17] [Legacy]
FF Extension: (fnGmail) - C:\Users\Bradvica\AppData\Roaming\Mozilla\Firefox\Profiles\2d4qto8s.default-1508256523625\Extensions\jid1-sqmEAwSoa3FZPc@jetpack.xpi [2017-10-17]
FF Extension: (Restart) - C:\Users\Bradvica\AppData\Roaming\Mozilla\Firefox\Profiles\2d4qto8s.default-1508256523625\Extensions\Restart@schuzak.jp.xpi [2017-10-17] [Legacy]
FF Extension: (S3.Translator) - C:\Users\Bradvica\AppData\Roaming\Mozilla\Firefox\Profiles\2d4qto8s.default-1508256523625\Extensions\s3google@translator.xpi [2017-12-03]
FF Extension: (Molimo unesite vašu lozinku) - C:\Users\Bradvica\AppData\Roaming\Mozilla\Firefox\Profiles\2d4qto8s.default-1508256523625\Extensions\stefanvandamme@stefanvd.net.xpi [2017-10-17]
FF Extension: (1-Click YouTube Video Downloader) - C:\Users\Bradvica\AppData\Roaming\Mozilla\Firefox\Profiles\2d4qto8s.default-1508256523625\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2017-11-30]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_126.dll [2017-12-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_126.dll [2017-12-15] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://google.hr/
CHR StartupUrls: Default -> "hxxp://google.hr/","hxxp://www.google.hr/","hxxp://www.google.com/","hxxps://www.google.hr/","hxxps://www.google.com/"
CHR Profile: C:\Users\Bradvica\AppData\Local\Google\Chrome\User Data\Default [2017-10-17]
CHR Extension: (Slides) - C:\Users\Bradvica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Bradvica\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google disk) - C:\Users\Bradvica\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-26]
CHR Extension: (YouTube) - C:\Users\Bradvica\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-26]
CHR Extension: (Adblock Plus) - C:\Users\Bradvica\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-10-13]
CHR Extension: (Sheets) - C:\Users\Bradvica\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Avira Browser Safety) - C:\Users\Bradvica\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-06-26]
CHR Extension: (Google dokumenti izvanmrežno) - C:\Users\Bradvica\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-08]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Bradvica\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-10-17]
CHR Extension: (PrintEco) - C:\Users\Bradvica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbjelljbilbfjjolijmojaflnendjfem [2016-12-26]
CHR Extension: (Plaćanja u web-trgovini Chrome) - C:\Users\Bradvica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-15]
CHR Extension: (Docs PDF/PowerPoint Viewer (od Googlea)) - C:\Users\Bradvica\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2016-12-26]
CHR Extension: (Online speech recognition) - C:\Users\Bradvica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pehlbpmpoabkgenppepoaihkacolpdcf [2017-10-17]
CHR Extension: (Gmail) - C:\Users\Bradvica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-26]
CHR Extension: (Chrome Media Router) - C:\Users\Bradvica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-13]
CHR Extension: (ePorezna) - C:\Users\Bradvica\AppData\Local\Google\Chrome\User Data\Default\Extensions\pocgkidhafccnjhoklgelojcohpfgckn [2016-12-26]

Opera:
=======
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2016-06-02] (ActivIdentity)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [1008344 2013-02-19] (Broadcom Corporation.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273216 2017-02-14] (Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S2 MxService; C:\Program Files (x86)\Maxthon5\Bin\MxService.exe [143648 2017-11-01] (Maxthon International ltd.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-12-27] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S2 srvInventoryWebServer; C:\Program Files (x86)\DEKSI Network Inventory\InventoryWebServer.exe [7446528 2017-04-17] () [File not signed]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [23928 2017-08-16] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-12-27] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2012-09-25] (Broadcom Corporation.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [117912 2012-11-19] (Qualcomm Atheros Co., Ltd.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-12-12] (Malwarebytes)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8239456 2013-01-04] (Realtek Semiconductor Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-23 16:05 - 2017-12-23 16:05 - 000000000 ____D C:\Users\Bradvica\Downloads\FRST-OlderVersion
2017-12-20 09:43 - 2017-12-20 10:05 - 000058720 _____ C:\Users\Bradvica\Downloads\Addition.txt
2017-12-20 09:40 - 2017-12-23 16:06 - 000020213 _____ C:\Users\Bradvica\Downloads\FRST.txt
2017-12-20 09:38 - 2017-12-23 16:05 - 000000000 ____D C:\FRST
2017-12-20 09:36 - 2017-12-23 16:05 - 002392064 _____ (Farbar) C:\Users\Bradvica\Downloads\FRST64english.exe
2017-12-15 17:50 - 2017-12-15 17:50 - 000004117 _____ C:\Users\Bradvica\AppData\Local\recently-used.xbel
2017-12-15 15:10 - 2017-12-15 15:10 - 000000000 ____D C:\Users\Bradvica\.thumbnails
2017-12-06 18:19 - 2017-12-06 18:24 - 000000000 ____D C:\Program Files (x86)\DDSV2
2017-12-04 20:45 - 2017-12-04 20:45 - 000000135 _____ C:\Users\Bradvica\.mtpaint
2017-12-04 20:44 - 2017-12-04 20:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mtPaint
2017-12-04 20:44 - 2017-12-04 20:44 - 000000000 ____D C:\Program Files (x86)\mtPaint-3.40
2017-12-04 20:43 - 2017-12-04 20:44 - 006155802 _____ (Dmitry Groshev ) C:\Users\Bradvica\Downloads\mtpaint-3.40-setup.exe
2017-12-04 16:04 - 2017-12-04 16:04 - 000004713 _____ C:\Users\Bradvica\Downloads\S3Translator.2017.12.04.16.03.58.txt
2017-12-03 10:32 - 2017-12-15 17:50 - 000000000 ____D C:\Users\Bradvica\AppData\Local\gtk-2.0
2017-11-30 10:41 - 2017-11-30 10:42 - 000111260 _____ C:\Users\Bradvica\Downloads\Prijavi svoju ideju, izum ili inovaciju! _.htm
2017-11-30 10:41 - 2017-11-30 10:41 - 000000000 ____D C:\Users\Bradvica\Downloads\Prijavi svoju ideju, izum ili inovaciju! __datoteke
2017-11-30 00:30 - 2017-11-30 00:30 - 000006035 _____ C:\Users\Bradvica\Downloads\1000 Digits of Pi.htm
2017-11-30 00:30 - 2017-11-30 00:30 - 000000000 ____D C:\Users\Bradvica\Downloads\1000 Digits of Pi_datoteke
2017-11-29 16:43 - 2017-12-15 17:32 - 000000000 ____D C:\Users\Bradvica\.gimp-2.8
2017-11-29 16:43 - 2017-11-29 16:43 - 000000000 ____D C:\Users\Bradvica\AppData\Local\gegl-0.2
2017-11-29 16:43 - 2017-11-29 16:43 - 000000000 ____D C:\Users\Bradvica\AppData\Local\fontconfig
2017-11-29 16:39 - 2017-11-29 16:39 - 000000894 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2017-11-29 16:34 - 2017-11-29 16:38 - 000000000 ____D C:\Program Files\GIMP 2
2017-11-29 16:22 - 2017-11-29 16:24 - 026459645 _____ (Yasisoft, Inc. ) C:\Users\Bradvica\Downloads\Image_Editor_Setup.exe
2017-11-29 16:14 - 2017-11-29 16:24 - 089579672 _____ (The GIMP Team ) C:\Users\Bradvica\Downloads\gimp-2.8.22-setup.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-23 15:50 - 2016-08-03 01:24 - 000000000 ____D C:\Users\Bradvica\AppData\Roaming\Skype
2017-12-23 15:27 - 2017-04-21 17:35 - 000000000 ____D C:\Program Files (x86)\DEKSI Network Inventory
2017-12-23 15:27 - 2016-06-05 07:44 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-12-23 15:09 - 2017-05-07 17:56 - 000000394 _____ C:\Windows\Tasks\update-sys.job
2017-12-23 14:22 - 2017-05-07 17:57 - 000000394 _____ C:\Windows\Tasks\update-S-1-5-21-2908530081-1728504943-2728732151-1000.job
2017-12-23 04:15 - 2009-07-14 05:45 - 000022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-12-23 04:15 - 2009-07-14 05:45 - 000022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-12-22 18:16 - 2017-05-07 17:52 - 000000213 _____ C:\ProgramData\gbufg.dll
2017-12-22 10:23 - 2016-11-23 00:19 - 000000000 ____D C:\Users\Bradvica\AppData\LocalLow\Mozilla
2017-12-22 02:48 - 2017-04-08 11:05 - 000003860 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1491645896
2017-12-22 02:48 - 2017-04-08 09:55 - 000000000 ____D C:\Program Files\Opera
2017-12-21 21:58 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF
2017-12-17 18:56 - 2016-12-27 15:45 - 000000000 ____D C:\Users\Bradvica\AppData\Local\CrashDumps
2017-12-17 08:00 - 2017-03-30 14:16 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-12-17 08:00 - 2016-05-27 18:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-15 17:00 - 2016-08-30 20:56 - 000000000 ____D C:\Users\Bradvica\AppData\Roaming\vlc
2017-12-15 15:10 - 2016-05-27 17:07 - 000000000 ____D C:\Users\Bradvica
2017-12-15 01:44 - 2017-04-08 10:07 - 000004486 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-12-15 01:44 - 2016-06-05 07:44 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-12-15 01:44 - 2016-06-05 07:44 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-15 01:44 - 2016-06-05 07:44 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-12-15 01:44 - 2016-06-05 07:44 - 000000000 ____D C:\Windows\system32\Macromed
2017-12-12 18:14 - 2017-05-02 09:17 - 000251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-12-12 18:13 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-12 10:16 - 2016-12-26 14:31 - 000002191 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-12 10:15 - 2016-12-26 14:31 - 000002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-11 22:29 - 2017-04-20 07:57 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-12-06 18:31 - 2017-07-14 23:25 - 000000000 ____D C:\Users\Bradvica\Downloads\X-WaveShop_1.0.14.001_rev2
2017-12-04 20:46 - 2016-08-20 19:49 - 000000000 ____D C:\Program Files (x86)\project dogwaffle
2017-11-27 17:37 - 2016-06-19 15:43 - 000001188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2017-11-27 17:37 - 2016-06-19 15:43 - 000001176 _____ C:\Users\Public\Desktop\paint.net.lnk
2017-11-27 17:37 - 2016-06-19 15:43 - 000000000 ____D C:\Program Files\paint.net
2017-11-24 21:40 - 2016-05-28 14:52 - 000000000 ____D C:\Users\Bradvica\AppData\Local\ElevatedDiagnostics
2017-11-24 02:25 - 2009-07-14 06:13 - 000784286 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-24 02:25 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf

==================== Files in the root of some directories =======

2017-05-07 17:52 - 2017-12-22 18:16 - 000000213 _____ () C:\ProgramData\gbufg.dll
2016-10-11 14:04 - 2016-10-11 14:04 - 000000078 _____ () C:\Users\Bradvica\AppData\Roaming\Camdata.ini
2016-10-11 14:04 - 2016-10-11 14:04 - 000000408 _____ () C:\Users\Bradvica\AppData\Roaming\CamLayout.ini
2016-10-11 14:04 - 2016-10-11 14:04 - 000000408 _____ () C:\Users\Bradvica\AppData\Roaming\CamShapes.ini
2016-10-11 14:04 - 2016-10-11 14:04 - 000004548 _____ () C:\Users\Bradvica\AppData\Roaming\CamStudio.cfg
2017-03-25 12:48 - 2017-03-25 12:48 - 000007859 _____ () C:\Users\Bradvica\AppData\Roaming\pcouffin.cat
2017-03-25 12:48 - 2017-03-25 12:48 - 000001167 _____ () C:\Users\Bradvica\AppData\Roaming\pcouffin.inf
2017-03-25 12:50 - 2017-03-25 12:50 - 000000034 _____ () C:\Users\Bradvica\AppData\Roaming\pcouffin.log
2017-03-25 12:48 - 2017-03-25 12:48 - 000082816 _____ (VSO Software) C:\Users\Bradvica\AppData\Roaming\pcouffin.sys
2016-10-11 13:57 - 2016-10-11 13:57 - 000000096 _____ () C:\Users\Bradvica\AppData\Roaming\version2.xml
2017-12-15 17:50 - 2017-12-15 17:50 - 000004117 _____ () C:\Users\Bradvica\AppData\Local\recently-used.xbel
2016-05-30 13:56 - 2016-05-30 13:56 - 000007606 _____ () C:\Users\Bradvica\AppData\Local\Resmon.ResmonCfg
2017-05-07 17:56 - 2017-05-07 17:56 - 000000003 _____ () C:\Users\Bradvica\AppData\Local\updater.log
2017-05-07 17:57 - 2017-05-07 17:57 - 000000425 _____ () C:\Users\Bradvica\AppData\Local\UserProducts.xml

Some files in TEMP:
====================
2017-12-23 15:27 - 2017-12-23 15:27 - 000000000 ____D () C:\Users\Bradvica\AppData\Local\Temp\DEKSINetworkInventory.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-09 01:14

==================== End of FRST.txt ============================

 

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-12-2017 01
Ran by Bradvica (23-12-2017 16:07:24)
Running from C:\Users\Bradvica\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2016-05-27 16:07:54)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2908530081-1728504943-2728732151-500 - Administrator - Disabled)
Bradvica (S-1-5-21-2908530081-1728504943-2728732151-1000 - Administrator - Enabled) => C:\Users\Bradvica
Guest (S-1-5-21-2908530081-1728504943-2728732151-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2908530081-1728504943-2728732151-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
ActivClient x64 (HKLM\...\{86E45973-5352-439F-A115-2E8EE4D40140}) (Version: 6.2 - ActivIdentity)
Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Amaya (HKLM-x32\...\Amaya) (Version: 11.4.4 - )
Any Audio Record (HKLM-x32\...\Any Audio Record_is1) (Version: 5.4.5.627 - Sorentio Systems Ltd.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ApplyIt! Network Tools (HKLM-x32\...\ApplyIt! Network Tools) (Version:  - )
CamStudio 2.7.4 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.4 - CamStudio Open Source)
Camtasia 9 (HKLM\...\{1D09B594-C8B5-4CF1-B927-41D9A487799C}) (Version: 9.0.5.2021 - TechSmith Corporation) Hidden
Camtasia 9 (HKLM-x32\...\{00ce4b8c-0138-4743-b0b8-379b2715eb44}) (Version: 9.0.5.2021 - TechSmith Corporation)
Caricature Studio Green 3.6 (HKLM-x32\...\{AC5019DA-5DC2-44E6-808A-1A68F3CCA79D}) (Version: 3.6 - Carnival Software)
CD/DVD Diagnostic 3.2 (HKU\S-1-5-21-2908530081-1728504943-2728732151-1000\...\Diagnostic) (Version: 3.2 - InfinaDyne)
CDBurnerXP (64 bit) (HKLM\...\{EC778343-FCC0-4AC5-AF37-D10EBECA7D2F}) (Version: 4.5.7.6521 - Canneverbe Limited)
Cent Browser (HKU\S-1-5-21-2908530081-1728504943-2728732151-1000\...\CentBrowser) (Version: 2.5.6.57 - Cent Studio)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.64.49.0 - Conexant)
CPUID CPU-Z 1.76 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Crescendo Music Notation Editor (HKLM-x32\...\Crescendo) (Version: 1.77 - NCH Software)
CTSCameraDetector 2.0.0 (HKLM-x32\...\{FFE3C7B2-C306-4a64-AD89-5D89BBBB2E10}}_is1) (Version:  - CameraTunerSoft.com)
Cute Screen Recorder Free Version 3.9.0.3 (HKLM-x32\...\Cute Screen Recorder Free Version_is1) (Version:  - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Decoder (HKLM-x32\...\{1BE321C4-6E17-4ECD-A6CB-3EF73791BE87}) (Version: 1.00.0000 - Cisco)
DEKSI Network Inventory (HKLM-x32\...\DEKSI Network Inventory_is1) (Version: 13.3 - DEK Software International)
DocX Viewer version 1.2 (HKLM-x32\...\DocX Viewer_is1) (Version: 1.2 - )
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
D-ViewCam NVR Pro (HKLM-x32\...\{E72CC7B9-CCCD-41D3-A132-2AE082E61574}) (Version: 1.2.0.8 - D-Link)
Energy Management (HKLM-x32\...\{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.3.4 - Lenovo) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.3.4 - Lenovo)
Essential NetTools (HKLM-x32\...\{F38ADD30-FB36-11E1-3D6C-0095FA964AE1}) (Version: 4.4 - TamoSoft)
Express Burn Disc Burning Software (HKLM-x32\...\ExpressBurn) (Version: 6.04 - NCH Software)
Express Zip File Compression (HKLM-x32\...\ExpressZip) (Version: 3.03 - NCH Software)
Gemplus Smart Card Reader Tools (HKLM-x32\...\Gemplus Smart Card Reader Tools) (Version:  - )
GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Version: 2.8.22 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GPlates 1.5.0 (HKLM-x32\...\{E4D4E4D3-6442-43E6-9C13-1AD93BF601A5}) (Version: 1.5.0 - GPlates)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2778 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.7.248 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{475ea806-cb2a-455b-bb1b-9f99342b2fe2}) (Version: 19.40.0 - Intel Corporation)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4000 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10206 - Realtek Semiconductor Corp.)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.14.1 - ELAN Microelectronic Corp.)
Lenovo Service Bridge (HKU\S-1-5-21-2908530081-1728504943-2728732151-1000\...\dda9ca0b023f4c56) (Version: 1.6.6.0 - Lenovo)
Lenovo Solution Center (HKLM\...\{7BB9AAFD-3350-49C8-92D1-833AAFF9E74E}) (Version: 3.4.003.013 - Lenovo)
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0065 - Lenovo)
Lenovo_Wireless_Driver (HKLM-x32\...\{36CE10BD-A076-4DE3-A8A7-2F61E3FB2E6A}) (Version: 6.20.55.14 - Lenovo)
Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains)
Malwarebytes verzija 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Maxidix Wifi Autoconnection version 15.3 (HKLM-x32\...\{1ED07DF2-2267-46AD-BDF5-15970E9C87D4}_is1) (Version: 15.3 - Maxidix s.r.o.)
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2908530081-1728504943-2728732151-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
MinGW 5.1.4 (HKLM-x32\...\MinGW) (Version: 5.1.4 - MinGW)
Mozilla Firefox 57.0.2 (x64 hr) (HKLM\...\Mozilla Firefox 57.0.2 (x64 hr)) (Version: 57.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.2.6549 - Mozilla)
mtPaint 3.40 (HKLM-x32\...\mtPaint_is1) (Version:  - Dmitry Groshev)
MX5 (HKLM-x32\...\Maxthon5) (Version: 5.0.2.2000 - Maxthon International Limited)
NetSpot (HKU\S-1-5-21-2908530081-1728504943-2728732151-1000\...\a6e43da6e76c5494) (Version: 2.0.1.485 - Etwok LLC)
NetTools 5.0 (HKLM-x32\...\NetTools_is1) (Version: 5.0 - Mohammad Ahmadi Bidakhvidi)
Nsauditor 3.0.18 (HKLM-x32\...\Nsauditor_is1) (Version:  - Nsasoft LLC.)
openElement 1.56 (HKLM-x32\...\{ABE22B00-305F-4182-A34E-F7CCCE3B4503}) (Version: 1.56.0 - BOOMBYTE Ltd) Hidden
openElement 1.56 (HKLM-x32\...\openElement 1.56 1.56.0) (Version: 1.56.0 - BOOMBYTE Ltd)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Opera Stable 49.0.2725.64 (HKLM-x32\...\Opera 49.0.2725.64) (Version: 49.0.2725.64 - Opera Software)
paint.net (HKLM\...\{F10AAD91-58DF-44EC-A647-810197141667}) (Version: 4.0.19 - dotPDN LLC)
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 2.63 - NCH Software)
project dogwaffle (HKLM-x32\...\ST5UNST #1) (Version:  - )
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.12 - Qualcomm Atheros Communications Inc.)
Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39041 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
ScoreCloud Studio (HKLM-x32\...\ScoreCloud) (Version: 3.5.4 - DoReMIR Music Research)
ScreenShot (HKLM-x32\...\ScreenShot) (Version: 1 - VapiSoft)
SecureCam2 (HKLM-x32\...\SecureCam2) (Version: 2.0.0.1 - 12oClocker Software)
Skype™ 7.36 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 7.36.101 - Skype Technologies S.A.)
Soft4Boost Ringtone Creator (HKLM-x32\...\Soft4Boost Ringtone Creator_is1) (Version: 6.0.5.681 - Sorentio Systems Ltd.)
Sport Video Player (HKLM-x32\...\ST6UNST #1) (Version:  - )
Sweet Home 3D version 5.2 (HKLM\...\Sweet Home 3D_is1) (Version: 5.2 - eTeks)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 5.20 - NCH Software)
TopSpice 8.69f Demo (HKLM-x32\...\TOPSPICE8DEMO_is1) (Version: 8.69.6 - Penzar Development)
Virtual Audio Capture Grabber uninstall (HKLM-x32\...\Virtual Audio Capture Grabber_is1) (Version:  - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VSO Inspector 2.0.2 (HKLM-x32\...\VSO Inspector_is1) (Version:  - VSO-Software SARL)
WhatsApp (HKU\S-1-5-21-2908530081-1728504943-2728732151-1000\...\WhatsApp) (Version: 0.2.3699 - WhatsApp)
Why Can't I Connect (HKLM-x32\...\WhyCantIConnect) (Version:  - )
Windows Driver Package - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 2.4.2 64-bit (HKLM-x32\...\Wireshark) (Version: 2.4.2 - The Wireshark developer community, hxxps://www.wireshark.org)
X-Lite (HKU\S-1-5-21-2908530081-1728504943-2728732151-1000\...\X-Lite) (Version: 5.0.3.88254 - CounterPath Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2908530081-1728504943-2728732151-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Bradvica\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2908530081-1728504943-2728732151-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Bradvica\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2908530081-1728504943-2728732151-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Bradvica\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2908530081-1728504943-2728732151-1000_Classes\CLSID\{d2ce678e-6b5f-4def-afa8-b7ecf865cc6f}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2908530081-1728504943-2728732151-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Bradvica\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2908530081-1728504943-2728732151-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Bradvica\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers1: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2017-02-14] ()
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-01-20] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-06-07] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers6: [ExpressZip] -> {8EEA165E-0B8B-4BA7-9796-50214C767171} => C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll [2017-02-14] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-01-20] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1D8C4A7E-6B93-47CD-98B3-5BA78A90D722} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {2B6A39B9-F6BA-4CB6-8195-D0E3B9DCE04F} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {30C20DA2-9301-4713-BDED-16F232730F95} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {30C20DA2-9301-4713-BDED-16F232730F95} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {30C20DA2-9301-4713-BDED-16F232730F95} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2016-05-20] (Microsoft Corporation)
Task: {32363646-4320-4337-8EAE-24068FAEBED5} - System32\Tasks\update-S-1-5-21-2908530081-1728504943-2728732151-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {3365825D-30F7-47C6-91C2-05E7377ABC2C} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {3365825D-30F7-47C6-91C2-05E7377ABC2C} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-05-20] (Microsoft Corporation)
Task: {35006E08-2F6D-4585-A773-E1F655A15EB4} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {35006E08-2F6D-4585-A773-E1F655A15EB4} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-05-20] (Microsoft Corporation)
Task: {466DAE0D-F656-458E-8A2C-236A1F05A0C6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-12-15] (Adobe Systems Incorporated)
Task: {48A91CA0-3981-44CA-B762-0C9B151E441D} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {4F4A0C59-4F9C-4653-A95E-252E04F6C9D5} - System32\Tasks\Maxthon5 Update => C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe [2017-11-01] (Maxthon International ltd.)
Task: {618E9DA1-60B9-4F27-AD98-B4697BEC7081} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2017-02-14] (Lenovo)
Task: {82EC92F7-E5BF-4644-B97B-A1E7C67B5ED7} - System32\Tasks\{B547C0A6-03D1-47D0-A171-11C2C15A1332} => C:\Users\Bradvica\Downloads\sx.exe [2017-05-08] (Conner Bernhard)
Task: {8DC1B688-B3F1-413E-A103-7AA78DAD28E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-23] (Google Inc.)
Task: {8EC1AFF0-027C-4FE9-91A8-1927A3446047} - System32\Tasks\Opera scheduled Autoupdate 1491645896 => C:\Program Files\Opera\launcher.exe [2017-12-18] (Opera Software)
Task: {934CB070-B15E-4F97-8925-8A748DA7A4EC} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe [2017-02-14] ()
Task: {9BCB4076-0B42-450A-A8E0-0C6348BBA8A7} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-08-16] ()
Task: {AA7D3F7A-892A-40FD-BBC0-080322B6534B} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe [2017-12-15] (Adobe Systems Incorporated)
Task: {AAA24BA1-E661-483E-9CE5-5E4D6DBDF94B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-23] (Google Inc.)
Task: {C23C9A04-BC94-4086-85C6-DC97BA5CD3E2} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-07-21] (Oracle Corporation)
Task: {C2CCA775-8AC8-4D3B-B867-6A39C9055A4C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {CF243E97-7F95-4084-8FFF-4AA02BD5DD3D} - System32\Tasks\{9CFEBD3F-1D95-46B4-8844-F96DBE92EFFD} => C:\Users\Bradvica\Downloads\sx.exe [2017-05-08] (Conner Bernhard)
Task: {DEC8C422-D32A-4002-8987-1129FEA59A9D} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-08-16] ()
Task: {EB9A636A-039F-41ED-A0C6-DBC90569E017} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-2908530081-1728504943-2728732151-1000 => "C:\Windows\system32\rundll32.exe" dfshim.dll,ShOpenVerbShortcut C:\Users\Bradvica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
Task: {ED8A4084-7BAD-48D6-B0C3-DC4AD130B542} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {ED8A4084-7BAD-48D6-B0C3-DC4AD130B542} - C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-05-20] (Microsoft Corporation)
Task: {F4BEEA83-4463-4B4C-BF5E-605FE34AEE97} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2017-02-14] (Lenovo)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\update-S-1-5-21-2908530081-1728504943-2728732151-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Bradvica\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm

==================== Loaded Modules (Whitelisted) ==============

2017-02-14 19:07 - 2017-02-14 19:07 - 000105984 _____ () C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll
2016-05-27 17:13 - 2012-06-07 08:51 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2008-12-20 02:20 - 2016-05-27 18:00 - 000054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-03-10 15:30 - 2016-05-27 18:00 - 001509936 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2012-03-08 14:38 - 2016-05-27 18:00 - 000011096 _____ () C:\Program Files (x86)\Lenovo\Energy Management\hr-HR\EMWpfUI.resources.dll
2008-12-20 02:20 - 2016-05-27 18:00 - 000054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2017-05-07 17:52 - 2008-07-12 20:14 - 000552960 _____ () C:\Program Files (x86)\ScreenShot\ScreenShot.exe
2017-04-21 17:35 - 2017-04-17 11:31 - 001852416 _____ () C:\Program Files (x86)\DEKSI Network Inventory\DataCollector.exe
2017-05-02 08:44 - 2017-05-02 10:18 - 002271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-11-27 17:38 - 2017-11-27 17:38 - 003132928 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\PaintDotNetc8826574#\ad82c9174a72e7d5512a022c3b43d7c3\PaintDotNet.SystemLayer.Native.x64.ni.dll
2017-10-02 14:43 - 2017-10-02 14:43 - 001089752 _____ () C:\Program Files\paint.net\PaintDotNet.SystemLayer.Native.x64.dll
2017-11-29 16:36 - 2017-05-10 17:41 - 000042232 _____ () C:\Program Files\GIMP 2\bin\libgimpmodule-2.0-0.dll
2017-11-29 16:36 - 2017-05-10 17:40 - 000107928 _____ () C:\Program Files\GIMP 2\bin\libgimpbase-2.0-0.dll
2017-11-29 16:37 - 2017-05-06 19:40 - 000032655 _____ () C:\Program Files\GIMP 2\bin\libffi-6.dll
2017-11-29 16:37 - 2017-05-06 19:39 - 000091289 _____ () C:\Program Files\GIMP 2\bin\zlib1.dll
2017-11-29 16:36 - 2017-05-10 17:41 - 000058672 _____ () C:\Program Files\GIMP 2\bin\libgimpthumb-2.0-0.dll
2017-11-29 16:37 - 2017-05-06 19:41 - 000304869 _____ () C:\Program Files\GIMP 2\bin\libjasper-4.dll
2017-11-29 16:37 - 2017-05-06 19:39 - 000344118 _____ () C:\Program Files\GIMP 2\bin\libjpeg-8.dll
2017-11-29 16:37 - 2017-05-06 19:41 - 000219806 _____ () C:\Program Files\GIMP 2\bin\libpng16-16.dll
2017-11-29 16:37 - 2017-05-06 19:50 - 000435601 _____ () C:\Program Files\GIMP 2\bin\libtiff-5.dll
2017-11-29 16:36 - 2017-05-10 17:41 - 001249752 _____ () C:\Program Files\GIMP 2\bin\libgimpwidgets-2.0-0.dll
2017-11-29 16:36 - 2017-05-10 17:40 - 000075216 _____ () C:\Program Files\GIMP 2\bin\libgimpcolor-2.0-0.dll
2017-11-29 16:36 - 2017-05-06 19:54 - 000900199 _____ () C:\Program Files\GIMP 2\bin\libcairo-2.dll
2017-11-29 16:37 - 2017-05-06 20:16 - 000082221 _____ () C:\Program Files\GIMP 2\bin\libgcc_s_seh-1.dll
2017-11-29 16:37 - 2017-05-10 00:43 - 000290240 _____ () C:\Program Files\GIMP 2\bin\libfontconfig-1.dll
2017-11-29 16:37 - 2017-05-06 19:41 - 000516190 _____ () C:\Program Files\GIMP 2\bin\libfreetype-6.dll
2017-11-29 16:37 - 2017-05-06 19:42 - 001253806 _____ () C:\Program Files\GIMP 2\bin\libxml2-2.dll
2017-11-29 16:37 - 2017-05-06 19:39 - 000662600 _____ () C:\Program Files\GIMP 2\bin\libpixman-1-0.dll
2017-11-29 16:36 - 2017-05-10 17:40 - 000084928 _____ () C:\Program Files\GIMP 2\bin\libgimpconfig-2.0-0.dll
2017-11-29 16:36 - 2017-05-10 17:41 - 000047000 _____ () C:\Program Files\GIMP 2\bin\libgimpmath-2.0-0.dll
2017-11-29 16:37 - 2017-05-06 20:36 - 000384957 _____ () C:\Program Files\GIMP 2\bin\libharfbuzz-0.dll
2017-11-29 16:36 - 2017-05-06 19:56 - 000130244 _____ () C:\Program Files\GIMP 2\bin\libbabl-0.1-0.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000425279 _____ () C:\Program Files\GIMP 2\bin\libgegl-0.2-0.dll
2017-11-29 16:38 - 2017-05-06 20:43 - 000074543 _____ () C:\Program Files\GIMP 2\lib\gtk-2.0\2.10.0\engines\libwimp.dll
2017-11-29 16:36 - 2017-05-10 17:42 - 000043024 _____ () C:\Program Files\GIMP 2\lib\gimp\2.0\modules\libdisplay-filter-lcms.dll
2017-11-29 16:37 - 2017-05-06 19:53 - 000320117 _____ () C:\Program Files\GIMP 2\bin\liblcms2-2.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000023492 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\add.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000022282 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\clear.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000023359 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\color-burn.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000023359 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\color-dodge.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000023359 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\darken.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000023359 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\difference.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000023492 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\divide.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000022282 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\dst-atop.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000022282 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\dst-in.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000022282 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\dst-out.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000022282 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\dst-over.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000022282 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\dst.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000023359 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\exclusion.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000027180 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\gamma.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000023359 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\hard-light.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000023359 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\lighten.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000023492 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\multiply.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000027261 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\opacity.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000025477 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\over.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000023359 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\overlay.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000022847 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\plus.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000023359 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\screen.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000023871 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\soft-light.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000022282 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\src-atop.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000023369 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\src-in.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000022282 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\src-out.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000022282 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\src-over.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000022282 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\src.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000023492 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\subtract.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000022794 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\svg-multiply.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000026441 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\threshold.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000023492 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\weighted-blend.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000022794 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\xor.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000024966 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\map-absolute.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000025096 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\map-relative.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000030184 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\matting-global.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000033381 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\bilateral-filter.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000032283 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\box-blur.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000044426 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\c2g.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000039800 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\edge-laplace.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000031660 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\edge-sobel.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000041344 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\gaussian-blur.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000035832 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\motion-blur.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000035949 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\noise-reduction.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000031588 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\pixelize.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000027753 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\ripple.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000036477 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\snn-mean.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000028689 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\stress.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000027158 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\waves.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000025927 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\brightness-contrast.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000026500 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\color-temperature.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000024372 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\contrast-curve.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000023709 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\convert-format.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000023500 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\grey.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000023520 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\invert.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000025757 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\levels.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000022290 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\posterize.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000026433 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\svg-huerotate.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000024066 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\svg-luminancetoalpha.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000025817 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\svg-matrix.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000024793 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\svg-saturate.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000026250 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\value-invert.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000039338 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\vignette.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000023609 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\clone.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000024280 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\color-to-alpha.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000025457 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\crop.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000043957 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\exp-combine.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000043897 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\fattal02.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000031009 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\lens-distortion.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000040919 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\mantiuk06.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000024309 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\mblur.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000031416 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\mirrors.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000027387 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\mono-mixer.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000022866 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\nop.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000035971 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\path.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000030340 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\polar-coordinates.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000032603 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\reinhard05.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000024067 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\stretch-contrast.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000045912 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\transformops.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000030643 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\vector-fill.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000030699 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\vector-stroke.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000023544 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\buffer-sink.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000024234 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\display.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000023485 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\gegl-buffer-save-op.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000027016 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\jpg-save.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000027289 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\png-save.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000025598 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\ppm-save.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000034184 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\rgbe-save.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000023870 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\save-pixbuf.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000025433 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\save.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000025093 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\write-buffer.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000023688 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\buffer-source.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000024857 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\checkerboard.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000023681 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\color.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000025341 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\grid.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000027747 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\noise.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000032731 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\fractal-explorer.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000023683 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\gegl-buffer-load-op.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000024995 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\introspect.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000025626 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\jpg-load.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000024892 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\magick-load.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000024305 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\open-buffer.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000023809 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\pixbuf.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000028413 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\png-load.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000025983 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\ppm-load.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000025881 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\raw-load.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000034183 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\rgbe-load.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000026609 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\svg-load.dll
2017-11-29 16:37 - 2017-05-06 20:48 - 000234938 _____ () C:\Program Files\GIMP 2\bin\librsvg-2-2.dll
2017-11-29 16:36 - 2017-05-06 19:54 - 000215752 _____ () C:\Program Files\GIMP 2\bin\libcroco-0.6-3.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000030862 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\text.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000024189 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\difference-of-gaussians.dll
2017-11-29 16:37 - 2017-05-06 20:50 - 000024750 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\dropshadow.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000027284 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\layer.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000024872 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\load.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000024824 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\rectangle.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000024155 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\unsharp-mask.dll
2017-11-29 16:38 - 2017-05-06 20:50 - 000022795 _____ () C:\Program Files\GIMP 2\lib\gegl-0.2\remap.dll
2017-11-29 16:36 - 2017-05-10 17:41 - 000153280 _____ () C:\Program Files\GIMP 2\bin\libgimpui-2.0-0.dll
2017-11-29 16:36 - 2017-05-10 17:40 - 000248800 _____ () C:\Program Files\GIMP 2\bin\libgimp-2.0-0.dll
2017-10-28 08:55 - 2017-10-28 08:55 - 019175424 _____ () C:\Users\Bradvica\AppData\Local\CounterPath\X-Lite\Current\CPCLR.dll
2017-10-28 08:55 - 2017-10-28 08:55 - 000046592 _____ () C:\Users\Bradvica\AppData\Local\CounterPath\X-Lite\Current\boost_signals-vc120-mt-1_61.dll
2017-10-28 08:55 - 2017-10-28 08:55 - 000016896 _____ () C:\Users\Bradvica\AppData\Local\CounterPath\X-Lite\Current\boost_system-vc120-mt-1_61.dll
2017-10-28 08:55 - 2017-10-28 08:55 - 010196424 _____ () C:\Users\Bradvica\AppData\Local\CounterPath\X-Lite\Current\CPCAPI2_SharedLibrary.dll
2017-10-28 08:55 - 2017-10-28 08:55 - 000082944 _____ () C:\Users\Bradvica\AppData\Local\CounterPath\X-Lite\Current\boost_thread-vc120-mt-1_61.dll
2017-10-28 08:55 - 2017-10-28 08:55 - 000025600 _____ () C:\Users\Bradvica\AppData\Local\CounterPath\X-Lite\Current\boost_chrono-vc120-mt-1_61.dll
2017-10-28 08:55 - 2017-10-28 08:55 - 000654336 _____ () C:\Users\Bradvica\AppData\Local\CounterPath\X-Lite\Current\boost_regex-vc120-mt-1_61.dll
2017-10-28 08:55 - 2017-10-28 08:55 - 000107520 _____ () C:\Users\Bradvica\AppData\Local\CounterPath\X-Lite\Current\boost_filesystem-vc120-mt-1_61.dll
2017-10-28 08:55 - 2017-10-28 08:55 - 000040960 _____ () C:\Users\Bradvica\AppData\Local\CounterPath\X-Lite\Current\boost_date_time-vc120-mt-1_61.dll
2017-10-28 08:55 - 2017-10-28 08:55 - 001240576 _____ () C:\Users\Bradvica\AppData\Local\CounterPath\X-Lite\Current\CefSharp.Core.dll
2017-10-28 08:55 - 2017-10-28 08:55 - 066165760 _____ () C:\Users\Bradvica\AppData\Local\CounterPath\X-Lite\Current\libcef.dll
2017-05-07 17:52 - 2002-04-22 07:45 - 000663552 _____ () C:\Program Files (x86)\ScreenShot\FreeImage.dll
2017-05-07 17:52 - 2007-09-27 20:28 - 000024576 _____ () C:\Program Files (x86)\ScreenShot\SmdHook.dll0
2017-04-26 14:19 - 2017-04-26 14:19 - 002005976 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2014-03-31 20:35 - 2014-03-31 20:35 - 000274112 _____ () C:\Program Files (x86)\Windows Live\Writer\hr\WindowsLive.Writer.Localization.resources.dll
2017-10-28 08:55 - 2017-10-28 08:55 - 000822784 _____ () C:\Users\Bradvica\AppData\Local\CounterPath\X-Lite\Current\CefSharp.BrowserSubprocess.Core.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:F297470E [128]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Audiosrv => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MMCSS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="Sound, video and game controllers"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2017-05-05 23:33 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2908530081-1728504943-2728732151-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Bradvica\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 4.4.4.4 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{84373C29-AA51-4F6C-B22C-1BA45076258C}] => (Allow) C:\Users\Bradvica\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{5EAC8143-F550-4DEE-B3EB-23E7B6F201D2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{810B7C76-6753-450B-B539-495CB5299E23}] => (Allow) LPort=2869
FirewallRules: [{3C6B5F6B-D44E-4628-99FF-AB10373D82FA}] => (Allow) LPort=1900
FirewallRules: [{01858C03-0CD0-4DE9-AEC1-472FCCD216BF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{509E5850-AB3C-4320-8A1C-7626466A8999}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3D199255-9D00-4013-8156-85C0746C309A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{33AFE731-CFC2-4F5E-9B7B-567D32F9C350}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{48232B05-9262-43A7-810F-18E36A3A5DB3}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Allow) C:\program files (x86)\counterpath\x-lite\x-lite.exe
FirewallRules: [UDP Query User{1E8112DC-EF99-4EDC-8294-852ADC1E5E0A}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Allow) C:\program files (x86)\counterpath\x-lite\x-lite.exe
FirewallRules: [TCP Query User{999CA2FE-6E9B-4C99-B8ED-B1569A2D5DEB}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Allow) C:\program files (x86)\counterpath\x-lite\x-lite.exe
FirewallRules: [UDP Query User{92C2EF05-42E5-4CB7-AB8F-BBE7DCE0342B}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Allow) C:\program files (x86)\counterpath\x-lite\x-lite.exe
FirewallRules: [{634783B3-E82D-44C3-B5D2-17DA27596C29}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{90B132FA-2EC6-4829-A76E-3474A76BE3C6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{D029B343-B799-4E5F-8A0F-A5DC03B9AD14}] => (Allow) C:\Program Files (x86)\openElement\openElement 1.56\openElement.exe
FirewallRules: [{C22CC5E7-9447-47C9-B21D-BCD145190D3B}] => (Allow) C:\Program Files (x86)\openElement\openElement 1.56\SyncFTP.exe
FirewallRules: [{E3B83051-8554-4BD3-93B8-36A59A02B5D3}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
FirewallRules: [{2773DD02-2E52-487A-B635-DC2A8CB1A37A}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\MxUp.exe
FirewallRules: [{3D1F93CD-2A0A-4D25-A41A-E56187B044A0}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe
FirewallRules: [{65F0B9E6-A5A4-4D0B-9EA2-1097DE6A2DF5}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\MxUp.exe
FirewallRules: [{C95EF36F-029D-4903-BA74-70603AAC2B27}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{5F80CB55-2900-47AD-AD3E-5C941C52F826}C:\users\bradvica\appdata\local\counterpath\x-lite\current\x-lite.exe] => (Allow) C:\users\bradvica\appdata\local\counterpath\x-lite\current\x-lite.exe
FirewallRules: [UDP Query User{6CC33E86-CC0A-45D1-B332-11DAFBA7F23F}C:\users\bradvica\appdata\local\counterpath\x-lite\current\x-lite.exe] => (Allow) C:\users\bradvica\appdata\local\counterpath\x-lite\current\x-lite.exe
FirewallRules: [TCP Query User{BE8FE07B-F6EF-4E0C-8715-3041E4BCFA5B}C:\users\bradvica\appdata\local\counterpath\x-lite\current\x-lite.exe] => (Allow) C:\users\bradvica\appdata\local\counterpath\x-lite\current\x-lite.exe
FirewallRules: [UDP Query User{B0381334-E095-4E45-9DBB-652EA5B031F8}C:\users\bradvica\appdata\local\counterpath\x-lite\current\x-lite.exe] => (Allow) C:\users\bradvica\appdata\local\counterpath\x-lite\current\x-lite.exe
FirewallRules: [{E8C1F33D-9192-42A1-891E-61B0D578B072}] => (Allow) C:\Program Files (x86)\Nsauditor\Nsauditor.exe
FirewallRules: [{952FB8D4-9261-4C74-8FDD-19CAC68AB399}] => (Allow) C:\Program Files (x86)\Nsauditor\Nsauditor.exe
FirewallRules: [{5752791F-709F-461A-98BA-1F0CE717466F}] => (Allow) LPort=8318
FirewallRules: [{1017A5C8-E607-4F56-9744-FB4215FC5146}] => (Allow) C:\Program Files (x86)\Cisco\Monitor.exe
FirewallRules: [{2A6CD9F9-688B-4530-B886-9109E67941E9}] => (Allow) C:\Program Files (x86)\Cisco\Monitor.exe
FirewallRules: [{4E3EFD93-B48B-4218-87E4-651A8A958C80}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{9659A3CF-2763-4B98-92C0-82706662568A}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{C7F440D9-DB7E-4E33-AB40-51DFBCEE1381}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [TCP Query User{F8618D14-CADD-4CFB-A68C-C141103C4C2A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{399E466A-F1AF-4EEE-B1BD-209FC6FCC457}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{5FF22510-4242-4645-A203-0820377B1BAD}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{DE47699E-E19F-468D-BF4B-88D9EEC53E94}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{42E071BF-7DC7-465F-BBD5-8F8A3729EE21}] => (Allow) C:\Program Files\Opera\49.0.2725.47\opera.exe
FirewallRules: [{66FB490E-5C67-470F-9886-53EB24FC8DED}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{9897553F-935C-40F6-9254-69B624E3A855}] => (Allow) C:\Program Files\Opera\49.0.2725.64\opera.exe

==================== Restore Points =========================

22-11-2017 13:41:01 Zakazana kontrolna točka
27-11-2017 17:33:47 paint.net 4.0.19
05-12-2017 17:21:14 Zakazana kontrolna točka
14-12-2017 10:23:59 Zakazana kontrolna točka
22-12-2017 22:45:50 Zakazana kontrolna točka

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/20/2017 09:56:20 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SoftwareUpdate.exe version 2.1.4.131 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 23cc

Start Time: 01d3790de483a3c9

Termination Time: 1228

Application Path: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe

Report Id: 87c76020-e563-11e7-98bf-201a062f4112

Error: (12/17/2017 06:56:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Aplikacija koja je prouzročila pogrešku: firefox.exe, verzija: 57.0.2.6549, vremenska oznaka: 0x5a2846ff
Modul koji je prouzročio pogrešku: xul.dll, verzija: 57.0.2.6549, vremenska oznaka: 0x5a284b56
Kôd iznimke: 0x80000003
Pomak pogreške 0x00000000015665a3
Id postupka: 0x984
Vrijeme pokretanja aplikacije koja je prouzročila pogrešku: 0x01d37704c738e677
Put aplikacije koja je prouzročila pogrešku: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Put modula koji je prouzročio pogrešku: C:\Program Files (x86)\Mozilla Firefox\xul.dll
Id izvješća: 94d15de6-e353-11e7-98bf-201a062f4112

Error: (12/12/2017 06:14:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/05/2017 09:55:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program PaintDotNet.exe version 4.19.6484.39094 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ff4

Start Time: 01d36c7fd12c268c

Termination Time: 23673

Application Path: C:\Program Files\paint.net\PaintDotNet.exe

Report Id: 7472eba8-d999-11e7-b158-201a062f4112

Error: (11/30/2017 01:33:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/29/2017 03:13:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SoftwareUpdate.exe version 2.1.4.131 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10e8

Start Time: 01d3688d6a8571e6

Termination Time: 366

Application Path: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe

Report Id: 70c82541-d50f-11e7-a4a1-201a062f4112

Error: (11/27/2017 05:33:40 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Pristup je odbijen.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {75519a25-4abe-404b-81ea-e415676e408f}

Error: (11/24/2017 02:25:19 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01A language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (11/24/2017 02:25:19 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01A language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (11/24/2017 02:19:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (12/22/2017 04:52:58 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {752073A1-23F2-4396-85F0-8FDB879ED0ED} did not register with DCOM within the required timeout.

Error: (12/18/2017 11:22:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Isteklo je vrijeme čekanja (30000 ms) tijekom povezivanja sa servisom Windows Error Reporting Service.

Error: (12/17/2017 10:05:52 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {752073A1-23F2-4396-85F0-8FDB879ED0ED} did not register with DCOM within the required timeout.

Error: (12/15/2017 04:21:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Servis Windows Modules Installer neočekivano je prekinut.  To se dogodilo 1 puta.  Za 120000 ms bit će poduzeta sljedeća akcija ispravljanja: Ponovno pokretanje servisa.

Error: (12/13/2017 08:16:27 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Isteklo je vrijeme čekanja (30000 ms) odgovora transakcije iz servisa btwdins.

Error: (12/12/2017 06:13:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Pokretanje servisa srvInventoryWebServer nije uspjelo zbog sljedeće pogreške:
Servis nije na vrijeme odgovorio na zahtjev za početak ili kontrolu.

Error: (12/12/2017 06:13:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Isteklo je vrijeme čekanja (30000 ms) tijekom povezivanja sa servisom srvInventoryWebServer.

Error: (12/12/2017 06:13:06 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 18:11:44 on ‎12.‎12.‎2017. was unexpected.

Error: (12/10/2017 07:17:01 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Isteklo je vrijeme čekanja (30000 ms) tijekom povezivanja sa servisom Windows Error Reporting Service.

Error: (12/10/2017 01:02:00 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Isteklo je vrijeme čekanja (30000 ms) odgovora transakcije iz servisa DiagTrack.


CodeIntegrity:
===================================
  Date: 2017-05-06 00:26:45.084
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-06 00:26:45.013
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Celeron® CPU 1005M @ 1.90GHz
Percentage of memory in use: 81%
Total physical RAM: 3996.85 MB
Available physical RAM: 733.87 MB
Total Virtual: 9388.16 MB
Available Virtual: 2708.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:302.73 GB) (Free:228.08 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:140.4 GB) (Free:140.3 GB) NTFS
Drive e: () (Fixed) (Total:22.62 GB) (Free:11.67 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A514DBDC)
Partition 1: (Active) - (Size=302.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=163 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================


Edited by jbradvi9, 23 December 2017 - 11:11 AM.


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:27 AM

Posted 23 December 2017 - 08:02 PM

Greetings and thank you for the information.

Have you done a factory reset on the modem and router or modem/router if it is a combination unit?

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
Folder: C:\Program Files (x86)\DDSV2
2017-11-29 16:22 - 2017-11-29 16:24 - 026459645 _____ (Yasisoft, Inc. ) C:\Users\Bradvica\Downloads\Image_Editor_Setup.exe
2017-12-22 18:16 - 2017-05-07 17:52 - 000000213 _____ C:\ProgramData\gbufg.dll
AlternateDataStreams: C:\ProgramData\TEMP:F297470E [128]
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a MTB.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Factory reset?
  • Fixlog
  • mtb.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#6 jbradvi9

jbradvi9
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:27 AM

Posted 24 December 2017 - 04:35 AM

I did the factory rreset a few times with automatic password change but the laptop still loses connection only on home network.Let say if I use the laptop in a coffy bar it likes to freeze or block but never loses connection.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-12-2017 01
Ran by Bradvica (24-12-2017 10:13:18) Run:1
Running from C:\Users\Bradvica\Downloads
Loaded Profiles: Bradvica (Available Profiles: Bradvica)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
Folder: C:\Program Files (x86)\DDSV2
2017-11-29 16:22 - 2017-11-29 16:24 - 026459645 _____ (Yasisoft, Inc. ) C:\Users\Bradvica\Downloads\Image_Editor_Setup.exe
2017-12-22 18:16 - 2017-05-07 17:52 - 000000213 _____ C:\ProgramData\gbufg.dll
AlternateDataStreams: C:\ProgramData\TEMP:F297470E [128]

*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\System\CurrentControlSet\Services\AppMgmt" => removed successfully
AppMgmt => service removed successfully

========================= Folder: C:\Program Files (x86)\DDSV2 ========================

2017-12-06 18:19 - 2017-12-06 18:19 - 000000000 ____D [D41D8CD98F00B204E9800998ECF8427E] () C:\Program Files (x86)\DDSV2\lib_img

====== End of Folder: ======

C:\Users\Bradvica\Downloads\Image_Editor_Setup.exe => moved successfully
C:\ProgramData\gbufg.dll => moved successfully
C:\ProgramData\TEMP => ":F297470E" ADS removed successfully


The system needed a reboot.

==== End of Fixlog 10:14:14 ====

 

 

 

 

 

 

 

 

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Bradvica (administrator) on 24-12-2017 at 10:33:00
Running from "C:\Users\Bradvica\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: 20236 Manufacturer: LENOVO
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
127.0.0.1       localhost
========================= IP Configuration: ================================

Broadcom 802.11n mrežni adapter = Veza s bežičnom mrežom (Connected)
Microsoft Virtual WiFi Miniport Adapter = Veza s bežičnom mrežom 2 (Media disconnected)
Qualcomm Atheros AR8172/8176/8178 PCI-E Fast Ethernet Controller (NDIS 6.20) = Lokalna veza (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set subinterface interface=?:$ subinterface=ethernet_9 mtu=1477


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Bradvica-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : home

Ethernet adapter Lokalna veza:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Qualcomm Atheros AR8172/8176/8178 PCI-E Fast Ethernet Controller (NDIS 6.20)
   Physical Address. . . . . . . . . : 20-1A-06-2F-41-12
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Veza s be§iźnom mre§om 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 80-56-F2-D6-00-BD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Veza s be§iźnom mre§om:

   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Broadcom 802.11n mre§ni adapter
   Physical Address. . . . . . . . . : 80-56-F2-D6-00-BD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.1.251(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 24. prosinca 2017. 10:17:20
   Lease Expires . . . . . . . . . . : 25. prosinca 2017. 10:17:34
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 4.4.4.4
                                       8.8.8.8
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.Home:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {84FA8D0C-786D-443C-978D-793D99E32D1C}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  4.4.4.4

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.

Pinging google.com [172.217.23.174] with 32 bytes of data:
Reply from 172.217.23.174: bytes=32 time=38ms TTL=54
Reply from 172.217.23.174: bytes=32 time=38ms TTL=54

Ping statistics for 172.217.23.174:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 38ms, Maximum = 38ms, Average = 38ms
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  4.4.4.4

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.

Pinging yahoo.com [98.139.180.180] with 32 bytes of data:
Reply from 98.139.180.180: bytes=32 time=143ms TTL=48
Reply from 98.139.180.180: bytes=32 time=137ms TTL=48

Ping statistics for 98.139.180.180:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 137ms, Maximum = 143ms, Average = 140ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 17...20 1a 06 2f 41 12 ......Qualcomm Atheros AR8172/8176/8178 PCI-E Fast Ethernet Controller (NDIS 6.20)
 14...80 56 f2 d6 00 bd ......Microsoft Virtual WiFi Miniport Adapter
 11...80 56 f2 d6 00 bd ......Broadcom 802.11n mrežni adapter
  1...........................Software Loopback Interface 1
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.251     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.251    281
    192.168.1.251  255.255.255.255         On-link     192.168.1.251    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.251    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.251    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.251    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 09 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 09 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

**** End of log ****
 



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:27 AM

Posted 24 December 2017 - 09:43 AM

Thank you.

Do you access a University Library system?

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
ExportKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Library?
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#8 jbradvi9

jbradvi9
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:27 AM

Posted 24 December 2017 - 04:06 PM

1Library?-no

2Fixlog

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-12-2017 01
Ran by Bradvica (24-12-2017 22:02:25) Run:2
Running from C:\Users\Bradvica\Downloads
Loaded Profiles: Bradvica (Available Profiles: Bradvica)
Boot Mode: Normal
==============================================

fixlist content:
*****************
ExportKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces

*****************

================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces]
[HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{352B59C2-BD26-4D60-BA50-6D7BB3AD3164}]
"UseZeroBroadcast"="0"
"EnableDeadGWDetect"="1"
"EnableDHCP"="1"
"NameServer"="4.4.4.4,8.8.8.8"
"Domain"=""
"RegistrationEnabled"="1"
"RegisterAdapterName"="0"
"DhcpIPAddress"="192.168.1.251"
"DhcpSubnetMask"="255.255.255.0"
"DhcpServer"="192.168.1.1"
"Lease"="86400"
"LeaseObtainedTime"="1514107054"
"T1"="1514150254"
"T2"="1514182654"
"LeaseTerminatesTime"="1514193454"
"AddressType"="0"
"IsServerNapAware"="0"
"DhcpConnForceBroadcastFlag"="1"
"DhcpNetworkHint"="A42427164667963616"
"DhcpInterfaceOptions"="060000000000000008000000000000002ec2405ac0a80101c0a801010f0000000000000004000000000000002ec2405a686f6d65030000000000000004000000000000002ec2405ac0a80101010000000000000004000000000000002ec2405affffff00 (the data entry has 280 more characters)."
"DhcpGatewayHardware"="c0a801010600000048db500f03b1"
"DhcpGatewayHardwareCount"="1"
"DhcpNameServer"="192.168.1.1 192.168.1.1"
"DhcpDomain"="home"
"DhcpDefaultGateway"="192.168.1.1"
"DhcpSubnetMaskOpt"="255.255.255.0"
[HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{352B59C2-BD26-4D60-BA50-6D7BB3AD3164}\24143535]
"UseZeroBroadcast"="0"
"EnableDeadGWDetect"="1"
"EnableDHCP"="1"
"NameServer"=""
"Domain"=""
"RegistrationEnabled"="1"
"RegisterAdapterName"="0"
"DhcpIPAddress"="192.168.10.164"
"DhcpSubnetMask"="255.255.255.0"
"DhcpServer"="192.168.10.1"
"Lease"="1800"
"LeaseObtainedTime"="1510489369"
"T1"="1510490269"
"T2"="1510490944"
"LeaseTerminatesTime"="1510491169"
"AddressType"="0"
"IsServerNapAware"="0"
"DhcpConnForceBroadcastFlag"="1"
"DhcpNetworkHint"="24143535"
"DhcpInterfaceOptions"="060000000000000008000000000000002144085a0808080808080404030000000000000004000000000000002144085ac0a80a01010000000000000004000000000000002144085affffff00360000000000000004000000000000002144085ac0a80a01 (the data entry has 136 more characters)."
"DhcpGatewayHardware"="c0a80a01060000004c5e0c30e37a"
"DhcpGatewayHardwareCount"="1"
"DhcpNameServer"="8.8.8.8 8.8.4.4"
"DhcpDefaultGateway"="192.168.10.1"
"DhcpSubnetMaskOpt"="255.255.255.0"
[HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{352B59C2-BD26-4D60-BA50-6D7BB3AD3164}\2427164667963616]
"UseZeroBroadcast"="0"
"EnableDeadGWDetect"="1"
"EnableDHCP"="1"
"NameServer"=""
"Domain"=""
"RegistrationEnabled"="1"
"RegisterAdapterName"="0"
"DhcpIPAddress"="192.168.0.102"
"DhcpSubnetMask"="255.255.255.0"
"DhcpServer"="192.168.0.1"
"Lease"="86400"
"LeaseObtainedTime"="1491194069"
"T1"="1491237269"
"T2"="1491269669"
"LeaseTerminatesTime"="1491280469"
"AddressType"="0"
"IsServerNapAware"="0"
"DhcpConnForceBroadcastFlag"="1"
"DhcpNetworkHint"="2427164667963616"
"DhcpInterfaceOptions"="060000000000000008000000000000005522e358d043dede57fa61fa030000000000000004000000000000005522e358c0a80001010000000000000004000000000000005522e358ffffff00360000000000000004000000000000005522e358c0a80001 (the data entry has 136 more characters)."
"DhcpGatewayHardware"="c0a8000106000000c83a352f5608"
"DhcpGatewayHardwareCount"="1"
"DhcpNameServer"="208.67.222.222 87.250.97.250"
"DhcpDefaultGateway"="192.168.0.1"
"DhcpSubnetMaskOpt"="255.255.255.0"
[HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{352B59C2-BD26-4D60-BA50-6D7BB3AD3164}\2494245425F4E42323]
"UseZeroBroadcast"="0"
"EnableDeadGWDetect"="1"
"EnableDHCP"="1"
"NameServer"=""
"Domain"=""
"RegistrationEnabled"="1"
"RegisterAdapterName"="0"
"DhcpIPAddress"="192.168.5.60"
"DhcpSubnetMask"="255.255.255.0"
"DhcpServer"="192.168.5.1"
"Lease"="86400"
"LeaseObtainedTime"="1494671046"
"T1"="1494714246"
"T2"="1494746646"
"LeaseTerminatesTime"="1494757446"
"AddressType"="0"
"IsServerNapAware"="0"
"DhcpConnForceBroadcastFlag"="0"
"DhcpNetworkHint"="2494245425F4E42323"
"DhcpInterfaceOptions"="0600000000000000040000000000000046301859c0a805010300000000000000040000000000000046301859c0a805010f000000000000000b0000000000000046301859676967617365742e6c616e000100000000000000040000000000000046301859 (the data entry has 288 more characters)."
"DhcpGatewayHardware"="c0a8050106000000988b5df16f81"
"DhcpGatewayHardwareCount"="1"
"DhcpNameServer"="192.168.5.1"
"DhcpDefaultGateway"="192.168.5.1"
"DhcpDomain"="gigaset.lan"
"DhcpSubnetMaskOpt"="255.255.255.0"
[HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{352B59C2-BD26-4D60-BA50-6D7BB3AD3164}\6596B6F6E6]
"UseZeroBroadcast"="0"
"EnableDeadGWDetect"="1"
"EnableDHCP"="1"
"NameServer"=""
"Domain"=""
"RegistrationEnabled"="1"
"RegisterAdapterName"="0"
"DhcpIPAddress"="192.168.3.103"
"DhcpSubnetMask"="255.255.255.0"
"DhcpServer"="192.168.3.1"
"Lease"="86400"
"LeaseObtainedTime"="1464699186"
"T1"="1464742386"
"T2"="1464774786"
"LeaseTerminatesTime"="1464785586"
"AddressType"="0"
"IsServerNapAware"="0"
"DhcpConnForceBroadcastFlag"="1"
"DhcpNetworkHint"="6596B6F6E6"
"DhcpInterfaceOptions"="0f000000000000000400000000000000b2da4e57486f6d6506000000000000000400000000000000b2da4e57c0a8030103000000000000000400000000000000b2da4e57c0a8030101000000000000000400000000000000b2da4e57ffffff0033000000 (the data entry has 136 more characters)."
"DhcpGatewayHardware"="c0a80301060000004c9efffd8d14"
"DhcpGatewayHardwareCount"="1"
"DhcpDomain"="Home"
"DhcpNameServer"="192.168.3.1"
"DhcpDefaultGateway"="192.168.3.1"
"DhcpSubnetMaskOpt"="255.255.255.0"
[HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{352B59C2-BD26-4D60-BA50-6D7BB3AD3164}\955445459423]
"UseZeroBroadcast"="0"
"EnableDeadGWDetect"="1"
"EnableDHCP"="1"
"NameServer"=""
"Domain"=""
"RegistrationEnabled"="1"
"RegisterAdapterName"="0"
"DhcpIPAddress"="192.168.1.22"
"DhcpSubnetMask"="255.255.255.0"
"DhcpServer"="192.168.1.1"
"Lease"="86400"
"LeaseObtainedTime"="1464705683"
"T1"="1464748883"
"T2"="1464781283"
"LeaseTerminatesTime"="1464792083"
"AddressType"="0"
"IsServerNapAware"="0"
"DhcpConnForceBroadcastFlag"="1"
"DhcpNetworkHint"="955445459423"
"DhcpInterfaceOptions"="7d00000000000000280000000000000013f44e5700000011234343374233352c5a5844534c203933315649492c5a54454534304e45324430323339333600000000000000040000000000000013f44e57c0a8010106000000000000000400000000000000 (the data entry has 248 more characters)."
"DhcpGatewayHardware"="c0a8010106000000cc7b352f071c"
"DhcpGatewayHardwareCount"="1"
"DhcpNameServer"="192.168.1.1"
"DhcpDefaultGateway"="192.168.1.1"
"DhcpSubnetMaskOpt"="255.255.255.0"
[HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}]
[HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8FD97AF3-76AF-48E2-97C3-EE95268BFECB}]
"UseZeroBroadcast"="0"
"EnableDeadGWDetect"="1"
"EnableDHCP"="1"
"NameServer"=""
"Domain"=""
"RegistrationEnabled"="1"
"RegisterAdapterName"="0"
"DhcpIPAddress"="0.0.0.0"
"DhcpSubnetMask"="255.0.0.0"
"DhcpServer"="255.255.255.255"
"Lease"="0"
"LeaseObtainedTime"="0"
"T1"="0"
"T2"="0"
"LeaseTerminatesTime"="0"
"AddressType"="0"
"IsServerNapAware"="0"
"DhcpConnForceBroadcastFlag"="0"
[HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AE73DA10-E484-4EDD-9997-D3A0224011E7}]
"UseZeroBroadcast"="0"
"EnableDeadGWDetect"="1"
"EnableDHCP"="1"
"NameServer"=""
"Domain"=""
"RegistrationEnabled"="1"
"RegisterAdapterName"="0"
"DhcpIPAddress"="192.168.1.7"
"DhcpSubnetMask"="255.255.255.0"
"DhcpServer"="192.168.1.1"
"Lease"="86400"
"LeaseObtainedTime"="1495170423"
"T1"="1495213623"
"T2"="1495246023"
"LeaseTerminatesTime"="1495256823"
"AddressType"="0"
"IsServerNapAware"="0"
"DhcpConnForceBroadcastFlag"="0"
"DhcpInterfaceOptions"="06000000000000000800000000000000f7ce1f59c0a80101c0a801010f000000000000000400000000000000f7ce1f59686f6d6503000000000000000400000000000000f7ce1f59c0a8010101000000000000000400000000000000f7ce1f59ffffff00 (the data entry has 280 more characters)."
"DhcpGatewayHardware"="c0a801010600000048db500f03b1"
"DhcpGatewayHardwareCount"="1"
"DhcpNameServer"="192.168.1.1 192.168.1.1"
"DhcpDomain"="home"
"DhcpDefaultGateway"="192.168.1.1"
"DhcpSubnetMaskOpt"="255.255.255.0"
[HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C54F2638-B471-4F1B-A8AF-D5D2A87C9355}]
"UseZeroBroadcast"="0"
"EnableDeadGWDetect"="1"
"EnableDHCP"="1"
"NameServer"=""
"Domain"=""
"RegistrationEnabled"="1"
"RegisterAdapterName"="0"
"DhcpIPAddress"="0.0.0.0"
"DhcpSubnetMask"="255.0.0.0"
"DhcpServer"="255.255.255.255"
"Lease"="0"
"LeaseObtainedTime"="0"
"T1"="0"
"T2"="0"
"LeaseTerminatesTime"="0"
"AddressType"="0"
"IsServerNapAware"="0"
"DhcpConnForceBroadcastFlag"="0"

=== End of ExportKey ===

==== End of Fixlog 22:02:25 ====



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:27 AM

Posted 24 December 2017 - 05:19 PM

Thank you.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
StartRegedit: 
[HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{352B59C2-BD26-4D60-BA50-6D7BB3AD3164}]
"NameServer"="8.8.8.8,8.8.4.4"
[HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{352B59C2-BD26-4D60-BA50-6D7BB3AD3164}\24143535]
"NameServer"="8.8.8.8,8.8.4.4"
EndRegedit:
C:\Program Files (x86)\DDSV2
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Reboot your computer and check your Internet
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Internet?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#10 jbradvi9

jbradvi9
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:27 AM

Posted 25 December 2017 - 07:13 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-12-2017 01
Ran by Bradvica (25-12-2017 07:43:26) Run:3
Running from C:\Users\Bradvica\Downloads
Loaded Profiles: Bradvica (Available Profiles: Bradvica)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
StartRegedit:
[HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{352B59C2-BD26-4D60-BA50-6D7BB3AD3164}]
"NameServer"="8.8.8.8,8.8.4.4"
[HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{352B59C2-BD26-4D60-BA50-6D7BB3AD3164}\24143535]
"NameServer"="8.8.8.8,8.8.4.4"
EndRegedit:
C:\Program Files (x86)\DDSV2
emptytemp:

*****************

Restore point was successfully created.
Processes closed successfully.

====> Registry
C:\Program Files (x86)\DDSV2 => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 23947172 B
Java, Flash, Steam htmlcache => 20009 B
Windows/system/drivers => 10814414 B
Edge => 0 B
Chrome => 32496311 B
Firefox => 402099044 B
Opera => 116071583 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58558406 B
systemprofile32 => 118137 B
LocalService => 66228 B
NetworkService => 217156 B
Bradvica => 1932537754 B

RecycleBin => 411131 B
EmptyTemp: => 2.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 07:49:02 ====

 

 

 

 

 

 

I can report You that You definitely changed the state of this laptop but  internet is still oscilating in a mitigated manner and blocking is manifesting as occasional pointer delay or invoked web page remaining occasionally blank for let say 30sec. and  when trying to let say minimize a program window the procedure is blocking sometimes 5-10 sec.But You have changed this laptop(!).....



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:27 AM

Posted 25 December 2017 - 10:27 AM

Greetings and Merry Christmas!

Can you confirm your symptoms are not just related to the Internet? You mention minimizing programs. Are those non-browser programs?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#12 jbradvi9

jbradvi9
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:27 AM

Posted 25 December 2017 - 10:59 AM

Sadly yes.But internet is better at all only 3-4 disconnections in 2 hours instead 40-50 before.A minute ago in the same instant internet went down two opened programs get blocked.Firefox stopped playing youtube clip although there was at least two minutes of buffer loaded... and while i notticed it, 'livemail' suddenly get blocked on trying to minimize it to see what was happening to youtube clip on firefox so my opinion is things are linked.The same payload blocks programs and internet that's how i see that. Merry christmas to You.


Edited by jbradvi9, 25 December 2017 - 11:01 AM.


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:27 AM

Posted 25 December 2017 - 11:22 AM

Thank you.

Please boot into Safe Mode with Networking and test your computer/Internet performance.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#14 jbradvi9

jbradvi9
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:27 AM

Posted 25 December 2017 - 12:09 PM

I dont see differecies between normal and safe mode now but firefox in both cases is no more so annoying but the bad thing is that internet in safe mode has disconnected more than 5 times in 5 minutes.Now I'm testing loading of pages and it's awesome comparing to before 3 days.So to conclude loading better, internet breaks also in safe mode!



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:27 AM

Posted 25 December 2017 - 12:15 PM

Thanks.

Please do this.

===================================================

System Summary Information

--------------------
  • Press the Windows Key + R on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Attached System Summary report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users