Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

When starting pc adf.ly link pop-ups [FRST logs included other log files too]


  • Please log in to reply
36 replies to this topic

#1 Beckran

Beckran

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 14 April 2018 - 04:45 AM

Hey, when I start my computer adf.ly link pop-ups [restorecosm.bid] and when I skip the ad it redirects me to this site key4you.cz. It really slows up my pc startup. I think it started when I downloaded programs from IObit like driver updaters and Advanced Systemcare, I have tried all these programs to desinfect my pc:Kaspersky,Malwarebytes,Eset online scanner,adwcleaner,rkill,JRT,hitmanpro,CCleaner. I have noticed it shows only on the default browser and the link changes when I reset my browser. I've tried to clean my computer with a BC advisor [buddy215] but nothing didn't work https://www.bleepingcomputer.com/forums/t/675161/adfly-link-threadspherebid-pop-ups-on-startup/#entry4482207. And I found adf.ly in registry and the links that it showed me before so i deleted it but it still opened the adf.ly at startup. I hope you could help me with it.
 
 
 
FRST logs
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by adam (administrator) on ADAM-PC (14-04-2018 11:09:27)
Running from C:\Users\adam\Downloads
Loaded Profiles: adam (Available Profiles: adam)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\System32\spacedeskService.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppService.exe
(Wondershare) C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Windows\System32\SpaceDeskServiceTray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avpui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9228800 2017-12-09] (Realtek Semiconductor)
HKU\S-1-5-21-1663746634-567950608-3139407904-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-06] (Piriform Ltd)
HKU\S-1-5-21-1663746634-567950608-3139407904-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-1663746634-567950608-3139407904-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-1663746634-567950608-3139407904-1000\...\MountPoints2: {e71219a1-16ec-11e8-892e-8c89a55ef011} - F:\LG_PC_Programs.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Java 32bit.bat [2018-01-08] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A9238AAB-DF5E-44C1-9FD6-4D7F1D6FDECF}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1663746634-567950608-3139407904-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/?fr=vmn&type=auslog_yaapp6_adw_hp
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1663746634-567950608-3139407904-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.yahoo.com/search/?toggle=1&cop=mss&ei=UTF-8&fr=vmn&type=auslog_yaapp6_adw_ch&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1663746634-567950608-3139407904-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://search.yahoo.com/search/?toggle=1&cop=mss&ei=UTF-8&fr=vmn&type=auslog_yaapp6_adw_ch&p={searchTerms}
BHO: Kaspersky Protection -> {0E2877D3-2641-4970-B794-A553E295428D} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\IEExt\ie_plugin.dll [2017-10-11] (AO Kaspersky Lab)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll => No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\IEExt\ie_plugin.dll [2017-10-11] (AO Kaspersky Lab)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-12-15]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
 
Chrome: 
=======
CHR Profile: C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default [2018-04-14]
CHR Extension: (Dokumenty) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-13]
CHR Extension: (Disk Google) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-13]
CHR Extension: (YouTube) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-13]
CHR Extension: (Tabuľky) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-13]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-04-13]
CHR Extension: (Kaspersky Protection) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\mchjnmdbdlkdbfliogedbnpnanfjnolk [2018-04-13]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-13]
CHR Extension: (Gmail) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-13]
CHR Extension: (Chrome Media Router) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-13]
CHR HKLM\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
CHR HKLM-x32\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 AVP18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe [354672 2017-01-24] (AO Kaspersky Lab)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6971400 2018-01-09] ()
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291904 2017-08-14] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-13] (EasyAntiCheat Ltd)
S3 klvssbridge64_18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\vssbridge64.exe [426416 2017-10-11] (AO Kaspersky Lab)
R2 KSDE2.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 spacedeskService; C:\Windows\system32\spacedeskService.exe [806952 2018-03-21] ()
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2018-03-01] (TeamViewer GmbH)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [297240 2018-04-08] (Reason Software Company Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppService.exe [495840 2018-01-26] (Wondershare)
R2 WsDrvInst; C:\Program Files (x86)\Wondershare\drfone\Library\DriverInstaller\DriverInstall.exe [120096 2018-01-16] (Wondershare)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 asstor64; C:\Windows\System32\DRIVERS\asstor64.sys [83792 2017-12-09] (Asmedia Technology)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [269408 2017-12-17] (Bluestack System Inc. )
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [247008 2016-12-26] (AO Kaspersky Lab)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-10-17] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-10-17] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76192 2018-03-19] ()
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-12-09] (REALiX™)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554408 2016-10-01] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [70880 2017-12-15] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [119496 2018-02-20] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [206040 2017-10-15] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [350944 2017-10-15] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1072840 2018-02-20] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [57024 2018-02-20] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [57568 2016-12-23] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [58592 2016-12-07] (AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [50672 2017-06-23] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [81904 2017-06-23] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [140000 2017-12-15] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [199392 2017-12-15] (AO Kaspersky Lab)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193768 2018-03-31] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2018-04-14] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2018-04-14] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-03-31] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [93816 2018-04-14] (Malwarebytes)
S3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [42600 2000-01-01] (Synaptics Incorporated)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3567488 2017-12-17] ()
R3 spacedeskAuxiliary; C:\Windows\System32\DRIVERS\spacedeskAuxiliary.sys [24104 2017-09-27] (datronicsoft)
R1 spacedeskHookKmode; C:\Windows\System32\DRIVERS\spacedeskHookKmode.sys [283176 2018-03-21] (datronicsoft Inc.)
R3 spacedeskKtmInputKeybd; C:\Windows\System32\DRIVERS\spacedeskKtmInputKeybd.sys [33832 2017-09-08] ()
R3 spacedeskKtmInputMouse; C:\Windows\System32\DRIVERS\spacedeskKtmInputMouse.sys [33832 2017-09-08] ()
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 cpuz143; \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys [X]
S3 iobit_monitor_server; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win7_x64.sys [X]
S4 IUFileFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-14 11:09 - 2018-04-14 11:11 - 000015900 _____ C:\Users\adam\Downloads\FRST.txt
2018-04-14 11:08 - 2018-04-14 11:09 - 000000000 ____D C:\FRST
2018-04-14 11:07 - 2018-04-14 11:07 - 002403328 _____ (Farbar) C:\Users\adam\Downloads\FRST64.exe
2018-04-14 11:03 - 2018-04-14 11:04 - 019709440 _____ (Luis Cobian, CobianSoft) C:\Users\adam\Downloads\cbSetup.exe
2018-04-14 10:56 - 2018-04-14 11:05 - 000093816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-04-13 22:09 - 2018-03-31 04:09 - 005583040 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-04-13 22:09 - 2018-03-31 03:45 - 000631640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-04-13 22:09 - 2018-03-31 03:39 - 004046528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-04-13 22:09 - 2018-03-31 03:39 - 003958464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-04-13 22:09 - 2018-03-31 03:38 - 001665336 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-04-13 22:09 - 2018-03-28 09:30 - 003225600 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-04-13 22:09 - 2018-03-23 20:50 - 000396952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-04-13 22:09 - 2018-03-23 19:59 - 000348824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-04-13 22:09 - 2018-03-23 01:00 - 025742336 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-04-13 22:09 - 2018-03-22 23:32 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-04-13 22:09 - 2018-03-22 23:32 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-04-13 22:09 - 2018-03-22 23:26 - 020287488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-04-13 22:09 - 2018-03-22 23:19 - 002901504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-04-13 22:09 - 2018-03-22 23:18 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-04-13 22:09 - 2018-03-22 23:17 - 000578048 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-04-13 22:09 - 2018-03-22 23:17 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-04-13 22:09 - 2018-03-22 23:17 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-04-13 22:09 - 2018-03-22 23:17 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-04-13 22:09 - 2018-03-22 23:15 - 005780480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-04-13 22:09 - 2018-03-22 23:10 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-04-13 22:09 - 2018-03-22 23:09 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-04-13 22:09 - 2018-03-22 23:07 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-04-13 22:09 - 2018-03-22 23:06 - 000794112 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-04-13 22:09 - 2018-03-22 23:06 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-04-13 22:09 - 2018-03-22 23:06 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-04-13 22:09 - 2018-03-22 23:05 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-04-13 22:09 - 2018-03-22 23:04 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-04-13 22:09 - 2018-03-22 22:58 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-04-13 22:09 - 2018-03-22 22:55 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-04-13 22:09 - 2018-03-22 22:52 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-04-13 22:09 - 2018-03-22 22:52 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-04-13 22:09 - 2018-03-22 22:51 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-04-13 22:09 - 2018-03-22 22:51 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-04-13 22:09 - 2018-03-22 22:50 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-04-13 22:09 - 2018-03-22 22:49 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-04-13 22:09 - 2018-03-22 22:48 - 002295296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-04-13 22:09 - 2018-03-22 22:48 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-04-13 22:09 - 2018-03-22 22:48 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-04-13 22:09 - 2018-03-22 22:45 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-04-13 22:09 - 2018-03-22 22:45 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-04-13 22:09 - 2018-03-22 22:45 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-04-13 22:09 - 2018-03-22 22:44 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-04-13 22:09 - 2018-03-22 22:43 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-04-13 22:09 - 2018-03-22 22:42 - 000661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-04-13 22:09 - 2018-03-22 22:42 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-04-13 22:09 - 2018-03-22 22:42 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-04-13 22:09 - 2018-03-22 22:41 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-04-13 22:09 - 2018-03-22 22:40 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-04-13 22:09 - 2018-03-22 22:33 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-04-13 22:09 - 2018-03-22 22:31 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-04-13 22:09 - 2018-03-22 22:29 - 015282688 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-04-13 22:09 - 2018-03-22 22:29 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-04-13 22:09 - 2018-03-22 22:29 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-04-13 22:09 - 2018-03-22 22:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-04-13 22:09 - 2018-03-22 22:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-04-13 22:09 - 2018-03-22 22:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-04-13 22:09 - 2018-03-22 22:27 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-04-13 22:09 - 2018-03-22 22:27 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-04-13 22:09 - 2018-03-22 22:25 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-04-13 22:09 - 2018-03-22 22:25 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-04-13 22:09 - 2018-03-22 22:24 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-04-13 22:09 - 2018-03-22 22:22 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-04-13 22:09 - 2018-03-22 22:21 - 004496896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-04-13 22:09 - 2018-03-22 22:20 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-04-13 22:09 - 2018-03-22 22:17 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-04-13 22:09 - 2018-03-22 22:15 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-04-13 22:09 - 2018-03-22 22:15 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-04-13 22:09 - 2018-03-22 22:14 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-04-13 22:09 - 2018-03-22 22:14 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-04-13 22:09 - 2018-03-22 22:04 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-04-13 22:09 - 2018-03-22 21:55 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-04-13 22:09 - 2018-03-22 21:53 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-04-13 22:09 - 2018-03-22 21:52 - 001313792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-04-13 22:09 - 2018-03-22 21:51 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-04-13 22:09 - 2018-03-10 19:11 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2018-04-13 22:09 - 2018-03-09 20:18 - 000309440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-04-13 22:09 - 2018-03-09 20:12 - 000383680 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-04-13 22:09 - 2018-03-09 20:12 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-04-13 22:09 - 2018-03-09 20:12 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-04-13 22:09 - 2018-03-09 20:07 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-04-13 22:09 - 2018-03-09 20:07 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-04-13 22:09 - 2018-03-06 20:13 - 000148160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
2018-04-13 22:09 - 2018-03-06 20:11 - 000184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scksp.dll
2018-04-13 22:09 - 2018-03-06 20:10 - 000170176 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2018-04-13 22:09 - 2018-03-06 20:07 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
2018-04-13 22:09 - 2018-02-22 05:28 - 000217600 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2018-04-13 22:09 - 2018-02-22 05:06 - 000134656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2018-04-13 22:09 - 2018-02-10 20:35 - 000367296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-04-13 22:09 - 2018-02-10 20:35 - 000334528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2018-04-13 22:09 - 2018-02-10 20:35 - 000185024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2018-04-13 22:09 - 2018-02-10 20:35 - 000122560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS
2018-04-13 22:09 - 2018-02-10 20:35 - 000068288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2018-04-13 22:09 - 2018-02-10 20:35 - 000064192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS
2018-04-13 22:09 - 2018-02-10 20:35 - 000063168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
2018-04-13 22:09 - 2018-02-10 20:35 - 000060608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys
2018-04-13 22:09 - 2018-02-10 20:35 - 000036032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys
2018-04-13 22:09 - 2018-02-10 20:35 - 000031936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys
2018-04-13 22:09 - 2018-02-10 20:35 - 000023744 _____ (Microsoft Corporation) C:\Windows\system32\streamci.dll
2018-04-13 22:09 - 2018-02-10 20:35 - 000020160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys
2018-04-13 22:09 - 2018-02-10 20:35 - 000015040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys
2018-04-13 22:09 - 2018-02-10 20:35 - 000012096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys
2018-04-13 22:09 - 2018-02-10 20:23 - 002292224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2018-04-13 22:09 - 2018-02-10 20:23 - 000330240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
2018-04-13 22:09 - 2018-02-10 20:11 - 003665920 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2018-04-13 22:09 - 2018-02-10 20:11 - 000369664 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2018-04-13 22:09 - 2018-02-10 19:26 - 000653312 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
2018-04-13 22:09 - 2018-02-02 20:40 - 000114368 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2018-04-13 22:09 - 2018-02-02 20:29 - 002365952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2018-04-13 22:09 - 2018-02-02 20:29 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2018-04-13 22:09 - 2018-02-02 20:28 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2018-04-13 22:09 - 2018-02-02 20:16 - 003246080 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2018-04-13 22:09 - 2018-02-02 20:16 - 000504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2018-04-13 22:09 - 2018-02-02 20:14 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-04-13 22:09 - 2018-02-02 20:14 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-04-13 22:09 - 2018-02-02 19:46 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2018-04-13 22:09 - 2018-02-02 19:36 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2018-04-13 22:09 - 2018-01-25 16:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-04-13 22:09 - 2018-01-25 16:05 - 000063832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-04-13 22:09 - 2018-01-25 16:05 - 000020824 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-04-13 22:09 - 2018-01-25 16:05 - 000019800 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-04-13 22:09 - 2018-01-25 16:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-04-13 22:09 - 2018-01-25 16:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-04-13 22:09 - 2018-01-25 16:05 - 000016216 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-04-13 22:09 - 2018-01-25 16:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-04-13 22:09 - 2018-01-25 16:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-04-13 22:09 - 2018-01-25 16:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-04-13 22:09 - 2018-01-25 16:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-04-13 22:09 - 2018-01-25 16:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-04-13 22:09 - 2018-01-25 16:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-04-13 22:09 - 2018-01-25 16:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-04-13 22:09 - 2018-01-25 16:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-04-13 22:09 - 2018-01-25 16:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-04-13 22:09 - 2018-01-25 16:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-04-13 22:09 - 2018-01-25 16:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-04-13 22:09 - 2018-01-25 16:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-04-13 22:09 - 2018-01-25 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-04-13 22:09 - 2018-01-25 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-04-13 22:09 - 2018-01-25 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-04-13 22:09 - 2018-01-25 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-04-13 22:09 - 2018-01-25 16:04 - 000922944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-04-13 22:09 - 2018-01-25 16:04 - 000066392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-04-13 22:09 - 2018-01-25 16:04 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-04-13 22:09 - 2018-01-25 16:04 - 000019800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-04-13 22:09 - 2018-01-25 16:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-04-13 22:09 - 2018-01-25 16:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-04-13 22:09 - 2018-01-25 16:04 - 000016216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-04-13 22:09 - 2018-01-25 16:04 - 000015704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-04-13 22:09 - 2018-01-25 16:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-04-13 22:09 - 2018-01-25 16:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2018-04-13 22:09 - 2018-01-25 16:04 - 000013656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-04-13 22:09 - 2018-01-25 16:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-04-13 22:09 - 2018-01-25 16:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-04-13 22:09 - 2018-01-25 16:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-04-13 22:09 - 2018-01-25 16:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-04-13 22:09 - 2018-01-25 16:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-04-13 22:09 - 2018-01-25 16:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-04-13 22:09 - 2018-01-25 16:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2018-04-13 22:09 - 2018-01-25 16:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2018-04-13 22:09 - 2018-01-25 16:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2018-04-13 22:09 - 2018-01-25 16:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2018-04-13 22:09 - 2018-01-25 16:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2018-04-13 22:09 - 2018-01-25 16:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2018-04-13 22:09 - 2018-01-12 18:40 - 000407040 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2018-04-13 22:09 - 2018-01-12 18:26 - 000308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2018-04-13 22:08 - 2018-03-31 04:09 - 000708288 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-04-13 22:08 - 2018-03-31 04:09 - 000262336 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-04-13 22:08 - 2018-03-31 04:09 - 000154816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-04-13 22:08 - 2018-03-31 04:09 - 000095424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-04-13 22:08 - 2018-03-31 03:35 - 001461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:12 - 001314064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 03:06 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-04-13 22:08 - 2018-03-31 03:06 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-04-13 22:08 - 2018-03-31 03:06 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-04-13 22:08 - 2018-03-31 03:06 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-04-13 22:08 - 2018-03-31 03:03 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-04-13 22:08 - 2018-03-31 03:02 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-04-13 22:08 - 2018-03-31 03:02 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-04-13 22:08 - 2018-03-31 02:59 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-04-13 22:08 - 2018-03-31 02:58 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-04-13 22:08 - 2018-03-31 02:58 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-04-13 22:08 - 2018-03-31 02:58 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-04-13 22:08 - 2018-03-31 02:58 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-04-13 22:08 - 2018-03-31 02:51 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-04-13 22:08 - 2018-03-31 02:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-04-13 22:08 - 2018-03-31 02:47 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-04-13 22:08 - 2018-03-31 02:47 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-04-13 22:08 - 2018-03-31 02:47 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-04-13 22:08 - 2018-03-31 02:47 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 02:47 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 02:47 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 02:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-04-13 22:08 - 2018-03-31 02:47 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-04-13 22:08 - 2018-03-09 20:12 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-04-13 22:08 - 2018-03-09 20:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-04-13 22:08 - 2018-03-09 20:07 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-04-13 22:08 - 2018-03-09 20:06 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-04-13 22:08 - 2018-03-09 20:06 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-04-13 22:08 - 2018-03-09 19:31 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-04-13 22:08 - 2018-03-06 20:11 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsnmp32.dll
2018-04-13 22:08 - 2018-03-06 20:07 - 000067072 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
2018-04-13 22:08 - 2018-02-10 20:23 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\racpldlg.dll
2018-04-13 22:08 - 2018-02-10 20:11 - 000133120 _____ (Microsoft Corporation) C:\Windows\system32\msrahc.dll
2018-04-13 22:08 - 2018-02-10 20:11 - 000119296 _____ (Microsoft Corporation) C:\Windows\system32\racpldlg.dll
2018-04-13 22:08 - 2018-02-10 19:36 - 000108032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msra.exe
2018-04-13 22:08 - 2018-02-10 19:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdchange.exe
2018-04-13 22:08 - 2018-02-10 19:36 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsraLegacy.tlb
2018-04-13 22:08 - 2018-02-10 19:26 - 000051712 _____ (Microsoft Corporation) C:\Windows\system32\sdchange.exe
2018-04-13 22:08 - 2018-02-10 19:25 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys
2018-04-13 22:08 - 2018-02-10 19:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys
2018-04-13 22:08 - 2018-02-10 19:25 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
2018-04-13 22:08 - 2018-02-02 20:29 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2018-04-13 22:08 - 2018-02-02 20:16 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2018-04-13 22:08 - 2018-01-15 21:59 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-04-13 22:08 - 2018-01-15 21:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-04-12 19:16 - 2018-04-12 19:16 - 000000000 ____D C:\ProgramData\wsr
2018-04-12 19:12 - 2018-04-12 19:15 - 000000000 ____D C:\Users\adam\AppData\Roaming\Wondershare
2018-04-12 19:12 - 2018-04-12 19:12 - 000001328 _____ C:\Users\Public\Desktop\dr.fone.lnk
2018-04-12 19:12 - 2018-04-12 19:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2018-04-12 19:11 - 2017-09-27 17:29 - 000000232 _____ C:\Windows\SysWOW64\dllhost.exe.config
2018-04-12 19:10 - 2018-04-12 19:12 - 000000000 ____D C:\ProgramData\Wondershare
2018-04-12 19:10 - 2018-04-12 19:10 - 000000000 ____D C:\Program Files (x86)\Wondershare
2018-04-12 19:09 - 2018-04-12 19:13 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2018-04-12 15:58 - 2018-03-14 19:14 - 000135360 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-04-12 15:58 - 2018-03-14 19:09 - 000656384 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-04-12 15:58 - 2018-03-14 15:05 - 001993728 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-04-12 15:58 - 2018-03-14 15:05 - 001559552 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-04-12 15:58 - 2018-03-14 15:05 - 000739840 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-04-12 15:58 - 2018-03-14 15:05 - 000599552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-04-12 15:58 - 2018-03-14 15:05 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-04-12 15:58 - 2018-03-14 15:05 - 000414720 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-04-12 15:58 - 2018-03-14 15:05 - 000291840 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-04-12 15:58 - 2018-03-14 15:05 - 000237056 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-04-11 18:58 - 2018-04-11 18:58 - 000009642 _____ C:\Users\adam\Documents\install.txt
2018-04-11 18:54 - 2018-04-11 18:56 - 000002112 _____ C:\Users\adam\Documents\startup.txt
2018-04-10 21:51 - 2018-04-10 21:51 - 000003106 _____ C:\Users\adam\Desktop\ESET LOG FILE.txt
2018-04-10 20:14 - 2018-04-10 15:54 - 008222496 _____ (Malwarebytes) C:\Users\adam\Desktop\adwcleaner_7.0.8.0.exe
2018-04-10 16:29 - 2018-04-11 06:48 - 000000000 ____D C:\Users\adam\AppData\Local\ESET
2018-04-07 13:58 - 2018-04-07 13:58 - 000001545 _____ C:\Users\adam\Desktop\BlueStacks.lnk
2018-04-07 13:57 - 2018-04-07 13:57 - 000002195 _____ C:\Users\adam\Desktop\Google Chrome.lnk
2018-04-07 13:56 - 2018-04-07 13:56 - 000000363 _____ C:\Users\adam\Desktop\Počítač.lnk
2018-04-06 20:06 - 2018-04-06 20:06 - 000000219 _____ C:\Users\adam\Desktop\Team Fortress 2.url
2018-04-01 12:47 - 2018-02-18 23:34 - 000634272 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-03-31 19:47 - 2018-03-31 19:47 - 007874959 _____ C:\Users\adam\Desktop\Dinosaury.pptx
2018-03-31 11:53 - 2018-04-14 10:58 - 000112864 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-03-31 11:53 - 2018-03-31 11:53 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-03-31 11:53 - 2018-03-31 11:53 - 000193768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-03-31 11:52 - 2018-03-31 11:52 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-31 11:52 - 2018-03-31 11:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-31 11:52 - 2018-03-19 12:57 - 000076192 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-03-29 20:10 - 2018-03-29 20:10 - 000000000 ____D C:\Program Files\datronicsoft
2018-03-29 14:40 - 2018-03-29 14:40 - 000000000 __SHD C:\82ace7d6-0197-474d-bf4b-a2043e72329b
2018-03-29 13:09 - 2018-03-29 13:09 - 000002291 _____ C:\Users\adam\Desktop\Clash of Clans.lnk
2018-03-25 13:18 - 2018-03-25 13:19 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2018-03-25 13:18 - 2018-03-25 13:18 - 000001007 _____ C:\Users\adam\Desktop\SpeedFan.lnk
2018-03-25 13:18 - 2018-03-25 13:18 - 000000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2018-03-25 13:18 - 2018-03-25 13:18 - 000000000 ____D C:\Users\adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2018-03-24 13:15 - 2018-03-24 13:15 - 000000000 ____D C:\Users\adam\AppData\Roaming\dvdcss
2018-03-21 18:18 - 2018-03-21 18:18 - 000637992 _____ (datronicsoft Inc.) C:\Windows\SysWOW64\spacedeskHookUmode.dll
2018-03-21 18:17 - 2018-03-21 18:17 - 000806952 _____ C:\Windows\system32\spacedeskService.exe
2018-03-21 18:17 - 2018-03-21 18:17 - 000767528 _____ (datronicsoft Inc.) C:\Windows\system32\spacedeskHookUmode.dll
2018-03-21 18:17 - 2018-03-21 18:17 - 000362024 _____ C:\Windows\system32\SpaceDeskServiceTray.exe
2018-03-21 18:17 - 2018-03-21 18:17 - 000283176 _____ (datronicsoft Inc.) C:\Windows\system32\Drivers\spacedeskHookKmode.sys
2018-03-18 16:54 - 2018-03-18 16:54 - 000000000 ____D C:\Users\adam\AppData\Local\CrashReportClient
2018-03-17 18:45 - 2018-03-18 18:49 - 000000000 ____D C:\Program Files (x86)\MalwareFox AntiMalware
2018-03-17 18:45 - 2018-03-18 17:00 - 000049281 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-03-17 18:45 - 2018-03-18 14:56 - 000165510 _____ C:\Windows\ZAM.krnl.trace
2018-03-17 18:45 - 2018-03-17 18:45 - 000000000 ____D C:\Users\adam\AppData\Local\Wolf of Webstreet OPC Private Limited
2018-03-17 18:44 - 2018-03-17 18:44 - 000000000 ____D C:\Users\adam\AppData\Local\Zemana
2018-03-16 19:21 - 2018-04-02 20:52 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-03-16 19:21 - 2018-03-24 20:00 - 000000975 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2018-03-16 19:21 - 2018-03-24 20:00 - 000000963 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2018-03-15 20:13 - 2018-03-15 20:13 - 000000044 _____ C:\Users\adam\Desktop\teamspeak recovery code.txt
2018-03-15 20:12 - 2018-03-15 20:12 - 000000000 ____D C:\Users\adam\.TeamSpeak 3
2018-03-15 20:12 - 2018-03-15 20:12 - 000000000 ____D C:\Users\adam\.QtWebEngineProcess
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-14 11:11 - 2017-10-11 19:33 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-04-14 11:06 - 2009-07-14 06:45 - 000014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-14 11:06 - 2009-07-14 06:45 - 000014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-14 11:02 - 2009-07-14 07:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-14 11:02 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-04-14 11:00 - 2017-10-11 19:35 - 000001540 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk
2018-04-14 10:58 - 2017-10-11 16:51 - 000000000 ____D C:\ProgramData\NVIDIA
2018-04-14 10:57 - 2017-11-17 17:21 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-04-14 10:56 - 2009-07-14 06:45 - 000284016 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-14 10:55 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-14 10:53 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2018-04-13 23:02 - 2018-01-29 18:37 - 000000000 ____D C:\AdwCleaner
2018-04-12 21:13 - 2018-01-19 20:37 - 000003556 _____ C:\Windows\System32\Tasks\Sstt2-TaskPlan
2018-04-12 21:12 - 2017-10-11 19:35 - 000003034 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2018-04-12 21:12 - 2017-10-11 18:46 - 000003242 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-04-12 19:14 - 2017-10-11 17:07 - 000063208 _____ C:\Users\adam\AppData\Local\GDIPFONTCACHEV1.DAT
2018-04-12 18:42 - 2017-12-22 13:17 - 000000000 ____D C:\Windows\system32\appraiser
2018-04-12 16:16 - 2017-10-11 17:24 - 000000000 ____D C:\Windows\system32\MRT
2018-04-12 16:13 - 2017-10-11 17:24 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-04-12 16:13 - 2017-10-11 17:24 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-04-10 20:14 - 2018-03-12 21:52 - 000346112 ___SH C:\Users\adam\Desktop\Thumbs.db
2018-04-10 15:15 - 2017-10-13 20:45 - 000000000 ____D C:\Users\adam\AppData\Roaming\uTorrent
2018-04-10 15:15 - 2017-10-11 19:49 - 000000000 ____D C:\Program Files (x86)\Steam
2018-04-10 15:12 - 2017-10-30 19:13 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-04-10 15:12 - 2017-10-30 19:13 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-04-10 15:12 - 2017-10-30 19:13 - 000000000 ____D C:\Program Files\CCleaner
2018-04-07 19:43 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\rescache
2018-03-29 19:56 - 2017-12-09 20:46 - 000000000 ____D C:\Windows\system32\appmgmt
2018-03-24 14:55 - 2018-02-25 18:24 - 000000000 ____D C:\Users\adam\Desktop\woxo zabery
2018-03-24 14:50 - 2017-10-11 19:27 - 000000000 ____D C:\Users\adam\AppData\Roaming\vlc
2018-03-23 17:40 - 2017-10-11 18:46 - 000002236 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-23 17:40 - 2017-10-11 18:46 - 000002195 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-03-18 18:59 - 2018-02-25 15:35 - 000003030 _____ C:\Windows\System32\Tasks\{0133C267-1DC6-4289-8A99-4E1C439E07F7}
2018-03-18 18:59 - 2018-02-25 15:32 - 000003030 _____ C:\Windows\System32\Tasks\{9572E5AF-FA9A-4D30-9701-80D15AA67227}
2018-03-17 18:46 - 2017-10-11 16:34 - 000000000 ____D C:\Users\adam
 
==================== Files in the root of some directories =======
 
2017-11-21 20:24 - 2017-11-21 21:23 - 000019439 _____ () C:\Users\adam\AppData\Roaming\downloads.json
2018-01-29 19:01 - 2018-02-01 22:27 - 000008704 ___SH () C:\Users\adam\AppData\Roaming\Thumbs.db
2017-11-15 14:50 - 2017-11-15 14:50 - 000033193 _____ () C:\Users\adam\AppData\Roaming\UserTile.png
2017-10-14 13:11 - 2018-03-13 23:24 - 000007607 _____ () C:\Users\adam\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-04-09 16:58
 
==================== End of FRST.txt ============================
 
 
 
Addition scan results
 
 
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by adam (14-04-2018 11:12:07)
Running from C:\Users\adam\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2017-10-11 14:34:06)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
adam (S-1-5-21-1663746634-567950608-3139407904-1000 - Administrator - Enabled) => C:\Users\adam
Administrator (S-1-5-21-1663746634-567950608-3139407904-500 - Administrator - Disabled)
Guest (S-1-5-21-1663746634-567950608-3139407904-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1663746634-567950608-3139407904-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Action! (HKLM-x32\...\Mirillis Action!) (Version: 2.8.2 - Mirillis)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.159 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 384.94 - NVIDIA Corporation) Hidden
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{DF6C3726-7E53-4772-9763-E9F147769F51}) (Version: 3.0.2.0000 - Asmedia Technology)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.26.1 - Asmedia Technology)
AVG Driver Updater (HKLM-x32\...\{95294F1F-3F2F-48E6-A33B-B89632F8F1B7}) (Version: 2.2.2 - AVG Netherlands B.V) Hidden
BlueStacks 3 (HKLM-x32\...\BlueStacks) (Version: 3.52.67.1911 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
CpuCoreParking (HKLM-x32\...\{93F2C625-D50A-47BE-9C68-3B1A55DD091C}) (Version: 2.0.1.0 - CpuCoreParking)
Crysis 3 (HKLM-x32\...\Crysis 3_is1) (Version:  - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.6.0.0283 - Disc Soft Ltd)
dr.fone (Version 9.1.3) (HKLM-x32\...\{E8F86DA8-B8E4-42C7-AFD4-EBB692AC43FD}_is1) (Version: 9.1.3.10 - Wondershare Technology Co.,Ltd.)
Epic Games Launcher (HKLM-x32\...\{D442B219-3EBE-4EE2-88F9-5A31DF331CB1}) (Version: 1.1.144.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Spoločnosť Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Grand Theft Auto IV version 1.0.7.0 (HKLM-x32\...\Grand Theft Auto IV_is1) (Version: 1.0.7.0 - Mr DJ)
iTunes (HKLM\...\{CEC7613B-E286-4A31-BEE3-3F7798488D9F}) (Version: 12.1.3.6 - Apple Inc.)
Kaspersky Free (HKLM-x32\...\{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Free (HKLM-x32\...\InstallWIX_{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
LG United Mobile Drivers (HKLM-x32\...\{55031CEF-CE75-4A5C-8DEA-60577820529B}) (Version: 3.10.1.0 - LG Electronics)
Malwarebytes verzia 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft PowerPoint 2010 (HKLM-x32\...\Office14.POWERPOINT) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft 1.11.2 + Titan Launcher 3.7.0 (HKLM-x32\...\Minecraft 1.11.2 + Titan Launcher 3.7.0 1.11.2) (Version: 1.11.2 - Mojang)
NVIDIA Ovládač zvuku HD 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
NVIDIA Softvér systému s podporou technológie PhysX 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 21.0.1 - OBS Project)
Ovládací panel NVIDIA 388.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 388.71 - NVIDIA Corporation) Hidden
Podpora Apple aplikácií (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Podpora Apple aplikácií(64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.92.115.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0000-0000-0000000FF1CE}_Office14.POWERPOINT_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype verzia 8.13 (HKLM-x32\...\Skype_is1) (Version: 8.13 - Skype Technologies S.A.)
spacedesk (HKLM\...\{1B0BB2F6-B5DC-4F76-8486-9A8453897312}) (Version: 0.9.974.0 - datronicsoft Inc.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Subnautica (HKLM-x32\...\Subnautica_is1) (Version:  - )
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.95388 - TeamViewer)
Unchecky v1.2 (HKLM-x32\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
WinRAR 5.50 (64-bitová verzia) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
YMS 3017 AMBUSH Gaming mouse (HKLM-x32\...\{E3940986-02E8-45C0-8E0A-78CDC4BDAC0B}_is1) (Version: 1.0 - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\adam\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\adam\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\adam\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\adam\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\adam\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\adam\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2017-10-11] (AO Kaspersky Lab)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\adam\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers1: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers2: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2017-10-11] (AO Kaspersky Lab)
ContextMenuHandlers2: [MEGA (Context menu)] -> [CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> [CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2017-10-11] (AO Kaspersky Lab)
ContextMenuHandlers4: [MEGA (Context menu)] -> [CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-12-16] (NVIDIA Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2017-10-11] (AO Kaspersky Lab)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0F5BFA40-19FA-4AC0-B470-54C48B82677D} - System32\Tasks\Sstt2-TaskPlan => C:\Program Files\Gaming\YMS 3017\YMS 3017.EXE [2015-09-09] (YENKEE)
Task: {1E6A1823-F4BB-4208-BADC-AC5737A8CCA6} - System32\Tasks\{9572E5AF-FA9A-4D30-9701-80D15AA67227} => D:\Prevzaté súbory\PPRO_2.0_Ret-NH_UE\Premiere Pro 2.0\Adobe Premiere Pro\setup.exe [2005-11-17] (Adobe Systems, Inc.)
Task: {25DACC46-A851-4837-B621-B5048210D1D9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {4AF7E559-92A5-4BA3-8F84-7FC00C4C726F} - System32\Tasks\AVG Driver Updater Startup => C:\Program Files (x86)\AVG Driver Updater\AVG Driver Updater.exe
Task: {4F121651-7D1C-4198-8D15-C060C0DB7619} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-06] (Piriform Ltd)
Task: {9C61114A-BE84-4F92-BDB1-2F4A79EA0D73} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2017-10-11] (AO Kaspersky Lab)
Task: {A14FFC9C-79D9-46E3-A23F-80E87FFBA54F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-11] (Google Inc.)
Task: {B20C7EA3-CEB0-44A3-8478-587303F81099} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-11] (Google Inc.)
Task: {BBD06257-C153-4B1C-A01C-6828CAFC030F} - System32\Tasks\AVG Driver Updater Scan => C:\Program Files (x86)\AVG Driver Updater\AVG Driver Updater.exe
Task: {D6FEB5D0-0122-4D90-9C13-763702DFCFA6} - System32\Tasks\{0133C267-1DC6-4289-8A99-4E1C439E07F7} => D:\Prevzaté súbory\PPRO_2.0_Ret-NH_UE\Premiere Pro 2.0\Adobe Premiere Pro\setup.exe [2005-11-17] (Adobe Systems, Inc.)
Task: {E2988CD3-7FB7-419A-AB42-95A6ECC61381} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-06] (Piriform Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-03-20 19:12 - 2015-03-20 19:12 - 000085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 19:12 - 2015-03-20 19:12 - 001346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-03-21 18:17 - 2018-03-21 18:17 - 000806952 _____ () C:\Windows\system32\spacedeskService.exe
2018-03-31 11:52 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-03-31 11:52 - 2018-03-27 13:47 - 002492704 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-03-21 18:17 - 2018-03-21 18:17 - 000362024 _____ () C:\Windows\system32\spacedeskServiceTray.exe
2018-03-23 17:40 - 2018-03-20 08:00 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll
2018-03-23 17:40 - 2018-03-20 08:00 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll
2017-10-11 19:33 - 2017-10-11 19:33 - 000836968 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\kpcengine.2.3.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Public\AppData:CSM [466]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2018-04-14 10:56 - 000002159 _____ C:\Windows\system32\Drivers\etc\hosts
 
0.0.0.0                   telemetry.malwarebytes.com
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1663746634-567950608-3139407904-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\adam\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kaspersky Free.lnk => C:\Windows\pss\Kaspersky Free.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^adam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Kaspersky Free.lnk => C:\Windows\pss\Kaspersky Free.lnk.Startup
MSCONFIG\startupfolder: C:^Users^adam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MEGAsync.lnk => C:\Windows\pss\MEGAsync.lnk.Startup
MSCONFIG\startupreg: Advanced SystemCare 11 => "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: ZAM => "C:\Program Files (x86)\MalwareFox AntiMalware\ZAM.exe" /minimized
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{5BD01CB2-BFF3-4933-8725-A1B2ECEEC2AE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B916461A-73F1-4617-ADEE-9E8C4FF7269A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2F5148E3-4985-4720-B478-6183550E05E7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{2B3E99A0-DC9B-49E6-8BA9-A8432D5047C4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{FAC4D56C-C181-4BCB-B151-10E4DD0DD4A9}C:\users\adam\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\adam\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{4939098B-4767-4F3F-A113-5524F1883073}C:\users\adam\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\adam\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{873D72EF-0762-4AC4-B043-EB19EDD53D99}C:\program files (x86)\farcry 3\bin\farcry3.exe] => (Allow) C:\program files (x86)\farcry 3\bin\farcry3.exe
FirewallRules: [UDP Query User{6A10487F-4B5B-4C9E-9423-DF5B70EAF115}C:\program files (x86)\farcry 3\bin\farcry3.exe] => (Allow) C:\program files (x86)\farcry 3\bin\farcry3.exe
FirewallRules: [{308826A6-839D-4E0F-9C8D-1578FAE4736A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shakes & Fidget\Shakes and Fidget.exe
FirewallRules: [{0271A97E-A0D3-442B-8365-825D6B7F0ED8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shakes & Fidget\Shakes and Fidget.exe
FirewallRules: [TCP Query User{72F3C267-E894-4495-A584-E98A082E53EE}C:\program files (x86)\need for speed most wanted 2012\nfs13.exe] => (Block) C:\program files (x86)\need for speed most wanted 2012\nfs13.exe
FirewallRules: [UDP Query User{96CA0D31-A9D3-48BB-BC2C-7B0A86A8E41C}C:\program files (x86)\need for speed most wanted 2012\nfs13.exe] => (Block) C:\program files (x86)\need for speed most wanted 2012\nfs13.exe
FirewallRules: [{EFCA1A9A-FD1B-4AB7-A27A-E69A25330A37}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{243B9A43-19B7-4C48-8CA5-BB5AC2EA047A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{DB7FEB62-FC3A-419A-9BDA-CF40AB7392A0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5AD257D1-63C4-4009-8646-B0D036280074}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7BBDC05C-098D-4743-9FAB-A9BCB470C0DE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2AE47D25-4232-46D7-9E5E-B18F4B799819}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{08358380-CF88-4BC4-8B76-BAF67688A970}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battlerite\Battlerite.exe
FirewallRules: [{FD230613-0F50-4536-B44E-4932ED7EEC0F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Battlerite\Battlerite.exe
FirewallRules: [{538B5E2F-D11F-45FF-A016-90B6AF55B57D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{00831B1B-8C74-4CE5-B053-FBC931006F00}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{5E5F55C9-3EB4-4A7D-9684-874609CFAEA5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Turmoil\Turmoil_PC_Full.exe
FirewallRules: [{2C636595-538A-4F1C-BC96-3872F059F8CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Turmoil\Turmoil_PC_Full.exe
FirewallRules: [{9E839782-DCFD-4218-BABE-865C8AA93CDA}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe
FirewallRules: [TCP Query User{F2B50128-06D6-4FBA-B2AF-D9C887000C92}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [UDP Query User{0B3F8727-1EC7-49B1-A52D-F2AAD815C332}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{634DA389-A6A0-455A-91F9-875AD8B777AF}] => (Block) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{A9426ED1-B445-41A3-8851-8AB8F5880BCA}] => (Block) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [TCP Query User{5EA6B7E8-6643-406F-83CF-CEEC95E4206F}C:\program files (x86)\assassins creed iii\ac3sp.exe] => (Allow) C:\program files (x86)\assassins creed iii\ac3sp.exe
FirewallRules: [UDP Query User{D61740D1-C474-4C58-ACC6-9E7185641237}C:\program files (x86)\assassins creed iii\ac3sp.exe] => (Allow) C:\program files (x86)\assassins creed iii\ac3sp.exe
FirewallRules: [{27CAD8DD-CCEF-4686-9EC0-1660628CC7A1}] => (Allow) C:\Games\Call of Duty Black Ops 2\t6mp.exe
FirewallRules: [{1006367D-B955-449C-BB64-89FCE627ACAF}] => (Allow) C:\Games\Call of Duty Black Ops 2\t6mp.exe
FirewallRules: [{2E4B7913-A8F4-43E8-9A32-BF41344F85F7}] => (Allow) C:\Games\Call of Duty Black Ops 2\t6mp.exe
FirewallRules: [{0E45E8D2-92E7-4EE5-BEDD-031EC74587C4}] => (Allow) C:\Games\Call of Duty Black Ops 2\t6mp.exe
FirewallRules: [TCP Query User{C5606D0E-1BEA-4348-9A85-D50B679FF821}C:\games\call of duty black ops 2\t6mpv43.exe] => (Allow) C:\games\call of duty black ops 2\t6mpv43.exe
FirewallRules: [UDP Query User{72894844-0023-40AF-BCD5-2368541794F8}C:\games\call of duty black ops 2\t6mpv43.exe] => (Allow) C:\games\call of duty black ops 2\t6mpv43.exe
FirewallRules: [{C6969B1B-65D3-4910-AD6B-DFF17DD077B5}] => (Block) C:\games\call of duty black ops 2\t6mpv43.exe
FirewallRules: [{EB03DAE6-23B9-4528-84A0-2B00F0C48C83}] => (Block) C:\games\call of duty black ops 2\t6mpv43.exe
FirewallRules: [TCP Query User{C21EF9E7-E3F2-43A5-AF9D-451E3CE7BEE1}C:\programdata\oracle\java\javapath_target_1435786\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_1435786\java.exe
FirewallRules: [UDP Query User{F554ECC0-4C99-4868-BFF4-1E6920DFB2CB}C:\programdata\oracle\java\javapath_target_1435786\java.exe] => (Allow) C:\programdata\oracle\java\javapath_target_1435786\java.exe
FirewallRules: [TCP Query User{18280F61-9BA4-46D0-A1DC-0FB500050D08}C:\program files\java\jre1.8.0_161\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_161\bin\javaw.exe
FirewallRules: [UDP Query User{B1C8F9BA-A188-497E-BF5D-5FFAA7FD8294}C:\program files\java\jre1.8.0_161\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_161\bin\javaw.exe
FirewallRules: [TCP Query User{46170054-9DB2-46D6-94AA-2FA60E616279}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{9155C992-F806-4A13-852B-17B43F9D7406}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{1B2992CC-3571-4939-ACCB-8294907A2009}C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe
FirewallRules: [UDP Query User{7E606471-4EB9-4A44-954E-7F04DE56FDDA}C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe
FirewallRules: [{57EC55E3-56AC-4579-95BF-15CC2E3E2FF2}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{B8AAD00C-374D-42E9-A8E5-D7567BEC563C}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [TCP Query User{DB8C5EDA-E019-4329-8FC5-5466A11509E3}C:\program files\java\jre1.8.0_161\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_161\bin\javaw.exe
FirewallRules: [UDP Query User{F53B555C-C35B-4199-93D2-CF46F8B7A8CB}C:\program files\java\jre1.8.0_161\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_161\bin\javaw.exe
FirewallRules: [{F0E7942B-175C-474F-8719-B66B48C65A4C}] => (Allow) C:\Users\adam\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9177ED0D-D6E2-45EC-B0AB-FAECC247AACE}] => (Allow) C:\Users\adam\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{89429DE4-B4EF-4D3D-BBCC-DF221161406C}C:\program files (x86)\subnautica\subnautica.exe] => (Allow) C:\program files (x86)\subnautica\subnautica.exe
FirewallRules: [UDP Query User{8246BD90-E880-44F6-9831-A960E73FB7FD}C:\program files (x86)\subnautica\subnautica.exe] => (Allow) C:\program files (x86)\subnautica\subnautica.exe
FirewallRules: [{C16E6C20-A2A7-4C1F-B6FC-A4167B101F80}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{61E9AA4D-4066-47C4-B027-8A493887AD4F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{583D9A16-8984-409A-8791-14984C9C795D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AB6F660C-6B16-4B2F-96F9-A1AE2FB383AA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C5F39240-0D05-4D71-8F65-E0CF7DF2A6CC}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{D3F04687-C083-47EB-9E60-04B567375C72}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [UDP Query User{65688D52-37CB-4AC6-86F0-6F2FEFB9E2A7}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Block) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{C9D10B2A-D180-4219-B0A6-15EFA03959E1}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{71DBA5F0-97D8-4CFD-8164-575DEFFC2AB5}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{0BC577E2-BAFB-46A3-8B89-08AB607C7CF7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C7DFB46C-C5B0-41E1-9B5B-A1E61BDFA35D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{16DF41CA-3BD7-4010-A794-C2631B5888CA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D951E0B5-1D4B-4580-A9A1-49F080514BEC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{3E514DA0-595F-45A8-A785-E870707B7EE6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{812CD30A-D537-44CB-B0A2-EEDA1923B4E1}] => (Allow) C:\Windows\system32\spacedeskService.exe
 
==================== Restore Points =========================
 
11-04-2018 15:37:14 Windows Update
12-04-2018 15:52:39 Removed Java 8 Update 161
12-04-2018 15:58:00 Removed Java 8 Update 161 (64-bit)
12-04-2018 16:12:36 Windows Update
13-04-2018 23:10:19 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/14/2018 11:02:20 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
 
Error: (04/14/2018 11:02:20 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
 
Error: (04/06/2018 07:57:21 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to copy new service file to temp location
 
Error: (04/03/2018 08:20:29 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
 
Error: (04/03/2018 08:20:28 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
 
Error: (03/29/2018 06:40:51 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
 
Error: (03/29/2018 06:40:51 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
 
Error: (03/29/2018 12:07:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 01B language ID. The first DWORD in the Data section contains the Win32 error code.
 
 
System errors:
=============
Error: (04/13/2018 11:04:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Počas čakania na pripojenie služby Wondershare Application Framework Service bol dosiahnutý časový limit (30000 ms).
 
Error: (04/13/2018 08:33:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Kaspersky Anti-Virus Service 18.0.0 sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 10000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.
 
Error: (04/13/2018 08:32:15 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 20:30:39 on ‎13. ‎4. ‎2018 was unexpected.
 
Error: (04/12/2018 10:26:51 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Počas čakania na odpoveď transakcie od služby MBAMService bol dosiahnutý časový limit (30000 ms).
 
Error: (04/12/2018 09:17:05 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Služba WMPNetworkSvc sa nespustila správne, pretože sa vo funkcii CoCreateInstance(CLSID_UPnPDeviceFinder) vyskytla chyba 0x80004005. Uistite sa, že je služba UPnPHost spustená a že je súčasť UPnPHost systému Windows správne nainštalovaná.
 
Error: (04/10/2018 04:33:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby eapihdrv zlyhalo kvôli nasledujúcej chybe: 
Ovládač nie je možné načítať, pretože je zablokovaný.
 
Error: (04/10/2018 04:33:09 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\adam\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (04/10/2018 04:33:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby eapihdrv zlyhalo kvôli nasledujúcej chybe: 
Ovládač nie je možné načítať, pretože je zablokovaný.
 
 
Windows Defender:
===================================
Date: 2018-03-17 17:20:17.419
Description: 
Windows Defender scan has been stopped before completion.
Scan ID:{76F7C6A5-31D3-4722-BCCC-2460DDF9B593}
Scan Type:AntiSpyware
Scan Parameters:Full Scan
 
Date: 2018-03-17 16:55:02.433
Description: 
Windows Defender scan has been stopped before completion.
Scan ID:{23E8A91A-026E-4588-878F-3AA231A796B9}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan
 
Date: 2018-01-30 19:57:48.799
Description: 
Windows Defender scan has been stopped before completion.
Scan ID:{F1479F31-A121-4AEF-9534-EB5E3358E273}
Scan Type:AntiSpyware
Scan Parameters:Full Scan
 
Date: 2018-01-30 18:36:20.448
Description: 
Windows Defender scan has been stopped before completion.
Scan ID:{5E46AEF9-B72F-4916-802F-4B732C09B921}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan
 
Date: 2018-01-30 18:18:48.400
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Misleading:Win32/Sofolview&threatid=240761
Name:Misleading:Win32/Sofolview
ID:240761
Severity:Vysoká
Category:Potenciálne nežiaduci softvér
Path Found:containerfile:C:\ProgramData\{0897014C-63E3-47DF-8A5F-4399CC5D61B9}\DriverDocSetup.msi;containerfile:C:\ProgramData\{0897014C-63E3-47DF-8A5F-4399CC5D61B9}\DriverDocSetup.res;containerfile:C:\Windows\Installer\1862cd.msi;file:C:\Program Files (x86)\Solvusoft\DriverDoc\DPInst32.exe;file:C:\Program Files (x86)\Solvusoft\DriverDoc\DPInst64.exe;file:C:\Program Files (x86)\Solvusoft\DriverDoc\DriverHiveEngine.dll;file:C:\Program Files (x86)\Solvusoft\DriverDoc\Notification.dll;file:C:\Program Files (x86)\Solvusoft\DriverDoc\sfhtml.dll;file:C:\Program Files (x86)\Solvusoft\DriverDoc\SuiteClient.dll;file:C:\ProgramData\{0897014C-63E3-47DF-8A5F-4399CC5D61B9}\DriverDocSetup.msi->Binary.NewBinary1.F99A9D77_3183_40E0_8DD9_757AFFC9AB41;file:C:\ProgramData\{0897014C-63E3-47DF-8A5F-4399CC5D61B9}\DriverDocSetup.res->SuiteClient.dll;file:C:\ProgramData\{0897014C-63E3-47DF-8A5F-4399CC5D61B9}\OFFLINE\3C853E4B\46353557\DPInst64.exe;file:C:\ProgramData\{0897014C-63E3-47DF-8A5F-4399CC5D61B9}\OFFLINE\56FE2F1\46353557\Notification.
Detection Type:Concrete
Detection Source:System
Status:Unknown
Process Name:
 
Date: 2017-10-13 19:48:49.838
Description: 
Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted:Current
Error Code:0x8009200d
Error description:Toto nie je kryptografická správa, alebo je správa nesprávne naformátovaná. 
Signature version:1.253.524.0
Engine version:1.1.14202.0
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU G620 @ 2.60GHz
Percentage of memory in use: 51%
Total physical RAM: 4076.89 MB
Available physical RAM: 1959.8 MB
Total Virtual: 8151.95 MB
Available Virtual: 5769.41 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:149.05 GB) (Free:31.43 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Nový zväzok) (Fixed) (Total:931.51 GB) (Free:382.39 GB) NTFS
 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 9E4025FC)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 149.1 GB) (Disk ID: F4ACF4AC)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 
 
Malwarebytes logs 
 
 
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Protection Event Date: 4/10/18
Protection Event Time: 2:59 PM
Log File: f0d40244-3cbe-11e8-99ef-00ff1342d75f.json
Administrator: Yes
 
-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.4668
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System
 
-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0
 
-Website Data-
Category: Fraud
Domain: cdn.threadsphere.bid
IP Address: 104.31.79.77
Port: [1054]
Type: Outbound
File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
 
(end)
 
 
 
JRT logs
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Ultimate x64 
Ran by adam (Limited) on pi 02. 02. 2018 at 16:21:35,58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 44 
 
Successfully deleted: C:\ProgramData\productdata (Folder) 
Successfully deleted: C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig (Folder) 
Successfully deleted: C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd (Folder) 
Successfully deleted: C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak (Folder) 
Successfully deleted: C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bgjpfhpjcgdppjbgnpnjllokbmcdllig (Folder) 
Successfully deleted: C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blmojkbhnkkphngknkmgccmlenfaelkd (Folder) 
Successfully deleted: C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\olfeabkoenfaoljndfecamgilllcpiak (Folder) 
Successfully deleted: C:\Windows\system32\Tasks\AVG Driver Updater Scan (Task)
Successfully deleted: C:\Windows\system32\Tasks\AVG Driver Updater Startup (Task)
Successfully deleted: C:\Windows\system32\Tasks\Driver Booster SkipUAC (adam) (Task)
Successfully deleted: C:\Windows\Tasks\AVG Driver Updater Scan.job (Task) 
Successfully deleted: C:\Windows\Tasks\AVG Driver Updater Startup.job (Task) 
Successfully deleted: C:\Users\adam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\adam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2AXA0A8U (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\adam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2NZ36LJS (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\adam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\adam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6PJ4NJQP (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\adam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6UI0BLKY (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\adam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9U8LOO1I (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\adam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9Z5DJEF8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\adam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AIPVUJAC (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\adam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNJ4M4T1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\adam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D3O4BAYA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\adam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E31X8VEB (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\adam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\adam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GIS7LZI5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\adam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IE5946M7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\adam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2AXA0A8U (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2NZ36LJS (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6PJ4NJQP (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6UI0BLKY (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9U8LOO1I (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9Z5DJEF8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AIPVUJAC (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BNJ4M4T1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D3O4BAYA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E31X8VEB (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GIS7LZI5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IE5946M7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
 
 
 
Registry: 8 
 
Successfully deleted: HKCU\Software\Google\Chrome\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig (Registry Key) 
Successfully deleted: HKCU\Software\Google\Chrome\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd (Registry Key) 
Successfully deleted: HKCU\Software\Google\Chrome\Extensions\olfeabkoenfaoljndfecamgilllcpiak (Registry Key) 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E2877D3-2641-4970-B794-A553E295428D} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E2877D3-2641-4970-B794-A553E295428D} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{4853DF44-7D6B-48E9-9258-D800EEE54AF6} (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on pi 02. 02. 2018 at 16:22:51,13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
Adwcleaner logs [I have used adwcleaner 4 times and all logs are here
 
 
 
# AdwCleaner 7.0.7.0 - Logfile created on Mon Jan 29 18:01:52 2018
# Updated on 2018/18/01 by Malwarebytes 
# Database: 01-26-2018.4
# Running on Windows 7 Ultimate (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [4605 B] - [2018/1/29 16:40:8]
C:/AdwCleaner/AdwCleaner[S0].txt - [5493 B] - [2018/1/29 16:39:2]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########
 
 
 
 
 

# AdwCleaner 7.0.7.0 - Logfile created on Fri Feb 02 15:15:49 2018
# Updated on 2018/18/01 by Malwarebytes 
# Database: 02-02-2018.1
# Running on Windows 7 Ultimate (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
PUP.Optional.Solvusoft, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solvusoft
PUP.Optional.Solvusoft, C:\ProgramData\Solvusoft
PUP.Optional.Solvusoft, C:\ProgramData\Application Data\Solvusoft
PUP.Optional.Solvusoft, C:\Windows\System32\config\systemprofile\AppData\Roaming\Solvusoft
PUP.Optional.Solvusoft, C:\Program Files (x86)\Solvusoft
PUP.Optional.Solvusoft, C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Solvusoft
PUP.Optional.Solvusoft, C:\Users\adam\AppData\Roaming\Solvusoft
PUP.Optional.Solvusoft, C:\Users\All Users\Solvusoft
 
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0570A0D4430B8FD479ED621F12A22CFF
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\Features\0570A0D4430B8FD479ED621F12A22CFF
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\Products\0570A0D4430B8FD479ED621F12A22CFF
PUP.Optional.Solvusoft, [Key] - HKLM\SOFTWARE\Solvusoft
PUP.Optional.Solvusoft, [Key] - HKU\S-1-5-21-1663746634-567950608-3139407904-1000\Software\Solvusoft
PUP.Optional.Solvusoft, [Key] - HKCU\Software\Solvusoft
PUP.Optional.Solvusoft, [Key] - HKLM\SOFTWARE\CLASSES\APPLICATIONS\SolvusoftTray.exe
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [4605 B] - [2018/1/29 16:40:8]
C:/AdwCleaner/AdwCleaner[C1].txt - [1319 B] - [2018/1/29 18:12:19]
C:/AdwCleaner/AdwCleaner[S0].txt - [5493 B] - [2018/1/29 16:39:2]
C:/AdwCleaner/AdwCleaner[S1].txt - [1159 B] - [2018/1/29 18:1:52]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt ##########
 
 
 
 
 
 

# AdwCleaner 7.0.8.0 - Logfile created on Tue Apr 10 13:56:20 2018
# Updated on 2018/08/02 by Malwarebytes 
# Database: 2018-04-10.1
# Running on Windows 7 Ultimate (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
PUP.Optional.DriverDoc, C:\ProgramData\{0897014C-63E3-47DF-8A5F-4399CC5D61B9}
PUP.Optional.DriverDoc, C:\Windows\Installer\{4D0A0750-B034-4DF8-97DE-26F1212AC2FF}
 
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}
PUP.Optional.WinRepairPro, [Key] - HKU\S-1-5-21-1663746634-567950608-3139407904-1000\Software\win
PUP.Optional.WinRepairPro, [Key] - HKCU\Software\win
PUP.Optional.Solvusoft, [Key] - HKLM\SOFTWARE\Classes\Applications\DriverDocSetup.exe
PUP.Optional.Solvusoft, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders | C:\ProgramData\Solvusoft\Programs Bar\
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [4605 B] - [2018/1/29 16:40:8]
C:/AdwCleaner/AdwCleaner[C1].txt - [1319 B] - [2018/1/29 18:12:19]
C:/AdwCleaner/AdwCleaner[C2].txt - [2343 B] - [2018/2/2 15:16:27]
C:/AdwCleaner/AdwCleaner[S0].txt - [5493 B] - [2018/1/29 16:39:2]
C:/AdwCleaner/AdwCleaner[S1].txt - [1159 B] - [2018/1/29 18:1:52]
C:/AdwCleaner/AdwCleaner[S2].txt - [2377 B] - [2018/2/2 15:15:49]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt ##########
 
 
 
 
Eset Online Scanner logs
 
 
 

C:\Users\adam\Desktop\ccsetup541pro.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Users\adam\Desktop\uTorrent.exe a variant of MSIL/WebCompanion.A potentially unwanted application,a variant of Win32/WebCompanion.B potentially unwanted application cleaned by deleting
C:\Windows\Installer\296626a.msi a variant of Win32/UwS.SlimDrivers.A application deleted
D:\League of Legends\ccsetup536pro.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
D:\Prevzaté súbory\Malwarebytes Premium 3.2.2.2029.rar a variant of MSIL/HackTool.Crack.V potentially unsafe application deleted
D:\Prevzaté súbory\PowerISO6.exe Win32/FusionCore.L potentially unwanted application,a variant of Win32/FusionCore.P potentially unwanted application cleaned by deleting
D:\Prevzaté súbory\remove-adware-anti-malware-setup.exe a variant of Win32/Auslogics.N potentially unwanted application cleaned by deleting
D:\Prevzaté súbory\Setup_DriverDoc_2016.exe a variant of Win32/UwS.DriverFighter.A application cleaned by deleting
D:\Prevzaté súbory\sr-tasm.iso Win32/Agent.NAN virus deleted
D:\Prevzaté súbory\uTorrent.exe a variant of MSIL/WebCompanion.A potentially unwanted application,a variant of Win32/WebCompanion.B potentially unwanted application cleaned by deleting
D:\Prevzaté súbory\The.Amazing.Spider-Man.2.Proper-RELOADED\rld-thamsp2.iso a variant of Win32/HackTool.Crack.CS potentially unsafe application,a variant of Win32/HackTool.Crack.EA potentially unsafe application deleted
 
 
 
 
I know it will take some time to look on the logs so i will be patient 

Edited by Platypus, 14 April 2018 - 05:23 AM.
Deleted duplicate posts


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,188 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:04 AM

Posted 14 April 2018 - 07:02 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-1663746634-567950608-3139407904-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll => No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 cpuz143; \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys [X]
S3 iobit_monitor_server; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win7_x64.sys [X]
S4 IUFileFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\adam\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\adam\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\adam\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\adam\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\adam\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\adam\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\adam\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers1: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> [CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> [CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> [CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
AlternateDataStreams: C:\Users\Public\AppData:CSM [466]

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset the browsers that you use and have been compromised.

How To:
https://www.howtogeek.com/171924/how-to-reset-your-web-browser-to-its-default-settings/

====

Please post the log and let me know if the problem persistds.

#3 Beckran

Beckran
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 15 April 2018 - 03:01 AM

Hello thanks for your fast reply.

 

The Chrome still opens up at startup with the ad but I noticed Java update check started too and I don't have java. Could it be something with the virus.

 

 

 

FRST fixlog

 

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by adam (15-04-2018 09:42:43) Run:1
Running from C:\Users\adam\Downloads
Loaded Profiles: adam (Available Profiles: adam)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKU\S-1-5-21-1663746634-567950608-3139407904-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll => No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 cpuz143; \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys [X]
S3 iobit_monitor_server; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win7_x64.sys [X]
S4 IUFileFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard;
\??\C:\Windows\System32\drivers\zamguard64.sys [X]
 
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\adam\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\adam\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\adam\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\adam\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\adam\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>
C:\Users\adam\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\adam\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers1: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> [CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> [CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> [CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
AlternateDataStreams: C:\Users\Public\AppData:CSM [466]
 
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-1663746634-567950608-3139407904-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NolowDiskSpaceChecks" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => removed successfully
"HKLM\Software\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\System\CurrentControlSet\Services\cpuz143" => removed successfully
cpuz143 => service removed successfully
"HKLM\System\CurrentControlSet\Services\iobit_monitor_server" => removed successfully
iobit_monitor_server => service removed successfully
"HKLM\System\CurrentControlSet\Services\IUFileFilter" => removed successfully
IUFileFilter => service removed successfully
"HKLM\System\CurrentControlSet\Services\ZAM" => removed successfully
ZAM => service removed successfully
"HKLM\System\CurrentControlSet\Services\ZAM_Guard" => removed successfully
ZAM_Guard => service removed successfully
\??\C:\Windows\System32\drivers\zamguard64.sys [X] => Error: No automatic fix found for this entry.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
"HKLM\Software\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}" => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
"HKLM\Software\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}" => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
"HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}" => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
HKLM\Software\Wow6432Node\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
HKLM\Software\Wow6432Node\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
HKLM\Software\Wow6432Node\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => not found
"C:\Users\adam\AppData\Local\MEGAsync\ShellExtX64.dll -> No File" => not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MEGA (Context menu)" => removed successfully
"HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17}" => removed successfully
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR" => removed successfully
HKLM\Software\Classes\CLSID\[CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} => not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32" => removed successfully
HKLM\Software\Classes\CLSID\[CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => not found
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\MEGA (Context menu)" => removed successfully
HKLM\Software\Classes\CLSID\[CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MEGA (Context menu)" => removed successfully
HKLM\Software\Classes\CLSID\[CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MEGA (Context menu)" => removed successfully
HKLM\Software\Classes\CLSID\[CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
C:\Users\Public\AppData => ":CSM" ADS removed successfully
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= IPCONFIG /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Lok lne pripojenie 2 while it has its media disconnected.
 
Ethernet adapter Lok lne pripojenie 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Lok lne pripojenie:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::d4e3:28ac:9381:924d%10
   Default Gateway . . . . . . . . . : 
 
Tunnel adapter isatap.{A9238AAB-DF5E-44C1-9FD6-4D7F1D6FDECF}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.{1342D75F-0084-4A52-AC76-87687E517616}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
========= IPCONFIG /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Lok lne pripojenie 2 while it has its media disconnected.
 
Ethernet adapter Lok lne pripojenie 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Lok lne pripojenie:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::d4e3:28ac:9381:924d%10
   IPv4 Address. . . . . . . . . . . : 192.168.1.14
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
 
Tunnel adapter isatap.{A9238AAB-DF5E-44C1-9FD6-4D7F1D6FDECF}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.{1342D75F-0084-4A52-AC76-87687E517616}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6053648 B
Java, Flash, Steam htmlcache => 352430537 B
Windows/system/drivers => 35858559 B
Edge => 0 B
Chrome => 469096849 B
Firefox => 0 B
Opera => 9577184 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58558406 B
systemprofile32 => 66088 B
LocalService => 66228 B
NetworkService => 66228 B
adam => 41103941 B


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,188 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:04 AM

Posted 15 April 2018 - 06:54 AM

Hi,

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Java 32bit.bat [2018-01-08] ()
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Java 32bit.bat

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

If the problem persists please run the Malwarebytes program.

If this is still present.
 

-Website Data-
Category: Fraud
Domain: cdn.threadsphere.bid
IP Address: 104.31.79.77
Port: [1054]
Type: Outbound
File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


It could be Syncing issue?
Are you Syncing Chrome with other devices.
To remove it you will have to reset the Sync in Chrome.

Read this article and proceed.

Chrome Secure Preferences detection always comes back
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/
<<<>>>

Please post the Fixlog.txt and let me know if the problem persists.

p.s.

If not already done please run the AdwCleaner and delete all item reported.

#5 Beckran

Beckran
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 15 April 2018 - 09:15 AM

I have tried to reset sync before but it still pop-ups and I used adwcleaner before and log of the adwcleaner is in the start of this topic 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,188 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:04 AM

Posted 15 April 2018 - 12:20 PM

Hi,

Did you run the Fix on my previous post.

Please post the fixlog.txt for my review.

Run the Farbar program one more time and post a fresh FRST log.

#7 Beckran

Beckran
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 16 April 2018 - 08:01 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by adam (15-04-2018 09:42:43) Run:1
Running from C:\Users\adam\Downloads
Loaded Profiles: adam (Available Profiles: adam)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKU\S-1-5-21-1663746634-567950608-3139407904-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll => No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 cpuz143; \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys [X]
S3 iobit_monitor_server; \??\C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win7_x64.sys [X]
S4 IUFileFilter; \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard;
\??\C:\Windows\System32\drivers\zamguard64.sys [X]
 
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\adam\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\adam\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\adam\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\adam\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\adam\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>
C:\Users\adam\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\adam\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers1: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> [CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> [CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> [CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
AlternateDataStreams: C:\Users\Public\AppData:CSM [466]
 
cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-1663746634-567950608-3139407904-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NolowDiskSpaceChecks" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => removed successfully
"HKLM\Software\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => removed successfully
"HKLM\System\CurrentControlSet\Services\cpuz143" => removed successfully
cpuz143 => service removed successfully
"HKLM\System\CurrentControlSet\Services\iobit_monitor_server" => removed successfully
iobit_monitor_server => service removed successfully
"HKLM\System\CurrentControlSet\Services\IUFileFilter" => removed successfully
IUFileFilter => service removed successfully
"HKLM\System\CurrentControlSet\Services\ZAM" => removed successfully
ZAM => service removed successfully
"HKLM\System\CurrentControlSet\Services\ZAM_Guard" => removed successfully
ZAM_Guard => service removed successfully
\??\C:\Windows\System32\drivers\zamguard64.sys [X] => Error: No automatic fix found for this entry.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
"HKLM\Software\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}" => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
"HKLM\Software\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}" => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
"HKLM\Software\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}" => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Pending) => invalid subkey removed.
HKLM\Software\Wow6432Node\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Synced) => invalid subkey removed.
HKLM\Software\Wow6432Node\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ MEGA (Syncing) => invalid subkey removed.
HKLM\Software\Wow6432Node\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => not found
"C:\Users\adam\AppData\Local\MEGAsync\ShellExtX64.dll -> No File" => not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\MEGA (Context menu)" => removed successfully
"HKLM\Software\Classes\CLSID\{0229E5E7-09E9-45CF-9228-0228EC7D5F17}" => removed successfully
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR" => removed successfully
HKLM\Software\Classes\CLSID\[CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} => not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32" => removed successfully
HKLM\Software\Classes\CLSID\[CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => not found
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\MEGA (Context menu)" => removed successfully
HKLM\Software\Classes\CLSID\[CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MEGA (Context menu)" => removed successfully
HKLM\Software\Classes\CLSID\[CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MEGA (Context menu)" => removed successfully
HKLM\Software\Classes\CLSID\[CC]{0229E5E7-09E9-45CF-9228-0228EC7D5F17} => not found
C:\Users\Public\AppData => ":CSM" ADS removed successfully
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= IPCONFIG /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Lok lne pripojenie 2 while it has its media disconnected.
 
Ethernet adapter Lok lne pripojenie 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Lok lne pripojenie:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::d4e3:28ac:9381:924d%10
   Default Gateway . . . . . . . . . : 
 
Tunnel adapter isatap.{A9238AAB-DF5E-44C1-9FD6-4D7F1D6FDECF}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.{1342D75F-0084-4A52-AC76-87687E517616}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
========= IPCONFIG /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Lok lne pripojenie 2 while it has its media disconnected.
 
Ethernet adapter Lok lne pripojenie 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Lok lne pripojenie:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::d4e3:28ac:9381:924d%10
   IPv4 Address. . . . . . . . . . . : 192.168.1.14
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
 
Tunnel adapter isatap.{A9238AAB-DF5E-44C1-9FD6-4D7F1D6FDECF}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter isatap.{1342D75F-0084-4A52-AC76-87687E517616}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6053648 B
Java, Flash, Steam htmlcache => 352430537 B
Windows/system/drivers => 35858559 B
Edge => 0 B
Chrome => 469096849 B
Firefox => 0 B
Opera => 9577184 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58558406 B
systemprofile32 => 66088 B
LocalService => 66228 B
NetworkService => 66228 B
adam => 41103941 B
 
RecycleBin => 507645852 B
EmptyTemp: => 1.4 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 09:45:02 ====


#8 Beckran

Beckran
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 16 April 2018 - 08:04 AM

.


Edited by Beckran, 16 April 2018 - 08:05 AM.


#9 Beckran

Beckran
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 16 April 2018 - 12:37 PM

Ok we can end this topic 'cause my pc doesn't work it just does 2 bleeps and the fan starts and then it shut downs and does the sams again

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,188 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:04 AM

Posted 17 April 2018 - 07:15 AM

Hi,

2 short beeps is Parity circuit failure
Looks like RAM problems.

Other beeps sequence read about it.

https://www.computerhope.com/beep.htm

#11 Beckran

Beckran
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 17 April 2018 - 01:32 PM

Thanks for help I have just taken out and then put in the RAM and it works again. What about the adware any other solutions that you have ?

#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,188 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:04 AM

Posted 18 April 2018 - 07:10 AM



Hi,

I have noticed it shows only on the default browser and the link changes when I reset my browser.


If the problem persists in Chome it may be a Syncing issue.
To remove it you will have to reset the Sync in Chrome.

Read this article and proceed.

Chrome Secure Preferences detection always comes back
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/
<<<>>>

If not the case then try this.

:step1: Remove Chrome from your Computer and reinstall a fresh copy later.

:step2: Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

How To: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks

Do not repeat this if already cleared.
:step3: If you sync you account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data if you sync with other defices.
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/


:step4: Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en


:step5: Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

:step6: Re-install Chrome and the Bookmarks.
====

Keep me posted.

#13 Beckran

Beckran
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 19 April 2018 - 12:06 PM

I have followed all the steps and the problem still remains


Edited by Beckran, 19 April 2018 - 12:07 PM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,188 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:04 AM

Posted 19 April 2018 - 12:27 PM

Hi,


Run the Farbar program .exe as an Administrator.

In the Search text area, copy and paste the following:
adf.ly
Once done, click on the Search Registry button and wait for FRST to finish the search
On completion, a log will open in Notepad. Copy and paste its content in your next reply
====

#15 Beckran

Beckran
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 20 April 2018 - 02:29 AM

Hi, I have deleted adf.ly from registry before and it didnt work but here is the log

 

 

Farbar Recovery Scan Tool (x64) Version: 19.04.2018
Ran by adam (20-04-2018 08:01:05)
Running from C:\Users\adam\Downloads
Boot Mode: Normal
 
================== Search Registry: "adf.ly" ===========
 
 
====== End of Search ======
 
 
 
 
And I have tried to search the restorecosm.bid [the site what pop-ups at startup] and i think it didnt found it 
 
 
Farbar Recovery Scan Tool (x64) Version: 19.04.2018
Ran by adam (20-04-2018 09:27:51)
Running from C:\Users\adam\Downloads
Boot Mode: Normal
 
================== Search Registry: "restorecosm.bid" ===========
 
 
====== End of Search ======





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users