Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malware adware keeps on returning please help


  • This topic is locked This topic is locked
20 replies to this topic

#1 yoelr

yoelr

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 27 July 2018 - 04:03 PM

 please help me, i run melwerbytes 3 times and spybot too and it keeps finding the same things, it installes stuff on my computer.

i dont know if i manged to remove everything.

i was stupid to downloadsoftwere from "pcrisk.com" they said it would help. it made it worse and now they also infected my pc with thier "cleaner softwere".

 

tell me what  you want me to do.

 

and thanks for your help.



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:02 AM

Posted 27 July 2018 - 05:13 PM

Welcome :)

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 yoelr

yoelr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 27 July 2018 - 05:52 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21.07.2018
Ran by -bora (administrator) on -BORA-PC (28-07-2018 01:37:52)
Running from C:\Users\-bora\Downloads
Loaded Profiles: -bora (Available Profiles: -bora)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: עברית (ישראל)‏
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Apache Software Foundation) C:\Bitnami\WAMPST~1.30-\apache2\bin\httpd.exe
() C:\Bitnami\wampstack-5.6.30-0\mysql\bin\mysqld.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apache Software Foundation) C:\Bitnami\WAMPST~1.30-\apache2\bin\httpd.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
() C:\Program Files\FireAlpaca\FireAlpaca32\FireAlpaca20\FireAlpaca.exe
(Tweaking.com) C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
HKLM\...\Run: [snpstd3] => C:\Windows\vsnpstd3.exe [339968 2005-09-05] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\Run: [SUPPOR~1] => wscript.exe //B "C:\Users\-bora\SUPPOR~1.VBS"
HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\Run: [WINDOW~1] => wscript.exe //B "C:\Users\-bora\WINDOW~1.VBS"
Startup: C:\Users\-bora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SUPPOR~1.VBS [2014-05-04] ()
Startup: C:\Users\-bora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WINDOW~1.VBS [2018-05-26] ()
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.100.102.1
Tcpip\..\Interfaces\{6AF92CD5-D0F9-4B3A-85B3-E8623CDE48DD}: [DhcpNameServer] 10.100.102.1
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-124123957-3465755313-2965481238-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-124123957-3465755313-2965481238-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES007&pc=UE06
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll [2018-05-21] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-05-21] (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
 
FireFox:
========
FF DefaultProfile: m2mhjriz.default
FF ProfilePath: C:\Users\-bora\AppData\Roaming\Mozilla\Firefox\Profiles\m2mhjriz.default [2018-07-27]
FF user.js: detected! => C:\Users\-bora\AppData\Roaming\Mozilla\Firefox\Profiles\m2mhjriz.default\user.js [2017-06-30]
FF Extension: (Firefox Hotfix) - C:\Users\-bora\AppData\Roaming\Mozilla\Firefox\Profiles\m2mhjriz.default\Extensions\firefox-hotfix@mozilla.org.xpi [2017-08-21] [Legacy]
FF Extension: (WebCompat Reporter) - C:\Program Files\Mozilla Firefox\browser\features\webcompat-reporter@mozilla.org.xpi [2018-07-24] [Legacy] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-05-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-05-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [No File]
FF Plugin: @videolan.org/vlc,version=2.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)
 
Chrome: 
=======
CHR Profile: C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default [2018-07-28]
CHR Extension: (Slides) - C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (כונן Google) - C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-21]
CHR Extension: (YouTube) - C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-21]
CHR Extension: (Session Buddy) - C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2018-01-30]
CHR Extension: (Full Page Screen Capture) - C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2018-07-25]
CHR Extension: (Sheets) - C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-22]
CHR Extension: (AdBlock) - C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-07-26]
CHR Extension: (Video Downloader GetThemAll) - C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2017-08-14]
CHR Extension: (Ears: Bass Boost, EQ Any Audio!) - C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfdfiepdkbnoanddpianalelglmfooik [2018-05-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06]
CHR Extension: (Gmail) - C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-21]
CHR Extension: (Chrome Media Router) - C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-08]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-01-31] (SUPERAntiSpyware.com)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH)
S3 VSStandardCollectorService140; C:\Program Files\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [86760 2016-09-06] (Microsoft Corporation)
R2 wampstackApache; C:\Bitnami\WAMPST~1.30-\apache2\bin\httpd.exe [23040 2016-07-07] (Apache Software Foundation) [File not signed]
R2 wampstackMySQL; C:\Bitnami\wampstack-5.6.30-0\mysql\bin\mysqld.exe [11088384 2016-11-28] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 osppsvc; "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [47504 2017-08-02] (IVT Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [239168 2016-12-21] (DT Soft Ltd)
R3 ETDSMBus; C:\Windows\System32\DRIVERS\ETDSMBus.sys [28744 2017-08-02] (ELAN Microelectronic Corp.)
R2 giveio; C:\Windows\system32\giveio.sys [5248 1996-04-03] () [File not signed]
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2017-01-06] (REALiX™)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x86.sys [110280 2017-08-02] (Qualcomm Atheros Co., Ltd.)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [220896 2018-07-27] (Malwarebytes)
R3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [308192 2017-08-02] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SCREAMINGBDRIVER; C:\Windows\System32\drivers\ScreamingBAudio.sys [49856 2016-03-28] (Screaming Bee Inc)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [8701824 2005-10-13] ()
R2 speedfan; C:\Windows\system32\speedfan.sys [24184 2012-12-29] (Almico Software)
S3 catchme; \??\C:\Users\-bora\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-28 01:37 - 2018-07-28 01:37 - 001773056 _____ (Farbar) C:\Users\-bora\Downloads\FRST.exe
2018-07-27 22:49 - 2018-07-27 23:47 - 000000000 ____D C:\AdwCleaner
2018-07-27 22:46 - 2018-07-27 22:48 - 007417040 _____ (Malwarebytes) C:\Users\-bora\Downloads\adwcleaner_7.2.2.exe
2018-07-27 21:24 - 2018-07-27 21:24 - 000000000 ____D C:\Users\-bora\AppData\Roaming\2ijz5ug0uv1
2018-07-27 21:23 - 2018-07-27 21:54 - 000000000 ____D C:\Program Files\ujqdukl
2018-07-27 21:23 - 2018-07-27 21:23 - 000000000 ____D C:\Users\-bora\AppData\Roaming\0tbmjo3hnpf
2018-07-27 21:22 - 2018-07-27 21:22 - 000000003 _____ C:\Users\-bora\AppData\Local\wbem.ini
2018-07-26 16:56 - 2018-07-26 16:57 - 000000000 ____D C:\Users\-bora\Downloads\lib
2018-07-26 16:54 - 2018-07-26 16:57 - 015070588 _____ C:\Users\-bora\Downloads\htmlunit-2.31-bin (4).zip
2018-07-26 11:00 - 2018-07-26 11:00 - 001588064 _____ C:\Users\-bora\Downloads\d3-geomap-1.0.2.zip
2018-07-25 12:51 - 2018-07-25 12:53 - 043206461 _____ C:\Users\-bora\Downloads\Micron (src).zip
2018-07-25 12:40 - 2018-07-25 12:40 - 000000000 ____D C:\Users\-bora\AppData\Roaming\jRabbit Data
2018-07-25 10:42 - 2018-07-25 10:42 - 006618343 _____ C:\Users\-bora\Downloads\book_source.zip
2018-07-25 10:42 - 2018-07-25 10:42 - 004943078 _____ C:\Users\-bora\Downloads\The lucu guide for creating videogames_version_4.0.pdf
2018-07-24 19:08 - 2018-07-24 19:09 - 030451486 _____ C:\Users\-bora\Downloads\xith3d-0.9.6-beta1.tar.bz2
2018-07-19 02:44 - 2018-07-19 02:44 - 002346915 _____ C:\Users\-bora\Downloads\taner.pdn
2018-07-16 17:14 - 2018-07-17 01:27 - 000000020 _____ C:\Users\-bora\Documents\2222222222222222222222.txt
2018-07-15 01:25 - 2018-07-15 01:25 - 000005279 _____ C:\Users\-bora\Desktop\fb_f.txt
2018-07-11 17:59 - 2011-12-06 07:27 - 007061132 _____ C:\Users\-bora\Downloads\029 Midnight Rogue.pdf
2018-07-11 11:25 - 2018-06-21 03:00 - 000348824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-07-11 11:25 - 2018-06-16 19:36 - 020286464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-07-11 11:25 - 2018-06-16 19:19 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-07-11 11:25 - 2018-06-16 19:19 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-07-11 11:25 - 2018-06-16 19:06 - 000498176 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-07-11 11:25 - 2018-06-16 19:06 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-07-11 11:25 - 2018-06-16 19:05 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-07-11 11:25 - 2018-06-16 19:05 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-07-11 11:25 - 2018-06-16 19:04 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-07-11 11:25 - 2018-06-16 19:02 - 002295296 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-07-11 11:25 - 2018-06-16 18:59 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-07-11 11:25 - 2018-06-16 18:59 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-07-11 11:25 - 2018-06-16 18:57 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-07-11 11:25 - 2018-06-16 18:56 - 000662016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-07-11 11:25 - 2018-06-16 18:56 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-07-11 11:25 - 2018-06-16 18:56 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-07-11 11:25 - 2018-06-16 18:55 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-07-11 11:25 - 2018-06-16 18:49 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-07-11 11:25 - 2018-06-16 18:47 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-07-11 11:25 - 2018-06-16 18:42 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-07-11 11:25 - 2018-06-16 18:42 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-07-11 11:25 - 2018-06-16 18:41 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-07-11 11:25 - 2018-06-16 18:39 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-07-11 11:25 - 2018-06-16 18:38 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-07-11 11:25 - 2018-06-16 18:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-07-11 11:25 - 2018-06-16 18:36 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-07-11 11:25 - 2018-06-16 18:34 - 004496384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-07-11 11:25 - 2018-06-16 18:32 - 013680128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-07-11 11:25 - 2018-06-16 18:30 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-07-11 11:25 - 2018-06-16 18:29 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-07-11 11:25 - 2018-06-16 18:28 - 002060288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-07-11 11:25 - 2018-06-16 18:28 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-07-11 11:25 - 2018-06-16 18:27 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-07-11 11:25 - 2018-06-16 18:08 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-07-11 11:25 - 2018-06-16 18:05 - 001313792 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-07-11 11:25 - 2018-06-16 18:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-07-11 11:25 - 2018-06-13 18:55 - 012880384 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-07-11 11:25 - 2018-06-13 18:54 - 001499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-07-11 11:25 - 2018-06-13 18:25 - 002404352 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-07-11 11:25 - 2018-06-08 19:02 - 004050624 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-07-11 11:25 - 2018-06-08 19:02 - 003962048 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-07-11 11:25 - 2018-06-08 19:02 - 000189632 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2018-07-11 11:25 - 2018-06-08 19:02 - 000189632 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-07-11 11:25 - 2018-06-08 19:02 - 000137920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-07-11 11:25 - 2018-06-08 19:02 - 000136384 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2018-07-11 11:25 - 2018-06-08 19:02 - 000067264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-07-11 11:25 - 2018-06-08 18:57 - 001310488 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 001417728 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000377344 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000330240 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000269824 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:29 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-07-11 11:25 - 2018-06-08 18:28 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2018-07-11 11:25 - 2018-06-08 18:27 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-07-11 11:25 - 2018-06-08 18:27 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-07-11 11:25 - 2018-06-08 18:27 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-07-11 11:25 - 2018-06-08 18:27 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-07-11 11:25 - 2018-06-08 18:27 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-07-11 11:25 - 2018-06-08 18:25 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-07-11 11:25 - 2018-06-08 18:24 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-07-11 11:25 - 2018-06-08 18:24 - 000107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-07-11 11:25 - 2018-06-08 18:21 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-07-11 11:25 - 2018-06-08 18:21 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-07-11 11:25 - 2018-06-08 18:21 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-07-11 11:25 - 2018-06-08 18:19 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-07-11 11:25 - 2018-06-08 18:19 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-07-11 11:25 - 2018-06-08 18:19 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-07-11 11:25 - 2018-06-08 18:19 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-07-11 11:25 - 2018-06-08 18:19 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:19 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-07-11 11:25 - 2018-06-07 18:57 - 000564736 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-07-11 11:25 - 2018-06-07 18:57 - 000463360 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-07-11 11:25 - 2018-06-07 18:57 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-07-11 11:25 - 2018-06-07 18:34 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-07-11 11:25 - 2018-06-07 18:34 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-07-11 11:25 - 2018-05-31 18:56 - 001310912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-07-11 11:25 - 2018-05-31 18:56 - 000240832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-07-11 11:25 - 2018-05-31 18:56 - 000187584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-07-11 11:25 - 2018-05-02 18:30 - 000285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2018-07-11 11:25 - 2018-05-02 18:30 - 000259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2018-07-11 11:25 - 2018-05-02 18:30 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2018-07-11 11:25 - 2018-05-02 18:30 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2018-07-11 11:25 - 2018-05-02 18:30 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2018-07-11 11:25 - 2018-05-02 18:30 - 000020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2018-07-11 11:25 - 2018-05-02 18:29 - 000006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2018-07-11 11:25 - 2018-04-26 16:05 - 000918296 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000065880 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000021848 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000018776 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000017240 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000017240 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000015192 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000013152 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-07-11 11:25 - 2018-04-25 18:54 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
2018-07-11 11:25 - 2018-04-25 18:17 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2018-07-11 11:24 - 2018-06-13 20:59 - 000122560 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-07-11 11:24 - 2018-06-13 18:53 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-07-11 11:24 - 2018-06-08 16:05 - 002703872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-07-11 11:24 - 2018-06-08 16:05 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-07-11 11:24 - 2018-06-08 16:05 - 000619520 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-07-11 11:24 - 2018-06-08 16:05 - 000517120 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-07-11 11:24 - 2018-06-08 16:05 - 000358912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-07-11 11:24 - 2018-06-08 16:05 - 000353792 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-07-11 11:24 - 2018-06-08 16:05 - 000246272 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-07-11 11:24 - 2018-06-08 16:05 - 000202752 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-07-09 12:34 - 2018-07-09 12:34 - 000000077 _____ C:\Users\-bora\Downloads\domain_list.txt
2018-07-08 16:11 - 2018-07-08 16:12 - 001194416 _____ C:\Users\-bora\Downloads\Source_RuneSword_250.zip
2018-07-06 01:40 - 2018-07-06 01:40 - 000000017 _____ C:\Users\-bora\Documents\11111111file.txt
2018-06-30 17:48 - 2018-07-01 17:56 - 000263318 _____ C:\Users\-bora\Downloads\06.pdn
2018-06-30 17:44 - 2018-06-30 17:44 - 000183136 _____ C:\Users\-bora\Downloads\הורד (6).pdn
2018-06-29 20:35 - 2018-06-29 20:36 - 013082525 _____ C:\Users\-bora\Downloads\MM.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-28 01:38 - 2017-08-15 23:39 - 000013794 _____ C:\Users\-bora\Downloads\FRST.txt
2018-07-28 01:37 - 2017-08-15 23:39 - 000000000 ____D C:\FRST
2018-07-28 01:14 - 2018-05-22 20:07 - 000000630 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-124123957-3465755313-2965481238-1000.job
2018-07-28 00:53 - 2009-07-14 07:34 - 000031056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-07-28 00:53 - 2009-07-14 07:34 - 000031056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-07-28 00:50 - 2018-05-22 20:07 - 000000534 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-124123957-3465755313-2965481238-1000.job
2018-07-27 23:54 - 2012-08-07 23:06 - 000457540 _____ C:\Windows\system32\perfh00D.dat
2018-07-27 23:54 - 2012-08-07 23:06 - 000109106 _____ C:\Windows\system32\perfc00D.dat
2018-07-27 23:54 - 2010-11-21 00:01 - 001431136 _____ C:\Windows\system32\PerfStringBackup.INI
2018-07-27 23:54 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\inf
2018-07-27 23:48 - 2017-01-05 19:23 - 000000000 ____D C:\Program Files\TeamViewer
2018-07-27 23:48 - 2009-07-14 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-07-27 23:43 - 2017-01-23 18:40 - 000000000 ____D C:\Users\-bora\Desktop\תיקיה חדשה (3)
2018-07-27 22:39 - 2018-06-10 13:31 - 000220896 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-07-27 22:39 - 2017-07-01 18:38 - 000000258 __RSH C:\Users\-bora\ntuser.pol
2018-07-27 22:39 - 2016-12-21 13:17 - 000000000 ____D C:\Users\-bora
2018-07-27 21:54 - 2017-08-14 06:15 - 000482500 _____ C:\Windows\ntbtlog.txt
2018-07-27 21:26 - 2016-12-21 21:13 - 000000000 ____D C:\Program Files\Google
2018-07-27 21:23 - 2017-07-01 18:35 - 000003114 __RSH C:\ProgramData\ntuser.pol
2018-07-27 18:21 - 2017-07-10 23:17 - 000000000 ____D C:\Users\-bora\AppData\LocalLow\Mozilla
2018-07-27 17:42 - 2016-12-22 16:34 - 000000000 ____D C:\Users\-bora\.p2
2018-07-27 17:41 - 2016-12-22 16:41 - 000000000 ____D C:\Users\-bora\AppData\Local\Eclipse
2018-07-27 17:24 - 2018-05-22 20:07 - 000000000 ____D C:\Users\-bora\AppData\Local\GoToMeeting
2018-07-27 15:37 - 2017-02-02 19:48 - 000000000 ____D C:\Program Files\SpeedFan
2018-07-26 16:46 - 2016-12-22 16:41 - 000000000 ____D C:\Users\-bora\workspace
2018-07-25 12:51 - 2017-01-16 12:04 - 000000000 ____D C:\Users\-bora\Desktop\games
2018-07-24 15:39 - 2017-07-10 23:04 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-07-19 12:00 - 2017-01-30 13:43 - 000002116 _____ C:\Users\-bora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2018-07-19 12:00 - 2017-01-30 13:43 - 000000000 ___RD C:\Users\-bora\OneDrive
2018-07-17 21:19 - 2017-06-28 01:03 - 000000000 ____D C:\Users\-bora\AppData\Local\CrashDumps
2018-07-12 16:45 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\rescache
2018-07-12 13:32 - 2009-07-14 07:33 - 000458240 _____ C:\Windows\system32\FNTCACHE.DAT
2018-07-12 13:31 - 2017-01-21 04:58 - 000000000 ____D C:\Windows\system32\appraiser
2018-07-11 23:11 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\NDF
2018-07-11 22:32 - 2016-12-22 19:46 - 000009598 _____ C:\Users\-bora\AppData\Roaming\ZeroBraneStudio.ini
2018-07-11 02:36 - 2018-06-10 13:31 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-07-10 23:26 - 2017-09-12 17:10 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-07-10 23:26 - 2017-09-12 17:10 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-07-10 23:26 - 2017-06-27 13:48 - 000000000 ____D C:\Windows\system32\Macromed
2018-07-10 15:15 - 2016-12-21 21:11 - 000000000 ____D C:\Users\-bora\AppData\Local\Deployment
 
==================== Files in the root of some directories =======
 
2018-05-26 18:29 - 2018-05-26 18:29 - 000064512 _____ () C:\Users\-bora\asz$explorer.exe
1601-01-03 21:33 - 1601-01-03 21:33 - 000073216 ____N (Microsoft Corporation) C:\Users\-bora\eCVErY.exe
2018-05-25 23:07 - 2014-05-04 22:23 - 001130502 _____ () C:\Users\-bora\SUPPOR~1.VBS
2018-05-26 18:25 - 2018-05-26 18:25 - 000043119 ___SH () C:\Users\-bora\windowsdata.vbs
1601-01-03 21:33 - 1601-01-03 21:33 - 000186368 ____N (Microsoft Corporation) C:\Program Files\gAuP.exe
1601-01-03 21:33 - 1601-01-03 21:33 - 000073216 ____N (Microsoft Corporation) C:\Users\-bora\AppData\Roaming\ayoMkai.exe
2016-12-21 21:27 - 2018-06-07 15:01 - 000000100 _____ () C:\Users\-bora\AppData\Roaming\Camdata.ini
2016-12-21 21:27 - 2018-06-07 15:01 - 000000408 _____ () C:\Users\-bora\AppData\Roaming\CamLayout.ini
2016-12-21 21:27 - 2018-06-07 15:01 - 000000408 _____ () C:\Users\-bora\AppData\Roaming\CamShapes.ini
2016-12-21 21:27 - 2018-06-07 15:01 - 000004520 _____ () C:\Users\-bora\AppData\Roaming\CamStudio.cfg
2018-05-26 18:31 - 2018-05-26 18:31 - 000184592 _____ () C:\Users\-bora\AppData\Roaming\data.dbf
2018-05-26 18:31 - 2018-06-06 10:38 - 000929236 ___SH () C:\Users\-bora\AppData\Roaming\dtmp1.tmp
2016-12-22 19:46 - 2018-07-11 22:32 - 000009598 _____ () C:\Users\-bora\AppData\Roaming\ZeroBraneStudio.ini
2017-07-01 18:35 - 2017-07-01 18:35 - 000140800 _____ () C:\Users\-bora\AppData\Local\installer.dat
2017-06-28 18:25 - 2017-06-28 18:25 - 000000600 _____ () C:\Users\-bora\AppData\Local\PUTTY.RND
2018-03-09 00:46 - 2018-03-09 00:46 - 000000218 _____ () C:\Users\-bora\AppData\Local\recently-used.xbel
2018-07-27 21:22 - 2018-07-27 21:22 - 000000003 _____ () C:\Users\-bora\AppData\Local\wbem.ini
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-07-28 00:53
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21.07.2018
Ran by -bora (28-07-2018 01:39:18)
Running from C:\Users\-bora\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2016-12-21 10:17:41)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
-bora (S-1-5-21-124123957-3465755313-2965481238-1000 - Administrator - Enabled) => C:\Users\-bora
Administrator (S-1-5-21-124123957-3465755313-2965481238-500 - Administrator - Disabled)
Guest (S-1-5-21-124123957-3465755313-2965481238-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-124123957-3465755313-2965481238-1007 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Spybot - Search and Destroy (Disabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Active Directory Authentication Library for SQL Server (x86) (HKLM\...\{F40FA676-46B1-4609-85EF-D2F1F79E0C0E}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Adobe Flash Player 30 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 30.0.0.134 - Adobe Systems Incorporated)
AliceonDrugs (HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\AliceonDrugs) (Version:  - )
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.35 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)
Azure AD Authentication Connected Service (HKLM\...\{8A1AD070-269F-4A15-AAB5-76AB896EF195}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Basic4GL (HKLM\...\Basic4GL) (Version: 2.6.4 - Tom Mulgrew)
Bitnami WAMP Stack (HKLM\...\Bitnami WAMP Stack 5.6.30-0) (Version: 5.6.30-0 - Bitnami)
BitTorrent (HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\BitTorrent) (Version: 7.10.3.44495 - BitTorrent Inc.)
Blend for Visual Studio SDK for .NET 4.5 (HKLM\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Brackets (HKLM\...\{9E1DE4E6-DA6C-46E9-9EF2-15189E534511}) (Version: 1.11 - brackets.io)
CamStudio 2.7 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source)
Corona SDK (HKLM\...\{35A09B28-BCA9-4EE7-9ABF-145231889BA6}) (Version: 17.0.3068 - Corona Labs Inc.)
Crypt of the NecroDancer (HKLM\...\Crypt of the NecroDancer_is1) (Version:  - )
CutePDF Writer 3.2 (HKLM\...\CutePDF Writer Installation) (Version:  3.2 - Acro Software Inc.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.45.1.0236 - DT Soft Ltd)
DesignDoll (HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\a94d3e1b3ab3bea6) (Version: 1.4.0.0 - Terawell)
Dirrect X11Beta (HKLM\...\{AF52AC44-8AE8-44C4-83A4-F9921AB72B83}_is1) (Version:  - Creatormaster Dev)
Dotfuscator and Analytics Community Edition 5.22.0 (HKLM\...\{60018889-9E0F-43E8-9B89-29E8C828B40A}) (Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
Driver Booster 4.1 (HKLM\...\Driver Booster_is1) (Version: 4.1.0 - IObit)
EasySketchPro version 1.0.7 (HKLM\...\{90BB7D95-EBCA-4276-B15E-156F85E8B1DA}_is1) (Version: 1.0.7 - Inner Cirle Riches)
EasySketchPro3 version 3.0.0 (HKLM\...\{2C96454E-7152-449D-8FE9-4A32D2171165}_is1) (Version: 3.0.0 - My Dot Com Business)
Ecere SDK 0.44 (HKLM\...\Ecere SDK) (Version:  - )
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
FFsplit version 0.7 (HKLM\...\{82458834-6226-4A34-AE96-6907354F9F36}_is1) (Version: 0.7 - FFsplit Team)
FileZilla Client 3.26.2 (HKLM\...\FileZilla Client) (Version: 3.26.2 - Tim Kosse)
FireAlpaca 2.0.1 (32bit) (HKLM\...\FireAlpaca32_is1) (Version: 2.0.1 - firealpaca.com)
FTL -  Advanced Edition (HKLM\...\GOGPACKFTL_is1) (Version: 2.3.0.13 - GOG.com)
GimpShop 2.8 (HKLM\...\{3F1C9552-58E0-4AAC-A616-AE3A28720EC6}) (Version: 2.8 - GimpShop)
Git Cola: The highly caffeinated Git GUI 2.10 (HKLM\...\Git Cola: The highly caffeinated Git GUI_is1) (Version: 2.10 - )
Git version 2.14.2 (HKLM\...\Git_is1) (Version: 2.14.2 - The Git Development Community)
GnuWin32: Wget-1.11.4-1 (HKLM\...\Wget-1.11.4-1_is1) (Version: 1.11.4-1 - GnuWin32)
Google Chrome (HKLM\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
GoTo Opener (HKLM\...\{1F803452-798F-49FB-A5DD-9F527F7017E4}) (Version: 1.0.473 - LogMeIn, Inc.)
GoToMeeting 8.32.0.9167 (HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\GoToMeeting) (Version: 8.32.0.9167 - LogMeIn, Inc.)
GuiGenie 1.0.0 (HKLM\...\GuiGenie) (Version: 1.0.0 - Mario Awad)
HandBrake 1.0.7 (HKLM\...\HandBrake) (Version: 1.0.7 - )
IIS 10.0 Express (HKLM\...\{61F97EA0-3E4D-47E9-90FF-B75C16735DEE}) (Version: 10.0.1736 - Microsoft Corporation)
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Inkscape 0.92.1 (HKLM\...\Inkscape) (Version: 0.92.1 - Inkscape Project)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
Java 8 Update 171 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
JPEXS Free Flash Decompiler (HKLM\...\{E618D276-6596-41F4-8A98-447D442A77DB}_is1) (Version: 10.0.0 - JPEXS)
Kingdom Rush Frontiers (HKLM\...\1195536024_is1) (Version: 2.4.0.6 - GOG.com)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
LangOver 5 (HKLM\...\LangOver 5) (Version: 5.0 - LangOver.com)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x86) 1.0.0-beta5 (HKLM\...\{2a375a89-9d97-35b7-917d-92f1ea73080d}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{45A8F8FF-ED9B-40B2-B923-94F46FCF6135}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{83C7F964-AC58-4104-B613-B4D0F61DA8CD}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{C340BAB2-9A21-41B9-A465-7AC7B1DF773E}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (HKLM\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service  (HKLM\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom  (HKLM\...\{5FC4C5FD-75D0-43D5-B9A5-6FE208D12F7D}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 ENU (HKLM\...\{773AC1E4-5F27-4DF6-A932-7FDDE35C069D}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Updates (HKLM\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{4B604E42-B6D7-4957-B5A5-CC7450D8E1EB}) (Version: 3.1238.1962 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
MorphVOX Jr (HKLM\...\{b321cb06-b0cf-426e-be88-ced33e3cdf7d}) (Version: 2.9.0.20444 - Screaming Bee)
MorphVOX Junior (HKLM\...\{E6C7380F-15DD-445E-BA02-B7A180BA0A5A}) (Version: 2.9.0.20444 - Screaming Bee) Hidden
Mozilla Firefox 54.0.1 (x86 he) (HKLM\...\Mozilla Firefox 54.0.1 (x86 he)) (Version: 54.0.1 - Mozilla)
Mozilla Firefox 61.0.1 (x86 he) (HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\Mozilla Firefox 61.0.1 (x86 he)) (Version: 61.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (HKLM\...\{128C1654-3B9E-4959-8BFB-CE6F09C0A01D}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Node.js (HKLM\...\{D14B61DD-ADDD-4563-B51F-8C19E1B32F7C}) (Version: 5.10.1 - Node.js Foundation)
Notepad++ (32-bit x86) (HKLM\...\Notepad++) (Version: 7.2.2 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-0000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-040D-0000-0000000FF1CE}) (Version: 16.0.8229.2045 - Microsoft Corporation) Hidden
One Week Jam (HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\One Week Jam) (Version:  - )
OpenAL (HKLM\...\OpenAL) (Version:  - )
paint.net (HKLM\...\{1F895C18-6A2F-4A9E-BBE9-246783070F36}) (Version: 4.0.16 - dotPDN LLC)
PaintTool SAI Ver.1 (HKLM\...\PaintToolSAI) (Version:  - )
Pepakura Designer 4 (HKLM\...\pepakura_designer4en) (Version:  - TamaSoftware)
PreEmptive Analytics Visual Studio Components (HKLM\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
PyQt GPL v4.11.4 for Python v3.4 (x32) (HKLM\...\PyQt GPL v4.11.4 for Python v3.4 (x32)) (Version: 4.11.4 - )
Python 2.7.9 (HKLM\...\{79F081BF-7454-43DB-BD8F-9EE596813232}) (Version: 2.7.9150 - Python Software Foundation)
Python 3.4.4 (HKLM\...\{50F37472-CBAB-47C6-A318-4C2BAE04D8EB}) (Version: 3.4.16789 - Python Software Foundation)
Python 3.7.0a1 (32-bit) (HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\{33f7b484-e24c-4101-a185-c6e6303f9b69}) (Version: 3.7.101.0 - Python Software Foundation)
Python 3.7.0a1 Core Interpreter (32-bit) (HKLM\...\{CCB0AE06-F649-461F-B85F-05F991B0F07E}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Development Libraries (32-bit) (HKLM\...\{95D67673-8E10-428A-B74C-744B44775220}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Documentation (32-bit) (HKLM\...\{D5D69739-308B-435D-B911-DE7B14FF4B1A}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Executables (32-bit) (HKLM\...\{3DAAC413-7112-4D74-A16E-EC7A90072874}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 pip Bootstrap (32-bit) (HKLM\...\{CCA99B41-D9DB-4A10-A00C-5F328108ED4C}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Standard Library (32-bit) (HKLM\...\{49AD8CE2-3A8D-4C25-81C6-4D330F552435}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Tcl/Tk Support (32-bit) (HKLM\...\{79FC45E6-814E-4351-9355-99F049BF747C}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Test Suite (32-bit) (HKLM\...\{DDCDEAA5-AECC-4596-9996-7C58234EF92A}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Utility Scripts (32-bit) (HKLM\...\{D84E2587-1A16-4DA2-9D58-72E2A2D2C1AE}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python Launcher (HKLM\...\{675736DA-F01C-42F0-BD96-AC28924B330E}) (Version: 3.7.6105.0 - Python Software Foundation)
QAvimator (HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\QAvimator) (Version: 0.1.1 - QAvimator Team)
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Card Reader (HKLM\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31233 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8004 - Realtek Semiconductor Corp.)
Roslyn Language Services - x86 (HKLM\...\{6970C7E1-F99D-388D-8903-DF8FCE677FED}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Runesword 2.5.0 (HKLM\...\Runesword) (Version: 2.5.0 - CrossCut Games, Inc.)
Service Pack 1 for SQL Server 2008 (KB968369) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Skype גירסה 8.23 (HKLM\...\Skype_is1) (Version: 8.23 - Skype Technologies S.A.)
Sparkol VideoScribe (HKLM\...\{EF81CFBA-B642-4ED4-8FBF-71663622762C}) (Version: 2.2.4001 - Sparkol) Hidden
Sparkol VideoScribe (HKLM\...\Sparkol VideoScribe 2.2.4001) (Version: 2.2.4001 - Sparkol)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
Sql Server Customer Experience Improvement Program (HKLM\...\{C965F01C-76EA-4BD7-973E-46236AE312D7}) (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Starcraft (HKLM\...\Starcraft) (Version:  - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1244 - SUPERAntiSpyware.com)
Swivel (HKLM\...\Swivel) (Version: 1.11 - Newgrounds.com, Inc.)
Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (HKLM\...\{7A95671A-759E-3B83-B763-4289D1D24D73}) (Version: 14.102.25619 - Microsoft) Hidden
TeamViewer 13 (HKLM\...\TeamViewer) (Version: 13.1.3629 - TeamViewer)
Test Tools for Microsoft Visual Studio 2015 (HKLM\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
TeXstudio 2.12.6 (HKLM\...\TeXstudio_is1) (Version: 2.12.6 - Benito van der Zander)
TexturePacker (HKLM\...\{DAB53546-7B02-482B-8A96-9C7795604977}) (Version: 4.4.0 - code-and-web.de)
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 4.0.3 - Tweaking.com)
TypeScript Power Tool (HKLM\...\{465ACA24-B8D6-4FEC-A42D-9EFCB92CD560}) (Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM\...\{BA5762C7-D35F-4725-A4BD-525854127018}) (Version: 1.8.36.0 - Microsoft Corporation) Hidden
Vegas Pro 10.0 (HKLM\...\{6D592E30-11EC-11E0-859C-0013D3D69929}) (Version: 10.0.469 - Sony)
Visual Studio 2015 Update 3 (KB3022398) (HKLM\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VLC media player 2.0.3 (HKLM\...\VLC media player) (Version: 2.0.3 - VideoLAN)
VPython 6.11 (HKLM\...\VPython for Python 2.7_is1) (Version:  - )
VS Update core components (HKLM\...\{B2918D01-1D89-34D3-87EF-A28121BC6EB7}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
vs_update3notification (HKLM\...\{AB3DF932-C990-34D4-BF43-970F760DA3CD}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 Runtime (HKLM\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WinHTTrack Website Copier 3.48-22 (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.22 - HTTrack)
wx4j v0.2.0 (HKLM\...\wx4j_is1) (Version:  - )
wxFormBuilder 3.5.1 (HKLM\...\wxFormBuilder_is1) (Version: 3.5.1 - Jose Antonio Hurtado)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-124123957-3465755313-2965481238-1000_Classes\CLSID\{65160427-a869-490e-ac60-29261d8a185d}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-124123957-3465755313-2965481238-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\-bora\AppData\Local\GoToMeeting\8625\G2MOutlookAddin.dll (LogMeIn, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++] -> {00F3C2EC-A6EE-11DE-A03A-EF8F55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2016-11-27] ()
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2017-08-02] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2017-05-23] (Safer-Networking Ltd.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {32305A2B-92CE-40D0-9FC2-1755128C22DD} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {39CA7515-CF5B-4E67-80D6-7553E1F9CE5C} - System32\Tasks\G2MUploadTask-S-1-5-21-124123957-3465755313-2965481238-1000 => C:\Users\-bora\AppData\Local\GoToMeeting\9167\g2mupload.exe [2018-07-27] (LogMeIn, Inc.)
Task: {59A07B46-10E0-46A8-90F0-BBA27937A467} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2017-05-02] (Tweaking.com)
Task: {8F0951A1-38F5-4607-812E-FEFDFE75CEC9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {9789D9A0-30BA-4BDF-A091-45F90E8591CE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9F5AA355-FC08-43FA-B22B-20D3F1911C05} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-10] (Adobe Systems Incorporated)
Task: {A45032AF-4363-46A2-9A02-EEECB908339E} - System32\Tasks\{8FB9065D-2B9A-4445-91DB-99EDDFD9303E} => "c:\program files\google\chrome\application\chrome.exe" hxxps://ui.skype.com/ui/0/7.30.0.105/he/go/help.faq.installer?LastError=1603
Task: {BD1CB2A2-444D-40A7-A7A9-66119FEA7F59} - System32\Tasks\G2MUpdateTask-S-1-5-21-124123957-3465755313-2965481238-1000 => C:\Users\-bora\AppData\Local\GoToMeeting\9167\g2mupdate.exe [2018-07-27] (LogMeIn, Inc.)
Task: {DEBE704F-1904-495A-B45B-EAE157A19A7B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {E20D3E1B-BD08-43D1-B765-3F7ED15BDECB} - System32\Tasks\{3E8F4DEF-4A67-40E1-8B3D-542B8D068629} => C:\Windows\system32\pcalua.exe -a C:\Users\-bora\Desktop\softwere\AdobePhotoshopCS6Portable.exe -d C:\Users\-bora\Desktop\softwere
Task: {F7EEC939-0CA5-4929-813C-3553465C1F9C} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2016-01-06] (Symantec Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Driver Booster SkipUAC (-bora).job => C:\Program Files\IObit\Driver Booster\4.1.0\DriverBooster.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-124123957-3465755313-2965481238-1000.job => C:\Users\-bora\AppData\Local\GoToMeeting\9167\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-124123957-3465755313-2965481238-1000.job => C:\Users\-bora\AppData\Local\GoToMeeting\9167\g2mupload.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\-bora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  
ShortcutWithArgument: C:\Users\-bora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-01-22 20:42 - 2016-01-22 18:56 - 000089008 _____ () C:\Windows\System32\cpwmon2k.dll
2017-07-31 16:21 - 2017-05-26 06:47 - 000090096 _____ () C:\Windows\System32\cpwmon2k_v32.dll
2017-08-14 16:33 - 2016-09-13 14:00 - 000109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-08-14 16:33 - 2016-09-13 14:00 - 000416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2017-08-14 16:33 - 2016-09-13 14:00 - 000167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-08-14 16:33 - 2017-05-12 11:36 - 000507464 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2017-01-27 00:16 - 2016-07-06 14:58 - 000414720 _____ () C:\Bitnami\WAMPST~1.30-\apache2\bin\pcre.dll
2017-01-27 00:16 - 2013-07-08 15:17 - 000068608 _____ () C:\Bitnami\WAMPST~1.30-\apache2\bin\zlib1.dll
2017-01-27 00:17 - 2017-01-19 07:10 - 000145408 _____ () C:\Bitnami\wampstack-5.6.30-0\php\libpq.dll
2017-01-27 00:28 - 2017-01-19 07:10 - 000176128 _____ () C:\Bitnami\WAMPST~1.30-\apache2\bin\libssh2.dll
2017-01-27 00:16 - 2016-11-28 21:00 - 011088384 _____ () C:\Bitnami\wampstack-5.6.30-0\mysql\bin\mysqld.exe
2018-06-10 13:31 - 2018-07-11 02:36 - 002169040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-06-12 20:51 - 2017-06-12 20:51 - 000048296 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2016-11-27 20:55 - 2016-11-27 20:55 - 000267952 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2018-03-09 01:34 - 2018-02-26 13:46 - 006970880 _____ () C:\Program Files\FireAlpaca\FireAlpaca32\FireAlpaca20\FireAlpaca.exe
2018-03-09 01:34 - 2016-03-25 18:43 - 000119822 _____ () C:\Program Files\FireAlpaca\FireAlpaca32\FireAlpaca20\libgcc_s_dw2-1.dll
2018-03-09 01:34 - 2016-03-25 18:43 - 001026062 _____ () C:\Program Files\FireAlpaca\FireAlpaca32\FireAlpaca20\libstdc++-6.dll
2018-03-09 01:34 - 2016-03-25 18:43 - 003920542 _____ () C:\Program Files\FireAlpaca\FireAlpaca32\FireAlpaca20\icuin54.dll
2018-03-09 01:34 - 2016-03-25 18:43 - 002177557 _____ () C:\Program Files\FireAlpaca\FireAlpaca32\FireAlpaca20\icuuc54.dll
2018-03-09 01:34 - 2016-03-25 18:43 - 025382664 _____ () C:\Program Files\FireAlpaca\FireAlpaca32\FireAlpaca20\icudt54.dll
2018-06-26 23:28 - 2018-06-22 22:04 - 002242904 _____ () C:\Program Files\Google\Chrome\Application\67.0.3396.99\swiftshader\libglesv2.dll
2018-06-26 23:28 - 2018-06-22 22:04 - 000109912 _____ () C:\Program Files\Google\Chrome\Application\67.0.3396.99\swiftshader\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HDAudBus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MMCSS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="[6cFgE][Şοûпđ, νìδ℮ô άήδ ğªмè ¢őήťřόℓŀèґš !!! !!! !]"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{640167b4-59b0-47a6-b335-a6b3c0695aea} => ""="Portable Media Devices"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HDAudBus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MMCSS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="[6cFgE][Şοûпđ, νìδ℮ô άήδ ğªмè ¢őήťřόℓŀèґš !!! !!! !]"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{640167b4-59b0-47a6-b335-a6b3c0695aea} => ""="Portable Media Devices"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7877 more sites.
 
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\123simsen.com -> www.123simsen.com
 
There are 7875 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 05:04 - 2018-07-27 21:25 - 000000531 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 mydownloaddomain.com
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 texttotalk.org
127.0.0.1 gambling577.xyz
127.0.0.1 htagdownload.space
127.0.0.1 mybcnmonetize.com
127.0.0.1 360devtraking.website
127.0.0.1 dscdn.pw
127.0.0.1 bcnmonetize.go2affise.com
127.0.0.1 beautifllink.xyz
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-124123957-3465755313-2965481238-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 10.100.102.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{9AC0F673-0E7D-4BFD-8233-C4A2E5B9D491}C:\bitnami\wampstack-5.6.29-0\apache2\bin\httpd.exe] => (Allow) C:\bitnami\wampstack-5.6.29-0\apache2\bin\httpd.exe
FirewallRules: [UDP Query User{A100049C-9429-432C-AAFB-DB6291F8E9EF}C:\bitnami\wampstack-5.6.29-0\apache2\bin\httpd.exe] => (Allow) C:\bitnami\wampstack-5.6.29-0\apache2\bin\httpd.exe
FirewallRules: [{3994ADDF-A993-4CC5-B32B-D33DF7F0E18A}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{94EE66C7-2B75-4E82-A319-BF89F110C8DC}] => (Allow) C:\Program Files\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{61A77592-BCEF-4F53-8E24-3A76E50B5E71}C:\users\-bora\downloads\zerobranestudio\zbstudio.exe] => (Allow) C:\users\-bora\downloads\zerobranestudio\zbstudio.exe
FirewallRules: [UDP Query User{B7D0C9CD-CF12-4CB9-BB25-2C530D598F96}C:\users\-bora\downloads\zerobranestudio\zbstudio.exe] => (Allow) C:\users\-bora\downloads\zerobranestudio\zbstudio.exe
FirewallRules: [{A2143E0E-D59E-4F39-ABE4-26FC06BB2F52}] => (Allow) C:\Program Files\IObit\Driver Booster\4.1.0\DriverBooster.exe
FirewallRules: [{38D60036-1011-4A8E-A5D4-F6B31631F63E}] => (Allow) C:\Program Files\IObit\Driver Booster\4.1.0\DriverBooster.exe
FirewallRules: [{9CF4DC91-8BE4-4461-8B99-79818FBAB830}] => (Allow) C:\Program Files\IObit\Driver Booster\4.1.0\DBDownloader.exe
FirewallRules: [{81751F39-2EE5-4ED6-914D-A461D906B729}] => (Allow) C:\Program Files\IObit\Driver Booster\4.1.0\DBDownloader.exe
FirewallRules: [{A81F29BC-63BA-4A3F-9F72-FE9E1C617A19}] => (Allow) C:\Program Files\IObit\Driver Booster\4.1.0\AutoUpdate.exe
FirewallRules: [{1EFC8FAD-5121-42AB-ABA0-D1DC686259C2}] => (Allow) C:\Program Files\IObit\Driver Booster\4.1.0\AutoUpdate.exe
FirewallRules: [{97BFA784-1617-4C95-B214-C19B1445021B}] => (Allow) C:\Users\-bora\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{69A4B24E-232C-49B9-9279-56F82895EA4F}] => (Allow) C:\Users\-bora\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{B6720F11-87B0-45B8-9D66-2AD3B4523CF7}] => (Allow) C:\Users\-bora\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{1542C101-F40B-4885-B8E0-AA62D0F0D87E}] => (Allow) C:\Users\-bora\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{6ED6241C-2F5E-4C5B-9512-7285FEA66474}] => (Allow) C:\Users\-bora\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{FE8E01E1-32F5-4314-9B3E-249FD8CC852C}] => (Allow) C:\Users\-bora\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{D337A756-3FBB-4D9C-A493-71272EBC0B71}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{1C16E280-4AF8-495F-914F-0F550EEE06D5}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{1EAC3036-D348-48AC-B3AE-0E045950DAF3}] => (Allow) C:\Users\-bora\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{6F5D6B85-538E-4AB4-9EBB-65D783E4E094}] => (Block) LPort=445
FirewallRules: [{99C8ED6D-2F41-4341-9B78-7C5ED0F3189A}] => (Block) LPort=445
FirewallRules: [{8F477FEE-EB41-4099-8B77-6A172812601B}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{2B7C492F-7B5D-4B18-83C7-17AD39D6C2F5}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{97DB3018-8CFB-4628-8511-925882B8ECD5}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{13672ACE-F463-40FB-A401-93EC5DE64F74}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{D82AB8DC-7A39-4901-B5FF-EC453769F82C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AC2A16CA-67B4-43EC-9D07-E18EB9EC72CC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9BB5214B-7681-48C7-A212-B886C7E06877}] => (Allow) C:\Users\-bora\AppData\Local\Torch\Plugins\Hola\hola_plugin_x64.exe
FirewallRules: [TCP Query User{2A19DD75-013B-4925-BC46-FD2F8F7EFE6D}C:\users\-bora\desktop\games\nazi zombies!!!\nazi zombies portable.exe] => (Allow) C:\users\-bora\desktop\games\nazi zombies!!!\nazi zombies portable.exe
FirewallRules: [UDP Query User{0BEB27C4-5801-4FC9-B542-9723F0DE7D57}C:\users\-bora\desktop\games\nazi zombies!!!\nazi zombies portable.exe] => (Allow) C:\users\-bora\desktop\games\nazi zombies!!!\nazi zombies portable.exe
FirewallRules: [TCP Query User{63905DAE-3F92-488F-8801-3B35A618BE37}C:\users\-bora\desktop\games\nazi zombies!!!\nazi zombies portable.exe] => (Block) C:\users\-bora\desktop\games\nazi zombies!!!\nazi zombies portable.exe
FirewallRules: [UDP Query User{B91B9E48-B738-46E2-889F-40729E75C191}C:\users\-bora\desktop\games\nazi zombies!!!\nazi zombies portable.exe] => (Block) C:\users\-bora\desktop\games\nazi zombies!!!\nazi zombies portable.exe
FirewallRules: [TCP Query User{23DD5293-0381-414A-8927-95392E92ED61}C:\users\-bora\downloads\zerobranestudio\zbstudio.exe] => (Allow) C:\users\-bora\downloads\zerobranestudio\zbstudio.exe
FirewallRules: [UDP Query User{D4571661-49E1-42F2-9C1A-D241F991C20C}C:\users\-bora\downloads\zerobranestudio\zbstudio.exe] => (Allow) C:\users\-bora\downloads\zerobranestudio\zbstudio.exe
FirewallRules: [{AC2E5225-62C0-49DA-920C-E701649DDF20}] => (Allow) C:\Program Files\Corona Labs\Corona SDK\Corona.LiveServer.exe
FirewallRules: [{45AC955C-4437-47C1-94D4-369FCA0C3AF2}] => (Allow) C:\Program Files\Corona Labs\Corona SDK\Corona.Debugger.exe
FirewallRules: [TCP Query User{74285B7D-9FC0-4CBC-B2F4-46B446E2C247}C:\users\-bora\eclipse\java-neon\eclipse\eclipse.exe] => (Allow) C:\users\-bora\eclipse\java-neon\eclipse\eclipse.exe
FirewallRules: [UDP Query User{C2A78777-871C-43EC-99ED-8526FF265908}C:\users\-bora\eclipse\java-neon\eclipse\eclipse.exe] => (Allow) C:\users\-bora\eclipse\java-neon\eclipse\eclipse.exe
FirewallRules: [TCP Query User{64D331C8-B6AE-4D86-B8F2-F4757230F7E0}C:\program files\basic4gl\basic4gl.exe] => (Allow) C:\program files\basic4gl\basic4gl.exe
FirewallRules: [UDP Query User{05D70EA7-4CCC-44F4-AF11-3FA7AA6736E0}C:\program files\basic4gl\basic4gl.exe] => (Allow) C:\program files\basic4gl\basic4gl.exe
FirewallRules: [TCP Query User{D13BC7C5-DE49-4E2E-A907-7307FD8E9683}C:\users\-bora\eclipse\java-oxygen\eclipse\eclipse.exe] => (Allow) C:\users\-bora\eclipse\java-oxygen\eclipse\eclipse.exe
FirewallRules: [UDP Query User{F81DCCDE-8787-468A-B935-C9895D003DD9}C:\users\-bora\eclipse\java-oxygen\eclipse\eclipse.exe] => (Allow) C:\users\-bora\eclipse\java-oxygen\eclipse\eclipse.exe
FirewallRules: [TCP Query User{7673C67B-AD90-4F5B-BDCA-C255DCB0EA57}C:\program files\ffsplit\ffsplit.exe] => (Allow) C:\program files\ffsplit\ffsplit.exe
FirewallRules: [UDP Query User{2177592D-7E2C-4C41-BE6B-A5485827D7A5}C:\program files\ffsplit\ffsplit.exe] => (Allow) C:\program files\ffsplit\ffsplit.exe
FirewallRules: [TCP Query User{14A7F7DF-337B-4512-9FBD-856F7A9AAD71}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe
FirewallRules: [UDP Query User{1625376E-E7B4-4A5F-9250-F61871367F6A}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe
FirewallRules: [TCP Query User{7B5F9AD2-CCFA-4314-9B66-2ADD2CAEA945}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe
FirewallRules: [UDP Query User{4E36560F-398F-4D11-8E6E-03126D332875}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe
FirewallRules: [TCP Query User{DBCAE0BA-5BC1-4FB9-8F6A-FDA57EE32A6A}C:\program files\java\jre1.8.0_144\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_144\bin\java.exe
FirewallRules: [UDP Query User{331C2AB9-9506-41AB-95FA-59DF73C48357}C:\program files\java\jre1.8.0_144\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_144\bin\java.exe
FirewallRules: [TCP Query User{28EC5C19-ADB0-41E3-B86D-4888C4DB9FA7}C:\program files\java\jre1.8.0_144\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_144\bin\javaw.exe
FirewallRules: [UDP Query User{7354BC87-6041-4913-800F-13D5BBAC00EC}C:\program files\java\jre1.8.0_144\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_144\bin\javaw.exe
FirewallRules: [{43510445-9949-4E82-8A34-C601CFC05560}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{86A86751-D616-479A-800E-C2B5EB678BD4}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{84D96BEE-9147-45B0-BC94-99459440BE2C}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F45A4D99-6530-488A-BCC4-4C92E3A2E81C}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{7CC74EFA-B7D4-47A9-9702-61DCCD9634A7}C:\users\-bora\downloads\ai war fleet command\aiwar.exe] => (Allow) C:\users\-bora\downloads\ai war fleet command\aiwar.exe
FirewallRules: [UDP Query User{FC71AB12-6DA4-4A23-BD49-63EF99524D1D}C:\users\-bora\downloads\ai war fleet command\aiwar.exe] => (Allow) C:\users\-bora\downloads\ai war fleet command\aiwar.exe
FirewallRules: [TCP Query User{58F56CDB-13B9-4AB6-A093-7CA18A9E3AEB}C:\program files\brackets\node.exe] => (Allow) C:\program files\brackets\node.exe
FirewallRules: [UDP Query User{4709702F-DA06-4386-AF87-6332071BDCB9}C:\program files\brackets\node.exe] => (Allow) C:\program files\brackets\node.exe
FirewallRules: [{C3540629-629A-4495-91BD-AA351F13D360}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{FFFA053E-1534-441A-A3E5-CF38AF0F1F09}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{ED81F266-F0F3-425E-A725-A7CFCDBE6F73}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C32349BB-40EB-4316-AB84-76FC944D0DB7}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FFBE4BB9-8AC4-4D7A-93F4-E0E349FFB080}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{A3C300AD-789A-49F3-B3E7-DD07EEC54BF8}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{E2988253-D29E-4FDB-B08D-B56A4C0EC3C0}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
12-07-2018 02:43:04 Windows Update
19-07-2018 14:25:25 נקודת ביקורת מתוזמנת
26-07-2018 15:27:43 נקודת ביקורת מתוזמנת
27-07-2018 22:53:12 ‏‏הוסר WhiteClick
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/27/2018 09:54:56 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: ‏‏הפעלת רשיון Windows נכשלה. שגיאה 0x00000000.
 
Error: (07/27/2018 09:54:56 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: ‏‏הפעלת רשיון (slui.exe) נכשלה עם קוד השגיאה הבא:
0x8007043C
 
Error: (07/27/2018 09:26:46 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: ‏‏הפעלת רשיון Windows נכשלה. שגיאה 0x00000000.
 
Error: (07/27/2018 09:26:46 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: ‏‏הפעלת רשיון (slui.exe) נכשלה עם קוד השגיאה הבא:
0x8007043C
 
Error: (07/19/2018 01:07:29 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: ‏‏התוכנית FireAlpaca.exe בגירסה 0.0.0.0 הפסיקה לקיים אינטראקציה עם Windows ונסגרה. כדי לגלות אם יש מידע זמין נוסף אודות הבעיה, בדוק את היסטוריית הבעיה בלוח הבקרה של מרכז הפעולות.
 
מזהה תהליך: 11b4
 
זמן התחלה: 01d41ee3a965afe3
 
זמן סיום: 46
 
נתיב יישום: C:\Program Files\FireAlpaca\FireAlpaca32\FireAlpaca20\FireAlpaca.exe
 
מזהה דוח: f4489844-8ad6-11e8-b4a6-206a8a2a225b
 
Error: (07/19/2018 01:07:02 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: ‏‏התוכנית FireAlpaca.exe בגירסה 0.0.0.0 הפסיקה לקיים אינטראקציה עם Windows ונסגרה. כדי לגלות אם יש מידע זמין נוסף אודות הבעיה, בדוק את היסטוריית הבעיה בלוח הבקרה של מרכז הפעולות.
 
מזהה תהליך: 154c
 
זמן התחלה: 01d41ee39e7bcbaa
 
זמן סיום: 18
 
נתיב יישום: C:\Program Files\FireAlpaca\FireAlpaca32\FireAlpaca20\FireAlpaca.exe
 
מזהה דוח: e3da44dd-8ad6-11e8-b4a6-206a8a2a225b
 
Error: (07/17/2018 09:19:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ‏‏יישום שחלות בו תקלות: chrome.exe, גירסה: 67.0.3396.99, חותמת זמן: 0x5b2d41c6
שם מודול שחלות בו תקלות: KERNELBASE.dll, גירסה: 6.1.7601.24168, חותמת זמן: 0x5b1aa77b
קוד חריגה: 0xe0000008
היסט תקלה: 0x0000845d
מזהה תהליך שחלות בו תקלות: 0x814
שעת ההפעלה של היישום שחלות בו תקלות: 0x01d41dab64505c8e
נתיב היישום שחלות בו תקלות: C:\Program Files\Google\Chrome\Application\chrome.exe
נתיב המודול שחלות בו תקלות: C:\Windows\system32\KERNELBASE.dll
מזהה דוח: e038c8ab-89ed-11e8-85bb-206a8a2a225b
 
Error: (07/11/2018 05:15:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: ‏‏התוכנית WORDPAD.EXE בגירסה 6.1.7601.23889 הפסיקה לקיים אינטראקציה עם Windows ונסגרה. כדי לגלות אם יש מידע זמין נוסף אודות הבעיה, בדוק את היסטוריית הבעיה בלוח הבקרה של מרכז הפעולות.
 
מזהה תהליך: 1bf4
 
זמן התחלה: 01d419218a373646
 
זמן סיום: 10
 
נתיב יישום: C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
 
מזהה דוח: db13bf8d-8514-11e8-b3fe-206a8a2a225b
 
 
System errors:
=============
Error: (07/27/2018 11:50:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: ‏‏הפעלת השירות שירות ‏עדכון Google (gupdate) נכשלה בשל השגיאה הבאה: 
‏‏למערכת אין אפשרות לאתר את הקובץ שצוין.
 
Error: (07/27/2018 11:48:08 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: ‏‏הפעלת מודול יכולת ההרחבה של WLAN נכשלה.
 
נתיב מודול: C:\Windows\system32\athExt.dll
קוד שגיאה: 126
 
Error: (07/27/2018 11:47:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: ‏‏השירות SQL Server (SQLEXPRESS) הסתיים באופן בלתי צפוי. אירוע זה התרחש בפעם ה- 1.
 
Error: (07/27/2018 11:47:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: ‏‏השירות Windows Media Player Network Sharing Service הסתיים באופן בלתי צפוי. אירוע זה התרחש בפעם ה- 1. פעולת התיקון הבאה תינקט תוך 30000 אלפיות שניה: הפעל מחדש את השירות.
 
Error: (07/27/2018 11:47:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: ‏‏השירות wampstackMySQL הסתיים באופן בלתי צפוי. אירוע זה התרחש בפעם ה- 1.
 
Error: (07/27/2018 11:47:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: ‏‏השירות Software Protection הסתיים באופן בלתי צפוי. אירוע זה התרחש בפעם ה- 1. פעולת התיקון הבאה תינקט תוך 120000 אלפיות שניה: הפעל מחדש את השירות.
 
Error: (07/27/2018 11:47:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: ‏‏השירות wampstackApache הסתיים באופן בלתי צפוי. אירוע זה התרחש בפעם ה- 1.
 
Error: (07/27/2018 11:47:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: ‏‏השירות Spybot-S&D 2 Updating Service הסתיים באופן בלתי צפוי. אירוע זה התרחש בפעם ה- 1. פעולת התיקון הבאה תינקט תוך 60000 אלפיות שניה: הפעל מחדש את השירות.
 
 
Windows Defender:
===================================
Date: 2017-07-11 14:03:04.435
Description: 
‏‏סריקת ‏‏Windows Defender הופסקה לפני שהושלמה.
מזהה סריקה:{83D45556-8A21-412D-A898-814B62F9702D}
סוג סריקה:‏‏תוכנה נגד תוכנות ריגול
פרמטרי סריקה:‏‏סריקה מהירה
משתמש:NT AUTHORITY\NETWORK SERVICE
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU U3600 @ 1.20GHz
Percentage of memory in use: 85%
Total physical RAM: 1781.86 MB
Available physical RAM: 258.94 MB
Total Virtual: 3696.72 MB
Available Virtual: 457.28 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.69 GB) (Free:18.82 GB) NTFS
 
\\?\Volume{bdd493c3-9b37-11e5-91f9-806e6f6e6963}\ (‏‏שמור על-ידי המערכת) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 7CFC04B9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:02 AM

Posted 27 July 2018 - 07:23 PM

  • Highlight the entire content of the quote box below.

Start::  
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 osppsvc; "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [X]
S3 catchme; \??\C:\Users\-bora\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
FirewallRules: [{6F5D6B85-538E-4AB4-9EBB-65D783E4E094}] => (Block) LPort=445
FirewallRules: [{99C8ED6D-2F41-4341-9B78-7C5ED0F3189A}] => (Block) LPort=445
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [No File]
2018-07-27 21:22 - 2018-07-27 21:22 - 000000003 _____ C:\Users\-bora\AppData\Local\wbem.ini
2018-05-26 18:29 - 2018-05-26 18:29 - 000064512 _____ () C:\Users\-bora\asz$explorer.exe
1601-01-03 21:33 - 1601-01-03 21:33 - 000073216 ____N (Microsoft Corporation) C:\Users\-bora\eCVErY.exe
2018-05-25 23:07 - 2014-05-04 22:23 - 001130502 _____ () C:\Users\-bora\SUPPOR~1.VBS
2018-05-26 18:25 - 2018-05-26 18:25 - 000043119 ___SH () C:\Users\-bora\windowsdata.vbs
1601-01-03 21:33 - 1601-01-03 21:33 - 000186368 ____N (Microsoft Corporation) C:\Program Files\gAuP.exe
1601-01-03 21:33 - 1601-01-03 21:33 - 000073216 ____N (Microsoft Corporation) C:\Users\-bora\AppData\Roaming\ayoMkai.exe
2016-12-21 21:27 - 2018-06-07 15:01 - 000000100 _____ () C:\Users\-bora\AppData\Roaming\Camdata.ini
2016-12-21 21:27 - 2018-06-07 15:01 - 000000408 _____ () C:\Users\-bora\AppData\Roaming\CamLayout.ini
2016-12-21 21:27 - 2018-06-07 15:01 - 000000408 _____ () C:\Users\-bora\AppData\Roaming\CamShapes.ini
2016-12-21 21:27 - 2018-06-07 15:01 - 000004520 _____ () C:\Users\-bora\AppData\Roaming\CamStudio.cfg
2018-05-26 18:31 - 2018-05-26 18:31 - 000184592 _____ () C:\Users\-bora\AppData\Roaming\data.dbf
2018-05-26 18:31 - 2018-06-06 10:38 - 000929236 ___SH () C:\Users\-bora\AppData\Roaming\dtmp1.tmp
2016-12-22 19:46 - 2018-07-11 22:32 - 000009598 _____ () C:\Users\-bora\AppData\Roaming\ZeroBraneStudio.ini
2017-07-01 18:35 - 2017-07-01 18:35 - 000140800 _____ () C:\Users\-bora\AppData\Local\installer.dat
2017-06-28 18:25 - 2017-06-28 18:25 - 000000600 _____ () C:\Users\-bora\AppData\Local\PUTTY.RND
2018-03-09 00:46 - 2018-03-09 00:46 - 000000218 _____ () C:\Users\-bora\AppData\Local\recently-used.xbel
HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\Run: [SUPPOR~1] => wscript.exe //B "C:\Users\-bora\SUPPOR~1.VBS"
HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\Run: [WINDOW~1] => wscript.exe //B "C:\Users\-bora\WINDOW~1.VBS"
Startup: C:\Users\-bora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SUPPOR~1.VBS [2014-05-04] ()
Startup: C:\Users\-bora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WINDOW~1.VBS [2018-05-26] ()
C:\Users\-bora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WINDOW~1.VBS
C:\Users\-bora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SUPPOR~1.VBS
C:\Users\-bora\SUPPOR~1.VBS
C:\Users\-bora\WINDOW~1.VBS
2018-05-26 18:31 - 2018-06-06 10:38 - 000929236 ___SH () C:\Users\-bora\AppData\Roaming\dtmp1.tmp
2018-07-27 21:24 - 2018-07-27 21:24 - 000000000 ____D C:\Users\-bora\AppData\Roaming\2ijz5ug0uv1
2018-07-27 21:23 - 2018-07-27 21:54 - 000000000 ____D C:\Program Files\ujqdukl
2018-07-27 21:23 - 2018-07-27 21:23 - 000000000 ____D C:\Users\-bora\AppData\Roaming\0tbmjo3hnpf
2018-07-27 21:22 - 2018-07-27 21:22 - 000000003 _____ C:\Users\-bora\AppData\Local\wbem.ini
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
 

 

RQKuhw1.pngRogueKiller

  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 yoelr

yoelr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 28 July 2018 - 07:10 AM

Fix result of Farbar Recovery Scan Tool (x86) Version: 21.07.2018
Ran by -bora (28-07-2018 12:48:31) Run:1
Running from C:\Users\-bora\Downloads
Loaded Profiles: -bora (Available Profiles: -bora)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
  
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 osppsvc; "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [X]
S3 catchme; \??\C:\Users\-bora\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION
FirewallRules: [{6F5D6B85-538E-4AB4-9EBB-65D783E4E094}] => (Block) LPort=445
FirewallRules: [{99C8ED6D-2F41-4341-9B78-7C5ED0F3189A}] => (Block) LPort=445
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [No File]
2018-07-27 21:22 - 2018-07-27 21:22 - 000000003 _____ C:\Users\-bora\AppData\Local\wbem.ini
2018-05-26 18:29 - 2018-05-26 18:29 - 000064512 _____ () C:\Users\-bora\asz$explorer.exe
1601-01-03 21:33 - 1601-01-03 21:33 - 000073216 ____N (Microsoft Corporation) C:\Users\-bora\eCVErY.exe
2018-05-25 23:07 - 2014-05-04 22:23 - 001130502 _____ () C:\Users\-bora\SUPPOR~1.VBS
2018-05-26 18:25 - 2018-05-26 18:25 - 000043119 ___SH () C:\Users\-bora\windowsdata.vbs
1601-01-03 21:33 - 1601-01-03 21:33 - 000186368 ____N (Microsoft Corporation) C:\Program Files\gAuP.exe
1601-01-03 21:33 - 1601-01-03 21:33 - 000073216 ____N (Microsoft Corporation) C:\Users\-bora\AppData\Roaming\ayoMkai.exe
2016-12-21 21:27 - 2018-06-07 15:01 - 000000100 _____ () C:\Users\-bora\AppData\Roaming\Camdata.ini
2016-12-21 21:27 - 2018-06-07 15:01 - 000000408 _____ () C:\Users\-bora\AppData\Roaming\CamLayout.ini
2016-12-21 21:27 - 2018-06-07 15:01 - 000000408 _____ () C:\Users\-bora\AppData\Roaming\CamShapes.ini
2016-12-21 21:27 - 2018-06-07 15:01 - 000004520 _____ () C:\Users\-bora\AppData\Roaming\CamStudio.cfg
2018-05-26 18:31 - 2018-05-26 18:31 - 000184592 _____ () C:\Users\-bora\AppData\Roaming\data.dbf
2018-05-26 18:31 - 2018-06-06 10:38 - 000929236 ___SH () C:\Users\-bora\AppData\Roaming\dtmp1.tmp
2016-12-22 19:46 - 2018-07-11 22:32 - 000009598 _____ () C:\Users\-bora\AppData\Roaming\ZeroBraneStudio.ini
2017-07-01 18:35 - 2017-07-01 18:35 - 000140800 _____ () C:\Users\-bora\AppData\Local\installer.dat
2017-06-28 18:25 - 2017-06-28 18:25 - 000000600 _____ () C:\Users\-bora\AppData\Local\PUTTY.RND
2018-03-09 00:46 - 2018-03-09 00:46 - 000000218 _____ () C:\Users\-bora\AppData\Local\recently-used.xbel
HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\Run: [SUPPOR~1] => wscript.exe //B "C:\Users\-bora\SUPPOR~1.VBS"
HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\Run: [WINDOW~1] => wscript.exe //B "C:\Users\-bora\WINDOW~1.VBS"
Startup: C:\Users\-bora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SUPPOR~1.VBS [2014-05-04] ()
Startup: C:\Users\-bora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WINDOW~1.VBS [2018-05-26] ()
C:\Users\-bora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WINDOW~1.VBS
C:\Users\-bora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SUPPOR~1.VBS
C:\Users\-bora\SUPPOR~1.VBS
C:\Users\-bora\WINDOW~1.VBS
2018-05-26 18:31 - 2018-06-06 10:38 - 000929236 ___SH () C:\Users\-bora\AppData\Roaming\dtmp1.tmp
2018-07-27 21:24 - 2018-07-27 21:24 - 000000000 ____D C:\Users\-bora\AppData\Roaming\2ijz5ug0uv1
2018-07-27 21:23 - 2018-07-27 21:54 - 000000000 ____D C:\Program Files\ujqdukl
2018-07-27 21:23 - 2018-07-27 21:23 - 000000000 ____D C:\Users\-bora\AppData\Roaming\0tbmjo3hnpf
2018-07-27 21:22 - 2018-07-27 21:22 - 000000003 _____ C:\Users\-bora\AppData\Local\wbem.ini
EMPTYTEMP:
Reboot:
 
*****************
 
"HKLM\System\CurrentControlSet\Services\gupdate" => removed successfully.
gupdate => service removed successfully.
"HKLM\System\CurrentControlSet\Services\gupdatem" => removed successfully.
gupdatem => service removed successfully.
"HKLM\System\CurrentControlSet\Services\osppsvc" => removed successfully.
osppsvc => service removed successfully.
"HKLM\System\CurrentControlSet\Services\catchme" => removed successfully.
catchme => service removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6F5D6B85-538E-4AB4-9EBB-65D783E4E094}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{99C8ED6D-2F41-4341-9B78-7C5ED0F3189A}" => removed successfully.
"HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => removed successfully.
"HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => removed successfully.
C:\Users\-bora\AppData\Local\wbem.ini => moved successfully
C:\Users\-bora\asz$explorer.exe => moved successfully
C:\Users\-bora\eCVErY.exe => moved successfully
Could not move "C:\Users\-bora\SUPPOR~1.VBS" => Scheduled to move on reboot.
Could not move "C:\Users\-bora\windowsdata.vbs" => Scheduled to move on reboot.
C:\Program Files\gAuP.exe => moved successfully
C:\Users\-bora\AppData\Roaming\ayoMkai.exe => moved successfully
C:\Users\-bora\AppData\Roaming\Camdata.ini => moved successfully
C:\Users\-bora\AppData\Roaming\CamLayout.ini => moved successfully
C:\Users\-bora\AppData\Roaming\CamShapes.ini => moved successfully
C:\Users\-bora\AppData\Roaming\CamStudio.cfg => moved successfully
C:\Users\-bora\AppData\Roaming\data.dbf => moved successfully
C:\Users\-bora\AppData\Roaming\dtmp1.tmp => moved successfully
C:\Users\-bora\AppData\Roaming\ZeroBraneStudio.ini => moved successfully
C:\Users\-bora\AppData\Local\installer.dat => moved successfully
C:\Users\-bora\AppData\Local\PUTTY.RND => moved successfully
C:\Users\-bora\AppData\Local\recently-used.xbel => moved successfully
"HKU\S-1-5-21-124123957-3465755313-2965481238-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SUPPOR~1" => removed successfully.
"HKU\S-1-5-21-124123957-3465755313-2965481238-1000\Software\Microsoft\Windows\CurrentVersion\Run\\WINDOW~1" => removed successfully.
C:\Users\-bora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SUPPOR~1.VBS => moved successfully
C:\Users\-bora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WINDOW~1.VBS => moved successfully
"C:\Users\-bora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WINDOW~1.VBS" => not found
"C:\Users\-bora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SUPPOR~1.VBS" => not found
Could not move "C:\Users\-bora\SUPPOR~1.VBS" => Scheduled to move on reboot.
Could not move "C:\Users\-bora\WINDOW~1.VBS" => Scheduled to move on reboot.
"C:\Users\-bora\AppData\Roaming\dtmp1.tmp" => not found
C:\Users\-bora\AppData\Roaming\2ijz5ug0uv1 => moved successfully
C:\Program Files\ujqdukl => moved successfully
C:\Users\-bora\AppData\Roaming\0tbmjo3hnpf => moved successfully
"C:\Users\-bora\AppData\Local\wbem.ini" => not found
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 24260916 B
Java, Flash, Steam htmlcache => 14898 B
Windows/system/drivers => 12173 B
Edge => 0 B
Chrome => 403843442 B
Firefox => 356551026 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
LocalService => 0 B
NetworkService => 150840 B
-bora => 76960036 B
 
RecycleBin => 0 B
EmptyTemp: => 829.9 MB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 28-07-2018 12:56:19)
 
C:\Users\-bora\SUPPOR~1.VBS => is moved successfully
C:\Users\-bora\windowsdata.vbs => is moved successfully
C:\Users\-bora\SUPPOR~1.VBS => is moved successfully
C:\Users\-bora\WINDOW~1.VBS => is moved successfully
 
==== End of Fixlog 12:56:19 ====
 
 
 
 
 
RogueKiller V12.12.28.0 [Jul 23 2018] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : -bora [Administrator]
Started from : C:\Users\-bora\Desktop\RogueKiller_portable32.exe
Mode : Delete -- Date : 07/28/2018 13:04:14 (Duration : 01:32:33)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 9 ¤¤¤
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID\{4E120188-0CAC-468C-B2D9-9D1F079EBC25} (C:\Users\-bora\AppData\Local\Temp\HYD5FBD.tmp.1485452247\HTA\3rdparty\FS.ocx) -> Deleted
[PUP.Gen1] HKEY_USERS\S-1-5-21-124123957-3465755313-2965481238-1000\Software\IM -> Deleted
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.100.102.1 ([])  -> Replaced ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.100.102.1 ([])  -> Replaced ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6AF92CD5-D0F9-4B3A-85B3-E8623CDE48DD} | DhcpNameServer : 10.100.102.1 ([])  -> Replaced ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6AF92CD5-D0F9-4B3A-85B3-E8623CDE48DD} | DhcpNameServer : 10.100.102.1 ([])  -> Replaced ()
[PUP.Gen1] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9BB5214B-7681-48C7-A212-B886C7E06877} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\-bora\AppData\Local\Torch\Plugins\Hola\hola_plugin_x64.exe|Name=hola_plugin_x64.exe| [x] -> Deleted
[PUP.Gen1] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9BB5214B-7681-48C7-A212-B886C7E06877} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\-bora\AppData\Local\Torch\Plugins\Hola\hola_plugin_x64.exe|Name=hola_plugin_x64.exe| [x] -> Deleted
[PUM.StartMenu] HKEY_USERS\S-1-5-21-124123957-3465755313-2965481238-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Replaced (1)
 
¤¤¤ Tasks : 1 ¤¤¤
[Hj.Shortcut] \{8FB9065D-2B9A-4445-91DB-99EDDFD9303E} -- "c:\program files\google\chrome\application\chrome.exe" (https://ui.skype.com/ui/0/7.30.0.105/he/go/help.faq.installer?LastError=1603) -> Deleted
 
¤¤¤ Files : 4 ¤¤¤
[Suspicious.Startup][File] C:\Users\-bora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SUPPOR~1.VBS -> Deleted
[Suspicious.Startup][File] C:\Users\-bora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WINDOW~1.VBS -> Deleted
[PUP.HackTool][Folder] C:\ProgramData\KMSAuto -> Deleted
[PUP.HackTool][File] C:\ProgramData\KMSAuto\bin\driver\oas_sert.cer -> Deleted
[PUP.HackTool][File] C:\ProgramData\KMSAuto\bin\driver\tap0901.cer -> Deleted
[PUP.HackTool][File] C:\ProgramData\KMSAuto\bin\driver\x86TAP1\devcon.exe -> Deleted
[PUP.HackTool][File] C:\ProgramData\KMSAuto\bin\driver\x86TAP1\OemVista.inf -> Deleted
[PUP.HackTool][File] C:\ProgramData\KMSAuto\bin\driver\x86TAP1\ptun0901.cat -> Deleted
[PUP.HackTool][File] C:\ProgramData\KMSAuto\bin\driver\x86TAP1\ptun0901.sys -> Deleted
[PUP.HackTool][Folder] C:\ProgramData\KMSAuto\bin\driver\x86TAP1 -> Deleted
[PUP.HackTool][File] C:\ProgramData\KMSAuto\bin\driver\x86TAP2\devcon.exe -> Deleted
[PUP.HackTool][File] C:\ProgramData\KMSAuto\bin\driver\x86TAP2\oas_sert.cer -> Deleted
[PUP.HackTool][File] C:\ProgramData\KMSAuto\bin\driver\x86TAP2\tapoas.cat -> Deleted
[PUP.HackTool][File] C:\ProgramData\KMSAuto\bin\driver\x86TAP2\tapoas.inf -> Deleted
[PUP.HackTool][File] C:\ProgramData\KMSAuto\bin\driver\x86TAP2\tapoas.sys -> Deleted
[PUP.HackTool][Folder] C:\ProgramData\KMSAuto\bin\driver\x86TAP2 -> Deleted
[PUP.HackTool][File] C:\ProgramData\KMSAuto\bin\driver\x86WDV\FakeClient.exe -> Deleted
[PUP.HackTool][File] C:\ProgramData\KMSAuto\bin\driver\x86WDV\WdfCoInstaller01009.dll -> Deleted
[PUP.HackTool][File] C:\ProgramData\KMSAuto\bin\driver\x86WDV\WinDivert.dll -> Deleted
[PUP.HackTool][File] C:\ProgramData\KMSAuto\bin\driver\x86WDV\WinDivert.inf -> Deleted
[PUP.HackTool][File] C:\ProgramData\KMSAuto\bin\driver\x86WDV\WinDivert.sys -> Deleted
[PUP.HackTool][Folder] C:\ProgramData\KMSAuto\bin\driver\x86WDV -> Deleted
[PUP.HackTool][Folder] C:\ProgramData\KMSAuto\bin\driver -> Deleted
[PUP.HackTool][File] C:\ProgramData\KMSAuto\bin\TunMirror2.exe -> Deleted
[PUP.HackTool][Folder] C:\ProgramData\KMSAuto\bin -> Deleted
[PUP.HackTool][Folder] C:\ProgramData\KMSAuto -> ERROR [3]
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Patriot Blast ATA Device +++++
--- User ---
[MBR] df2f1a5231eb46b6d7523d17e5bc9dbb
[BSP] 7d6d36a0b8dc9fc29c58b47c1e036a2d : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 114371 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:02 AM

Posted 31 July 2018 - 12:27 PM

Sorry for the delay. How is the computer doing?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 yoelr

yoelr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 31 July 2018 - 01:45 PM

i dont know, if thers somthing the scans cant find it, i didnt notice proformence changes.

again if thers a hidden trojen or backdoor i cant find it thats why i came here. did you find anything in the info provided by me?



#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:02 AM

Posted 31 July 2018 - 06:47 PM

You did have some suspicious files and folders. Lets take another look.

 

  • Open FRST as an Administrator.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:02 AM

Posted 03 August 2018 - 10:50 PM

How is it doing?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 yoelr

yoelr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 04 August 2018 - 10:08 AM

thank you and here it is:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02.08.2018
Ran by -bora (administrator) on -BORA-PC (04-08-2018 18:03:13)
Running from C:\Users\-bora\Downloads
Loaded Profiles: -bora (Available Profiles: -bora)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: עברית (ישראל)‏
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Apache Software Foundation) C:\Bitnami\WAMPST~1.30-\apache2\bin\httpd.exe
() C:\Bitnami\wampstack-5.6.30-0\mysql\bin\mysqld.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apache Software Foundation) C:\Bitnami\WAMPST~1.30-\apache2\bin\httpd.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Tweaking.com) C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\-bora\Downloads\frstenglish.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
HKLM\...\Run: [snpstd3] => C:\Windows\vsnpstd3.exe [339968 2005-09-05] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\Run: [WINDOW~1] => wscript.exe //B "C:\Users\-bora\WINDOW~1.VBS"
HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\Run: [SUPPOR~1] => wscript.exe //B "C:\Users\-bora\SUPPOR~1.VBS"
Startup: C:\Users\-bora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SUPPOR~1.VBS [2014-05-04] ()
Startup: C:\Users\-bora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WINDOW~1.VBS [2018-05-26] ()
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.100.102.1
Tcpip\..\Interfaces\{6AF92CD5-D0F9-4B3A-85B3-E8623CDE48DD}: [DhcpNameServer] 10.100.102.1
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-124123957-3465755313-2965481238-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-124123957-3465755313-2965481238-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES007&pc=UE06
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll [2018-05-21] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-05-21] (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
 
FireFox:
========
FF DefaultProfile: m2mhjriz.default
FF ProfilePath: C:\Users\-bora\AppData\Roaming\Mozilla\Firefox\Profiles\m2mhjriz.default [2018-08-01]
FF user.js: detected! => C:\Users\-bora\AppData\Roaming\Mozilla\Firefox\Profiles\m2mhjriz.default\user.js [2017-06-30]
FF Extension: (Firefox Hotfix) - C:\Users\-bora\AppData\Roaming\Mozilla\Firefox\Profiles\m2mhjriz.default\Extensions\firefox-hotfix@mozilla.org.xpi [2017-08-21] [Legacy]
FF Plugin: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-05-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-05-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)
 
Chrome: 
=======
CHR Profile: C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default [2018-08-04]
CHR Extension: (Slides) - C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (כונן Google) - C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-21]
CHR Extension: (YouTube) - C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-21]
CHR Extension: (Session Buddy) - C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2018-01-30]
CHR Extension: (Full Page Screen Capture) - C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2018-07-25]
CHR Extension: (Sheets) - C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-22]
CHR Extension: (AdBlock) - C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-07-26]
CHR Extension: (Ears: Bass Boost, EQ Any Audio!) - C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfdfiepdkbnoanddpianalelglmfooik [2018-05-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06]
CHR Extension: (Gmail) - C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-21]
CHR Extension: (Chrome Media Router) - C:\Users\-bora\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-08]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-01-31] (SUPERAntiSpyware.com)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4753104 2018-05-09] (Malwarebytes)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [11644144 2018-07-23] (TeamViewer GmbH)
S3 VSStandardCollectorService140; C:\Program Files\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [86760 2016-09-06] (Microsoft Corporation)
R2 wampstackApache; C:\Bitnami\WAMPST~1.30-\apache2\bin\httpd.exe [23040 2016-07-07] (Apache Software Foundation) [File not signed]
R2 wampstackMySQL; C:\Bitnami\wampstack-5.6.30-0\mysql\bin\mysqld.exe [11088384 2016-11-28] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [47504 2017-08-02] (IVT Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [239168 2016-12-21] (DT Soft Ltd)
R3 ETDSMBus; C:\Windows\System32\DRIVERS\ETDSMBus.sys [28744 2017-08-02] (ELAN Microelectronic Corp.)
R2 giveio; C:\Windows\system32\giveio.sys [5248 1996-04-03] () [File not signed]
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2017-01-06] (REALiX™)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x86.sys [110280 2017-08-02] (Qualcomm Atheros Co., Ltd.)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [220896 2018-08-04] (Malwarebytes)
R3 RTSUER; C:\Windows\System32\Drivers\RtsUer.sys [308192 2017-08-02] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SCREAMINGBDRIVER; C:\Windows\System32\drivers\ScreamingBAudio.sys [49856 2016-03-28] (Screaming Bee Inc)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [8701824 2005-10-13] ()
R2 speedfan; C:\Windows\system32\speedfan.sys [24184 2012-12-29] (Almico Software)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-04 18:02 - 2018-08-04 18:02 - 000000000 ____D C:\Users\-bora\Downloads\FRST-OlderVersion
2018-08-04 17:01 - 2018-08-04 17:01 - 000220896 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-08-03 01:55 - 2018-08-03 01:58 - 002727572 _____ C:\Users\-bora\Downloads\kryonet-2.21.zip
2018-08-03 01:33 - 2018-08-03 01:57 - 000000000 ____D C:\Users\-bora\Downloads\kryonet-master
2018-08-03 01:31 - 2018-08-03 01:31 - 000647232 _____ C:\Users\-bora\Downloads\kryonet-master.zip
2018-08-01 23:08 - 2018-08-01 23:08 - 000000000 ____D C:\Users\-bora\Downloads\Justice League (2017) [YTS.AM]
2018-08-01 14:35 - 2018-08-01 14:35 - 002097008 _____ C:\Users\-bora\Downloads\WitchKingOfAngmar_TemplatesByMetalfist.zip
2018-07-29 09:49 - 2018-07-29 09:49 - 003769389 _____ C:\Users\-bora\Downloads\Lab2Instructions.zip
2018-07-28 20:17 - 2018-07-28 20:17 - 000028672 _____ C:\Users\-bora\Downloads\US_Export.xls
2018-07-28 13:04 - 2018-07-28 13:04 - 000024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-07-28 13:03 - 2018-07-28 18:35 - 000000000 ____D C:\ProgramData\RogueKiller
2018-07-28 12:56 - 2018-05-26 18:25 - 000043119 ___SH C:\Users\-bora\WINDOW~1.VBS
2018-07-28 12:56 - 2014-05-04 22:23 - 001130502 _____ C:\Users\-bora\SUPPOR~1.VBS
2018-07-27 22:49 - 2018-07-27 23:47 - 000000000 ____D C:\AdwCleaner
2018-07-27 22:46 - 2018-07-27 22:48 - 007417040 _____ (Malwarebytes) C:\Users\-bora\Downloads\adwcleaner_7.2.2.exe
2018-07-26 16:56 - 2018-07-26 16:57 - 000000000 ____D C:\Users\-bora\Downloads\lib
2018-07-26 16:54 - 2018-07-26 16:57 - 015070588 _____ C:\Users\-bora\Downloads\htmlunit-2.31-bin (4).zip
2018-07-26 11:00 - 2018-07-26 11:00 - 001588064 _____ C:\Users\-bora\Downloads\d3-geomap-1.0.2.zip
2018-07-25 12:51 - 2018-07-25 12:53 - 043206461 _____ C:\Users\-bora\Downloads\Micron (src).zip
2018-07-25 12:40 - 2018-07-25 12:40 - 000000000 ____D C:\Users\-bora\AppData\Roaming\jRabbit Data
2018-07-25 10:42 - 2018-07-25 10:42 - 006618343 _____ C:\Users\-bora\Downloads\book_source.zip
2018-07-25 10:42 - 2018-07-25 10:42 - 004943078 _____ C:\Users\-bora\Downloads\The lucu guide for creating videogames_version_4.0.pdf
2018-07-24 19:08 - 2018-07-24 19:09 - 030451486 _____ C:\Users\-bora\Downloads\xith3d-0.9.6-beta1.tar.bz2
2018-07-19 02:44 - 2018-07-19 02:44 - 002346915 _____ C:\Users\-bora\Downloads\taner.pdn
2018-07-16 17:14 - 2018-07-17 01:27 - 000000020 _____ C:\Users\-bora\Documents\2222222222222222222222.txt
2018-07-15 01:25 - 2018-07-15 01:25 - 000005279 _____ C:\Users\-bora\Desktop\fb_f.txt
2018-07-11 17:59 - 2011-12-06 07:27 - 007061132 _____ C:\Users\-bora\Downloads\029 Midnight Rogue.pdf
2018-07-11 11:25 - 2018-06-21 03:00 - 000348824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-07-11 11:25 - 2018-06-16 19:36 - 020286464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-07-11 11:25 - 2018-06-16 19:19 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-07-11 11:25 - 2018-06-16 19:19 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-07-11 11:25 - 2018-06-16 19:06 - 000498176 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-07-11 11:25 - 2018-06-16 19:06 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-07-11 11:25 - 2018-06-16 19:05 - 000341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-07-11 11:25 - 2018-06-16 19:05 - 000047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-07-11 11:25 - 2018-06-16 19:04 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-07-11 11:25 - 2018-06-16 19:02 - 002295296 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-07-11 11:25 - 2018-06-16 18:59 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-07-11 11:25 - 2018-06-16 18:59 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-07-11 11:25 - 2018-06-16 18:57 - 000476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-07-11 11:25 - 2018-06-16 18:56 - 000662016 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-07-11 11:25 - 2018-06-16 18:56 - 000115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-07-11 11:25 - 2018-06-16 18:56 - 000104960 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-07-11 11:25 - 2018-06-16 18:55 - 000620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-07-11 11:25 - 2018-06-16 18:49 - 000668160 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-07-11 11:25 - 2018-06-16 18:47 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-07-11 11:25 - 2018-06-16 18:42 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-07-11 11:25 - 2018-06-16 18:42 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-07-11 11:25 - 2018-06-16 18:41 - 000091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-07-11 11:25 - 2018-06-16 18:39 - 000168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-07-11 11:25 - 2018-06-16 18:38 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-07-11 11:25 - 2018-06-16 18:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-07-11 11:25 - 2018-06-16 18:36 - 000130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-07-11 11:25 - 2018-06-16 18:34 - 004496384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-07-11 11:25 - 2018-06-16 18:32 - 013680128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-07-11 11:25 - 2018-06-16 18:30 - 000230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-07-11 11:25 - 2018-06-16 18:29 - 000696320 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-07-11 11:25 - 2018-06-16 18:28 - 002060288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-07-11 11:25 - 2018-06-16 18:28 - 000692224 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-07-11 11:25 - 2018-06-16 18:27 - 001155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-07-11 11:25 - 2018-06-16 18:08 - 002767872 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-07-11 11:25 - 2018-06-16 18:05 - 001313792 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-07-11 11:25 - 2018-06-16 18:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-07-11 11:25 - 2018-06-13 18:55 - 012880384 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-07-11 11:25 - 2018-06-13 18:54 - 001499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-07-11 11:25 - 2018-06-13 18:25 - 002404352 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-07-11 11:25 - 2018-06-08 19:02 - 004050624 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-07-11 11:25 - 2018-06-08 19:02 - 003962048 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-07-11 11:25 - 2018-06-08 19:02 - 000189632 _____ (Microsoft Corporation) C:\Windows\system32\halmacpi.dll
2018-07-11 11:25 - 2018-06-08 19:02 - 000189632 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-07-11 11:25 - 2018-06-08 19:02 - 000137920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-07-11 11:25 - 2018-06-08 19:02 - 000136384 _____ (Microsoft Corporation) C:\Windows\system32\halacpi.dll
2018-07-11 11:25 - 2018-06-08 19:02 - 000067264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-07-11 11:25 - 2018-06-08 18:57 - 001310488 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 001417728 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 001063424 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000377344 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000330240 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-07-11 11:25 - 2018-06-08 18:55 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000269824 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:54 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:29 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-07-11 11:25 - 2018-06-08 18:28 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2018-07-11 11:25 - 2018-06-08 18:27 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-07-11 11:25 - 2018-06-08 18:27 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-07-11 11:25 - 2018-06-08 18:27 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-07-11 11:25 - 2018-06-08 18:27 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-07-11 11:25 - 2018-06-08 18:27 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-07-11 11:25 - 2018-06-08 18:25 - 000271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-07-11 11:25 - 2018-06-08 18:24 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-07-11 11:25 - 2018-06-08 18:24 - 000107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-07-11 11:25 - 2018-06-08 18:21 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-07-11 11:25 - 2018-06-08 18:21 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-07-11 11:25 - 2018-06-08 18:21 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-07-11 11:25 - 2018-06-08 18:19 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-07-11 11:25 - 2018-06-08 18:19 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-07-11 11:25 - 2018-06-08 18:19 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-07-11 11:25 - 2018-06-08 18:19 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-07-11 11:25 - 2018-06-08 18:19 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:19 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-07-11 11:25 - 2018-06-08 18:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-07-11 11:25 - 2018-06-07 18:57 - 000564736 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-07-11 11:25 - 2018-06-07 18:57 - 000463360 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-07-11 11:25 - 2018-06-07 18:57 - 000089088 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-07-11 11:25 - 2018-06-07 18:34 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-07-11 11:25 - 2018-06-07 18:34 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-07-11 11:25 - 2018-05-31 18:56 - 001310912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2018-07-11 11:25 - 2018-05-31 18:56 - 000240832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2018-07-11 11:25 - 2018-05-31 18:56 - 000187584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2018-07-11 11:25 - 2018-05-02 18:30 - 000285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2018-07-11 11:25 - 2018-05-02 18:30 - 000259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2018-07-11 11:25 - 2018-05-02 18:30 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2018-07-11 11:25 - 2018-05-02 18:30 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2018-07-11 11:25 - 2018-05-02 18:30 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2018-07-11 11:25 - 2018-05-02 18:30 - 000020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2018-07-11 11:25 - 2018-05-02 18:29 - 000006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2018-07-11 11:25 - 2018-04-26 16:05 - 000918296 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000065880 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000021848 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000018776 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000017240 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000017240 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000015192 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000013152 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-07-11 11:25 - 2018-04-26 16:05 - 000011096 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-07-11 11:25 - 2018-04-25 18:54 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
2018-07-11 11:25 - 2018-04-25 18:17 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2018-07-11 11:24 - 2018-06-13 20:59 - 000122560 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-07-11 11:24 - 2018-06-13 18:53 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-07-11 11:24 - 2018-06-08 16:05 - 002703872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-07-11 11:24 - 2018-06-08 16:05 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-07-11 11:24 - 2018-06-08 16:05 - 000619520 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-07-11 11:24 - 2018-06-08 16:05 - 000517120 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-07-11 11:24 - 2018-06-08 16:05 - 000358912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-07-11 11:24 - 2018-06-08 16:05 - 000353792 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-07-11 11:24 - 2018-06-08 16:05 - 000246272 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-07-11 11:24 - 2018-06-08 16:05 - 000202752 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-07-09 12:34 - 2018-07-09 12:34 - 000000077 _____ C:\Users\-bora\Downloads\domain_list.txt
2018-07-08 16:11 - 2018-07-08 16:12 - 001194416 _____ C:\Users\-bora\Downloads\Source_RuneSword_250.zip
2018-07-06 01:40 - 2018-07-06 01:40 - 000000017 _____ C:\Users\-bora\Documents\11111111file.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-08-04 18:03 - 2017-08-15 23:39 - 000012513 _____ C:\Users\-bora\Downloads\FRST.txt
2018-08-04 18:03 - 2017-08-15 23:39 - 000000000 ____D C:\FRST
2018-08-04 18:02 - 2017-08-15 23:38 - 001773056 _____ (Farbar) C:\Users\-bora\Downloads\frstenglish.exe
2018-08-04 18:00 - 2018-05-22 20:07 - 000000534 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-124123957-3465755313-2965481238-1000.job
2018-08-04 17:14 - 2018-05-22 20:07 - 000000630 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-124123957-3465755313-2965481238-1000.job
2018-08-04 17:08 - 2012-08-07 23:06 - 000457540 _____ C:\Windows\system32\perfh00D.dat
2018-08-04 17:08 - 2012-08-07 23:06 - 000109106 _____ C:\Windows\system32\perfc00D.dat
2018-08-04 17:08 - 2010-11-21 00:01 - 001431136 _____ C:\Windows\system32\PerfStringBackup.INI
2018-08-04 17:08 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\inf
2018-08-04 17:00 - 2017-01-05 19:23 - 000000000 ____D C:\Program Files\TeamViewer
2018-08-04 17:00 - 2009-07-14 07:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-08-04 17:00 - 2009-07-14 07:34 - 000031056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-08-04 17:00 - 2009-07-14 07:34 - 000031056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-08-04 16:41 - 2017-02-02 19:48 - 000000000 ____D C:\Program Files\SpeedFan
2018-08-04 16:40 - 2017-01-05 20:51 - 000000000 ____D C:\Users\-bora\AppData\Roaming\BitTorrent
2018-08-04 12:34 - 2016-12-21 17:42 - 000000000 ____D C:\Users\-bora\AppData\Roaming\vlc
2018-08-04 11:20 - 2018-06-22 17:34 - 000000000 ____D C:\Users\-bora\AppData\LocalLow\BitTorrent
2018-08-04 02:06 - 2017-08-09 14:53 - 000000000 ____D C:\Users\-bora\AppData\Roaming\audacity
2018-08-03 15:57 - 2016-12-22 16:41 - 000000000 ____D C:\Users\-bora\AppData\Local\Eclipse
2018-08-03 15:57 - 2016-12-22 16:34 - 000000000 ____D C:\Users\-bora\.p2
2018-08-03 15:17 - 2017-01-23 18:40 - 000000000 ____D C:\Users\-bora\Desktop\תיקיה חדשה (3)
2018-08-03 01:31 - 2016-12-22 16:41 - 000000000 ____D C:\Users\-bora\workspace
2018-08-01 23:07 - 2017-07-10 23:17 - 000000000 ____D C:\Users\-bora\AppData\LocalLow\Mozilla
2018-08-01 22:52 - 2017-06-28 01:03 - 000000000 ____D C:\Users\-bora\AppData\Local\CrashDumps
2018-08-01 11:52 - 2017-07-01 18:35 - 000003114 __RSH C:\ProgramData\ntuser.pol
2018-07-31 10:56 - 2009-07-14 07:33 - 000458240 _____ C:\Windows\system32\FNTCACHE.DAT
2018-07-31 00:18 - 2016-12-21 21:11 - 000000000 ____D C:\Users\-bora\AppData\Local\Deployment
2018-07-29 12:03 - 2018-01-25 22:00 - 000000929 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-07-29 09:40 - 2016-12-21 19:18 - 000000000 ____D C:\Users\-bora\Desktop\softwere
2018-07-28 12:56 - 2017-08-16 23:05 - 000008209 _____ C:\Users\-bora\Downloads\Fixlog.txt
2018-07-28 12:56 - 2016-12-21 13:17 - 000000000 ____D C:\Users\-bora
2018-07-28 12:48 - 2018-03-20 19:56 - 000000000 ____D C:\Users\-bora\AppData\LocalLow\Temp
2018-07-28 01:41 - 2017-08-15 23:40 - 000056215 _____ C:\Users\-bora\Downloads\Addition.txt
2018-07-27 22:39 - 2017-07-01 18:38 - 000000258 __RSH C:\Users\-bora\ntuser.pol
2018-07-27 21:54 - 2017-08-14 06:15 - 000482500 _____ C:\Windows\ntbtlog.txt
2018-07-27 21:26 - 2016-12-21 21:13 - 000000000 ____D C:\Program Files\Google
2018-07-27 17:24 - 2018-05-22 20:07 - 000000000 ____D C:\Users\-bora\AppData\Local\GoToMeeting
2018-07-25 12:51 - 2017-01-16 12:04 - 000000000 ____D C:\Users\-bora\Desktop\games
2018-07-24 15:39 - 2017-07-10 23:04 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-07-19 12:00 - 2017-01-30 13:43 - 000002116 _____ C:\Users\-bora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2018-07-19 12:00 - 2017-01-30 13:43 - 000000000 ___RD C:\Users\-bora\OneDrive
2018-07-12 16:45 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\rescache
2018-07-12 13:31 - 2017-01-21 04:58 - 000000000 ____D C:\Windows\system32\appraiser
2018-07-11 23:11 - 2009-07-14 05:37 - 000000000 ____D C:\Windows\system32\NDF
2018-07-11 02:36 - 2018-06-10 13:31 - 000129248 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae.sys
2018-07-10 23:26 - 2017-09-12 17:10 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-07-10 23:26 - 2017-09-12 17:10 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-07-10 23:26 - 2017-06-27 13:48 - 000000000 ____D C:\Windows\system32\Macromed
 
==================== Files in the root of some directories =======
 
2018-07-28 12:56 - 2014-05-04 22:23 - 001130502 _____ () C:\Users\-bora\SUPPOR~1.VBS
2018-07-28 12:56 - 2018-05-26 18:25 - 000043119 ___SH () C:\Users\-bora\WINDOW~1.VBS
 
Some files in TEMP:
====================
2018-07-28 15:02 - 2018-08-04 16:41 - 000192512 _____ () C:\Users\-bora\AppData\Local\temp\sfamcc00001.dll
2018-08-04 16:41 - 2018-08-04 16:41 - 000158720 _____ () C:\Users\-bora\AppData\Local\temp\sfareca00001.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-07-28 00:53
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02.08.2018
Ran by -bora (04-08-2018 18:04:28)
Running from C:\Users\-bora\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2016-12-21 10:17:41)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
-bora (S-1-5-21-124123957-3465755313-2965481238-1000 - Administrator - Enabled) => C:\Users\-bora
Administrator (S-1-5-21-124123957-3465755313-2965481238-500 - Administrator - Disabled)
Guest (S-1-5-21-124123957-3465755313-2965481238-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-124123957-3465755313-2965481238-1007 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Spybot - Search and Destroy (Enabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Active Directory Authentication Library for SQL Server (x86) (HKLM\...\{F40FA676-46B1-4609-85EF-D2F1F79E0C0E}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Adobe Flash Player 30 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 30.0.0.134 - Adobe Systems Incorporated)
AliceonDrugs (HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\AliceonDrugs) (Version:  - )
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.35 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)
Azure AD Authentication Connected Service (HKLM\...\{8A1AD070-269F-4A15-AAB5-76AB896EF195}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Basic4GL (HKLM\...\Basic4GL) (Version: 2.6.4 - Tom Mulgrew)
Bitnami WAMP Stack (HKLM\...\Bitnami WAMP Stack 5.6.30-0) (Version: 5.6.30-0 - Bitnami)
BitTorrent (HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\BitTorrent) (Version: 7.10.3.44495 - BitTorrent Inc.)
Blend for Visual Studio SDK for .NET 4.5 (HKLM\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Brackets (HKLM\...\{9E1DE4E6-DA6C-46E9-9EF2-15189E534511}) (Version: 1.11 - brackets.io)
CamStudio 2.7 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source)
Corona SDK (HKLM\...\{35A09B28-BCA9-4EE7-9ABF-145231889BA6}) (Version: 17.0.3068 - Corona Labs Inc.)
Crypt of the NecroDancer (HKLM\...\Crypt of the NecroDancer_is1) (Version:  - )
CutePDF Writer 3.2 (HKLM\...\CutePDF Writer Installation) (Version:  3.2 - Acro Software Inc.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.45.1.0236 - DT Soft Ltd)
DesignDoll (HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\a94d3e1b3ab3bea6) (Version: 1.4.0.0 - Terawell)
Dirrect X11Beta (HKLM\...\{AF52AC44-8AE8-44C4-83A4-F9921AB72B83}_is1) (Version:  - Creatormaster Dev)
Dotfuscator and Analytics Community Edition 5.22.0 (HKLM\...\{60018889-9E0F-43E8-9B89-29E8C828B40A}) (Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
Driver Booster 4.1 (HKLM\...\Driver Booster_is1) (Version: 4.1.0 - IObit)
EasySketchPro version 1.0.7 (HKLM\...\{90BB7D95-EBCA-4276-B15E-156F85E8B1DA}_is1) (Version: 1.0.7 - Inner Cirle Riches)
EasySketchPro3 version 3.0.0 (HKLM\...\{2C96454E-7152-449D-8FE9-4A32D2171165}_is1) (Version: 3.0.0 - My Dot Com Business)
Ecere SDK 0.44 (HKLM\...\Ecere SDK) (Version:  - )
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
FFsplit version 0.7 (HKLM\...\{82458834-6226-4A34-AE96-6907354F9F36}_is1) (Version: 0.7 - FFsplit Team)
FileZilla Client 3.26.2 (HKLM\...\FileZilla Client) (Version: 3.26.2 - Tim Kosse)
FireAlpaca 2.0.1 (32bit) (HKLM\...\FireAlpaca32_is1) (Version: 2.0.1 - firealpaca.com)
FTL -  Advanced Edition (HKLM\...\GOGPACKFTL_is1) (Version: 2.3.0.13 - GOG.com)
GimpShop 2.8 (HKLM\...\{3F1C9552-58E0-4AAC-A616-AE3A28720EC6}) (Version: 2.8 - GimpShop)
Git Cola: The highly caffeinated Git GUI 2.10 (HKLM\...\Git Cola: The highly caffeinated Git GUI_is1) (Version: 2.10 - )
Git version 2.14.2 (HKLM\...\Git_is1) (Version: 2.14.2 - The Git Development Community)
GnuWin32: Wget-1.11.4-1 (HKLM\...\Wget-1.11.4-1_is1) (Version: 1.11.4-1 - GnuWin32)
Google Chrome (HKLM\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
GoTo Opener (HKLM\...\{1F803452-798F-49FB-A5DD-9F527F7017E4}) (Version: 1.0.473 - LogMeIn, Inc.)
GoToMeeting 8.32.0.9167 (HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\GoToMeeting) (Version: 8.32.0.9167 - LogMeIn, Inc.)
GuiGenie 1.0.0 (HKLM\...\GuiGenie) (Version: 1.0.0 - Mario Awad)
HandBrake 1.0.7 (HKLM\...\HandBrake) (Version: 1.0.7 - )
IIS 10.0 Express (HKLM\...\{61F97EA0-3E4D-47E9-90FF-B75C16735DEE}) (Version: 10.0.1736 - Microsoft Corporation)
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Inkscape 0.92.1 (HKLM\...\Inkscape) (Version: 0.92.1 - Inkscape Project)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
Java 8 Update 171 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
JPEXS Free Flash Decompiler (HKLM\...\{E618D276-6596-41F4-8A98-447D442A77DB}_is1) (Version: 10.0.0 - JPEXS)
Kingdom Rush Frontiers (HKLM\...\1195536024_is1) (Version: 2.4.0.6 - GOG.com)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
LangOver 5 (HKLM\...\LangOver 5) (Version: 5.0 - LangOver.com)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x86) 1.0.0-beta5 (HKLM\...\{2a375a89-9d97-35b7-917d-92f1ea73080d}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{45A8F8FF-ED9B-40B2-B923-94F46FCF6135}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{83C7F964-AC58-4104-B613-B4D0F61DA8CD}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{C340BAB2-9A21-41B9-A465-7AC7B1DF773E}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (HKLM\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service  (HKLM\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom  (HKLM\...\{5FC4C5FD-75D0-43D5-B9A5-6FE208D12F7D}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 ENU (HKLM\...\{773AC1E4-5F27-4DF6-A932-7FDDE35C069D}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Updates (HKLM\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{4B604E42-B6D7-4957-B5A5-CC7450D8E1EB}) (Version: 3.1238.1962 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
MorphVOX Jr (HKLM\...\{b321cb06-b0cf-426e-be88-ced33e3cdf7d}) (Version: 2.9.0.20444 - Screaming Bee)
MorphVOX Junior (HKLM\...\{E6C7380F-15DD-445E-BA02-B7A180BA0A5A}) (Version: 2.9.0.20444 - Screaming Bee) Hidden
Mozilla Firefox 54.0.1 (x86 he) (HKLM\...\Mozilla Firefox 54.0.1 (x86 he)) (Version: 54.0.1 - Mozilla)
Mozilla Firefox 61.0.1 (x86 he) (HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\Mozilla Firefox 61.0.1 (x86 he)) (Version: 61.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (HKLM\...\{128C1654-3B9E-4959-8BFB-CE6F09C0A01D}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Node.js (HKLM\...\{D14B61DD-ADDD-4563-B51F-8C19E1B32F7C}) (Version: 5.10.1 - Node.js Foundation)
Notepad++ (32-bit x86) (HKLM\...\Notepad++) (Version: 7.2.2 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-0000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-040D-0000-0000000FF1CE}) (Version: 16.0.8229.2045 - Microsoft Corporation) Hidden
One Week Jam (HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\One Week Jam) (Version:  - )
OpenAL (HKLM\...\OpenAL) (Version:  - )
paint.net (HKLM\...\{1F895C18-6A2F-4A9E-BBE9-246783070F36}) (Version: 4.0.16 - dotPDN LLC)
PaintTool SAI Ver.1 (HKLM\...\PaintToolSAI) (Version:  - )
Pepakura Designer 4 (HKLM\...\pepakura_designer4en) (Version:  - TamaSoftware)
PreEmptive Analytics Visual Studio Components (HKLM\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
PyQt GPL v4.11.4 for Python v3.4 (x32) (HKLM\...\PyQt GPL v4.11.4 for Python v3.4 (x32)) (Version: 4.11.4 - )
Python 2.7.9 (HKLM\...\{79F081BF-7454-43DB-BD8F-9EE596813232}) (Version: 2.7.9150 - Python Software Foundation)
Python 3.4.4 (HKLM\...\{50F37472-CBAB-47C6-A318-4C2BAE04D8EB}) (Version: 3.4.16789 - Python Software Foundation)
Python 3.7.0a1 (32-bit) (HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\{33f7b484-e24c-4101-a185-c6e6303f9b69}) (Version: 3.7.101.0 - Python Software Foundation)
Python 3.7.0a1 Core Interpreter (32-bit) (HKLM\...\{CCB0AE06-F649-461F-B85F-05F991B0F07E}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Development Libraries (32-bit) (HKLM\...\{95D67673-8E10-428A-B74C-744B44775220}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Documentation (32-bit) (HKLM\...\{D5D69739-308B-435D-B911-DE7B14FF4B1A}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Executables (32-bit) (HKLM\...\{3DAAC413-7112-4D74-A16E-EC7A90072874}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 pip Bootstrap (32-bit) (HKLM\...\{CCA99B41-D9DB-4A10-A00C-5F328108ED4C}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Standard Library (32-bit) (HKLM\...\{49AD8CE2-3A8D-4C25-81C6-4D330F552435}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Tcl/Tk Support (32-bit) (HKLM\...\{79FC45E6-814E-4351-9355-99F049BF747C}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Test Suite (32-bit) (HKLM\...\{DDCDEAA5-AECC-4596-9996-7C58234EF92A}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python 3.7.0a1 Utility Scripts (32-bit) (HKLM\...\{D84E2587-1A16-4DA2-9D58-72E2A2D2C1AE}) (Version: 3.7.101.0 - Python Software Foundation) Hidden
Python Launcher (HKLM\...\{675736DA-F01C-42F0-BD96-AC28924B330E}) (Version: 3.7.6105.0 - Python Software Foundation)
QAvimator (HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\QAvimator) (Version: 0.1.1 - QAvimator Team)
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Card Reader (HKLM\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31233 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8004 - Realtek Semiconductor Corp.)
Roslyn Language Services - x86 (HKLM\...\{6970C7E1-F99D-388D-8903-DF8FCE677FED}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Runesword 2.5.0 (HKLM\...\Runesword) (Version: 2.5.0 - CrossCut Games, Inc.)
Service Pack 1 for SQL Server 2008 (KB968369) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Skype גירסה 8.23 (HKLM\...\Skype_is1) (Version: 8.23 - Skype Technologies S.A.)
Sparkol VideoScribe (HKLM\...\{EF81CFBA-B642-4ED4-8FBF-71663622762C}) (Version: 2.2.4001 - Sparkol) Hidden
Sparkol VideoScribe (HKLM\...\Sparkol VideoScribe 2.2.4001) (Version: 2.2.4001 - Sparkol)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
Sql Server Customer Experience Improvement Program (HKLM\...\{C965F01C-76EA-4BD7-973E-46236AE312D7}) (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Starcraft (HKLM\...\Starcraft) (Version:  - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1244 - SUPERAntiSpyware.com)
Swivel (HKLM\...\Swivel) (Version: 1.11 - Newgrounds.com, Inc.)
Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (HKLM\...\{7A95671A-759E-3B83-B763-4289D1D24D73}) (Version: 14.102.25619 - Microsoft) Hidden
TeamViewer 13 (HKLM\...\TeamViewer) (Version: 13.2.5287 - TeamViewer)
Test Tools for Microsoft Visual Studio 2015 (HKLM\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
TeXstudio 2.12.6 (HKLM\...\TeXstudio_is1) (Version: 2.12.6 - Benito van der Zander)
TexturePacker (HKLM\...\{DAB53546-7B02-482B-8A96-9C7795604977}) (Version: 4.4.0 - code-and-web.de)
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 4.0.3 - Tweaking.com)
TypeScript Power Tool (HKLM\...\{465ACA24-B8D6-4FEC-A42D-9EFCB92CD560}) (Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM\...\{BA5762C7-D35F-4725-A4BD-525854127018}) (Version: 1.8.36.0 - Microsoft Corporation) Hidden
Vegas Pro 10.0 (HKLM\...\{6D592E30-11EC-11E0-859C-0013D3D69929}) (Version: 10.0.469 - Sony)
Visual Studio 2015 Update 3 (KB3022398) (HKLM\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VLC media player 2.0.3 (HKLM\...\VLC media player) (Version: 2.0.3 - VideoLAN)
VPython 6.11 (HKLM\...\VPython for Python 2.7_is1) (Version:  - )
VS Update core components (HKLM\...\{B2918D01-1D89-34D3-87EF-A28121BC6EB7}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
vs_update3notification (HKLM\...\{AB3DF932-C990-34D4-BF43-970F760DA3CD}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 Runtime (HKLM\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WinHTTrack Website Copier 3.48-22 (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.22 - HTTrack)
wx4j v0.2.0 (HKLM\...\wx4j_is1) (Version:  - )
wxFormBuilder 3.5.1 (HKLM\...\wxFormBuilder_is1) (Version: 3.5.1 - Jose Antonio Hurtado)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-124123957-3465755313-2965481238-1000_Classes\CLSID\{65160427-a869-490e-ac60-29261d8a185d}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-124123957-3465755313-2965481238-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\-bora\AppData\Local\GoToMeeting\8625\G2MOutlookAddin.dll (LogMeIn, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++] -> {00F3C2EC-A6EE-11DE-A03A-EF8F55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2016-11-27] ()
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2017-08-02] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files\Spybot - Search & Destroy 2\SDECon32.dll [2017-05-23] (Safer-Networking Ltd.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {32305A2B-92CE-40D0-9FC2-1755128C22DD} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {39CA7515-CF5B-4E67-80D6-7553E1F9CE5C} - System32\Tasks\G2MUploadTask-S-1-5-21-124123957-3465755313-2965481238-1000 => C:\Users\-bora\AppData\Local\GoToMeeting\9167\g2mupload.exe [2018-07-27] (LogMeIn, Inc.)
Task: {59A07B46-10E0-46A8-90F0-BBA27937A467} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2017-05-02] (Tweaking.com)
Task: {8F0951A1-38F5-4607-812E-FEFDFE75CEC9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {9789D9A0-30BA-4BDF-A091-45F90E8591CE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9F5AA355-FC08-43FA-B22B-20D3F1911C05} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-10] (Adobe Systems Incorporated)
Task: {BD1CB2A2-444D-40A7-A7A9-66119FEA7F59} - System32\Tasks\G2MUpdateTask-S-1-5-21-124123957-3465755313-2965481238-1000 => C:\Users\-bora\AppData\Local\GoToMeeting\9167\g2mupdate.exe [2018-07-27] (LogMeIn, Inc.)
Task: {DEBE704F-1904-495A-B45B-EAE157A19A7B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {E20D3E1B-BD08-43D1-B765-3F7ED15BDECB} - System32\Tasks\{3E8F4DEF-4A67-40E1-8B3D-542B8D068629} => C:\Windows\system32\pcalua.exe -a C:\Users\-bora\Desktop\softwere\AdobePhotoshopCS6Portable.exe -d C:\Users\-bora\Desktop\softwere
Task: {F7EEC939-0CA5-4929-813C-3553465C1F9C} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2016-01-06] (Symantec Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Driver Booster SkipUAC (-bora).job => C:\Program Files\IObit\Driver Booster\4.1.0\DriverBooster.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-124123957-3465755313-2965481238-1000.job => C:\Users\-bora\AppData\Local\GoToMeeting\9167\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-124123957-3465755313-2965481238-1000.job => C:\Users\-bora\AppData\Local\GoToMeeting\9167\g2mupload.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\-bora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  
ShortcutWithArgument: C:\Users\-bora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-01-22 20:42 - 2016-01-22 18:56 - 000089008 _____ () C:\Windows\System32\cpwmon2k.dll
2017-07-31 16:21 - 2017-05-26 06:47 - 000090096 _____ () C:\Windows\System32\cpwmon2k_v32.dll
2017-08-14 16:33 - 2016-09-13 14:00 - 000109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-08-14 16:33 - 2016-09-13 14:00 - 000416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2017-08-14 16:33 - 2016-09-13 14:00 - 000167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-08-14 16:33 - 2017-05-12 11:36 - 000507464 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2017-01-27 00:16 - 2016-07-06 14:58 - 000414720 _____ () C:\Bitnami\WAMPST~1.30-\apache2\bin\pcre.dll
2017-01-27 00:16 - 2013-07-08 15:17 - 000068608 _____ () C:\Bitnami\WAMPST~1.30-\apache2\bin\zlib1.dll
2017-01-27 00:17 - 2017-01-19 07:10 - 000145408 _____ () C:\Bitnami\wampstack-5.6.30-0\php\libpq.dll
2017-01-27 00:28 - 2017-01-19 07:10 - 000176128 _____ () C:\Bitnami\WAMPST~1.30-\apache2\bin\libssh2.dll
2017-01-27 00:16 - 2016-11-28 21:00 - 011088384 _____ () C:\Bitnami\wampstack-5.6.30-0\mysql\bin\mysqld.exe
2018-06-10 13:31 - 2018-07-11 02:36 - 002169040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-06-12 20:51 - 2017-06-12 20:51 - 000048296 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2018-06-26 23:28 - 2018-06-22 22:04 - 002242904 _____ () C:\Program Files\Google\Chrome\Application\67.0.3396.99\swiftshader\libglesv2.dll
2018-06-26 23:28 - 2018-06-22 22:04 - 000109912 _____ () C:\Program Files\Google\Chrome\Application\67.0.3396.99\swiftshader\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HDAudBus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MMCSS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="[6cFgE][Şοûпđ, νìδ℮ô άήδ ğªмè ¢őήťřόℓŀèґš !!! !!! !]"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{640167b4-59b0-47a6-b335-a6b3c0695aea} => ""="Portable Media Devices"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HDAudBus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MMCSS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="[6cFgE][Şοûпđ, νìδ℮ô άήδ ğªмè ¢őήťřόℓŀèґš !!! !!! !]"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{640167b4-59b0-47a6-b335-a6b3c0695aea} => ""="Portable Media Devices"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7877 more sites.
 
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\123simsen.com -> www.123simsen.com
 
There are 7875 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 05:04 - 2018-07-27 21:25 - 000000531 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 mydownloaddomain.com
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 texttotalk.org
127.0.0.1 gambling577.xyz
127.0.0.1 htagdownload.space
127.0.0.1 mybcnmonetize.com
127.0.0.1 360devtraking.website
127.0.0.1 dscdn.pw
127.0.0.1 bcnmonetize.go2affise.com
127.0.0.1 beautifllink.xyz
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-124123957-3465755313-2965481238-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 10.100.102.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{9AC0F673-0E7D-4BFD-8233-C4A2E5B9D491}C:\bitnami\wampstack-5.6.29-0\apache2\bin\httpd.exe] => (Allow) C:\bitnami\wampstack-5.6.29-0\apache2\bin\httpd.exe
FirewallRules: [UDP Query User{A100049C-9429-432C-AAFB-DB6291F8E9EF}C:\bitnami\wampstack-5.6.29-0\apache2\bin\httpd.exe] => (Allow) C:\bitnami\wampstack-5.6.29-0\apache2\bin\httpd.exe
FirewallRules: [{3994ADDF-A993-4CC5-B32B-D33DF7F0E18A}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{94EE66C7-2B75-4E82-A319-BF89F110C8DC}] => (Allow) C:\Program Files\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{61A77592-BCEF-4F53-8E24-3A76E50B5E71}C:\users\-bora\downloads\zerobranestudio\zbstudio.exe] => (Allow) C:\users\-bora\downloads\zerobranestudio\zbstudio.exe
FirewallRules: [UDP Query User{B7D0C9CD-CF12-4CB9-BB25-2C530D598F96}C:\users\-bora\downloads\zerobranestudio\zbstudio.exe] => (Allow) C:\users\-bora\downloads\zerobranestudio\zbstudio.exe
FirewallRules: [{A2143E0E-D59E-4F39-ABE4-26FC06BB2F52}] => (Allow) C:\Program Files\IObit\Driver Booster\4.1.0\DriverBooster.exe
FirewallRules: [{38D60036-1011-4A8E-A5D4-F6B31631F63E}] => (Allow) C:\Program Files\IObit\Driver Booster\4.1.0\DriverBooster.exe
FirewallRules: [{9CF4DC91-8BE4-4461-8B99-79818FBAB830}] => (Allow) C:\Program Files\IObit\Driver Booster\4.1.0\DBDownloader.exe
FirewallRules: [{81751F39-2EE5-4ED6-914D-A461D906B729}] => (Allow) C:\Program Files\IObit\Driver Booster\4.1.0\DBDownloader.exe
FirewallRules: [{A81F29BC-63BA-4A3F-9F72-FE9E1C617A19}] => (Allow) C:\Program Files\IObit\Driver Booster\4.1.0\AutoUpdate.exe
FirewallRules: [{1EFC8FAD-5121-42AB-ABA0-D1DC686259C2}] => (Allow) C:\Program Files\IObit\Driver Booster\4.1.0\AutoUpdate.exe
FirewallRules: [{97BFA784-1617-4C95-B214-C19B1445021B}] => (Allow) C:\Users\-bora\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{69A4B24E-232C-49B9-9279-56F82895EA4F}] => (Allow) C:\Users\-bora\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{B6720F11-87B0-45B8-9D66-2AD3B4523CF7}] => (Allow) C:\Users\-bora\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{1542C101-F40B-4885-B8E0-AA62D0F0D87E}] => (Allow) C:\Users\-bora\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{6ED6241C-2F5E-4C5B-9512-7285FEA66474}] => (Allow) C:\Users\-bora\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{FE8E01E1-32F5-4314-9B3E-249FD8CC852C}] => (Allow) C:\Users\-bora\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{D337A756-3FBB-4D9C-A493-71272EBC0B71}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{1C16E280-4AF8-495F-914F-0F550EEE06D5}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{1EAC3036-D348-48AC-B3AE-0E045950DAF3}] => (Allow) C:\Users\-bora\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{8F477FEE-EB41-4099-8B77-6A172812601B}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{2B7C492F-7B5D-4B18-83C7-17AD39D6C2F5}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{97DB3018-8CFB-4628-8511-925882B8ECD5}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{13672ACE-F463-40FB-A401-93EC5DE64F74}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{D82AB8DC-7A39-4901-B5FF-EC453769F82C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AC2A16CA-67B4-43EC-9D07-E18EB9EC72CC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{2A19DD75-013B-4925-BC46-FD2F8F7EFE6D}C:\users\-bora\desktop\games\nazi zombies!!!\nazi zombies portable.exe] => (Allow) C:\users\-bora\desktop\games\nazi zombies!!!\nazi zombies portable.exe
FirewallRules: [UDP Query User{0BEB27C4-5801-4FC9-B542-9723F0DE7D57}C:\users\-bora\desktop\games\nazi zombies!!!\nazi zombies portable.exe] => (Allow) C:\users\-bora\desktop\games\nazi zombies!!!\nazi zombies portable.exe
FirewallRules: [TCP Query User{63905DAE-3F92-488F-8801-3B35A618BE37}C:\users\-bora\desktop\games\nazi zombies!!!\nazi zombies portable.exe] => (Block) C:\users\-bora\desktop\games\nazi zombies!!!\nazi zombies portable.exe
FirewallRules: [UDP Query User{B91B9E48-B738-46E2-889F-40729E75C191}C:\users\-bora\desktop\games\nazi zombies!!!\nazi zombies portable.exe] => (Block) C:\users\-bora\desktop\games\nazi zombies!!!\nazi zombies portable.exe
FirewallRules: [TCP Query User{23DD5293-0381-414A-8927-95392E92ED61}C:\users\-bora\downloads\zerobranestudio\zbstudio.exe] => (Allow) C:\users\-bora\downloads\zerobranestudio\zbstudio.exe
FirewallRules: [UDP Query User{D4571661-49E1-42F2-9C1A-D241F991C20C}C:\users\-bora\downloads\zerobranestudio\zbstudio.exe] => (Allow) C:\users\-bora\downloads\zerobranestudio\zbstudio.exe
FirewallRules: [{AC2E5225-62C0-49DA-920C-E701649DDF20}] => (Allow) C:\Program Files\Corona Labs\Corona SDK\Corona.LiveServer.exe
FirewallRules: [{45AC955C-4437-47C1-94D4-369FCA0C3AF2}] => (Allow) C:\Program Files\Corona Labs\Corona SDK\Corona.Debugger.exe
FirewallRules: [TCP Query User{74285B7D-9FC0-4CBC-B2F4-46B446E2C247}C:\users\-bora\eclipse\java-neon\eclipse\eclipse.exe] => (Allow) C:\users\-bora\eclipse\java-neon\eclipse\eclipse.exe
FirewallRules: [UDP Query User{C2A78777-871C-43EC-99ED-8526FF265908}C:\users\-bora\eclipse\java-neon\eclipse\eclipse.exe] => (Allow) C:\users\-bora\eclipse\java-neon\eclipse\eclipse.exe
FirewallRules: [TCP Query User{64D331C8-B6AE-4D86-B8F2-F4757230F7E0}C:\program files\basic4gl\basic4gl.exe] => (Allow) C:\program files\basic4gl\basic4gl.exe
FirewallRules: [UDP Query User{05D70EA7-4CCC-44F4-AF11-3FA7AA6736E0}C:\program files\basic4gl\basic4gl.exe] => (Allow) C:\program files\basic4gl\basic4gl.exe
FirewallRules: [TCP Query User{D13BC7C5-DE49-4E2E-A907-7307FD8E9683}C:\users\-bora\eclipse\java-oxygen\eclipse\eclipse.exe] => (Allow) C:\users\-bora\eclipse\java-oxygen\eclipse\eclipse.exe
FirewallRules: [UDP Query User{F81DCCDE-8787-468A-B935-C9895D003DD9}C:\users\-bora\eclipse\java-oxygen\eclipse\eclipse.exe] => (Allow) C:\users\-bora\eclipse\java-oxygen\eclipse\eclipse.exe
FirewallRules: [TCP Query User{7673C67B-AD90-4F5B-BDCA-C255DCB0EA57}C:\program files\ffsplit\ffsplit.exe] => (Allow) C:\program files\ffsplit\ffsplit.exe
FirewallRules: [UDP Query User{2177592D-7E2C-4C41-BE6B-A5485827D7A5}C:\program files\ffsplit\ffsplit.exe] => (Allow) C:\program files\ffsplit\ffsplit.exe
FirewallRules: [TCP Query User{14A7F7DF-337B-4512-9FBD-856F7A9AAD71}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe
FirewallRules: [UDP Query User{1625376E-E7B4-4A5F-9250-F61871367F6A}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe
FirewallRules: [TCP Query User{7B5F9AD2-CCFA-4314-9B66-2ADD2CAEA945}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe
FirewallRules: [UDP Query User{4E36560F-398F-4D11-8E6E-03126D332875}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe
FirewallRules: [TCP Query User{DBCAE0BA-5BC1-4FB9-8F6A-FDA57EE32A6A}C:\program files\java\jre1.8.0_144\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_144\bin\java.exe
FirewallRules: [UDP Query User{331C2AB9-9506-41AB-95FA-59DF73C48357}C:\program files\java\jre1.8.0_144\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_144\bin\java.exe
FirewallRules: [TCP Query User{28EC5C19-ADB0-41E3-B86D-4888C4DB9FA7}C:\program files\java\jre1.8.0_144\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_144\bin\javaw.exe
FirewallRules: [UDP Query User{7354BC87-6041-4913-800F-13D5BBAC00EC}C:\program files\java\jre1.8.0_144\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_144\bin\javaw.exe
FirewallRules: [{43510445-9949-4E82-8A34-C601CFC05560}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{86A86751-D616-479A-800E-C2B5EB678BD4}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{84D96BEE-9147-45B0-BC94-99459440BE2C}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F45A4D99-6530-488A-BCC4-4C92E3A2E81C}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{7CC74EFA-B7D4-47A9-9702-61DCCD9634A7}C:\users\-bora\downloads\ai war fleet command\aiwar.exe] => (Allow) C:\users\-bora\downloads\ai war fleet command\aiwar.exe
FirewallRules: [UDP Query User{FC71AB12-6DA4-4A23-BD49-63EF99524D1D}C:\users\-bora\downloads\ai war fleet command\aiwar.exe] => (Allow) C:\users\-bora\downloads\ai war fleet command\aiwar.exe
FirewallRules: [TCP Query User{58F56CDB-13B9-4AB6-A093-7CA18A9E3AEB}C:\program files\brackets\node.exe] => (Allow) C:\program files\brackets\node.exe
FirewallRules: [UDP Query User{4709702F-DA06-4386-AF87-6332071BDCB9}C:\program files\brackets\node.exe] => (Allow) C:\program files\brackets\node.exe
FirewallRules: [{FFBE4BB9-8AC4-4D7A-93F4-E0E349FFB080}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{A3C300AD-789A-49F3-B3E7-DD07EEC54BF8}] => (Allow) C:\Program Files\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{E2988253-D29E-4FDB-B08D-B56A4C0EC3C0}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{52F31442-BA60-4B67-98AE-0BA7C98D7367}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{1B53701B-913C-4B5B-AD1A-4B1EA26FD909}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{AFDA7DDD-11C4-4757-9C4D-9CF26E8FA60A}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{9CBEE1ED-6A52-4E50-8ADD-902EFE1FE164}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{76326216-C4C1-46CF-900B-A7DD0F25DFBC}C:\program files\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_171\bin\javaw.exe
FirewallRules: [UDP Query User{1E65D535-9AE4-4673-B6C7-531974D4AE68}C:\program files\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_171\bin\javaw.exe
FirewallRules: [TCP Query User{B120CB49-8968-4C76-BD8B-419277D1E4A1}C:\program files\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_171\bin\javaw.exe
FirewallRules: [UDP Query User{A852B8A1-9D12-416E-AF7D-82B806B9674B}C:\program files\java\jre1.8.0_171\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_171\bin\javaw.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
26-07-2018 15:27:43 נקודת ביקורת מתוזמנת
27-07-2018 22:53:12 ‏‏הוסר WhiteClick
04-08-2018 13:49:02 נקודת ביקורת מתוזמנת
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/04/2018 04:54:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: ‏‏התוכנית BitTorrent.exe בגירסה 7.10.3.44495 הפסיקה לקיים אינטראקציה עם Windows ונסגרה. כדי לגלות אם יש מידע זמין נוסף אודות הבעיה, בדוק את היסטוריית הבעיה בלוח הבקרה של מרכז הפעולות.
 
מזהה תהליך: 12cc
 
זמן התחלה: 01d42bcbf5864de7
 
זמן סיום: 60000
 
נתיב יישום: C:\Users\-bora\AppData\Roaming\BitTorrent\BitTorrent.exe
 
מזהה דוח: cb15bbd3-97ed-11e8-8018-206a8a2a225b
 
Error: (08/02/2018 05:06:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: ‏‏התוכנית audacity.exe בגירסה 2.1.3.0 הפסיקה לקיים אינטראקציה עם Windows ונסגרה. כדי לגלות אם יש מידע זמין נוסף אודות הבעיה, בדוק את היסטוריית הבעיה בלוח הבקרה של מרכז הפעולות.
 
מזהה תהליך: 1454
 
זמן התחלה: 01d42a6839560f4b
 
זמן סיום: 20
 
נתיב יישום: C:\Users\-bora\Desktop\softwere\audacity\audacity.exe
 
מזהה דוח: 2d3db6b4-965d-11e8-b3a9-206a8a2a225b
 
Error: (08/01/2018 10:52:18 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: ‏‏מנהל החלונות של שולחן העבודה נתקל בשגיאה מכרעת (0x8007000e)
 
Error: (08/01/2018 10:52:14 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: ‏‏מנהל החלונות של שולחן העבודה נתקל בשגיאה מכרעת (0x8007000e)
 
Error: (08/01/2018 10:52:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ‏‏יישום שחלות בו תקלות: chrome.exe, גירסה: 67.0.3396.99, חותמת זמן: 0x5b2d41c6
שם מודול שחלות בו תקלות: KERNELBASE.dll, גירסה: 6.1.7601.24168, חותמת זמן: 0x5b1aa77b
קוד חריגה: 0xe0000008
היסט תקלה: 0x0000845d
מזהה תהליך שחלות בו תקלות: 0x12f4
שעת ההפעלה של היישום שחלות בו תקלות: 0x01d429752316a508
נתיב היישום שחלות בו תקלות: C:\Program Files\Google\Chrome\Application\chrome.exe
נתיב המודול שחלות בו תקלות: C:\Windows\system32\KERNELBASE.dll
מזהה דוח: 5fc63ff5-95c4-11e8-a8d2-206a8a2a225b
 
Error: (08/01/2018 01:52:14 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: ‏‏מנהל החלונות של שולחן העבודה נתקל בשגיאה מכרעת (0x8007000e)
 
Error: (08/01/2018 01:52:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ‏‏יישום שחלות בו תקלות: chrome.exe, גירסה: 67.0.3396.99, חותמת זמן: 0x5b2d41c6
שם מודול שחלות בו תקלות: KERNELBASE.dll, גירסה: 6.1.7601.24168, חותמת זמן: 0x5b1aa77b
קוד חריגה: 0xe0000008
היסט תקלה: 0x0000845d
מזהה תהליך שחלות בו תקלות: 0x518
שעת ההפעלה של היישום שחלות בו תקלות: 0x01d428a420cdd55a
נתיב היישום שחלות בו תקלות: C:\Program Files\Google\Chrome\Application\chrome.exe
נתיב המודול שחלות בו תקלות: C:\Windows\system32\KERNELBASE.dll
מזהה דוח: 5c78ffbb-9514-11e8-b22b-206a8a2a225b
 
Error: (08/01/2018 01:52:11 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: ‏‏מנהל החלונות של שולחן העבודה נתקל בשגיאה מכרעת (0x8007000e)
 
 
System errors:
=============
Error: (08/04/2018 05:00:52 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: ‏‏הפעלת מודול יכולת ההרחבה של WLAN נכשלה.
 
נתיב מודול: C:\Windows\system32\athExt.dll
קוד שגיאה: 126
 
Error: (08/04/2018 05:00:12 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: ‏‏השרת {F9717507-6651-4EDB-BFF7-AE615179BCCF} לא נרשם באמצעות DCOM בפרק הזמן הדרוש.
 
Error: (08/04/2018 11:09:11 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: ‏‏הפעלת מודול יכולת ההרחבה של WLAN נכשלה.
 
נתיב מודול: C:\Windows\system32\athExt.dll
קוד שגיאה: 126
 
Error: (08/04/2018 02:14:26 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: ‏‏השרת {F9717507-6651-4EDB-BFF7-AE615179BCCF} לא נרשם באמצעות DCOM בפרק הזמן הדרוש.
 
Error: (08/03/2018 12:55:41 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: ‏‏הפעלת מודול יכולת ההרחבה של WLAN נכשלה.
 
נתיב מודול: C:\Windows\system32\athExt.dll
קוד שגיאה: 126
 
Error: (08/03/2018 01:02:44 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: ‏‏הפעלת מודול יכולת ההרחבה של WLAN נכשלה.
 
נתיב מודול: C:\Windows\system32\athExt.dll
קוד שגיאה: 126
 
Error: (08/03/2018 01:01:55 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: ‏‏השרת {F9717507-6651-4EDB-BFF7-AE615179BCCF} לא נרשם באמצעות DCOM בפרק הזמן הדרוש.
 
Error: (08/02/2018 03:41:09 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: ‏‏הפעלת מודול יכולת ההרחבה של WLAN נכשלה.
 
נתיב מודול: C:\Windows\system32\athExt.dll
קוד שגיאה: 126
 
 
Windows Defender:
===================================
Date: 2017-07-11 14:03:04.435
Description: 
‏‏סריקת ‏‏Windows Defender הופסקה לפני שהושלמה.
מזהה סריקה:{83D45556-8A21-412D-A898-814B62F9702D}
סוג סריקה:‏‏תוכנה נגד תוכנות ריגול
פרמטרי סריקה:‏‏סריקה מהירה
משתמש:NT AUTHORITY\NETWORK SERVICE
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU U3600 @ 1.20GHz
Percentage of memory in use: 84%
Total physical RAM: 1781.86 MB
Available physical RAM: 271.14 MB
Total Virtual: 3563.72 MB
Available Virtual: 922.56 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.69 GB) (Free:19.94 GB) NTFS
 
\\?\Volume{bdd493c3-9b37-11e5-91f9-806e6f6e6963}\ (‏‏שמור על-ידי המערכת) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 7CFC04B9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:02 AM

Posted 04 August 2018 - 03:12 PM

  • Highlight the entire content of the quote box below.

Start::
CMD: type C:\Users\-bora\WINDOW~1.VBS
CMD: type C:\Users\-bora\SUPPOR~1.VBS
CMD: BCDEDIT /ENUM ALL
CMD: fltmc instances
Folder: C:\Windows\System32\Drivers
Reg: Reg query "HKLM\SYSTEM\Select"
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.
 

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 yoelr

yoelr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 04 August 2018 - 05:00 PM

its too long it dosnt let me paste it ill try tommorow again



#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:02 AM

Posted 04 August 2018 - 07:27 PM

Use any of the following services:

 

Microsoft OneDrive
Google Drive
Dropbox
DataFileHost
ExpireBox
SendSpace
WeTransfer

 

Post the link to it.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 yoelr

yoelr
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 05 August 2018 - 02:49 AM

https://www.expirebox.com/download/e12a5eb1c2fd1ccd37931d6d4d3ab818.html



#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:02 AM

Posted 05 August 2018 - 03:31 PM

Please remove Spybot Search and Destroy for the time being, as it will interfere with our fixes.

  • Highlight the entire content of the quote box below.

Start::
C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-124123957-3465755313-2965481238-1000.job
C:\Windows\Tasks\G2MUploadTask-S-1-5-21-124123957-3465755313-2965481238-1000.job
2018-07-28 15:02 - 2018-08-04 16:41 - 000192512 _____ () C:\Users\-bora\AppData\Local\temp\sfamcc00001.dll
2018-08-04 16:41 - 2018-08-04 16:41 - 000158720 _____ () C:\Users\-bora\AppData\Local\temp\sfareca00001.dll
2018-07-28 12:56 - 2014-05-04 22:23 - 001130502 _____ () C:\Users\-bora\SUPPOR~1.VBS
2018-07-28 12:56 - 2018-05-26 18:25 - 000043119 ___SH () C:\Users\-bora\WINDOW~1.VBS
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Driver Booster SkipUAC (-bora).job => C:\Program Files\IObit\Driver Booster\4.1.0\DriverBooster.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-124123957-3465755313-2965481238-1000.job => C:\Users\-bora\AppData\Local\GoToMeeting\9167\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-124123957-3465755313-2965481238-1000.job => C:\Users\-bora\AppData\Local\GoToMeeting\9167\g2mupload.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
C:\Users\-bora\WINDOW~1.VBS
C:\Users\-bora\SUPPOR~1.VBS
HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\Run: [WINDOW~1] => wscript.exe //B "C:\Users\-bora\WINDOW~1.VBS"
HKU\S-1-5-21-124123957-3465755313-2965481238-1000\...\Run: [SUPPOR~1] => wscript.exe //B "C:\Users\-bora\SUPPOR~1.VBS"
Startup: C:\Users\-bora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SUPPOR~1.VBS [2014-05-04] ()
Startup: C:\Users\-bora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WINDOW~1.VBS [2018-05-26] ()
C:\Users\-bora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WINDOW~1.VBS
C:\Users\-bora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SUPPOR~1.VBS
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button. FRST will process the lines copied above from the clipboard.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Temporarily disable your AntiVirus and AntiSpyware protection - instructions here.

  • Please visit the ESET Online Scanner website
  • Click the SCAN NOW button to download the esetonlinescanner_enu.exe file to the Desktop
  • Double click esetonlinescanner_enu.exe. Accept the Terms of Use
  • Select Enable detection of potentially unwanted applications
  • In Advanced Settings: make sure that Clean threats automatically is unchecked
  • And Enable detection of potentially unsafe applications, Enable detection of suspicious applications, Scan archives, and Enable Anti-Stealth technology are all checked.
  • Click Scan
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When completed it'll show a list of "Threats found", click beneath it on Save to text file.... and save it as ESET log.txt on your Desktop.
  • Then click Do not clean. Place a checkmark at Delete application's data on close, click Finish and close the program.

Post the ESET log.txt report.

Don't forget to re-enable previously switched-off protection software!


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users