Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Mysearch.com has hijacked Window 10

This is a discussion on Mysearch.com has hijacked Window 10 within the Resolved HJT Threads forums, part of the Tech Support Forum category. I am experiencing trouble with my search tacking over my computer. I think it is running IE instead of Edge


 
 
Thread Tools Search this Thread
Old 11-30-2015, 03:46 PM   #1
Registered Member
 
Join Date: Nov 2015
Posts: 9
OS: Windows 10



I am experiencing trouble with my search tacking over my computer. I think it is running IE instead of Edge and I have lost Bing as my search engine. Whenever I am directed to another site is tells me to use Microsoft store app and it does not go to browser. Following is the files you requested.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10586.0
Run by JVB at 17:45:04 on 2015-11-30
Microsoft Windows 10 Home 10.0.10586.0.1252.1.1033.18.16383.12458 [GMT -5:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\WINDOWS\system32\svchost.exe -k apphost
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
C:\WINDOWS\system32\sihost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Users\JVB\AppData\Local\Akamai\netsession_win.exe
C:\Users\JVB\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIHAA.EXE
C:\Users\JVB\AppData\Local\Akamai\netsession_win.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIHAA.EXE
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
C:\WINDOWS\SysWOW64\WinMsgBalloonServer.exe
C:\WINDOWS\SysWOW64\WinMsgBalloonClient.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.23.23.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
C:\Program Files\Newsbin\newsbinpro64.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\Program Files (x86)\Glary Utilities 5\MemfilesService.exe
C:\Program Files (x86)\Glary Utilities 5\x64\Win64ShellLink.exe
C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.15361.0_x64__8wekyb3d8bbwe\Video.UI.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
C:\WINDOWS\system32\browser_broker.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe
C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\Installer\setup.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe -k SDRSVC
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mSearch Bar = hxxp://www.google.com
uProxyOverride = <local>
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [Akamai NetSession Interface] "C:\Users\JVB\AppData\Local\Akamai\netsession_win.exe"
uRun: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [OneDrive] "C:\Users\JVB\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [EPLTarget\P0000000000000001] C:\WINDOWS\System32\spool\DRIVERS\x64\3\E_IATIHAA.EXE /EPT "EPLTarget\P0000000000000001" /M "Epson Stylus NX330"
uRun: [EPLTarget\P0000000000000000] C:\WINDOWS\System32\spool\DRIVERS\x64\3\E_IATIHAA.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus NX330"
mRun: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
StartupFolder: C:\Users\JVB\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\JZIP.lnk - C:\WINDOWS\System32\schtasks.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: Interfaces\{8600e961-1b41-430d-bc1a-d6bbeb971729} : NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [ShadowPlay] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-10-30 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-10-30 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-10-30 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-10-30 218624]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-10-30 87040]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-10-30 8192]
R1 GUBootStartup;GUBootStartup;C:\WINDOWS\System32\drivers\GUBootStartup.sys [2014-11-16 20160]
R1 RawDisk3;RawDisk3;C:\WINDOWS\System32\drivers\rawdsk3.sys [2014-10-31 32912]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-3-15 122880]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-10-30 43944]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-10-30 43944]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2015-8-4 151648]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-5-27 1156384]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-29 1513784]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-29 1135416]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-5-27 1873696]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2015-7-15 5568288]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-11-20 416432]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-10-30 78848]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\WINDOWS\System32\drivers\k57nd60a.sys [2015-10-30 446464]
R3 LcUvcUpper;LcUvcUpper Service;C:\WINDOWS\System32\drivers\LcUvcUpper.sys [2015-9-28 37912]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\drivers\mbam.sys [2014-10-29 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2014-10-29 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\drivers\mwac.sys [2014-10-29 64216]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-10-30 20480]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-5-27 20768]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2015-8-24 50472]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-10-30 118112]
R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-10-30 364464]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-10-30 43944]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-2-18 315488]
S2 sys_service;sys_service;"C:\Program Files (x86)\SystemManager\Systemmgr\sysupdator.exe" --> C:\Program Files (x86)\SystemManager\Systemmgr\sysupdator.exe [?]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-10-30 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-10-30 43944]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-30 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-10-30 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-10-30 43944]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-30 37376]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2015-10-30 117248]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-30 31744]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-10-30 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-10-30 50016]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2015-10-30 81408]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2015-10-30 165888]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-10-30 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-10-30 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-10-30 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-10-30 424800]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-10-30 117760]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-10-30 46432]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-10-30 26624]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-10-30 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-10-30 99168]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-10-30 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-10-30 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-10-30 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-10-30 58720]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-10-30 930656]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 Revoflt;Revoflt;C:\WINDOWS\System32\drivers\revoflt.sys [2015-2-18 31800]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-10-30 1297408]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-10-30 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-10-30 43944]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-10-30 79200]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-10-30 34144]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TeamViewer;TeamViewer 10;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-10-13 5702416]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2015-10-30 290304]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-10-30 61952]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-10-30 46592]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-10-30 45056]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-10-30 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2015-10-30 254816]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-10-30 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-10-30 131424]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-10-30 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-10-30 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-10-30 27488]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-10-30 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 w3logsvc;W3C Logging Service;C:\WINDOWS\System32\svchost.exe -k apphost [2015-10-30 43944]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2015-10-30 694784]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-10-30 43944]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-10-30 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-10-30 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-10-30 43944]
S3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2015-10-30 24576]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2015-10-30 216064]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2015-10-30 238592]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2015-10-30 26112]
S4 CDPSvc;Connected Device Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
.
=============== Created Last 30 ================
.
2015-11-30 06:26:56 11138400 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4DD2A3BA-E58F-4AB5-8263-B6C6CB6DDA1B}\mpengine.dll
2015-11-29 05:25:18 11138400 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2015-11-29 02:03:41 290304 ----a-w- C:\WINDOWS\SysWow64\subinacl.exe
2015-11-29 02:03:40 -------- d-----w- C:\Program Files (x86)\Adware Removal Tool by TSA
2015-11-28 22:54:37 -------- d-----w- C:\Users\JVB\AppData\Local\speech
2015-11-25 04:51:27 -------- d-----w- C:\WINDOWS\Simple Static IP
2015-11-25 04:51:27 -------- d-----w- C:\Program Files (x86)\Simple Static IP
2015-11-25 01:43:00 870400 ----a-w- C:\WINDOWS\System32\modernexecserver.dll
2015-11-25 01:43:00 286720 ----a-w- C:\WINDOWS\System32\deviceaccess.dll
2015-11-25 01:42:59 809312 ----a-w- C:\WINDOWS\System32\WWAHost.exe
2015-11-25 01:42:59 704352 ----a-w- C:\WINDOWS\SysWow64\WWAHost.exe
2015-11-25 01:42:59 227840 ----a-w- C:\WINDOWS\SysWow64\deviceaccess.dll
2015-11-25 01:42:59 204800 ----a-w- C:\WINDOWS\System32\Microsoft-Windows-AppModelExecEvents.dll
2015-11-25 01:01:36 -------- d-----w- C:\Program Files (x86)\S5
2015-11-25 01:01:34 -------- d-----w- C:\Users\JVB\AppData\Roaming\c
2015-11-25 01:01:34 -------- d-----w- C:\ProgramData\1448413294
2015-11-25 01:01:06 -------- d-----w- C:\Users\JVB\AppData\Roaming\Itibiti
2015-11-25 00:59:46 185856 ----a-w- C:\WINDOWS\rsrcs.dll
2015-11-25 00:59:40 -------- d-----w- C:\Users\JVB\AppData\Local\Geckofx
2015-11-25 00:59:11 -------- d-----w- C:\Users\JVB\AppData\Roaming\SSN
2015-11-23 17:10:54 -------- d-----w- C:\Users\JVB\AppData\Roaming\Curse Advertising
2015-11-23 17:10:37 -------- d-----w- C:\Users\JVB\AppData\Local\Deployment
2015-11-20 17:27:43 608048 ----a-w- C:\WINDOWS\SysWow64\nvStreaming.exe
2015-11-20 17:26:51 82744 ----a-w- C:\WINDOWS\System32\OpenCL.dll
2015-11-20 17:26:51 68280 ----a-w- C:\WINDOWS\SysWow64\OpenCL.dll
2015-11-20 04:00:58 17721840 ----a-w- C:\WINDOWS\System32\nvd3dumx.dll
2015-11-20 04:00:58 14633232 ----a-w- C:\WINDOWS\SysWow64\nvd3dum.dll
2015-11-20 04:00:58 11316168 ----a-w- C:\WINDOWS\SysWow64\nvcuda.dll
2015-11-20 04:00:56 2857536 ----a-w- C:\WINDOWS\SysWow64\nvapi.dll
2015-11-20 04:00:56 16278496 ----a-w- C:\WINDOWS\SysWow64\nvwgf2um.dll
2015-11-20 04:00:56 14047120 ----a-w- C:\WINDOWS\System32\nvopencl.dll
2015-11-20 04:00:56 13957976 ----a-w- C:\WINDOWS\System32\nvcuda.dll
2015-11-20 04:00:56 11379416 ----a-w- C:\WINDOWS\SysWow64\nvopencl.dll
2015-11-18 04:42:13 -------- d-----w- C:\WINDOWS\System32\SleepStudy
2015-11-17 05:52:38 -------- dc----w- C:\WINDOWS\Panther
2015-11-17 05:49:06 -------- d-----w- C:\WINDOWS\System32\Microsoft
2015-11-17 05:47:06 -------- d-----w- C:\WINDOWS\SysWow64\BestPractices
2015-11-17 05:47:06 -------- d-----w- C:\WINDOWS\System32\msmq
2015-11-17 05:47:06 -------- d-----w- C:\WINDOWS\System32\BestPractices
2015-11-17 05:47:04 -------- d-----w- C:\inetpub
2015-11-17 05:46:24 35480 ----a-w- C:\WINDOWS\SysWow64\TsWpfWrp.exe
2015-11-17 05:46:23 778936 ----a-w- C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
2015-11-17 05:46:23 103120 ----a-w- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-11-17 05:46:22 35480 ----a-w- C:\WINDOWS\System32\TsWpfWrp.exe
2015-11-17 05:46:22 124624 ----a-w- C:\WINDOWS\System32\PresentationCFFRasterizerNative_v0300.dll
2015-11-17 05:46:22 1166520 ----a-w- C:\WINDOWS\System32\PresentationNative_v0300.dll
2015-11-17 03:27:14 -------- d-----w- C:\Users\JVB\AppData\Local\ActiveSync
2015-11-17 03:24:37 -------- d-sh--we C:\ProgramData\Documents
2015-11-17 03:24:37 -------- d-sh--w- C:\Recovery
2015-11-17 03:16:50 -------- d-----w- C:\WINDOWS\System32\wbem\Performance
2015-11-17 03:12:49 -------- d-----w- C:\WINDOWS\System32\wbem\MOF\good
2015-11-17 03:12:49 -------- d-----w- C:\WINDOWS\System32\wbem\MOF\bad
2015-11-17 03:04:31 -------- d-----w- C:\Program Files (x86)\Common Files\SpeechEngines
2015-11-17 03:04:24 -------- d-----w- C:\Program Files\Common Files\SpeechEngines
2015-11-17 02:58:22 -------- d-----w- C:\WINDOWS\SysWow64\RTCOM
2015-11-17 02:58:22 -------- d-----w- C:\Program Files\Realtek
2015-11-17 02:58:15 933168 ----a-w- C:\WINDOWS\System32\nvvsvc.exe
2015-11-17 02:58:15 6783280 ----a-w- C:\WINDOWS\System32\nvcpl.dll
2015-11-17 02:58:15 62584 ----a-w- C:\WINDOWS\System32\nvshext.dll
2015-11-17 02:58:15 5972783 ----a-w- C:\WINDOWS\System32\nvcoproc.bin
2015-11-17 02:58:15 384176 ----a-w- C:\WINDOWS\System32\nvmctray.dll
2015-11-17 02:58:15 3522168 ----a-w- C:\WINDOWS\System32\nvsvc64.dll
2015-11-17 02:58:15 2557616 ----a-w- C:\WINDOWS\System32\nvsvcr.dll
2015-11-17 02:58:02 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2015-11-17 02:57:50 -------- d-----w- C:\Program Files\NVIDIA Corporation
2015-11-17 02:57:41 -------- d---a-w- C:\Program Files (x86)\Microsoft LifeCam
2015-11-17 02:57:38 -------- d---a-w- C:\Program Files\Microsoft LifeCam
2015-11-17 02:54:44 2718208 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
2015-11-17 02:54:15 -------- d-----w- C:\WINDOWS\System32\wbem\MOF
2015-11-16 22:12:43 18805920 ----a-w- C:\WINDOWS\System32\nvwgf2umx.dll
2015-11-16 22:12:41 12907704 ----a-w- C:\WINDOWS\System32\drivers\nvlddmkm.sys
2015-11-16 22:12:40 1917240 ----a-w- C:\WINDOWS\System32\nvdispco6434181.dll
2015-11-16 22:12:40 1565368 ----a-w- C:\WINDOWS\System32\nvdispgenco6434181.dll
2015-11-16 22:12:39 3246848 ----a-w- C:\WINDOWS\System32\nvapi64.dll
2015-11-15 17:14:42 -------- d-----w- C:\ProgramData\NzbDrone
2015-11-12 18:27:39 -------- d-----w- C:\Users\JVB\AppData\Local\Collectorz.com
2015-11-12 18:27:09 -------- d-----w- C:\Program Files (x86)\Collectorz.com
.
==================== Find3M ====================
.
2015-11-30 22:29:22 192216 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2015-11-17 05:50:05 969728 ----a-w- C:\WINDOWS\System32\kerberos.dll
2015-11-17 05:47:02 96768 ----a-w- C:\WINDOWS\SysWow64\mqoa.tlb
2015-11-17 05:47:02 91136 ----a-w- C:\WINDOWS\SysWow64\mqoa30.tlb
2015-11-17 05:47:02 55808 ----a-w- C:\WINDOWS\SysWow64\mqoa20.tlb
2015-11-17 05:47:02 37376 ----a-w- C:\WINDOWS\SysWow64\mqoa10.tlb
2015-11-17 05:47:01 635904 ----a-w- C:\WINDOWS\SysWow64\mqsnap.dll
2015-11-17 05:47:01 14848 ----a-w- C:\WINDOWS\SysWow64\mqcertui.dll
2015-11-17 05:47:00 56320 ----a-w- C:\WINDOWS\System32\admwprox.dll
2015-11-17 05:47:00 53248 ----a-w- C:\WINDOWS\System32\ahadmin.dll
2015-11-17 05:47:00 202240 ----a-w- C:\WINDOWS\System32\iisRtl.dll
2015-11-17 05:47:00 19456 ----a-w- C:\WINDOWS\System32\iisreset.exe
2015-11-17 05:47:00 15360 ----a-w- C:\WINDOWS\System32\wamregps.dll
2015-11-17 05:47:00 13312 ----a-w- C:\WINDOWS\System32\iisrstap.dll
2015-11-13 06:55:02 35680 ----a-w- C:\WINDOWS\System32\drivers\wimmount.sys
2015-11-13 06:54:58 7476576 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2015-11-13 06:51:54 698208 ----a-w- C:\WINDOWS\System32\wimgapi.dll
2015-11-13 06:51:18 523616 ----a-w- C:\WINDOWS\System32\wimserv.exe
2015-11-13 06:51:07 334736 ----a-w- C:\WINDOWS\System32\policymanager.dll
2015-11-13 06:43:09 2544264 ----a-w- C:\WINDOWS\System32\mfcore.dll
2015-11-13 06:43:07 586208 ----a-w- C:\WINDOWS\System32\mf.dll
2015-11-13 06:43:07 369912 ----a-w- C:\WINDOWS\System32\audiodg.exe
2015-11-13 06:43:07 110032 ----a-w- C:\WINDOWS\System32\EncDump.dll
2015-11-13 06:43:05 35656 ----a-w- C:\WINDOWS\System32\mfpmp.exe
2015-11-13 06:43:05 245848 ----a-w- C:\WINDOWS\System32\mfps.dll
2015-11-13 06:43:03 536768 ----a-w- C:\WINDOWS\System32\AudioSes.dll
2015-11-13 06:42:59 408128 ----a-w- C:\WINDOWS\System32\AUDIOKSE.dll
2015-11-13 06:42:58 516544 ----a-w- C:\WINDOWS\System32\AudioEng.dll
2015-11-13 06:42:57 88392 ----a-w- C:\WINDOWS\System32\remoteaudioendpoint.dll
2015-11-13 06:33:32 911648 ----a-w- C:\WINDOWS\System32\dcomp.dll
2015-11-13 06:33:26 92352 ----a-w- C:\WINDOWS\System32\acmigration.dll
2015-11-13 06:33:17 586080 ----a-w- C:\WINDOWS\SysWow64\wimgapi.dll
2015-11-13 06:32:40 296488 ----a-w- C:\WINDOWS\SysWow64\policymanager.dll
2015-11-13 06:21:49 2179584 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
2015-11-13 06:21:39 511320 ----a-w- C:\WINDOWS\SysWow64\mf.dll
2015-11-13 06:21:37 32040 ----a-w- C:\WINDOWS\SysWow64\mfpmp.exe
2015-11-13 06:21:35 116728 ----a-w- C:\WINDOWS\SysWow64\mfps.dll
2015-11-13 06:21:33 405048 ----a-w- C:\WINDOWS\SysWow64\AudioSes.dll
2015-11-13 06:21:31 454056 ----a-w- C:\WINDOWS\SysWow64\AudioEng.dll
2015-11-13 06:21:29 366224 ----a-w- C:\WINDOWS\SysWow64\AUDIOKSE.dll
2015-11-13 06:21:28 73360 ----a-w- C:\WINDOWS\SysWow64\remoteaudioendpoint.dll
2015-11-13 06:09:31 675064 ----a-w- C:\WINDOWS\SysWow64\dcomp.dll
2015-11-13 06:09:31 320352 ----a-w- C:\WINDOWS\apppatch\AcRes.dll
2015-11-13 06:07:39 28160 ----a-w- C:\WINDOWS\System32\Windows.Management.Provisioning.ProxyStub.dll
2015-11-13 0633 1268736 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.Resources.dll
2015-11-13 0600 52736 ----a-w- C:\WINDOWS\System32\RemovableMediaProvisioningPlugin.dll
2015-11-13 06:05:46 43520 ----a-w- C:\WINDOWS\System32\bcastdvr.proxy.dll
2015-11-13 06:05:30 122368 ----a-w- C:\WINDOWS\System32\KnobsCsp.dll
2015-11-13 06:05:21 78336 ----a-w- C:\WINDOWS\System32\BarcodeProvisioningPlugin.dll
2015-11-13 06:05:19 16984064 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2015-11-13 06:05:01 30720 ----a-w- C:\WINDOWS\System32\tetheringconfigsp.dll
2015-11-13 06:04:59 17408 ----a-w- C:\WINDOWS\System32\IcsEntitlementHost.exe
2015-11-13 06:04:54 37376 ----a-w- C:\WINDOWS\System32\LaunchWinApp.exe
2015-11-13 06:04:53 75264 ----a-w- C:\WINDOWS\System32\wwanprotdim.dll
2015-11-13 06:04:30 89600 ----a-w- C:\WINDOWS\System32\NFCProvisioningPlugin.dll
2015-11-13 06:03:12 77312 ----a-w- C:\WINDOWS\System32\ProvPluginEng.dll
2015-11-13 06:03:04 52736 ----a-w- C:\WINDOWS\System32\tetheringclient.dll
2015-11-13 06:02:34 231936 ----a-w- C:\WINDOWS\System32\KnobsCore.dll
2015-11-13 06:02:22 198656 ----a-w- C:\WINDOWS\System32\InstallAgent.exe
2015-11-13 06:01:06 192000 ----a-w- C:\WINDOWS\System32\provisioningcsp.dll
2015-11-13 06:00:34 87040 ----a-w- C:\WINDOWS\System32\tzautoupdate.dll
2015-11-13 06:00:27 56320 ----a-w- C:\WINDOWS\System32\provtool.exe
2015-11-13 06:00:22 161792 ----a-w- C:\WINDOWS\System32\DeviceCensus.exe
2015-11-13 05:59:47 86528 ----a-w- C:\WINDOWS\System32\AppCapture.dll
2015-11-13 05:58:04 162304 ----a-w- C:\WINDOWS\System32\tetheringservice.dll
2015-11-13 05:58:04 11545088 ----a-w- C:\WINDOWS\System32\twinui.dll
2015-11-13 05:57:36 543232 ----a-w- C:\WINDOWS\System32\StoreAgent.dll
2015-11-13 05:57:23 623616 ----a-w- C:\WINDOWS\System32\PhoneProviders.dll
2015-11-13 05:56:23 286208 ----a-w- C:\WINDOWS\System32\provhandlers.dll
2015-11-13 05:56:18 292352 ----a-w- C:\WINDOWS\System32\provengine.dll
2015-11-13 05:56:12 163328 ----a-w- C:\WINDOWS\System32\provops.dll
2015-11-13 05:55:55 165376 ----a-w- C:\WINDOWS\System32\provdatastore.dll
2015-11-13 05:55:38 450560 ----a-w- C:\WINDOWS\System32\Windows.Internal.Bluetooth.dll
2015-11-13 05:54:57 275456 ----a-w- C:\WINDOWS\System32\AudioEndpointBuilder.dll
2015-11-13 05:53:26 497664 ----a-w- C:\WINDOWS\System32\mfmkvsrcsnk.dll
2015-11-13 05:53:17 517632 ----a-w- C:\WINDOWS\System32\winspool.drv
2015-11-13 05:50:44 914944 ----a-w- C:\WINDOWS\System32\usermgr.dll
2015-11-13 05:50:37 1063424 ----a-w- C:\WINDOWS\System32\audiosrv.dll
2015-11-13 05:49:55 1212416 ----a-w- C:\WINDOWS\System32\wwansvc.dll
2015-11-13 05:49:25 674816 ----a-w- C:\WINDOWS\System32\Windows.UI.dll
2015-11-13 05:45:51 2587136 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll
2015-11-13 05:41:51 1268736 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.Resources.dll
2015-11-13 05:40:59 27136 ----a-w- C:\WINDOWS\SysWow64\bcastdvr.proxy.dll
2015-11-13 05:40:13 29696 ----a-w- C:\WINDOWS\SysWow64\LaunchWinApp.exe
2015-11-13 05:39:07 1998848 ----a-w- C:\WINDOWS\System32\ActiveSyncProvider.dll
2015-11-13 05:39:05 2444288 ----a-w- C:\WINDOWS\System32\twinui.appcore.dll
2015-11-13 05:38:30 13017088 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2015-11-13 05:37:27 160768 ----a-w- C:\WINDOWS\SysWow64\InstallAgent.exe
2015-11-13 05:34:44 70656 ----a-w- C:\WINDOWS\SysWow64\AppCapture.dll
2015-11-13 05:33:21 414720 ----a-w- C:\WINDOWS\System32\bcastdvr.exe
2015-11-13 05:32:14 409088 ----a-w- C:\WINDOWS\SysWow64\StoreAgent.dll
2015-11-13 05:30:28 334336 ----a-w- C:\WINDOWS\SysWow64\bcastdvr.exe
2015-11-13 05:30:17 315904 ----a-w- C:\WINDOWS\SysWow64\Windows.Internal.Bluetooth.dll
2015-11-13 05:29:34 9918976 ----a-w- C:\WINDOWS\SysWow64\twinui.dll
2015-11-13 05:28:00 382464 ----a-w- C:\WINDOWS\SysWow64\mfmkvsrcsnk.dll
2015-11-13 05:27:40 400896 ----a-w- C:\WINDOWS\SysWow64\winspool.drv
2015-11-13 05:23:47 490496 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.dll
2015-11-13 05:19:04 2001408 ----a-w- C:\WINDOWS\SysWow64\twinui.appcore.dll
2015-11-13 05:17:33 2064384 ----a-w- C:\WINDOWS\SysWow64\MFMediaEngine.dll
2015-11-13 05:15:53 1707008 ----a-w- C:\WINDOWS\SysWow64\ActiveSyncProvider.dll
.
============= FINISH: 17:46:53.46 ===============
Attached Files
File Type: txt attach.txt (19.0 KB, 687 views)
jbuehner is offline  
Sponsored Links
Advertisement
 
Old 12-02-2015, 07:19 PM   #2
Registered Member
 
Join Date: Nov 2015
Posts: 9
OS: Windows 10



BUMP, please
jbuehner is offline  
Old 12-03-2015, 01:28 AM   #3
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello jbuehner,

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Please download to and run all requested tools from your Desktop.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My native language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Now, let's get started, shall we?

Please do the following steps.

STEP 1

Please download AdwCleaner from here and save it to your desktop.

Click the green 'Download now @bleepingcomputer' button.
Run AdwCleaner and select Scan
Once the Scan is done, select Cleaning
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
Please copy/paste the contents of the log in your next reply.

STEP 2

Please download Farbar Recovery Scan Tool and save it to your desktop.

Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
__________________
tekir06 is offline  
Sponsored Links
Advertisement
 
Old 12-03-2015, 09:36 AM   #4
Registered Member
 
Join Date: Nov 2015
Posts: 9
OS: Windows 10



# AdwCleaner v5.023 - Logfile created 03/12/2015 at 12:08:22
# Updated 30/11/2015 by Xplode
# Database : 2015-11-30.1 [Server]
# Operating system : Windows 10 Home (x64)
# Username : JVB - JVB-PC
# Running from : C:\Users\JVB\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : Forum - ToolsLib

***** [ Services ] *****

[-] Service Deleted : sys_service

***** [ Folders ] *****

[-] Folder Deleted : C:\Users\JVB\AppData\Local\StormFall
[-] Folder Deleted : C:\Users\JVB\AppData\Local\Google\Chrome\User Data\Default\Extensions\fimladoacjepfibaiibjcmojnjelkbap
[-] Folder Deleted : C:\Users\JVB\AppData\Roaming\SSN
[#] Folder Deleted : C:\WINDOWS\SysNative\Tasks\jZip

***** [ Files ] *****

[-] File Deleted : C:\END
[-] File Deleted : C:\Users\JVB\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fimladoacjepfibaiibjcmojnjelkbap_0.localstorage
[-] File Deleted : C:\Users\JVB\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fimladoacjepfibaiibjcmojnjelkbap_0.localstorage-journal
[-] File Deleted : C:\Users\JVB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jZip.lnk

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\S
[-] Key Deleted : HKCU\Software\Classes\CLSID\{17EF1FFB-0545-4C9A-BE64-78FF53338475}
[-] Key Deleted : HKCU\Software\powerpack
[-] Key Deleted : HKCU\Software\tstamptoken
[-] Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\jZip
[-] Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[-] Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASPackage
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\en.softonic.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\malwarebytes-anti-malware.en.softonic.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com
[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ultimate-spyware-adware-remover.en.softonic.com
[-] Key Deleted : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\en.softonic.com
[-] Key Deleted : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\malwarebytes-anti-malware.en.softonic.com
[-] Key Deleted : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com
[-] Key Deleted : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ultimate-spyware-adware-remover.en.softonic.com

***** [ Web browsers ] *****

[-] [C:\Users\JVB\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fimladoacjepfibaiibjcmojnjelkbap

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4143 bytes] ##########

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015
Ran by JVB (administrator) on JVB-PC (03-12-2015 12:16:27)
Running from C:\Users\JVB\Desktop
Loaded Profiles: JVB (Available Profiles: JVB & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe
(Akamai Technologies, Inc.) C:\Users\JVB\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\JVB\AppData\Local\Akamai\netsession_win.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHAA.EXE
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\SoftwareUpdate.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\x64\Win64ShellLink.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-11] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [dellsupportcenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478392 2013-12-21] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LifeCam] => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
HKU\S-1-5-21-28219211-1248772839-156540515-1000\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [399224 2014-10-29] (BitTorrent, Inc.)
HKU\S-1-5-21-28219211-1248772839-156540515-1000\...\Run: [Akamai NetSession Interface] => C:\Users\JVB\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-28219211-1248772839-156540515-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-11-23] (Glarysoft Ltd)
HKU\S-1-5-21-28219211-1248772839-156540515-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-28219211-1248772839-156540515-1000\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHAA.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-28219211-1248772839-156540515-1000\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHAA.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-28219211-1248772839-156540515-1000\...\MountPoints2: {f75a39fa-6068-11e4-9bb9-782bcb952684} - "L:\LaunchU3.exe" -a
HKU\S-1-5-21-28219211-1248772839-156540515-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [31744 2015-10-30] (Microsoft Corporation)
BootExecute: autocheck autochk *
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{8600e961-1b41-430d-bc1a-d6bbeb971729}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://home.microsoft.com/search/search.asp
SearchScopes: HKU\S-1-5-21-28219211-1248772839-156540515-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-28219211-1248772839-156540515-1000 -> {91225934-AF1D-436C-8630-9F5339A5882D} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-10-20] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2013-12-20] (Adobe Systems Incorporated)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2013-12-20] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-10-20] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2013-12-20] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-28219211-1248772839-156540515-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2013-12-20] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-28219211-1248772839-156540515-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-05-05] (The Happy Cloud)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-11-01] [not signed]
StartMenuInternet: firefox.exe - firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxp://www-mysearch.com/?pid=s&s=FBPzamotn15344,2d7f6eac-452a-413d-9d86-158599fc902c,&vp=ch&prd=set
CHR StartupUrls: Default -> "hxxp://www-mysearch.com/?pid=s&s=FBPzamotn15344,2d7f6eac-452a-413d-9d86-158599fc902c,&vp=ch&prd=set"
CHR Profile: C:\Users\JVB\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Weather (extension)) - C:\Users\JVB\AppData\Local\Google\Chrome\User Data\Default\Extensions\beapnbfmjmjhhfpaoajfhjbbfnnlfpnc [2015-06-30]
CHR Extension: (RSS Subscription Extension) - C:\Users\JVB\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmjffnfcokiodbeiamclanljnaheeoke [2015-06-30]
CHR Extension: (Super New Tab) - C:\Users\JVB\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmllecabdhmfjabilnnheofbdkjhffgp [2015-06-17]
CHR Extension: (feedly) - C:\Users\JVB\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2015-06-30]
CHR Extension: (Speed Dial 2) - C:\Users\JVB\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2015-11-12]
CHR Extension: (Mifish NewTab(speed dial,extension)) - C:\Users\JVB\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkljgiehnknbpnadghniojebglajbmij [2015-06-17]
CHR Extension: (Advanced start page) - C:\Users\JVB\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhlflcpjmbmnhfehipheboagibdjgmog [2015-07-21]
CHR Extension: (Speed Dial [FVD] - New Tab Page, 3D, Sync...) - C:\Users\JVB\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa [2015-11-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\JVB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-22]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-03-15] (AMD) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-11] (NVIDIA Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [26624 2015-11-17] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-11] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-11] (NVIDIA Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-05-05] (Glarysoft Ltd)
R3 LcUvcUpper; C:\Windows\system32\DRIVERS\LcUvcUpper.sys [37912 2015-09-28] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-03] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-08-12] (EldoS Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S0 guqxm; System32\drivers\lffctaw.sys [X]
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-03 12:16 - 2015-12-03 12:17 - 00018607 _____ C:\Users\JVB\Desktop\FRST.txt
2015-12-03 12:16 - 2015-12-03 12:16 - 00000000 ____D C:\FRST
2015-12-03 12:15 - 2015-12-03 12:15 - 02350080 _____ (Farbar) C:\Users\JVB\Desktop\FRST64.exe
2015-12-03 12:14 - 2015-12-03 12:14 - 02350080 _____ (Farbar) C:\Users\JVB\Downloads\FRST64.exe
2015-12-03 12:13 - 2015-12-03 12:13 - 00004222 _____ C:\Users\JVB\Desktop\AdwCleaner[C1].txt
2015-12-03 12:07 - 2015-12-03 12:08 - 00000000 ____D C:\AdwCleaner
2015-12-03 11:59 - 2015-12-03 12:06 - 01736704 _____ C:\Users\JVB\Desktop\AdwCleaner.exe
2015-12-03 11:58 - 2015-12-03 11:59 - 01736704 _____ C:\Users\JVB\Downloads\AdwCleaner.exe
2015-12-03 11:48 - 2015-12-03 11:48 - 00059271 _____ C:\Users\JVB\Downloads\American.Horror.Story.S05E07.HDTV.x264-FLEET.nzb
2015-12-03 11:47 - 2015-12-03 11:48 - 00045417 _____ C:\Users\JVB\Downloads\American.Horror.Story.S05E06.HDTV.x264--KILLERS.nzb
2015-12-03 11:47 - 2015-12-03 11:47 - 00057911 _____ C:\Users\JVB\Downloads\American.Horror.Story.S05E05.HDTV.x264-FLEET.nzb
2015-12-03 11:37 - 2015-12-03 11:37 - 00056641 _____ C:\Users\JVB\Downloads\American.Horror.Story.S05E03.HDTV.x264-KILLERS.nzb
2015-12-03 11:37 - 2015-12-03 11:37 - 00053306 _____ C:\Users\JVB\Downloads\American.Horror.Story.S05E04.HDTV.x264-FLEET.nzb
2015-12-03 09:59 - 2015-12-03 09:59 - 00092198 _____ C:\Users\JVB\Downloads\American.Horror.Story.S05E02.PROPER.HDTV.x264-KILLERS.nzb
2015-12-02 23:29 - 2015-12-02 23:29 - 00000000 ____D C:\Users\JVB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Newsbin6
2015-12-02 23:18 - 2015-12-02 23:18 - 00186138 _____ C:\Users\JVB\Downloads\American.Horror.Story.S05E01.720p.HDTV.x264-KILLERS.nzb
2015-12-02 18:36 - 2015-12-02 18:36 - 00501740 _____ C:\Users\JVB\Downloads\C.2015.Englisch.AC3.HDCAM.HQ.Xvid-Hive.CM8.nzb
2015-12-02 13:32 - 2015-12-02 13:32 - 15210881 _____ C:\Users\JVB\Documents\ZygorGuidesViewer 5.0.13033.rar
2015-12-02 13:31 - 2015-12-02 13:31 - 00005017 _____ C:\Users\JVB\Downloads\ZygorGuidesViewer 5.0.13033.rar [IPT].torrent
2015-11-30 17:46 - 2015-11-30 17:46 - 00040461 _____ C:\Users\JVB\Desktop\dds.txt
2015-11-30 17:46 - 2015-11-30 17:46 - 00019459 _____ C:\Users\JVB\Desktop\attach.txt
2015-11-30 17:36 - 2015-11-30 17:44 - 00688992 ____R (Swearware) C:\Users\JVB\Downloads\dds.scr
2015-11-30 14:09 - 2015-11-30 14:09 - 00000000 ____D C:\Users\JVB\Documents\The.Last.Kingdom.S01.720p.HDTV.x264-Scene
2015-11-30 14:08 - 2015-11-30 14:08 - 00113864 _____ C:\Users\JVB\Downloads\The.Last.Kingdom.S01.720p.HDTV.x264-Scene [IPT].torrent
2015-11-29 18:58 - 2015-11-29 18:58 - 06950912 _____ C:\Users\JVB\Desktop\Jimbo's Quicken Data-2015-11-29.QDF-backup
2015-11-29 13:14 - 2015-11-29 15:25 - 2363798840 _____ C:\Users\JVB\Documents\DeepStar.Six.1988.720p.BluRay.DD2.0.x264-CRiSC.mkv
2015-11-29 13:14 - 2015-11-29 13:14 - 00063841 _____ C:\Users\JVB\Downloads\DeepStar.Six.1988.720p.BluRay.DD2.0.x264-CRiSC.mkv.torrent
2015-11-28 22:31 - 2015-11-28 22:31 - 00000824 _____ C:\Users\JVB\Downloads\hosts1.txt
2015-11-28 21:19 - 2015-11-28 21:19 - 00000000 _____ C:\autoexec.bat
2015-11-28 21:03 - 2015-11-28 21:03 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\subinacl.exe
2015-11-28 21:03 - 2015-11-28 21:03 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2015-11-28 17:45 - 2015-11-28 17:46 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-11-28 17:42 - 2015-11-28 17:42 - 00000000 ____D C:\Users\JVB\Documents\Magazine.Pack.MISC.2015-11-27
2015-11-28 17:15 - 2015-11-28 17:15 - 00074794 _____ C:\Users\JVB\Downloads\Magazine_Pack_MISC__2_(2015_11_27).torrent
2015-11-26 11:24 - 2015-11-26 11:24 - 00003874 _____ C:\Users\JVB\Downloads\Simple-Port-Forwarding-Pro-3.4.0-crack(vipers-nest.me).torrent
2015-11-25 12:47 - 2015-11-25 12:47 - 00001894 _____ C:\Users\JVB\Downloads\Diabetic_Cookbook_for_Two.torrent
2015-11-25 12:47 - 2015-11-25 12:47 - 00000000 ____D C:\Users\JVB\Documents\Diabetic Cookbook for Two
2015-11-25 08:32 - 2015-11-25 09:49 - 1062203223 _____ C:\Users\JVB\Documents\Operation.Crossbow.720p.WEBRip.h264-spamTV.mkv
2015-11-25 08:32 - 2015-11-25 08:32 - 00040791 _____ C:\Users\JVB\Downloads\[MTV]Operation.Crossbow.720p.WEBRip.h264-spamTV (Webrip - Other - 720p).torrent
2015-11-24 23:51 - 2015-11-24 23:52 - 00000000 ____D C:\Program Files (x86)\Simple Static IP
2015-11-24 23:51 - 2015-11-24 23:51 - 00002054 _____ C:\Users\JVB\Desktop\Simple Static IP.lnk
2015-11-24 23:51 - 2015-11-24 23:51 - 00000000 ____D C:\WINDOWS\Simple Static IP
2015-11-24 23:51 - 2015-11-24 23:51 - 00000000 ____D C:\Users\JVB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Simple Static IP
2015-11-24 20:43 - 2015-11-21 00:29 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2015-11-24 20:43 - 2015-11-21 00:28 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-11-24 20:42 - 2015-11-21 01:21 - 00809312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-11-24 20:42 - 2015-11-21 01:02 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-11-24 20:42 - 2015-11-21 00:44 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
2015-11-24 20:42 - 2015-11-21 00:07 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2015-11-24 20:01 - 2015-11-24 20:36 - 00002504 _____ C:\WINDOWS\System32\Tasks\JZIP
2015-11-24 20:01 - 2015-11-24 20:25 - 00000000 ____D C:\Program Files (x86)\S5
2015-11-24 20:01 - 2015-11-24 20:01 - 00000000 ____D C:\Users\JVB\AppData\Roaming\Itibiti
2015-11-24 20:01 - 2015-11-24 20:01 - 00000000 ____D C:\Users\JVB\AppData\Roaming\c
2015-11-24 20:01 - 2015-11-24 20:01 - 00000000 ____D C:\ProgramData\1448413294
2015-11-24 20:01 - 2015-11-24 20:01 - 00000000 _____ C:\WINDOWS\SysWOW64\outputfilePath
2015-11-24 19:59 - 2015-11-24 19:59 - 00000000 ____D C:\Users\JVB\AppData\Local\Geckofx
2015-11-24 19:36 - 2015-11-24 19:37 - 289842551 _____ C:\Users\JVB\Documents\Grimm.S05E04.PROPER.HDTV.x264-KILLERS.mp4
2015-11-24 19:36 - 2015-11-24 19:36 - 00044505 _____ C:\Users\JVB\Downloads\[MTV]Grimm.S05E04.PROPER.HDTV.x264-KILLERS (HDTV - x264 - SD).torrent
2015-11-23 12:10 - 2015-11-24 20:12 - 00000000 ____D C:\Users\JVB\AppData\Local\Deployment
2015-11-23 12:10 - 2015-11-23 12:15 - 00000000 ____D C:\Users\JVB\AppData\Roaming\Curse Advertising
2015-11-23 12:10 - 2015-11-23 12:10 - 00000318 _____ C:\Users\JVB\Desktop\Curse Client.appref-ms
2015-11-23 12:10 - 2015-11-23 12:10 - 00000000 ____D C:\Users\JVB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
2015-11-23 12:05 - 2015-11-23 12:08 - 1047384064 _____ C:\Users\JVB\Documents\PENITENTIARY 3.1987.DRz.avi
2015-11-23 12:05 - 2015-11-23 12:05 - 00040257 _____ C:\Users\JVB\Downloads\PENITENTIARY 3.1987.DRz.avi.torrent
2015-11-22 13:28 - 2015-11-22 13:28 - 00071973 _____ C:\Users\JVB\Downloads\Heroes [IPT].torrent
2015-11-22 13:28 - 2015-11-22 13:28 - 00000000 ____D C:\Users\JVB\Documents\Heroes
2015-11-21 14:06 - 2015-11-21 14:06 - 00000000 ____D C:\Users\JVB\Documents\Jessica.Jones.2015.COMPLETE.S01.WEBRip.XviD-EVO
2015-11-21 14:05 - 2015-11-21 14:06 - 00033029 _____ C:\Users\JVB\Downloads\Jessica.Jones.2015.COMPLETE.S01.WEBRip.XviD-EVO [IPT].torrent
2015-11-20 16:38 - 2015-11-20 16:38 - 00019782 _____ C:\Users\JVB\Downloads\Assorted.Magazines.Bundle-November.12.2015 [IPT].torrent
2015-11-20 16:38 - 2015-11-20 16:38 - 00000000 ____D C:\Users\JVB\Documents\Assorted.Magazines.Bundle-November.12.2015
2015-11-20 12:59 - 2015-11-20 12:59 - 00002134 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2015-11-20 12:27 - 2015-10-13 10:26 - 00608048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-11-20 12:26 - 2015-11-19 23:05 - 00082744 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-11-20 12:26 - 2015-11-19 23:05 - 00068280 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-11-19 23:05 - 2015-11-19 23:05 - 31523000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-11-19 23:05 - 2015-11-19 23:05 - 24208056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-11-19 23:05 - 2015-11-19 23:05 - 23001912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-11-19 23:05 - 2015-11-19 23:05 - 15301816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-11-19 23:05 - 2015-11-19 23:05 - 04254336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-11-19 23:05 - 2015-11-19 23:05 - 03995320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-11-19 23:05 - 2015-11-19 23:05 - 01917240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434192.dll
2015-11-19 23:05 - 2015-11-19 23:05 - 01565368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434192.dll
2015-11-19 23:05 - 2015-11-19 23:05 - 01524008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2015-11-19 23:05 - 2015-11-19 23:05 - 00953016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-11-19 23:05 - 2015-11-19 23:05 - 00916152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-11-19 23:05 - 2015-11-19 23:05 - 00912184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-11-19 23:05 - 2015-11-19 23:05 - 00877752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-11-19 23:05 - 2015-11-19 23:05 - 00206120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2015-11-19 23:05 - 2015-11-19 23:05 - 00040240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2015-11-19 23:00 - 2015-11-19 23:00 - 17721840 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-11-19 23:00 - 2015-11-19 23:00 - 16278496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-11-19 23:00 - 2015-11-19 23:00 - 14633232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-11-19 23:00 - 2015-11-19 23:00 - 14047120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-11-19 23:00 - 2015-11-19 23:00 - 13957976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-11-19 23:00 - 2015-11-19 23:00 - 11379416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-11-19 23:00 - 2015-11-19 23:00 - 11316168 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-11-19 23:00 - 2015-11-19 23:00 - 02857536 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-11-19 12:50 - 2015-11-19 12:50 - 00000000 ____D C:\Users\JVB\Documents\Broken Faith. Toby Clements. Kingmaker Series. Book 02
2015-11-19 12:49 - 2015-11-19 12:49 - 00005807 _____ C:\Users\JVB\Downloads\[p2pelite]Winter Pilgrims. Toby Clements. Kingmaker Series. Book 01.torrent
2015-11-19 12:49 - 2015-11-19 12:49 - 00005305 _____ C:\Users\JVB\Downloads\[p2pelite]Broken Faith. Toby Clements. Kingmaker Series. Book 02.torrent
2015-11-19 12:49 - 2015-11-19 12:49 - 00000000 ____D C:\Users\JVB\Documents\Winter Pilgrims. Toby Clements. Kingmaker Series. Book 01
2015-11-19 12:42 - 2015-11-19 13:07 - 02223194 _____ C:\Users\JVB\Documents\Complete Guide to Prescription and Nonprescription Drugs 2015.epub
2015-11-19 12:42 - 2015-11-19 12:42 - 00000626 _____ C:\Users\JVB\Downloads\[p2pelite]Complete Guide to Prescription and Nonprescription Drugs 2015.epub(1).torrent
2015-11-19 12:40 - 2015-11-19 12:57 - 02502963 _____ C:\Users\JVB\Documents\Delicious Dishes for Diabetics - Robin Ellis.epub
2015-11-19 12:40 - 2015-11-19 12:40 - 00003506 _____ C:\Users\JVB\Downloads\[p2pelite]Robin Ellis - Delicious Dishes for Diabetics Eating Well with Type-2 Diabetes [2011] (EPUB).torrent
2015-11-19 12:22 - 2015-11-19 12:22 - 00418609 _____ C:\Users\JVB\Downloads\[Twilights Zoom]Time Life.torrent
2015-11-19 12:22 - 2015-11-19 12:22 - 00000000 ____D C:\Users\JVB\Documents\Time Life
2015-11-19 11:16 - 2015-11-19 11:16 - 00000000 ____D C:\Users\JVB\Documents\The.*******.Executioner.S01.720p.HDTV.x264-Scene
2015-11-19 11:15 - 2015-11-19 11:16 - 00185184 _____ C:\Users\JVB\Downloads\[MTV]The ******* Executioner - Season 1 - 2015 (HDTV - x264 - 720p).torrent
2015-11-19 04:02 - 2015-11-13 01:55 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
2015-11-19 04:02 - 2015-11-13 01:54 - 07476576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-19 04:02 - 2015-11-13 01:51 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-11-19 04:02 - 2015-11-13 01:51 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-11-19 04:02 - 2015-11-13 01:51 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2015-11-19 04:02 - 2015-11-13 01:43 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-11-19 04:02 - 2015-11-13 01:43 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-11-19 04:02 - 2015-11-13 01:43 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-11-19 04:02 - 2015-11-13 01:43 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-11-19 04:02 - 2015-11-13 01:43 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-11-19 04:02 - 2015-11-13 01:43 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-11-19 04:02 - 2015-11-13 01:43 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2015-11-19 04:02 - 2015-11-13 01:42 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-11-19 04:02 - 2015-11-13 01:42 - 00408128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-11-19 04:02 - 2015-11-13 01:42 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-11-19 04:02 - 2015-11-13 01:41 - 22572632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-11-19 04:02 - 2015-11-13 01:41 - 03670832 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-19 04:02 - 2015-11-13 01:33 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2015-11-19 04:02 - 2015-11-13 01:33 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2015-11-19 04:02 - 2015-11-13 01:33 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-11-19 04:02 - 2015-11-13 01:32 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2015-11-19 04:02 - 2015-11-13 01:21 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-11-19 04:02 - 2015-11-13 01:21 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-11-19 04:02 - 2015-11-13 01:21 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-11-19 04:02 - 2015-11-13 01:21 - 00405048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-11-19 04:02 - 2015-11-13 01:21 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-11-19 04:02 - 2015-11-13 01:21 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2015-11-19 04:02 - 2015-11-13 01:21 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-11-19 04:02 - 2015-11-13 01:21 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2015-11-19 04:02 - 2015-11-13 01:19 - 02918808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-19 04:02 - 2015-11-13 01:18 - 21125408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-11-19 04:02 - 2015-11-13 01:09 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2015-11-19 04:02 - 2015-11-13 01:07 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2015-11-19 04:02 - 2015-11-13 01:06 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2015-11-19 04:02 - 2015-11-13 01:06 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2015-11-19 04:02 - 2015-11-13 01:05 - 16984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-11-19 04:02 - 2015-11-13 01:05 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-11-19 04:02 - 2015-11-13 01:05 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2015-11-19 04:02 - 2015-11-13 01:05 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
2015-11-19 04:02 - 2015-11-13 01:05 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
2015-11-19 04:02 - 2015-11-13 01:04 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2015-11-19 04:02 - 2015-11-13 01:04 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2015-11-19 04:02 - 2015-11-13 01:04 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2015-11-19 04:02 - 2015-11-13 01:04 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2015-11-19 04:02 - 2015-11-13 01:03 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2015-11-19 04:02 - 2015-11-13 01:03 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-11-19 04:02 - 2015-11-13 01:02 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-11-19 04:02 - 2015-11-13 01:02 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-11-19 04:02 - 2015-11-13 01:01 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-11-19 04:02 - 2015-11-13 01:00 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2015-11-19 04:02 - 2015-11-13 01:00 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2015-11-19 04:02 - 2015-11-13 01:00 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2015-11-19 04:02 - 2015-11-13 00:59 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2015-11-19 04:02 - 2015-11-13 00:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-11-19 04:02 - 2015-11-13 00:58 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-11-19 04:02 - 2015-11-13 00:57 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2015-11-19 04:02 - 2015-11-13 00:57 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-11-19 04:02 - 2015-11-13 00:56 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-11-19 04:02 - 2015-11-13 00:56 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-11-19 04:02 - 2015-11-13 00:56 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-11-19 04:02 - 2015-11-13 00:55 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-11-19 04:02 - 2015-11-13 00:55 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2015-11-19 04:02 - 2015-11-13 00:54 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-11-19 04:02 - 2015-11-13 00:53 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2015-11-19 04:02 - 2015-11-13 00:53 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-11-19 04:02 - 2015-11-13 00:50 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-19 04:02 - 2015-11-13 00:50 - 00914944 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-19 04:02 - 2015-11-13 00:49 - 01212416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-11-19 04:02 - 2015-11-13 00:49 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-19 04:02 - 2015-11-13 00:45 - 02587136 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-19 04:02 - 2015-11-13 00:41 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2015-11-19 04:02 - 2015-11-13 00:40 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2015-11-19 04:02 - 2015-11-13 00:40 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
2015-11-19 04:02 - 2015-11-13 00:39 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-11-19 04:02 - 2015-11-13 00:39 - 01998848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-11-19 04:02 - 2015-11-13 00:38 - 13017088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-11-19 04:02 - 2015-11-13 00:37 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2015-11-19 04:02 - 2015-11-13 00:34 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2015-11-19 04:02 - 2015-11-13 00:33 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-11-19 04:02 - 2015-11-13 00:32 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2015-11-19 04:02 - 2015-11-13 00:30 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2015-11-19 04:02 - 2015-11-13 00:30 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2015-11-19 04:02 - 2015-11-13 00:29 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-11-19 04:02 - 2015-11-13 00:28 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-11-19 04:02 - 2015-11-13 00:27 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2015-11-19 04:02 - 2015-11-13 00:23 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-19 04:02 - 2015-11-13 00:19 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-11-19 04:02 - 2015-11-13 00:17 - 02064384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-19 04:02 - 2015-11-13 00:15 - 01707008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2015-11-17 23:42 - 2015-11-17 23:42 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-11-17 20:30 - 2015-11-17 20:30 - 00000132 _____ C:\Users\JVB\AppData\Roaming\Adobe BMP Format CS6 Prefs
2015-11-17 15:15 - 2015-11-17 15:15 - 00000000 ____D C:\Users\JVB\Documents\The.Ultimate.Fighter.S20.720p.WEB.DL.x264-ViLLAiNS
2015-11-17 15:14 - 2015-11-17 15:15 - 00030587 _____ C:\Users\JVB\Downloads\IPT The.Ultimate.Fighter.S20.720p.WEB.DL.x264-ViLLAiNS [IPT].torrent
2015-11-17 14:08 - 2015-11-17 14:23 - 1475742473 _____ C:\Users\JVB\Documents\The.Flash.2014.S02E06.720p.REPACK.HDTV.DD5.1.x264-NTb.mkv
2015-11-17 14:07 - 2015-11-17 14:08 - 00002043 _____ C:\Users\JVB\Downloads\[MTV]The.Flash.2014.S02E06.720p.REPACK.HDTV.DD5.1.x264-NTb (HDTV - x264 - 720p).torrent
2015-11-17 14:06 - 2015-11-17 14:06 - 00030401 _____ C:\Users\JVB\Downloads\Fire In The Sky [1993].torrent
2015-11-17 14:06 - 2015-11-17 14:06 - 00000000 ____D C:\Users\JVB\Documents\Fire In The Sky [1993]
2015-11-17 00:52 - 2015-11-17 00:00 - 00000000 ___DC C:\WINDOWS\Panther
2015-11-17 00:50 - 2015-11-17 00:50 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-17 00:50 - 2015-11-17 00:50 - 22394880 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-17 00:50 - 2015-11-17 00:50 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-17 00:50 - 2015-11-17 00:50 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-17 00:50 - 2015-11-17 00:50 - 13376512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-17 00:50 - 2015-11-17 00:50 - 12120064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-17 00:50 - 2015-11-17 00:50 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-17 00:50 - 2015-11-17 00:50 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2015-11-17 00:50 - 2015-11-17 00:50 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2015-11-17 00:50 - 2015-11-17 00:50 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-17 00:50 - 2015-11-17 00:50 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-17 00:50 - 2015-11-17 00:50 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-17 00:50 - 2015-11-17 00:50 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-17 00:50 - 2015-11-17 00:50 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-17 00:50 - 2015-11-17 00:50 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-17 00:50 - 2015-11-17 00:50 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-17 00:50 - 2015-11-17 00:50 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-17 00:50 - 2015-11-17 00:50 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-11-17 00:50 - 2015-11-17 00:50 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-11-17 00:50 - 2015-11-17 00:50 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-17 00:50 - 2015-11-17 00:50 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-11-17 00:50 - 2015-11-17 00:50 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-11-17 00:50 - 2015-11-17 00:50 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-11-17 00:50 - 2015-11-17 00:50 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-11-17 00:50 - 2015-11-17 00:50 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-11-17 00:50 - 2015-11-17 00:50 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-11-17 00:50 - 2015-11-17 00:50 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-11-17 00:50 - 2015-11-17 00:50 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2015-11-17 00:50 - 2015-11-17 00:50 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-11-17 00:50 - 2015-11-17 00:50 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-11-17 00:50 - 2015-11-17 00:50 - 00000000 ____D C:\Windows.old
2015-11-17 00:49 - 2015-11-17 00:49 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-11-17 00:47 - 2015-11-17 00:47 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2015-11-17 00:47 - 2015-11-17 00:47 - 00000000 ____D C:\WINDOWS\system32\msmq
2015-11-17 00:47 - 2015-11-17 00:47 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2015-11-17 00:47 - 2015-11-17 00:47 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-11-17 00:47 - 2015-11-17 00:47 - 00000000 ____D C:\Program Files\MSBuild
2015-11-17 00:47 - 2015-11-17 00:47 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-11-17 00:47 - 2015-11-17 00:47 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-11-17 00:47 - 2015-11-17 00:47 - 00000000 ____D C:\inetpub
2015-11-17 00:46 - 2015-10-23 20:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-11-17 00:46 - 2015-10-23 20:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-11-17 00:46 - 2015-10-23 20:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-11-17 00:46 - 2015-10-23 20:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-11-17 00:46 - 2015-10-23 20:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-11-17 00:46 - 2015-10-23 20:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-11-16 22:27 - 2015-11-16 22:27 - 00000000 ____D C:\Users\JVB\AppData\Local\ActiveSync
2015-11-16 22:25 - 2015-11-16 22:25 - 00000020 ___SH C:\Users\JVB\ntuser.ini
2015-11-16 22:24 - 2015-11-16 22:24 - 00000000 _SHDL C:\Users\Default\My Documents
2015-11-16 22:24 - 2015-11-16 22:24 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2015-11-16 22:24 - 2015-11-16 22:24 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2015-11-16 22:24 - 2015-11-16 22:24 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2015-11-16 22:24 - 2015-11-16 22:24 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2015-11-16 22:24 - 2015-11-16 22:24 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2015-11-16 22:24 - 2015-11-16 22:24 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2015-11-16 22:18 - 2015-12-03 12:10 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-16 22:09 - 2015-11-16 22:09 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-11-16 22:09 - 2015-11-16 22:09 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2015-11-16 22:09 - 2015-11-16 22:09 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-11-16 22:09 - 2015-11-16 22:09 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
2015-11-16 22:09 - 2015-11-16 22:09 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2015-11-16 22:04 - 2015-11-16 22:04 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2015-11-16 22:03 - 2015-11-16 22:11 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-11-16 22:01 - 2015-12-03 12:16 - 01009692 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-16 22:01 - 2015-11-20 03:30 - 00000000 ____D C:\Users\JVB
2015-11-16 22:01 - 2015-11-16 22:14 - 00000000 ____D C:\Users\DefaultAppPool
2015-11-16 22:01 - 2015-11-16 22:01 - 00965390 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-11-16 22:01 - 2015-11-16 22:01 - 00000000 _SHDL C:\Users\JVB\My Documents
2015-11-16 22:01 - 2015-11-16 22:01 - 00000000 _SHDL C:\Users\JVB\Documents\My Videos
2015-11-16 22:01 - 2015-11-16 22:01 - 00000000 _SHDL C:\Users\JVB\Documents\My Pictures
2015-11-16 22:01 - 2015-11-16 22:01 - 00000000 _SHDL C:\Users\JVB\Documents\My Music
2015-11-16 22:01 - 2015-11-16 22:01 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
2015-11-16 22:01 - 2015-11-16 22:01 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos
2015-11-16 22:01 - 2015-11-16 22:01 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures
2015-11-16 22:01 - 2015-11-16 22:01 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music
2015-11-16 21:58 - 2015-12-03 12:10 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-16 21:58 - 2015-11-16 22:04 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-11-16 21:58 - 2015-11-16 21:58 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-11-16 21:58 - 2015-11-16 21:58 - 00000000 ____D C:\Program Files\Realtek
2015-11-16 21:58 - 2015-10-13 12:26 - 06783280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-11-16 21:58 - 2015-10-13 12:26 - 03522168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-11-16 21:58 - 2015-10-13 12:26 - 02557616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-11-16 21:58 - 2015-10-13 12:26 - 00933168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-11-16 21:58 - 2015-10-13 12:26 - 00384176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-11-16 21:58 - 2015-10-13 12:26 - 00062584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-11-16 21:58 - 2015-10-13 11:19 - 05972783 _____ C:\WINDOWS\system32\nvcoproc.bin
2015-11-16 21:57 - 2015-11-16 22:11 - 00000000 ____D C:\Program Files (x86)\Microsoft LifeCam
2015-11-16 21:57 - 2015-11-16 22:04 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-11-16 21:57 - 2015-11-16 22:04 - 00000000 ____D C:\Program Files\Microsoft LifeCam
2015-11-16 21:57 - 2015-11-16 21:57 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_LcUvcUpper_01011.Wdf
2015-11-16 21:54 - 2015-10-30 02:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-11-16 21:53 - 2015-11-16 22:12 - 04966304 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-16 17:12 - 2015-11-19 23:05 - 12907704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-11-16 17:12 - 2015-11-19 23:00 - 18805920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-11-16 17:12 - 2015-11-19 23:00 - 03246848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-11-16 17:12 - 2015-11-16 17:12 - 01917240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434181.dll
2015-11-16 17:12 - 2015-11-16 17:12 - 01565368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434181.dll
2015-11-16 17:12 - 2015-10-13 19:00 - 00026155 _____ C:\WINDOWS\system32\nvinfo.pb
2015-11-15 12:14 - 2015-11-16 17:20 - 00000000 ____D C:\ProgramData\NzbDrone
2015-11-15 11:48 - 2015-11-15 12:09 - 2419433172 _____ C:\Users\JVB\Documents\UFC.193.PPV.Rousey.vs.Holm.720p.HDTV.x264-Ebi.mp4
2015-11-15 11:48 - 2015-11-15 11:48 - 00512660 _____ C:\Users\JVB\Downloads\UFC.193.PPV.Rousey.vs.Holm.720p.HDTV.x264-Ebi.mp4 (1) [IPT].torrent
2015-11-13 13:52 - 2015-11-13 13:52 - 00025559 _____ C:\Users\JVB\Downloads\The.Phantom.of.the.Opera.at.the.Royal.Albert.Hall.2011.1080p.BluRay.x264.DTS-FGT [IPT].torrent
2015-11-13 13:52 - 2015-11-13 13:52 - 00000000 ____D C:\Users\JVB\Documents\The.Phantom.of.the.Opera.at.the.Royal.Albert.Hall.2011.1080p.BluRay.x264.DTS-FGT
2015-11-12 13:27 - 2015-11-16 22:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Collectorz.com
2015-11-12 13:27 - 2015-11-12 13:53 - 00000000 ____D C:\Users\JVB\Documents\Comic Collector
2015-11-12 13:27 - 2015-11-12 13:27 - 00001332 _____ C:\Users\Public\Desktop\Comic Collector.lnk
2015-11-12 13:27 - 2015-11-12 13:27 - 00000000 ____D C:\Users\JVB\AppData\Local\Collectorz.com
2015-11-12 13:27 - 2015-11-12 13:27 - 00000000 ____D C:\Program Files (x86)\Collectorz.com
2015-11-12 13:04 - 2015-11-12 13:04 - 00009267 _____ C:\Users\JVB\Downloads\Collectorz.com.Comic.Collector.Pro.v15.3.5.Multilingual.Incl.Cracked-casper03.collected.by-theluckyman [IPT].torrent
2015-11-12 12:31 - 2015-11-12 12:31 - 00000000 ____D C:\Users\JVB\Documents\Convergence
2015-11-12 12:30 - 2015-11-12 12:30 - 00038695 _____ C:\Users\JVB\Downloads\DCs_Convergence_(2015).torrent
2015-11-12 12:14 - 2015-11-12 12:14 - 00000000 ____D C:\Users\JVB\Documents\DC New 52 Final Part 6
2015-11-12 12:13 - 2015-11-12 12:13 - 00166934 _____ C:\Users\JVB\Downloads\DC_New_52_Final_part_5_of_6.torrent
2015-11-12 12:13 - 2015-11-12 12:13 - 00138438 _____ C:\Users\JVB\Downloads\DC_New_52_Final_part_6_of_6.torrent
2015-11-12 12:13 - 2015-11-12 12:13 - 00000000 ____D C:\Users\JVB\Documents\DC New 52 Final Part 5
2015-11-12 12:12 - 2015-11-12 12:12 - 00167245 _____ C:\Users\JVB\Downloads\DC_New_52_Final_part_3_of_6.torrent
2015-11-12 12:12 - 2015-11-12 12:12 - 00154599 _____ C:\Users\JVB\Downloads\DC_New_52_Final_part_4_of_6.torrent
2015-11-12 12:12 - 2015-11-12 12:12 - 00000000 ____D C:\Users\JVB\Documents\DC New 52 Final Part 4
2015-11-12 12:12 - 2015-11-12 12:12 - 00000000 ____D C:\Users\JVB\Documents\DC New 52 Final Part 3
2015-11-12 12:12 - 2015-11-12 12:12 - 00000000 ____D C:\Users\JVB\Documents\DC New 52 Final Part 2
2015-11-12 12:11 - 2015-11-12 12:11 - 00163584 _____ C:\Users\JVB\Downloads\DC_New_52_Final_part_2_of_6.torrent
2015-11-12 12:11 - 2015-11-12 12:11 - 00145872 _____ C:\Users\JVB\Downloads\DC_New_52_Final_part_1_of_6.torrent
2015-11-12 12:11 - 2015-11-12 12:11 - 00000000 ____D C:\Users\JVB\Documents\DC New 52 Final Part 1
2015-11-11 16:22 - 2015-11-11 16:22 - 00159881 _____ C:\Users\JVB\Downloads\[MTV]Orphan Black - Orphan.Black.S03.720p.BluRay.DTS.x264-DRACULA - 2015 (BluRay - x264 - 720p).torrent
2015-11-11 16:22 - 2015-11-11 16:22 - 00000000 ____D C:\Users\JVB\Documents\Orphan.Black.S03.720p.BluRay.DTS.x264-DRACULA
2015-11-11 16:19 - 2015-11-11 16:19 - 00132254 _____ C:\Users\JVB\Downloads\[MTV]Orphan Black - Season 2 - 2013 (Web-DL - h264 - 720p).torrent
2015-11-11 16:19 - 2015-11-11 16:19 - 00000000 ____D C:\Users\JVB\Documents\Orphan.Black.S02.720p.WEB-DL.AAC2.0.H.264-ECI
2015-11-11 12:37 - 2015-11-11 12:47 - 1721213026 _____ C:\Users\JVB\Documents\The.Flash.2014.S02E06.1080p.WEB-DL.DD5.1.H.264-VietHD.mkv
2015-11-11 12:37 - 2015-11-11 12:37 - 00002343 _____ C:\Users\JVB\Downloads\[MTV]The Flash (2014) - The.Flash.2014.S02E06.1080p.WEB-DL.DD5.1.H.264-VietHD - 2015 (Web-DL - h264 - 1080p).torrent
2015-11-11 12:33 - 2015-11-11 12:33 - 00000000 ____D C:\Users\JVB\Documents\The.Leftovers.S01.720p.BluRay.X264-REWARD
2015-11-11 12:32 - 2015-11-11 12:32 - 00061042 _____ C:\Users\JVB\Downloads\[MTV]The Leftovers - The.Leftovers.S01.720p.BluRay.X264-REWARD - 2014 (BluRay - x264 - 720p).torrent
2015-11-10 11:53 - 2015-11-10 11:53 - 00135181 _____ C:\Users\JVB\Downloads\[MTV]Orphan Black - Season 1 - 2013 (Web-DL - h264 - 720p).torrent
2015-11-09 21:45 - 2015-11-09 21:57 - 2643158979 _____ C:\Users\JVB\Documents\Supergirl.S01E03.1080p.HDTV.X264-DIMENSION.mkv
2015-11-09 21:45 - 2015-11-09 21:45 - 00012892 _____ C:\Users\JVB\Downloads\[MTV]Supergirl - Supergirl.S01E03.1080p.HDTV.X264-DIMENSION (HDTV - x264 - 1080p).torrent
2015-11-08 15:55 - 2015-11-08 15:55 - 00062880 _____ C:\Users\JVB\Downloads\LADY_STAY_DEAD MKV.torrent
2015-11-08 15:55 - 2015-11-08 15:55 - 00000000 ____D C:\Users\JVB\Documents\LADY_STAY_DEAD MKV
2015-11-07 10:58 - 2015-11-07 10:58 - 00000000 ____D C:\Users\JVB\Documents\Hemlock.Grove.S01-S03.720p.WEBRip.x264
2015-11-07 10:57 - 2015-11-07 10:57 - 00130087 _____ C:\Users\JVB\Downloads\Hemlock.Grove.S01-S03.720p.WEBRip.x264 [IPT].torrent
2015-11-06 09:50 - 2015-11-06 09:50 - 00080352 _____ C:\Users\JVB\Downloads\[MTV]Heroes Reborn - Heroes.Reborn.S01E01E02.720p.HDTV.X264-DIMENSION - 2015 (Other - 720p).torrent
2015-11-06 09:50 - 2015-11-06 09:50 - 00000000 ____D C:\Users\JVB\Documents\Heroes.Reborn.S01E01E02.720p.HDTV.X264-DIMENSION
2015-11-06 09:34 - 2015-11-06 09:34 - 00045249 _____ C:\Users\JVB\Downloads\[MTV]Star.Trek.Insurrection.1998.720p.BluRay.x264-SiNNERS - 1998 (BluRay - x264 - 720p).torrent
2015-11-04 21:04 - 2015-11-04 21:05 - 388795063 _____ C:\Users\JVB\Documents\Rosewood.S01E06.HDTV.x264-FLEET.mp4
2015-11-04 21:04 - 2015-11-04 21:05 - 325448213 _____ C:\Users\JVB\Documents\arrow.405.hdtv-lol.mp4
2015-11-04 21:04 - 2015-11-04 21:04 - 00099565 _____ C:\Users\JVB\Downloads\[MTV]Arrow - Arrow.S04E05.HDTV.x264-LOL (HDTV - x264 - SD).torrent
2015-11-04 21:03 - 2015-11-04 21:03 - 00118919 _____ C:\Users\JVB\Downloads\[MTV]Rosewood.S01E06.HDTV.x264-FLEET (HDTV - x264 - SD).torrent
2015-11-04 20:58 - 2015-11-04 20:58 - 00310253 _____ C:\Users\JVB\Downloads\Let&_039;s Rejoice.pdf
2015-11-04 20:55 - 2015-11-04 20:56 - 04723746 _____ C:\Users\JVB\Downloads\Let&_039;s Pray.pdf
2015-11-04 16:30 - 2015-11-04 16:30 - 00015139 _____ C:\Users\JVB\Downloads\Maze.Runner.Scorch.Trials.2015.720p.HC.HDRip.X264.AC3-EVO [IPT].torrent
2015-11-04 15:24 - 2015-11-16 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMPlayer
2015-11-04 15:24 - 2015-11-04 15:24 - 00000853 _____ C:\Users\Public\Desktop\SMPlayer.lnk
2015-11-04 13:25 - 2015-11-04 13:25 - 00109301 _____ C:\Users\JVB\Downloads\[MTV]The Flash (2014) - Season 1 - 2014 (HDTV - x264 - SD).torrent
2015-11-04 13:25 - 2015-11-04 13:25 - 00000000 ____D C:\Users\JVB\Documents\The.Flash.2014.S01.HDTV.x264-LOL
2015-11-03 15:27 - 2015-11-03 15:30 - 1406901461 _____ C:\Users\JVB\Documents\Supergirl.S01E02.Stronger.Together.720p.WEB-DL.DD5.1.H264-DRACULA.mkv
2015-11-03 15:27 - 2015-11-03 15:27 - 00053994 _____ C:\Users\JVB\Downloads\[MTV]Supergirl - Supergirl.S01E02.Stronger.Together.720p.WEB-DL.DD5.1.H264-DRACULA - 2015 (Web-DL - h264 - 720p).torrent

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-03 12:17 - 2014-10-29 17:48 - 00000000 ____D C:\Users\JVB\AppData\Roaming\uTorrent
2015-12-03 12:16 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-03 12:16 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2015-12-03 12:16 - 2015-10-30 01:28 - 00000000 ____D C:\Windows
2015-12-03 12:13 - 2014-11-16 15:30 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2015-12-03 12:11 - 2014-10-29 18:43 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-03 12:11 - 2014-10-29 17:29 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-03 12:09 - 2015-10-30 01:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-12-03 12:06 - 2015-04-18 12:00 - 00000000 ____D C:\Users\JVB\AppData\Local\Newsbin
2015-12-03 11:57 - 2015-04-18 12:01 - 00000000 ____D C:\Users\JVB\Documents\Newsbin
2015-12-03 11:28 - 2014-10-29 17:29 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-03 10:41 - 2015-06-09 18:33 - 00000000 ____D C:\Users\JVB\AppData\Roaming\vlc
2015-12-03 08:46 - 2014-11-05 18:19 - 00004140 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{31D4ADA0-C927-45F6-B1AF-E698037928A6}
2015-12-03 01:30 - 2014-10-29 17:29 - 00002448 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-03 00:21 - 2015-04-20 18:45 - 00000000 ____D C:\Users\JVB\AppData\Local\QuickPar
2015-12-03 00:14 - 2014-12-12 14:39 - 00000000 ____D C:\Users\JVB\Documents\Outlook Files
2015-12-02 23:29 - 2015-04-18 12:01 - 00000924 _____ C:\Users\JVB\Desktop\Newsbin Pro 64.lnk
2015-12-02 23:29 - 2015-04-18 12:00 - 00000000 ____D C:\Program Files\Newsbin
2015-12-02 20:06 - 2014-10-29 18:13 - 00000000 ____D C:\Users\JVB\Documents\Torrents
2015-12-02 16:56 - 2014-11-22 11:04 - 00000999 _____ C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
2015-12-02 16:56 - 2014-11-22 11:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2015-12-02 16:56 - 2014-11-22 11:04 - 00000000 ____D C:\Program Files\Calibre2
2015-12-02 15:52 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-12-02 13:37 - 2015-07-29 10:37 - 00000000 ____D C:\Users\JVB\AppData\Local\Packages
2015-12-02 12:45 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\DesktopTileResources
2015-12-02 03:23 - 2014-10-29 17:29 - 00003978 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-02 03:23 - 2014-10-29 17:29 - 00003746 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-30 20:06 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-30 15:36 - 2015-10-13 15:55 - 00000000 ____D C:\Users\JVB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portforward.com
2015-11-30 15:22 - 2015-10-13 15:55 - 00000000 ____D C:\Users\JVB\AppData\Roaming\PortForward.com
2015-11-30 15:22 - 2015-10-13 15:55 - 00000000 ____D C:\Program Files (x86)\Portforward.com
2015-11-30 15:19 - 2015-03-31 21:43 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2015-11-30 15:19 - 2015-03-31 21:42 - 00000000 ____D C:\ProgramData\Battle.net
2015-11-30 01:04 - 2014-11-16 15:32 - 00000408 _____ C:\WINDOWS\Tasks\GlaryOneClickOptimizer 5.job
2015-11-28 17:46 - 2014-10-29 20:10 - 00000000 ____D C:\ProgramData\TEMP
2015-11-28 17:46 - 2014-10-29 20:10 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2015-11-28 17:45 - 2009-07-13 22:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-11-28 17:43 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-11-26 02:07 - 2015-10-18 18:28 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-24 22:13 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-24 21:12 - 2014-11-01 13:33 - 00000000 ____D C:\Users\JVB\AppData\Local\Akamai
2015-11-24 21:09 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-24 20:31 - 2014-11-16 15:30 - 00003374 _____ C:\WINDOWS\System32\Tasks\GlaryInitialize 5
2015-11-24 20:31 - 2014-11-16 15:30 - 00003020 _____ C:\WINDOWS\System32\Tasks\GU5SkipUAC
2015-11-24 20:31 - 2014-11-16 15:30 - 00001157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-11-24 20:31 - 2014-11-16 15:30 - 00001145 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2015-11-24 20:24 - 2015-10-13 16:55 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-11-23 18:25 - 2015-03-31 21:45 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2015-11-23 18:24 - 2015-03-31 21:44 - 00000000 ____D C:\Users\JVB\AppData\Local\Battle.net
2015-11-23 18:24 - 2015-03-31 21:43 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-11-20 21:54 - 2014-10-30 17:43 - 00000000 ____D C:\Users\JVB\AppData\Local\ElevatedDiagnostics
2015-11-20 12:59 - 2015-05-27 11:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-11-20 10:17 - 2015-07-29 10:37 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-11-20 03:58 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2015-11-20 03:57 - 2014-10-31 10:09 - 00000000 ____D C:\Program Files (x86)\BayGenie 4
2015-11-20 03:30 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-11-20 03:30 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-11-20 03:30 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-11-20 03:30 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-11-20 03:30 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-20 03:30 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Provisioning
2015-11-20 03:30 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-11-20 03:30 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-11-17 03:35 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\appcompat
2015-11-17 00:52 - 2015-10-30 02:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-11-17 00:47 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2015-11-17 00:47 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-11-17 00:47 - 2015-10-30 02:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2015-11-17 00:47 - 2015-10-30 02:19 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2015-11-17 00:47 - 2015-10-30 02:19 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2015-11-17 00:47 - 2015-10-30 02:19 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2015-11-17 00:47 - 2015-10-30 02:19 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2015-11-17 00:47 - 2015-10-30 02:19 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2015-11-17 00:47 - 2015-10-30 02:18 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2015-11-17 00:47 - 2015-10-30 02:18 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2015-11-17 00:47 - 2015-10-30 02:18 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2015-11-17 00:47 - 2015-10-30 02:18 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2015-11-17 00:47 - 2015-10-30 02:18 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2015-11-17 00:47 - 2015-10-30 02:18 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2015-11-17 00:46 - 2015-10-30 02:19 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2015-11-17 00:46 - 2015-10-30 02:19 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2015-11-17 00:46 - 2015-10-30 02:19 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2015-11-17 00:46 - 2015-10-30 02:19 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2015-11-17 00:46 - 2015-10-30 02:19 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2015-11-17 00:46 - 2015-10-30 02:19 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2015-11-17 00:46 - 2015-10-30 02:19 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2015-11-17 00:46 - 2015-10-30 02:19 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2015-11-17 00:46 - 2015-10-30 02:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2015-11-17 00:46 - 2015-10-30 02:19 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2015-11-17 00:46 - 2015-10-30 02:18 - 01417728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2015-11-17 00:46 - 2015-10-30 02:18 - 00813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2015-11-17 00:46 - 2015-10-30 02:18 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2015-11-17 00:46 - 2015-10-30 02:18 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2015-11-17 00:46 - 2015-10-30 02:18 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2015-11-17 00:46 - 2015-10-30 02:18 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2015-11-17 00:46 - 2015-10-30 02:18 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2015-11-17 00:46 - 2015-10-30 02:18 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2015-11-17 00:46 - 2015-10-30 02:18 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2015-11-17 00:46 - 2015-10-30 02:18 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2015-11-17 00:46 - 2015-10-30 02:18 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2015-11-17 00:46 - 2015-10-30 02:18 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2015-11-17 00:46 - 2015-10-30 02:18 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2015-11-17 00:46 - 2015-10-30 02:18 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2015-11-17 00:46 - 2015-10-30 02:18 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2015-11-16 22:46 - 2014-10-30 16:06 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-16 22:45 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2015-11-16 22:30 - 2015-07-29 10:41 - 00002360 _____ C:\Users\JVB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-11-16 22:30 - 2015-07-29 10:41 - 00000000 ___RD C:\Users\JVB\OneDrive
2015-11-16 22:26 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-11-16 22:26 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-11-16 22:24 - 2015-10-30 01:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-11-16 22:24 - 2015-07-29 09:50 - 00023784 _____ C:\WINDOWS\diagerr.xml
2015-11-16 22:24 - 2015-07-29 09:50 - 00022863 _____ C:\WINDOWS\diagwrn.xml
2015-11-16 22:21 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-11-16 22:21 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Registration
2015-11-16 22:19 - 2015-07-29 10:34 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-11-16 22:19 - 2015-07-23 17:24 - 00002060 _____ C:\WINDOWS\System32\Tasks\elbyExecuteWithUAC
2015-11-16 22:19 - 2015-06-09 17:12 - 00002396 _____ C:\WINDOWS\System32\Tasks\{C47665B0-A213-4DEE-B193-6E96BC171950}
2015-11-16 22:19 - 2014-11-16 15:32 - 00002928 _____ C:\WINDOWS\System32\Tasks\GlaryOneClickOptimizer 5
2015-11-16 22:19 - 2014-10-31 13:17 - 00002078 _____ C:\WINDOWS\System32\Tasks\SidebarExecute
2015-11-16 22:18 - 2015-10-30 02:24 - 00000000 __RSD C:\WINDOWS\Media
2015-11-16 22:18 - 2015-10-30 02:24 - 00000000 __RHD C:\Users\Public\Libraries
2015-11-16 22:18 - 2015-10-18 18:28 - 00002954 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-11-16 22:11 - 2015-10-30 15:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ComicRack
2015-11-16 22:11 - 2015-10-30 04:07 - 00000000 ____D C:\WINDOWS\ShellNew
2015-11-16 22:11 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-16 22:11 - 2015-08-15 09:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCStitch 7
2015-11-16 22:11 - 2015-08-15 09:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCStitch 9
2015-11-16 22:11 - 2015-08-12 10:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
2015-11-16 22:11 - 2015-06-09 18:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-11-16 22:11 - 2015-06-09 18:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2015
2015-11-16 22:11 - 2015-05-05 20:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2015-11-16 22:11 - 2015-04-27 09:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\[email protected] KillDisk Professional 9.1
2015-11-16 22:11 - 2015-04-20 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar
2015-11-16 22:11 - 2015-03-31 21:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2015-11-16 22:11 - 2015-03-31 21:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-11-16 22:11 - 2015-02-18 20:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-11-16 22:11 - 2015-01-28 23:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inpaint
2015-11-16 22:11 - 2015-01-16 23:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OverDrive for Windows
2015-11-16 22:11 - 2015-01-13 15:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HPS Campaign Chickamauga
2015-11-16 22:11 - 2014-12-02 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Video2Dvd
2015-11-16 22:11 - 2014-11-16 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2015-11-16 22:11 - 2014-11-08 13:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD Link
2015-11-16 22:11 - 2014-11-08 13:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD Discovery
2015-11-16 22:11 - 2014-11-02 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pattern Maker for cross stitch - v4
2015-11-16 22:11 - 2014-11-01 21:28 - 00000000 ____D C:\Users\JVB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2015-11-16 22:11 - 2014-11-01 16:30 - 00000000 ____D C:\Users\JVB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Happy Cloud
2015-11-16 22:11 - 2014-10-31 10:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BayGenie eBay Auction Sniper 4
2015-11-16 22:11 - 2014-10-30 23:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-11-16 22:11 - 2014-10-30 16:31 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-11-16 22:11 - 2014-10-29 21:02 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-11-16 22:11 - 2014-10-29 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2015-11-16 22:11 - 2014-10-29 20:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-11-16 22:11 - 2014-10-29 20:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2015-11-16 22:11 - 2014-10-29 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-16 22:11 - 2014-10-29 18:40 - 00000000 ____D C:\Users\JVB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-11-16 22:11 - 2014-10-29 18:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-11-16 22:11 - 2014-10-29 17:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-11-16 22:11 - 2014-10-29 16:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
2015-11-16 22:11 - 2014-10-29 16:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broadcom
2015-11-16 22:11 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-11-16 22:09 - 2015-07-10 04:05 - 00000000 ____D C:\Users\Default.migrated
2015-11-16 22:06 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-11-16 22:06 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-11-16 22:06 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\spool
2015-11-16 22:06 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\IME
2015-11-16 22:06 - 2015-08-15 09:19 - 00000000 ____D C:\WINDOWS\SysWOW64\t1fonts
2015-11-16 22:06 - 2014-10-30 22:58 - 00000000 ____D C:\WINDOWS\system32\SPReview
2015-11-16 22:06 - 2014-10-30 22:57 - 00000000 ____D C:\WINDOWS\system32\EventProviders
2015-11-16 22:05 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\schemas
2015-11-16 22:05 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-11-16 22:04 - 2015-10-30 02:24 - 00000000 __SHD C:\Program Files\Windows Sidebar
2015-11-16 22:04 - 2015-10-30 02:24 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2015-11-16 22:04 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-11-16 22:04 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\USOPrivate
2015-11-16 22:04 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Common Files\System
2015-11-16 22:04 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-11-16 22:04 - 2015-07-08 20:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-11-16 22:04 - 2015-02-19 19:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tipard
2015-11-16 22:04 - 2014-12-07 22:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HPS Campaign Atlanta
2015-11-16 22:04 - 2014-11-01 13:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turbine
2015-11-16 22:04 - 2014-10-29 16:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD
2015-11-16 22:04 - 2009-07-14 02:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-11-16 22:04 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Microsoft Games
2015-11-16 22:00 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-11-16 21:58 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Help
2015-11-16 21:53 - 2015-10-30 04:13 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2015-11-16 21:32 - 2015-10-30 04:42 - 00000000 ___HD C:\$WINDOWS.~BT
2015-11-16 16:56 - 2014-10-29 18:40 - 00000000 ____D C:\Program Files\WinRAR
2015-11-16 16:44 - 2014-11-16 15:13 - 00000000 ____D C:\Users\JVB\AppData\Roaming\GlarySoft
2015-11-15 19:57 - 2014-10-29 17:04 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-15 19:57 - 2009-07-13 21:34 - 00000478 _____ C:\WINDOWS\win.ini
2015-11-15 19:52 - 2014-10-29 17:04 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-04 15:24 - 2015-01-15 22:40 - 00000000 ____D C:\Program Files\SMPlayer

==================== Files in the root of some directories =======

2015-11-17 20:30 - 2015-11-17 20:30 - 0000132 _____ () C:\Users\JVB\AppData\Roaming\Adobe BMP Format CS6 Prefs
2015-05-14 21:40 - 2015-05-14 21:40 - 0000132 _____ () C:\Users\JVB\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-11-05 09:52 - 2014-11-05 09:52 - 0068883 _____ () C:\Users\JVB\AppData\Local\wxwvcfun
2015-07-23 17:24 - 2015-07-23 17:24 - 0000085 ___SH () C:\ProgramData\.zreglib
2015-02-21 08:28 - 2015-02-21 19:33 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:
====================
C:\Users\JVB\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-27 16:04

==================== End of FRST.txt ============================
jbuehner is offline  
Old 12-03-2015, 09:38 AM   #5
Registered Member
 
Join Date: Nov 2015
Posts: 9
OS: Windows 10



Additional scan result of Farbar Recovery Scan Tool (x64) Version:01-12-2015
Ran by JVB (2015-12-03 12:17:49)
Running from C:\Users\JVB\Desktop
Windows 10 Home (X64) (2015-11-17 03:24:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-28219211-1248772839-156540515-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-28219211-1248772839-156540515-503 - Limited - Disabled)
Guest (S-1-5-21-28219211-1248772839-156540515-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-28219211-1248772839-156540515-1004 - Limited - Enabled)
JVB (S-1-5-21-28219211-1248772839-156540515-1000 - Administrator - Enabled) => C:\Users\JVB

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
[email protected] KillDisk Professional 9.1 (HKLM\...\{2FBDA6D2-3441-4B6E-A1B4-EED762CD8F08}_is1) (Version: 9.1 - LSoft Technologies Inc)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.06 - Adobe Systems)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-28219211-1248772839-156540515-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{982E1601-0DFC-4FD3-A427-AC6570697858}) (Version: 12.55.03 - Broadcom Corporation)
calibre 64bit (HKLM\...\{54EFBCD2-A4FB-4C37-A720-9A8195EFC7B4}) (Version: 2.45.0 - Kovid Goyal)
Comic Collector (HKLM-x32\...\{4C44DC2C-4DE3-4120-865F-F770C53972DE}_is1) (Version: - Collectorz.com)
ComicRack v0.9.177 (HKLM\...\ComicRack) (Version: v0.9.177 - cYo Soft)
Curse Client (HKU\S-1-5-21-28219211-1248772839-156540515-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell System Detect (HKU\S-1-5-21-28219211-1248772839-156540515-1000\...\73f463568823ebbe) (Version: 5.12.0.3 - Dell)
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version: - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
EPSON NX330 Series Printer Uninstall (HKLM\...\EPSON NX330 Series) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Glary Utilities PRO 5.39 (HKLM-x32\...\Glary Utilities 5) (Version: 5.39.0.59 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.73 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Happy Cloud Client (HKU\S-1-5-21-28219211-1248772839-156540515-1000\...\HappyCloud) (Version: 4.28 - Happy Cloud, Inc.)
HPS Campaign Atlanta (HKLM-x32\...\{FB7BEFE9-F20C-4682-8E4D-85766E7125F1}) (Version: - )
HPS Campaign Chickamauga (HKLM-x32\...\{F9F2B302-04ED-4A2C-92C3-AA59EAEE96DE}) (Version: - )
Inpaint 6.0 (HKLM\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version: - Teorex)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{8EC9E7BB-2443-49B1-8476-490EBF932C2E}) (Version: 4.25.512.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.43 - mIRC Co. Ltd.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)
Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden
Newsbin Pro (HKLM\...\Newsbin6) (Version: 6.62 - DJI Interprises, LLC)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.92 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.15.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
OverDrive for Windows (HKLM-x32\...\{C96D82F1-6CB0-42C2-8ED3-C3DD739E0280}) (Version: 3.4.0 - OverDrive, Inc.)
Pattern Maker for cross stitch - v4 (Pro+ME) (HKLM-x32\...\{9CE2B4FB-8127-4058-B028-C5961242A484}) (Version: 4.04.4000 - HobbyWare, Inc.)
PCStitch 9 (HKLM-x32\...\{DB32A38E-4D83-49F9-9E69-4D0929C5F175}) (Version: 9.01.11 - M&R Technologies, Inc.)
PCStitch Pattern Viewer (HKLM-x32\...\{7BB3D57E-6FA1-47A1-8068-A405F81CE4E4}) (Version: 7.2.9 - M&R Technologies, Inc.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.8.1 - Intuit)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 2.4.1540.27 - AMD)
RAIDXpert (x32 Version: 2.4.1540.27 - AMD) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
SHIELD Streaming (Version: 4.1.500 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.15.54 - NVIDIA Corporation) Hidden
Simple Static IP (HKLM-x32\...\Simple Static IP) (Version: 1.3.0 - PcWinTech.com)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SMPlayer 15.9.0 (x64) (HKLM\...\SMPlayer) (Version: 15.9.0 - Ricardo Villalba)
SpywareBlaster 5.2 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
The Lord of the Rings Online™ v1301.0055.0535.4025 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 1301.0055.0535.4025 - Turbine, Inc.)
Tipard DVD Ripper Platinum 7.3.8 (HKLM-x32\...\{C145A9AD-BD43-4255-B5F9-2803289C2F96}_is1) (Version: 7.3.8 - Tipard Studio)
Total Video2Dvd 2.81 (HKLM-x32\...\Total Video2Dvd 2.81_is1) (Version: - EffectMatrix, Inc.)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WD Discovery Software (HKLM-x32\...\{99341ACA-2A86-4235-A636-02A2A9820987}) (Version: 1.80 - Western Digital)
WD Link (HKLM-x32\...\WD Link) (Version: 1.00.03 - Western Digital)
WinRAR 5.30 beta 6 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.6 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-28219211-1248772839-156540515-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\JVB\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\FileCoAuth.exe (Microsoft Corporation)

==================== Restore Points =========================

30-11-2015 15:15:39 Revo Uninstaller Pro's restore point - CCleaner
02-12-2015 16:55:11 Installed calibre 64bit

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-11-28 22:32 - 00000034 ____N C:\WINDOWS\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A7CF1DA-B416-4559-AC5F-EAACE9446AD5} - \WSE_Vosteran -> No File <==== ATTENTION
Task: {0C4059DF-1416-41ED-B9FD-25DA30FCA76F} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {0E8CC31C-B140-4DAC-8F92-024AA2CD5558} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {0F5A845E-DE20-4E68-867C-761402565391} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {127DF6D2-C9F0-45BE-88CE-0A0143246E34} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {131A5F1C-EBC0-4F1D-8EE5-75F3832228D1} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files (x86)\Elaborate Bytes\CloneDVD2\ExecuteWithUAC.exe
Task: {14B577A4-D283-4B6C-8B94-C34EA76F9247} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {15CF977D-3CE7-4DC8-877F-3310C3EBC077} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {15DC4D72-E9D1-453F-AC89-ED03E7DB3EF4} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2015-11-23] (Glarysoft Ltd)
Task: {16C320F0-630B-40F4-BBCE-C7D03D1C55B7} - System32\Tasks\{C47665B0-A213-4DEE-B193-6E96BC171950} => pcalua.exe -a "C:\Program Files\Badosoft\Latency Optimizer\Latency Optimizer Uninstaller.exe" -d "C:\Program Files\Badosoft\Latency Optimizer\"
Task: {184CE747-388E-4418-9A1D-D3952FC99270} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {2023EE95-91A9-4E9F-B78C-E2F6DA7C63C1} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {239A6C75-2B07-4F34-9963-1BD3F1E67727} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {25CCD568-63CD-40F1-BE25-193DFACF1608} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {268BC3ED-04FB-450C-9AB0-77EE15001621} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {28E7C100-CB3D-4A67-BBE3-CD06A44ACFF4} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {2C0B3AC3-19B9-4A73-BFB9-93F7E2F4C494} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {338AE2ED-AD7A-45D5-993E-C3304C681D27} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {345A736F-B522-4778-BFC9-73C0D5D669A7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4B48E8CF-91CB-4117-B7FB-FF47110A9033} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {51E059B0-40B5-4FA4-8C6D-57AB73D29C5A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {565D2DCA-F5C5-4794-9407-4C23C604EA1A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {5BDB36EE-0987-47A7-B822-B46E503BE1AA} - \Vosteran dote -> No File <==== ATTENTION
Task: {67548CB7-53C4-4F74-8FA6-3031E6466725} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {6B281EBC-4C73-4F54-BF3F-C6E73D4DAD72} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-15] (Microsoft Corporation)
Task: {6FC94F73-94A8-448D-A5C7-46ED2321247A} - \amiupdaterExi -> No File <==== ATTENTION
Task: {7A165088-5566-44C0-8A2F-2278E96A0EC5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {843E4793-2A9F-49D7-8D07-4F57682A4B96} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {846D4D8F-5C92-48C3-82A3-065B860E7847} - System32\Tasks\GlaryOneClickOptimizer 5 => C:\Program Files (x86)\Glary Utilities 5\OneClickMaintenance.exe [2015-11-23] (Glarysoft Ltd)
Task: {8631C306-E6B2-4490-BDCF-70D5EA56E5AD} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {99C747F5-4379-4846-8B6C-5FAE7AB3625A} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {A462077E-3AFA-41F3-8424-EC4619CEF34F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {A745C771-006C-4B3E-A0FF-6835058DEB24} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {A9DEFDFF-90E2-41FA-B319-7E0D68A0331E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {B1558E2A-0CCB-43FC-91EB-1F88DB7139BA} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {B2CC1C56-6B77-4E2A-B20B-83E9EA01B389} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {B4AD1F6F-4913-4C38-BFCC-4A3FE42F4E21} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B51DC5D9-AB37-4D6D-BA54-B7A7C7B5CC86} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B5433321-90A7-4EB6-9537-FFEFFDB16F3B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {B7E67262-FFEB-464C-8AFE-E39DDFC22AE5} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {B89C8120-4629-4F42-9804-0053F1A8A28D} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {B9F5CF6C-E9E3-49AF-A50E-83987FAF9A8B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {CB420E44-04F7-4AE3-9576-AF428A684CCD} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-11-23] (Glarysoft Ltd)
Task: {D8126041-1877-47E2-A9B1-009F031E0126} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {DF4C1860-CED8-4FF6-91DA-1A857B830919} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E079C78C-64E5-42F4-BD35-2F67EE7F1707} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {E3501747-741B-49A1-BEEF-BB4120182628} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {E522F931-0EF6-48F0-B128-2FDDA8D104B8} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {E8FC1183-9DFC-4920-844B-64F584189618} - System32\Tasks\JZIP => C:\Program Files (x86)\JZIP\JZIP\JZIP.exe
Task: {E9469221-E5C1-43E6-ABDD-3C8F3C94094D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {EC3FD8DD-735F-4FAE-80E4-0A729C7288C0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {F12C5CB8-EE15-44E7-B2CE-7B3C57AE9A55} - \systemmgr -> No File <==== ATTENTION
Task: {F516D422-9879-4930-A99F-7B6DF2822765} - \amiupdaterExd -> No File <==== ATTENTION
Task: {FA16128A-B92A-485D-AE11-CFD463027B51} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GlaryOneClickOptimizer 5.job => C:\Program Files (x86)\Glary Utilities 5\OneClickMaintenance.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\JVB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet-Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dmysearch.com/?prd=set_epc&s=FBPzamotn15344,2d7f6eac-452a-413d-9d86-158599fc902c, <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dmysearch.com/?prd=set_epc&s=FBPzamotn15344,2d7f6eac-452a-413d-9d86-158599fc902c, <==== ATTENTION
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dmysearch.com/?prd=set_epc&s=FBPzamotn15344,2d7f6eac-452a-413d-9d86-158599fc902c, <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-11-16 21:58 - 2015-10-13 12:26 - 00125616 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2009-03-15 23:47 - 2009-03-15 23:47 - 00065536 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
2015-10-30 02:17 - 2015-10-30 02:17 - 02652784 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-30 02:17 - 2015-10-30 02:17 - 02652784 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-09-15 13:58 - 2015-09-15 13:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-10-30 02:17 - 2015-10-30 02:17 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-10-30 02:17 - 2015-10-30 02:17 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-30 02:18 - 2015-10-30 04:06 - 08005632 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-30 02:18 - 2015-10-30 04:06 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-30 02:18 - 2015-10-30 04:06 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-30 02:18 - 2015-10-30 04:06 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2009-03-15 23:47 - 2009-03-15 23:47 - 00122880 _____ () C:\WINDOWS\SysWOW64\WinMsgBalloonServer.exe
2009-03-15 23:47 - 2009-03-15 23:47 - 00139264 _____ () C:\WINDOWS\SysWOW64\WinMsgBalloonClient.exe
2009-03-05 18:00 - 2009-03-05 18:00 - 00532480 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll
2015-09-15 13:58 - 2015-09-15 13:58 - 08901184 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-07-15 13:35 - 2015-10-11 22:05 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-11-23 01:48 - 2015-11-23 01:48 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
2015-12-03 01:30 - 2015-11-24 03:00 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\libglesv2.dll
2015-12-03 01:30 - 2015-11-24 03:00 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\libegl.dll
2015-12-03 01:30 - 2015-11-24 03:00 - 16496456 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Program Files\Broadcom:Win32App_1
AlternateDataStreams: C:\Program Files\Calibre2:Win32App_1
AlternateDataStreams: C:\Program Files\Inpaint:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft LifeCam:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft Office:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft Silverlight:Win32App_1
AlternateDataStreams: C:\Program Files\WinRAR:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Adobe:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Battle.net:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Dell Support Center:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Epson Software:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Malwarebytes Anti-Malware:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Microsoft LifeCam:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Microsoft.NET:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\mIRC:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Multimedia Card Reader(9106):Win32App_1
AlternateDataStreams: C:\Program Files (x86)\OverDrive for Windows:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\PCStitch 7:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\PCStitch 9:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Quicken:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Simple Static IP:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\SpywareBlaster:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\TeamViewer:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Total Video2Dvd:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\uTorrent:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\World of Warcraft:Win32App_1
AlternateDataStreams: C:\Program Files\Common Files\DESIGNER:Win32App_1
AlternateDataStreams: C:\Program Files\Common Files\microsoft shared:Win32App_1
AlternateDataStreams: C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-28219211-1248772839-156540515-1000\...\dell.com -> dell.com
IE restricted site: HKU\S-1-5-21-28219211-1248772839-156540515-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-28219211-1248772839-156540515-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-28219211-1248772839-156540515-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-28219211-1248772839-156540515-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-28219211-1248772839-156540515-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-28219211-1248772839-156540515-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-28219211-1248772839-156540515-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-28219211-1248772839-156540515-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-28219211-1248772839-156540515-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-28219211-1248772839-156540515-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-28219211-1248772839-156540515-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-28219211-1248772839-156540515-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-28219211-1248772839-156540515-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-28219211-1248772839-156540515-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-28219211-1248772839-156540515-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-28219211-1248772839-156540515-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-28219211-1248772839-156540515-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-28219211-1248772839-156540515-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-28219211-1248772839-156540515-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-28219211-1248772839-156540515-1000\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-28219211-1248772839-156540515-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\JVB\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-28219211-1248772839-156540515-1000\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-28219211-1248772839-156540515-1000\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{51E55FDB-2871-453A-81FD-D3E3F5023BF0}] => (Allow) LPort=8989
FirewallRules: [UDP Query User{59D5607D-77D2-4988-AAB5-4304300381C9}C:\program files\comicrack\comicrack.exe] => (Allow) C:\program files\comicrack\comicrack.exe
FirewallRules: [TCP Query User{23B001F4-7DC8-467A-9F4C-ED0797651D97}C:\program files\comicrack\comicrack.exe] => (Allow) C:\program files\comicrack\comicrack.exe
FirewallRules: [{BC24A65B-164E-4474-86EF-8A96E6FD8738}] => (Allow) LPort=60662
FirewallRules: [{814A890A-09C5-4B5E-AB30-3607DE4AEAD5}] => (Allow) LPort=60662
FirewallRules: [{3CD0C9B6-E7C2-43D0-86FF-BA38B2CBF14F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{BFF14F68-DE10-410F-866E-0D6754301B5B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E92F69DE-C2CC-45B8-A4F4-54CAF4D67C2B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1A5761B8-D2A2-46E8-85B0-DAD20B16592C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6645B870-017D-4D50-AC03-932909747D49}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{9A2FD5DE-41B5-4E48-AA9C-9EFE2A5D06CE}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{3D38E0AB-0877-4B68-8BA9-5BFE8DE76097}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{6383E58F-548E-4FEE-A216-71E583C7A641}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{BA4720EF-8280-4DAD-AEDC-698E7E6D33FF}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{7950FB74-16C7-4629-9BE5-58E1DC1D497A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{0C868085-9F2E-4EF4-AF1A-33426182BBA6}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{16B5C106-B85B-470E-B8F5-5747607E4CA5}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{2955271B-8492-4C7A-9D79-D36427F3BCBF}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{66758475-69EE-4BC2-8C0E-54FB8233F80A}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{6F304E44-F79B-43FA-BFEB-0476F45D465F}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe
FirewallRules: [TCP Query User{631BBE8D-2AD9-4305-A851-FD66AA1BF75C}C:\users\jvb\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\jvb\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{7CFFA9EB-F39B-432B-9561-EE226BD07D9A}C:\users\jvb\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\jvb\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{302B1A86-6EFF-446A-B64C-B1600793DDBB}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe] => (Allow) C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe
FirewallRules: [UDP Query User{F8C72FD9-0011-4F84-AF3D-C31961A06D78}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe] => (Allow) C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe
FirewallRules: [TCP Query User{7EF1E8BE-2AB5-438F-B783-D03133C91BBB}C:\program files (x86)\western digital\wd discovery software\wd discovery.exe] => (Allow) C:\program files (x86)\western digital\wd discovery software\wd discovery.exe
FirewallRules: [UDP Query User{1FCF92D2-7085-4F2D-B1B6-B38644F73D5B}C:\program files (x86)\western digital\wd discovery software\wd discovery.exe] => (Allow) C:\program files (x86)\western digital\wd discovery software\wd discovery.exe
FirewallRules: [TCP Query User{2FDD0D71-A591-4E68-A5DD-C17F4422BB11}C:\users\jvb\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\jvb\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{C53C7F4E-0AC9-49D4-AE08-F4D6C472E0C6}C:\users\jvb\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\jvb\appdata\local\akamai\netsession_win.exe
FirewallRules: [{BFE7FEF0-4ABA-4F65-9516-218061B5823F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{5B34E37C-85B6-40E4-8CDA-FD0F0F25ADDB}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{A59F81EA-D6B0-421E-91FB-8527A83167D3}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{0815487C-A724-4A37-A1E5-28B5FFE86921}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{9F9F32EB-B8F7-4F56-8C21-FC3D7F19159A}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{28E66A8A-BAD5-47D4-9A05-6D94124CF201}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{D8E7BBCF-61C3-4C4B-B0C7-52E1CB6872F0}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{3CEA7B83-D223-48DE-939F-E0053B184D44}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [{64AD11F6-B808-47D9-B50E-66819916ECCD}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{9B5A326E-EAB8-4F83-AA38-9D6FB202989B}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{666C5AF3-541A-4E0E-8E05-30E45445FD8A}] => (Allow) C:\Program Files\Newsbin\newsbinpro64.exe
FirewallRules: [{0C572728-447E-47EA-8F8C-32704969677E}] => (Allow) C:\Program Files\Newsbin\newsbinpro64.exe
FirewallRules: [{31C049D9-CE44-438F-A315-1FB82B59A5E2}] => (Allow) C:\Program Files\Newsbin\newsbinpro64.exe
FirewallRules: [TCP Query User{4F3D3D59-7BF6-4963-9437-FA74B84D4D40}C:\users\jvb\downloads\sickbeard-win32-alpha-build503\sickbeard-win32-alpha-build503\sickbeard.exe] => (Allow) C:\users\jvb\downloads\sickbeard-win32-alpha-build503\sickbeard-win32-alpha-build503\sickbeard.exe
FirewallRules: [UDP Query User{61B5752D-1A5B-445C-BF82-56536698AC6E}C:\users\jvb\downloads\sickbeard-win32-alpha-build503\sickbeard-win32-alpha-build503\sickbeard.exe] => (Allow) C:\users\jvb\downloads\sickbeard-win32-alpha-build503\sickbeard-win32-alpha-build503\sickbeard.exe
FirewallRules: [{2011E6F7-B6A3-4D62-AD33-37CDF20D1B1D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{46282A48-688C-47B2-BE38-BFC7F8BDF8F8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{2EB4F671-6A4B-446F-92AB-F701A7396880}C:\users\jvb\downloads\sickbeard-win32-alpha-build503\sickbeard-win32-alpha-build503\sickbeard-console.exe] => (Allow) C:\users\jvb\downloads\sickbeard-win32-alpha-build503\sickbeard-win32-alpha-build503\sickbeard-console.exe
FirewallRules: [UDP Query User{BA37DA6A-C0A6-40C2-978C-BC94DFF237FF}C:\users\jvb\downloads\sickbeard-win32-alpha-build503\sickbeard-win32-alpha-build503\sickbeard-console.exe] => (Allow) C:\users\jvb\downloads\sickbeard-win32-alpha-build503\sickbeard-win32-alpha-build503\sickbeard-console.exe
FirewallRules: [{29CBA8E7-A306-4D86-9EA3-853E11C5E6D9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D159F80F-C2DE-46D6-A010-AA3F6C6FF355}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{E2F80857-BB45-4AE3-8BAC-0DCB5ADD0334}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{24647733-D4C0-4331-85C8-BDFAFAED1470}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{A4BAB4AB-CEE3-42CA-B9FC-51CC7B8E01E2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{73F87C51-EB50-4998-A41A-745E3E300920}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F4E740A9-8A90-43BF-BB16-143CA220ED90}] => (Allow) LPort=50557
FirewallRules: [{8CB26C19-111C-4F5C-BB7E-B63710862E90}] => (Allow) LPort=50557
FirewallRules: [{3F37C230-513D-472C-86AE-B1EC56C062D3}] => (Allow) C:\Users\JVB\AppData\Roaming\SSN\ssn.exe
FirewallRules: [{047C2EB7-4835-4238-BA2C-4D44E19F00EE}] => (Allow) C:\Users\JVB\AppData\Roaming\SSN\updssn.exe
FirewallRules: [{4237BDE9-D2B9-4AC0-9709-4E6EF27C7CBF}] => (Allow) 㩃啜敳獲䩜䉖䅜灰慄慴剜慯業杮䍜楬湥⁴敍楤⁡牐景汩履汣敩瑮洠摥慩洠湡条牥攮數
FirewallRules: [{73706F15-2790-4A61-B4E5-D69D1407A1DB}] => (Allow) 㩃啜敳獲䩜䉖䅜灰慄慴剜慯業杮䍜楬湥⁴敍楤⁡牐景汩履灵慤整敳癲捩⹥硥e
FirewallRules: [{7AEBCE57-7949-49C4-AE97-50D0AF75B4BE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/03/2015 00:08:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.10586.11, time stamp: 0x56457bbf
Faulting module name: CoreUIComponents.dll, version: 0.0.0.0, time stamp: 0x5632cefa
Exception code: 0xc0000005
Fault offset: 0x00000000000780dd
Faulting process id: 0x8bc
Faulting application start time: 0xMicrosoftEdge.exe0
Faulting application path: MicrosoftEdge.exe1
Faulting module path: MicrosoftEdge.exe2
Report Id: MicrosoftEdge.exe3
Faulting package full name: MicrosoftEdge.exe4
Faulting package-relative application ID: MicrosoftEdge.exe5

Error: (12/02/2015 04:55:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (11/30/2015 03:15:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (11/30/2015 03:15:38 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {c2b0cd69-5d43-411c-83bf-b48ec9ce17b2}

Error: (11/29/2015 00:10:18 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (11/29/2015 00:09:40 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {75212764-bd87-4738-8262-820fb997fe5b}

Error: (11/28/2015 11:25:48 PM) (Source: COM) (EventID: 10031) (User: )
Description: {CDC82860-468D-4D4E-B7E7-C298FF23AB2C}

Error: (11/28/2015 11:25:48 PM) (Source: COM) (EventID: 10031) (User: )
Description: {CDC82860-468D-4D4E-B7E7-C298FF23AB2C}

Error: (11/28/2015 10:40:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SpyHunter4.exe version 4.21.10.4585 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 9f8

Start Time: 01d12a5733c7546d

Termination Time: 10

Application Path: C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe

Report Id: dda15a66-964a-11e5-9be1-782bcb952684

Faulting package full name:

Faulting package-relative application ID:

Error: (11/27/2015 11:39:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.


System errors:
=============
Error: (12/03/2015 00:10:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058

Error: (12/03/2015 00:09:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_adbad service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/03/2015 00:09:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_adbad service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/03/2015 00:09:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_adbad service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/03/2015 00:09:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_adbad service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/03/2015 00:08:51 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (12/03/2015 00:08:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SupportSoft Sprocket Service (DellSupportCenter) service terminated unexpectedly. It has done this 1 time(s).

Error: (12/03/2015 00:08:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/03/2015 00:08:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

Error: (12/03/2015 00:08:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Message Queuing service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.


CodeIntegrity:
===================================
Date: 2015-12-03 12:09:00.813
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-03 12:09:00.806
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-03 12:09:00.797
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-03 12:09:00.768
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-03 12:09:00.734
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-03 11:48:20.623
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-03 11:48:20.609
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-03 11:48:20.589
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-03 11:48:20.574
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-03 11:48:20.556
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X6 1075T Processor
Percentage of memory in use: 15%
Total physical RAM: 16383.29 MB
Available physical RAM: 13887.4 MB
Total Virtual: 32767.29 MB
Available Virtual: 30223.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.48 GB) (Free:487 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:931.47 GB) (Free:191.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 52B511EE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: CB59CF0B)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
jbuehner is offline  
Old 12-04-2015, 03:09 PM   #6
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello jbuehner,

Thanks for the logs. Let's move on.

I see you have P2P software ( uTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

A reference for the risk of these programs is here

I would strongly recommend that you uninstall it. You can do so via Control Panel >> Programs and Features.

========================================================

Please do the below intructions.

Open Notepad (Start > All Programs > Accessories > Notepad).
Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
Save it as fixlist.txt next to FRST.exe

NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.

Code:
start
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-28219211-1248772839-156540515-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR HomePage: Default -> hxxp://www-mysearch.com/?pid=s&s=FBPzamotn15344,2d7f6eac-452a-413d-9d86-158599fc902c,&vp=ch&prd=set
CHR StartupUrls: Default -> "hxxp://www-mysearch.com/?pid=s&s=FBPzamotn15344,2d7f6eac-452a-413d-9d86-158599fc902c,&vp=ch&prd=set"
S0 guqxm; System32\drivers\lffctaw.sys [X]
U3 idsvc; no ImagePath
2015-11-24 20:01 - 2015-11-24 20:36 - 00002504 _____ C:\WINDOWS\System32\Tasks\JZIP
Task: {0A7CF1DA-B416-4559-AC5F-EAACE9446AD5} - \WSE_Vosteran -> No File <==== ATTENTION
Task: {14B577A4-D283-4B6C-8B94-C34EA76F9247} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {15CF977D-3CE7-4DC8-877F-3310C3EBC077} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {239A6C75-2B07-4F34-9963-1BD3F1E67727} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {2C0B3AC3-19B9-4A73-BFB9-93F7E2F4C494} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {345A736F-B522-4778-BFC9-73C0D5D669A7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {51E059B0-40B5-4FA4-8C6D-57AB73D29C5A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {5BDB36EE-0987-47A7-B822-B46E503BE1AA} - \Vosteran dote -> No File <==== ATTENTION
Task: {6FC94F73-94A8-448D-A5C7-46ED2321247A} - \amiupdaterExi -> No File <==== ATTENTION
Task: {7A165088-5566-44C0-8A2F-2278E96A0EC5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B4AD1F6F-4913-4C38-BFCC-4A3FE42F4E21} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B51DC5D9-AB37-4D6D-BA54-B7A7C7B5CC86} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {DF4C1860-CED8-4FF6-91DA-1A857B830919} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E8FC1183-9DFC-4920-844B-64F584189618} - System32\Tasks\JZIP => C:\Program Files (x86)\JZIP\JZIP\JZIP.exe
Task: {E9469221-E5C1-43E6-ABDD-3C8F3C94094D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F12C5CB8-EE15-44E7-B2CE-7B3C57AE9A55} - \systemmgr -> No File <==== ATTENTION
Task: {F516D422-9879-4930-A99F-7B6DF2822765} - \amiupdaterExd -> No File <==== ATTENTION
ShortcutWithArgument: C:\Users\JVB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet-Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dmysearch.com/?prd=set_epc&s=FBPzamotn15344,2d7f6eac-452a-413d-9d86-158599fc902c, <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dmysearch.com/?prd=set_epc&s=FBPzamotn15344,2d7f6eac-452a-413d-9d86-158599fc902c, <==== ATTENTION
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dmysearch.com/?prd=set_epc&s=FBPzamotn15344,2d7f6eac-452a-413d-9d86-158599fc902c, <==== ATTENTION
AlternateDataStreams: C:\Program Files\Broadcom:Win32App_1
AlternateDataStreams: C:\Program Files\Calibre2:Win32App_1
AlternateDataStreams: C:\Program Files\Inpaint:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft LifeCam:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft Office:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft Silverlight:Win32App_1
AlternateDataStreams: C:\Program Files\WinRAR:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Adobe:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Battle.net:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Dell Support Center:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Epson Software:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Malwarebytes Anti-Malware:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Microsoft LifeCam:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Microsoft.NET:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\mIRC:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Multimedia Card Reader(9106):Win32App_1
AlternateDataStreams: C:\Program Files (x86)\OverDrive for Windows:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\PCStitch 7:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\PCStitch 9:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Quicken:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Simple Static IP:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\SpywareBlaster:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\TeamViewer:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Total Video2Dvd:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\uTorrent:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\World of Warcraft:Win32App_1
AlternateDataStreams: C:\Program Files\Common Files\DESIGNER:Win32App_1
AlternateDataStreams: C:\Program Files\Common Files\microsoft shared:Win32App_1
AlternateDataStreams: C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
FirewallRules: [{4237BDE9-D2B9-4AC0-9709-4E6EF27C7CBF}] => (Allow) 㩃啜敳獲䩜䉖䅜灰慄慴剜慯業杮䍜楬湥⁴敍楤⁡牐景汩履汣敩瑮洠摥慩洠湡条牥攮數
FirewallRules: [{73706F15-2790-4A61-B4E5-D69D1407A1DB}] => (Allow) 㩃啜敳獲䩜䉖䅜灰慄慴剜慯業杮䍜楬湥⁴敍楤⁡牐景汩履灵慤整敳癲捩⹥硥e
EmptyTemp:
end
Double-click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
__________________
tekir06 is offline  
Old 12-05-2015, 01:47 PM   #7
Registered Member
 
Join Date: Nov 2015
Posts: 9
OS: Windows 10



Fix result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by JVB (2015-12-05 16:33:44) Run:1
Running from C:\Users\JVB\Desktop
Loaded Profiles: JVB (Available Profiles: JVB & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-28219211-1248772839-156540515-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HomePage: Default -> hxxp://www-mysearch.com/?pid=s&s=FBPzamotn15344,2d7f6eac-452a-413d-9d86-158599fc902c,&vp=ch&prd=set
CHR StartupUrls: Default -> "hxxp://www-mysearch.com/?pid=s&s=FBPzamotn15344,2d7f6eac-452a-413d-9d86-158599fc902c,&vp=ch&prd=set"
S0 guqxm; System32\drivers\lffctaw.sys [X]
U3 idsvc; no ImagePath
2015-11-24 20:01 - 2015-11-24 20:36 - 00002504 _____ C:\WINDOWS\System32\Tasks\JZIP
Task: {0A7CF1DA-B416-4559-AC5F-EAACE9446AD5} - \WSE_Vosteran -> No File <==== ATTENTION
Task: {14B577A4-D283-4B6C-8B94-C34EA76F9247} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {15CF977D-3CE7-4DC8-877F-3310C3EBC077} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {239A6C75-2B07-4F34-9963-1BD3F1E67727} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {2C0B3AC3-19B9-4A73-BFB9-93F7E2F4C494} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {345A736F-B522-4778-BFC9-73C0D5D669A7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {51E059B0-40B5-4FA4-8C6D-57AB73D29C5A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {5BDB36EE-0987-47A7-B822-B46E503BE1AA} - \Vosteran dote -> No File <==== ATTENTION
Task: {6FC94F73-94A8-448D-A5C7-46ED2321247A} - \amiupdaterExi -> No File <==== ATTENTION
Task: {7A165088-5566-44C0-8A2F-2278E96A0EC5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B4AD1F6F-4913-4C38-BFCC-4A3FE42F4E21} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B51DC5D9-AB37-4D6D-BA54-B7A7C7B5CC86} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {DF4C1860-CED8-4FF6-91DA-1A857B830919} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E8FC1183-9DFC-4920-844B-64F584189618} - System32\Tasks\JZIP => C:\Program Files (x86)\JZIP\JZIP\JZIP.exe
Task: {E9469221-E5C1-43E6-ABDD-3C8F3C94094D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F12C5CB8-EE15-44E7-B2CE-7B3C57AE9A55} - \systemmgr -> No File <==== ATTENTION
Task: {F516D422-9879-4930-A99F-7B6DF2822765} - \amiupdaterExd -> No File <==== ATTENTION
ShortcutWithArgument: C:\Users\JVB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet-Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dmysearch.com/?prd=set_epc&s=FBPzamotn15344,2d7f6eac-452a-413d-9d86-158599fc902c, <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dmysearch.com/?prd=set_epc&s=FBPzamotn15344,2d7f6eac-452a-413d-9d86-158599fc902c, <==== ATTENTION
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dmysearch.com/?prd=set_epc&s=FBPzamotn15344,2d7f6eac-452a-413d-9d86-158599fc902c, <==== ATTENTION
AlternateDataStreams: C:\Program Files\Broadcom:Win32App_1
AlternateDataStreams: C:\Program Files\Calibre2:Win32App_1
AlternateDataStreams: C:\Program Files\Inpaint:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft LifeCam:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft Office:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft Silverlight:Win32App_1
AlternateDataStreams: C:\Program Files\WinRAR:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Adobe:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Battle.net:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Dell Support Center:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Epson Software:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Malwarebytes Anti-Malware:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Microsoft LifeCam:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Microsoft.NET:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\mIRC:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Multimedia Card Reader(9106):Win32App_1
AlternateDataStreams: C:\Program Files (x86)\OverDrive for Windows:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\PCStitch 7:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\PCStitch 9:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Quicken:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Simple Static IP:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\SpywareBlaster:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\TeamViewer:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Total Video2Dvd:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\uTorrent:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\World of Warcraft:Win32App_1
AlternateDataStreams: C:\Program Files\Common Files\DESIGNER:Win32App_1
AlternateDataStreams: C:\Program Files\Common Files\microsoft shared:Win32App_1
AlternateDataStreams: C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
FirewallRules: [{4237BDE9-D2B9-4AC0-9709-4E6EF27C7CBF}] => (Allow) ?????????????????4???????????????????
FirewallRules: [{73706F15-2790-4A61-B4E5-D69D1407A1DB}] => (Allow) ?????????????????4???????????????e
EmptyTemp:
end
*****************

Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-28219211-1248772839-156540515-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
guqxm => service removed successfully
idsvc => service removed successfully
C:\WINDOWS\System32\Tasks\JZIP => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0A7CF1DA-B416-4559-AC5F-EAACE9446AD5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A7CF1DA-B416-4559-AC5F-EAACE9446AD5}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WSE_Vosteran => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{14B577A4-D283-4B6C-8B94-C34EA76F9247}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14B577A4-D283-4B6C-8B94-C34EA76F9247}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{15CF977D-3CE7-4DC8-877F-3310C3EBC077}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15CF977D-3CE7-4DC8-877F-3310C3EBC077}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{239A6C75-2B07-4F34-9963-1BD3F1E67727}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{239A6C75-2B07-4F34-9963-1BD3F1E67727}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C0B3AC3-19B9-4A73-BFB9-93F7E2F4C494}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C0B3AC3-19B9-4A73-BFB9-93F7E2F4C494}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{345A736F-B522-4778-BFC9-73C0D5D669A7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{345A736F-B522-4778-BFC9-73C0D5D669A7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{51E059B0-40B5-4FA4-8C6D-57AB73D29C5A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51E059B0-40B5-4FA4-8C6D-57AB73D29C5A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5BDB36EE-0987-47A7-B822-B46E503BE1AA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BDB36EE-0987-47A7-B822-B46E503BE1AA}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Vosteran dote => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6FC94F73-94A8-448D-A5C7-46ED2321247A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FC94F73-94A8-448D-A5C7-46ED2321247A}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\amiupdaterExi => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7A165088-5566-44C0-8A2F-2278E96A0EC5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A165088-5566-44C0-8A2F-2278E96A0EC5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B4AD1F6F-4913-4C38-BFCC-4A3FE42F4E21}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4AD1F6F-4913-4C38-BFCC-4A3FE42F4E21}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B51DC5D9-AB37-4D6D-BA54-B7A7C7B5CC86}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B51DC5D9-AB37-4D6D-BA54-B7A7C7B5CC86}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF4C1860-CED8-4FF6-91DA-1A857B830919}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF4C1860-CED8-4FF6-91DA-1A857B830919}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8FC1183-9DFC-4920-844B-64F584189618}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8FC1183-9DFC-4920-844B-64F584189618}" => key removed successfully
C:\WINDOWS\System32\Tasks\JZIP => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\JZIP" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E9469221-E5C1-43E6-ABDD-3C8F3C94094D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9469221-E5C1-43E6-ABDD-3C8F3C94094D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F12C5CB8-EE15-44E7-B2CE-7B3C57AE9A55}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F12C5CB8-EE15-44E7-B2CE-7B3C57AE9A55}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\systemmgr => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F516D422-9879-4930-A99F-7B6DF2822765}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F516D422-9879-4930-A99F-7B6DF2822765}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\amiupdaterExd => key not found.
C:\Users\JVB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet-Explorer.lnk => Shortcut argument removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\Public\Desktop\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Program Files\Broadcom => ":Win32App_1" ADS removed successfully.
C:\Program Files\Calibre2 => ":Win32App_1" ADS removed successfully.
C:\Program Files\Inpaint => ":Win32App_1" ADS removed successfully.
C:\Program Files\Microsoft LifeCam => ":Win32App_1" ADS removed successfully.
C:\Program Files\Microsoft Office => ":Win32App_1" ADS removed successfully.
C:\Program Files\Microsoft Silverlight => ":Win32App_1" ADS removed successfully.
C:\Program Files\WinRAR => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Adobe => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Battle.net => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Dell Support Center => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Epson Software => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Malwarebytes Anti-Malware => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Microsoft LifeCam => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Microsoft.NET => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\mIRC => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Multimedia Card Reader(9106) => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\OverDrive for Windows => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\PCStitch 7 => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\PCStitch 9 => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Quicken => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Simple Static IP => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\SpywareBlaster => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\TeamViewer => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Total Video2Dvd => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\uTorrent => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\World of Warcraft => ":Win32App_1" ADS removed successfully.
C:\Program Files\Common Files\DESIGNER => ":Win32App_1" ADS removed successfully.
C:\Program Files\Common Files\microsoft shared => ":Win32App_1" ADS removed successfully.
C:\ProgramData\regid.1991-06.com.microsoft => ":Win32App_1" ADS removed successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4237BDE9-D2B9-4AC0-9709-4E6EF27C7CBF} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{73706F15-2790-4A61-B4E5-D69D1407A1DB} => value removed successfully
EmptyTemp: => 735.7 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 16:36:11 ====
jbuehner is offline  
Old 12-05-2015, 03:06 PM   #8
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello jbuehner,

Please do the following steps. Then tell me How is the machine behaving now? What problems do you still have?

STEP 1

Launch Malwarebytes Anti-Malware

On the Dashboard, click the Scan Now button.
A check for database updates will be performed.
After the update check completes, a Threat Scan will begin.
When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
In most cases, a restart will be required and a prompt will be shown.
Wait for the prompt to restart the computer to appear, then click on Yes.

Posting the Malwarebytes log:

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export.
Click Text file (*.txt)
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named File Saved should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

STEP 2

Please go HERE then click on: Run Eset Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the icon install.

All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

Select the option YES, I accept the Terms of Use then click on Start buton.
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:

  • Scan for potentially unwanted applications
  • Scan Archives
  • Enable Anti-Stealth Technology

Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
Tick all the boxes that correspond to your external/inserted drives.
Click Start. The virus signature database will begin to download. This may take some time.
Wait for the scan to finish.
When completed, click on Finish.
When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
Save that text file to your desktop, and then copy/paste the contents in your next reply.
__________________
tekir06 is offline  
Old 12-06-2015, 08:15 AM   #9
Registered Member
 
Join Date: Nov 2015
Posts: 9
OS: Windows 10



[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e6f3d8dccc86e34183472cbcb2c9a2ec
# end=init
# utc_time=2015-12-06 12:07:03
# local_time=2015-12-05 07:07:03 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 27062
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=e6f3d8dccc86e34183472cbcb2c9a2ec
# end=updated
# utc_time=2015-12-06 12:14:35
# local_time=2015-12-05 07:14:35 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=e6f3d8dccc86e34183472cbcb2c9a2ec
# engine=27062
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-12-06 06:00:42
# local_time=2015-12-06 01:00:42 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 2349112 0 0
# scanned=567358
# found=11
# cleaned=0
# scan_time=20766
sh=7D180EE62CCF6382B541055B60AA948458A7E4AE ft=1 fh=0a394b48528d3070 vn="a variant of Win32/DealPly.AP potentially unwanted application" ac=I fn="C:\ProgramData\{3FB7D774-6F35-06F2-DEB3-76700E31A5FE}\1.9.1.1\dote.dll"
sh=7D180EE62CCF6382B541055B60AA948458A7E4AE ft=1 fh=0a394b48528d3070 vn="a variant of Win32/DealPly.AP potentially unwanted application" ac=I fn="C:\Users\All Users\{3FB7D774-6F35-06F2-DEB3-76700E31A5FE}\1.9.1.1\dote.dll"
sh=B800227245F7884466362D5BE4D500101E9D72B5 ft=1 fh=6f695364e3c5460e vn="a variant of Win32/FusionCore.C potentially unwanted application" ac=I fn="C:\Users\JVB\AppData\Roaming\PowerISO\Upgrade\PowerISO6-x64.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/Bunndle potentially unsafe application" ac=I fn="C:\Users\JVB\Documents\DRP_15.4.12.iso"
sh=758E9C68AB6581E180CFB1B786548D2C9689F468 ft=0 fh=0000000000000000 vn="a variant of Win32/GameHack.G potentially unsafe application" ac=I fn="C:\Users\JVB\Documents\Jogos Wargames\HPS Panzer Campaigns 7 - Kursk '43.zip"
sh=AEF222AD047472CD4FF55C312F4F2D6FF9F44634 ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Patcher.AD potentially unsafe application" ac=I fn="C:\Users\JVB\Documents\PowerISO 6.0 (x86 & 64bit) with Patch - MADCATS\PATCH FIX.rar"
sh=9A7B41FF7B0A1AEAC4671D763814EDA67A82410D ft=1 fh=1636285ba11ddb07 vn="Win32/Toolbar.Conduit.R potentially unwanted application" ac=I fn="C:\Users\JVB\Documents\PowerISO 6.0 (x86 & 64bit) with Patch - MADCATS\PowerISO6-x64.exe"
sh=90057E8B24376F773E0231650519D353F15F0731 ft=1 fh=d46244462142dc25 vn="Win32/Toolbar.Conduit.R potentially unwanted application" ac=I fn="C:\Users\JVB\Documents\PowerISO 6.0 (x86 & 64bit) with Patch - MADCATS\PowerISO6.exe"
sh=B4CCAE865587BB53C7736B7F65E1611A0D6E8EB1 ft=1 fh=98c074b72d53f29e vn="a variant of Win32/HackTool.Patcher.AD potentially unsafe application" ac=I fn="C:\Users\JVB\Documents\PowerISO 6.0 (x86 & 64bit) with Patch - MADCATS\PATCH FIX\PATCH FIX\poweriso-patch.fix.exe"
sh=AC7CD6EB57942CA79B19ED62CBCC4F902C7BCD71 ft=1 fh=9c77dbe25ab058d2 vn="a variant of MSIL/HackTool.Patcher.B potentially unsafe application" ac=I fn="C:\Users\JVB\Documents\Tipard.DVD.Ripper.Platinum.v7.3.8.Multilanguage-LAXiTY\Tipard.DVD.Ripper.Platinum.v7.3.8\lxtd738m\patch.exe"
sh=7D180EE62CCF6382B541055B60AA948458A7E4AE ft=1 fh=0a394b48528d3070 vn="a variant of Win32/DealPly.AP potentially unwanted application" ac=I fn="C:\Windows.old\Users\All Users\{3FB7D774-6F35-06F2-DEB3-76700E31A5FE}\1.9.1.1\dote.dll"
Attached Files
File Type: txt mam.txt (1.2 KB, 21 views)
jbuehner is offline  
Old 12-07-2015, 01:11 AM   #10
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello jbuehner,

Quote:
C:\Users\JVB\Documents\PowerISO 6.0 (x86 & 64bit) with Patch - MADCATS\PATCH FIX.rar
C:\Users\JVB\Documents\PowerISO 6.0 (x86 & 64bit) with Patch - MADCATS\PowerISO6-x64.exe
C:\Users\JVB\Documents\PowerISO 6.0 (x86 & 64bit) with Patch - MADCATS\PowerISO6.exe
C:\Users\JVB\Documents\PowerISO 6.0 (x86 & 64bit) with Patch - MADCATS\PATCH FIX\PATCH FIX\poweriso-patch.fix.exe
C:\Users\JVB\Documents\Tipard.DVD.Ripper.Platinum.v7.3.8.Multilanguage-LAXiTY\Tipard.DVD.Ripper.Platinum.v7.3.8\lxtd738m\patch.exe
This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Before posting for help, uninstall any such applications.

Referring to the Forum Rules which you should have read at the time of Registering at this forum, TSF does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if cracked (illegal) software is present on the machine.

You should not use cracked software and uninstall them.
========================================================

Please do the following. Then tell me, how is the machine behaving now? What problems do you still have?

Open Notepad (Start > All Programs > Accessories > Notepad).
Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
Save it as fixlist.txt next to FRST.exe

NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.
Code:
CreateRestorePoint:
C:\ProgramData\{3FB7D774-6F35-06F2-DEB3-76700E31A5FE}\1.9.1.1\dote.dll
C:\Users\All Users\{3FB7D774-6F35-06F2-DEB3-76700E31A5FE}\1.9.1.1\dote.dll
C:\Users\JVB\AppData\Roaming\PowerISO\Upgrade\PowerISO6-x64.exe
C:\Users\JVB\Documents\DRP_15.4.12.iso
C:\Users\JVB\Documents\Jogos Wargames\HPS Panzer Campaigns 7 - Kursk '43.zip
C:\Users\JVB\Documents\PowerISO 6.0 (x86 & 64bit) with Patch - MADCATS\PATCH FIX.rar
C:\Users\JVB\Documents\PowerISO 6.0 (x86 & 64bit) with Patch - MADCATS\PowerISO6-x64.exe
C:\Users\JVB\Documents\PowerISO 6.0 (x86 & 64bit) with Patch - MADCATS\PowerISO6.exe
C:\Users\JVB\Documents\PowerISO 6.0 (x86 & 64bit) with Patch - MADCATS\PATCH FIX\PATCH FIX\poweriso-patch.fix.exe
C:\Users\JVB\Documents\Tipard.DVD.Ripper.Platinum.v7.3.8.Multilanguage-LAXiTY\Tipard.DVD.Ripper.Platinum.v7.3.8\lxtd738m\patch.exe
C:\Windows.old\Users\All Users\{3FB7D774-6F35-06F2-DEB3-76700E31A5FE}\1.9.1.1\dote.dll
EmptyTemp:
Double-click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
__________________
tekir06 is offline  
Old 12-07-2015, 10:42 AM   #11
Registered Member
 
Join Date: Nov 2015
Posts: 9
OS: Windows 10



No problems that I can see. Had to reboot machine twice to get windows to fully install.
--------------------------------
Fix result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by JVB (2015-12-07 13:09:31) Run:2
Running from C:\Users\JVB\Desktop
Loaded Profiles: JVB (Available Profiles: JVB & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
C:\ProgramData\{3FB7D774-6F35-06F2-DEB3-76700E31A5FE}\1.9.1.1\dote.dll
C:\Users\All Users\{3FB7D774-6F35-06F2-DEB3-76700E31A5FE}\1.9.1.1\dote.dll
C:\Users\JVB\AppData\Roaming\PowerISO\Upgrade\PowerISO6-x64.exe
C:\Users\JVB\Documents\DRP_15.4.12.iso
C:\Users\JVB\Documents\Jogos Wargames\HPS Panzer Campaigns 7 - Kursk '43.zip
C:\Users\JVB\Documents\PowerISO 6.0 (x86 & 64bit) with Patch - MADCATS\PATCH FIX.rar
C:\Users\JVB\Documents\PowerISO 6.0 (x86 & 64bit) with Patch - MADCATS\PowerISO6-x64.exe
C:\Users\JVB\Documents\PowerISO 6.0 (x86 & 64bit) with Patch - MADCATS\PowerISO6.exe
C:\Users\JVB\Documents\PowerISO 6.0 (x86 & 64bit) with Patch - MADCATS\PATCH FIX\PATCH FIX\poweriso-patch.fix.exe
C:\Users\JVB\Documents\Tipard.DVD.Ripper.Platinum.v7.3.8.Multilanguage-LAXiTY\Tipard.DVD.Ripper.Platinum.v7.3.8\lxtd738m\patch.exe
C:\Windows.old\Users\All Users\{3FB7D774-6F35-06F2-DEB3-76700E31A5FE}\1.9.1.1\dote.dll
EmptyTemp:
*****************

Restore point was successfully created.
C:\ProgramData\{3FB7D774-6F35-06F2-DEB3-76700E31A5FE}\1.9.1.1\dote.dll => moved successfully
"C:\Users\All Users\{3FB7D774-6F35-06F2-DEB3-76700E31A5FE}\1.9.1.1\dote.dll" => not found.
C:\Users\JVB\AppData\Roaming\PowerISO\Upgrade\PowerISO6-x64.exe => moved successfully
C:\Users\JVB\Documents\DRP_15.4.12.iso => moved successfully
C:\Users\JVB\Documents\Jogos Wargames\HPS Panzer Campaigns 7 - Kursk '43.zip => moved successfully
"C:\Users\JVB\Documents\PowerISO 6.0 (x86 & 64bit) with Patch - MADCATS\PATCH FIX.rar" => not found.
"C:\Users\JVB\Documents\PowerISO 6.0 (x86 & 64bit) with Patch - MADCATS\PowerISO6-x64.exe" => not found.
"C:\Users\JVB\Documents\PowerISO 6.0 (x86 & 64bit) with Patch - MADCATS\PowerISO6.exe" => not found.
"C:\Users\JVB\Documents\PowerISO 6.0 (x86 & 64bit) with Patch - MADCATS\PATCH FIX\PATCH FIX\poweriso-patch.fix.exe" => not found.
C:\Users\JVB\Documents\Tipard.DVD.Ripper.Platinum.v7.3.8.Multilanguage-LAXiTY\Tipard.DVD.Ripper.Platinum.v7.3.8\lxtd738m\patch.exe => moved successfully
"C:\Windows.old\Users\All Users\{3FB7D774-6F35-06F2-DEB3-76700E31A5FE}\1.9.1.1\dote.dll" => not found.
EmptyTemp: => 59 MB temporary data Removed.
-------------------------
There was pups located when we ran ESET a post ago. Dealply and Conduit were a few. Have these been removed?
jbuehner is offline  
Old 12-08-2015, 05:07 AM   #12
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello jbuehner,

Did you delete the PowerISO files or folder? If not, please navigate to, right-click and delete this folder:

C:\Users\JVB\Documents\PowerISO 6.0 (x86 & 64bit) with Patch - MADCATS
__________________
tekir06 is offline  
Old 12-08-2015, 09:21 AM   #13
Registered Member
 
Join Date: Nov 2015
Posts: 9
OS: Windows 10



deleted the program yesterday and deleted the folder today.
jbuehner is offline  
Old 12-09-2015, 03:46 AM   #14
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello jbuehner,

Ok. Thank you. Your reports are clear. Let's remove all tools and logs that we use.

CLEAN UP

Please download delfix to your desktop.

  • Close all other programs and start delfix.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Ensure Remove disinfection tools is ticked. Also tick: Create registry backup, Purge system restore
  • Click Run
  • delfix will now delete all found traces of our removal process.

Note: The program will run for a few moments and then notepad will open with a log. No need to post this log.

=========================================================

MICROSOFT UPDATES

It is very important that you get all of the critical updates for your Operating System. Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help keep your computer from becoming vulnerable. It is best if you have these set to download automatically.

Turn on Automatic Updates in Windows 10

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

Backup and Restore - Microsoft Windows

------------------------------------------------------

PREVENTION

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop

    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 10 here

Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
tekir06 is offline  
Old 12-09-2015, 10:09 AM   #15
Registered Member
 
Join Date: Nov 2015
Posts: 9
OS: Windows 10



Ran Defix

I want to thank you for all your help in solving my problem with my computer.
jbuehner is offline  
Old 12-10-2015, 12:05 AM   #16
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello jbuehner,
You're welcome! Thank you for your patience and cooperation.
__________________
tekir06 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Odd.... Can't open browse window or Save As...
Hello All, I don't really know how to describe my pc problem. In the grand scheme of things it's a small issue but it's very irritating. I believe it's all the same thing. One example, is uploading files i.e. photos to photobucket, deviant art, face book.... music files to mediafire etc....
mceyedol Windows 7 , Windows Vista Support 13 03-06-2012 12:01 AM
Need help deleted my window xp partition
Today i installed window 7 on one of hard drives so i had window xp sp2 on C and window 7 on D. I also wanted to reformat my computer with window xp on C. So i used an usb with window xp in it to install. When i got to the part where you choose which drive to install window xp in i was going to...
sadpwner Windows XP Support 17 12-19-2011 01:50 AM
window cannot Start
Hey Holla, I have lenovo core 2 deo laptop I am using window xp and yesterday suddenly my xp did'nt load mentioning at first Ntlrd some thing is missing,then window cannot start because window system 32 config is missing or corrupt ,press r after running boot cd Now after running boot xp...
sohamchhaya123 Windows XP Support 1 01-12-2011 05:52 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 10:33 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts